INFRA-2038 - Remove Nexus dependency from C4 Community builds

This commit is contained in:
Connel McGovern 2023-03-14 11:41:20 +00:00
parent 5e10aa40c9
commit 9a4ea9c652

View File

@ -14,34 +14,6 @@ boolean isInternalRelease = (env.TAG_NAME =~ /^internal-release-.*$/)
boolean isReleaseCandidate = (env.TAG_NAME =~ /^(release-.*(RC|HC).*(?<!_JDK11))$/)
boolean isReleasePatch = (env.TAG_NAME =~ /^release.*([1-9]\d*|0)(\.([1-9]\d*|0)){2}$/)
/*
** calculate the stage for NexusIQ evaluation
** * build for snapshots
** * stage-release: for release candidates and for health checks
** * release: for GA release
*/
def nexusDefaultIqStage = "build"
if (isReleaseTag) {
switch (env.TAG_NAME) {
case ~/.*-RC\d+(-.*)?/: nexusDefaultIqStage = "stage-release"; break;
case ~/.*-HC\d+(-.*)?/: nexusDefaultIqStage = "stage-release"; break;
default: nexusDefaultIqStage = "release"
}
}
/**
* make sure calculated default value of NexusIQ stage is first in the list
* thus making it default for the `choice` parameter
*/
def nexusIqStageChoices = [nexusDefaultIqStage].plus(
[
'develop',
'build',
'stage-release',
'release',
'operate'
].minus([nexusDefaultIqStage]))
/**
* Common Gradle arguments for all Gradle executions
*/
@ -67,7 +39,6 @@ pipeline {
}
parameters {
choice choices: nexusIqStageChoices, description: 'NexusIQ stage for code evaluation', name: 'nexusIqStage'
booleanParam defaultValue: true, description: 'Run tests during this build?', name: 'DO_TEST'
}
@ -104,91 +75,6 @@ pipeline {
stash name: 'compiled', useDefaultExcludes: false
}
}
stage('Sonatype Check') {
steps {
script {
sh "./gradlew --no-daemon properties | grep -E '^(version|group):' >version-properties"
/* every build related to Corda X.Y (GA, RC, HC, patch or snapshot) uses the same NexusIQ application */
def version = sh (returnStdout: true, script: "grep ^version: version-properties | sed -e 's/^version: \\([0-9]\\+\\(\\.[0-9]\\+\\)\\+\\).*\$/\\1/'").trim()
def groupId = sh (returnStdout: true, script: "grep ^group: version-properties | sed -e 's/^group: //'").trim()
def artifactId = 'corda'
nexusAppId = "${groupId}-${artifactId}-${version}"
}
nexusPolicyEvaluation (
failBuildOnNetworkError: false,
iqApplication: selectedApplication(nexusAppId), // application *has* to exist before a build starts!
iqScanPatterns: [[scanPattern: 'node/capsule/build/libs/corda*.jar']],
iqStage: params.nexusIqStage
)
}
}
stage('Generate Wiki Report') {
when {
expression { isReleaseTag && !isInternalRelease && !isReleaseCandidate }
beforeAgent true
}
agent {
docker {
image 'nexusiq-sonatype-cli:latest'
reuseNode true
registryUrl 'https://engineering-docker.software.r3.com/'
registryCredentialsId 'artifactory-credentials'
}
}
options {
retry(3)
}
environment {
NEXUS_APP_ID="${nexusAppId}"
NEXUS_APP_STAGE="${params.nexusIqStage}"
NEXUSIQ_CREDENTIALS = credentials('jenkins-nexusiq-credentials')
}
steps {
sh '''\
rm -f wiki-report.md
env NEXUSIQ_USERNAME="${NEXUSIQ_CREDENTIALS_USR}" \
NEXUSIQ_PASSWORD="${NEXUSIQ_CREDENTIALS_PSW}" \
/opt/app/wrapper wiki-report \
--app "${NEXUS_APP_ID}" \
--stage "${NEXUS_APP_STAGE}" >wiki-report.md
'''.stripIndent()
archiveArtifacts 'wiki-report.md'
}
}
stage('Generate Licence Report') {
when {
expression { isReleaseTag && !isInternalRelease && !isReleaseCandidate }
beforeAgent true
}
agent {
docker {
image 'nexusiq-licence-report:latest'
reuseNode true
registryUrl 'https://engineering-docker.software.r3.com/'
registryCredentialsId 'artifactory-credentials'
}
}
options {
retry(3)
}
environment {
NEXUS_APP_ID="${nexusAppId}"
NEXUS_APP_STAGE="${params.nexusIqStage}"
NEXUSIQ_CREDENTIALS = credentials('jenkins-nexusiq-credentials')
}
steps {
sh '''\
rm -rf report
env NEXUSIQ_USERNAME="${NEXUSIQ_CREDENTIALS_USR}" \
NEXUSIQ_PASSWORD="${NEXUSIQ_CREDENTIALS_PSW}" \
/opt/app/wrapper --write --outdir report \
--force \
--app "${NEXUS_APP_ID}" \
--stage "${NEXUS_APP_STAGE}"
'''.stripIndent()
archiveArtifacts 'report/*.md'
}
}
stage('Snyk Security') {
when {
@ -455,7 +341,7 @@ pipeline {
}
unstable {
script {
sendSlackNotifications("warning", "BUILD UNSTABLE - Unstable Builds are likely a result of Nexus Sonar Scanner violations", false, "#corda-corda4-open-source-build-notifications")
sendSlackNotifications("warning", "BUILD UNSTABLE", false, "#corda-corda4-open-source-build-notifications")
if (isReleaseTag || isReleaseCandidate || isReleaseBranch) {
snykSecurityScan.generateHtmlElements()
}