mirror of
https://github.com/corda/corda.git
synced 2025-01-02 19:26:47 +00:00
INFRA-1955: Merging forward from 4.9 to 4.10
This commit is contained in:
commit
db08eb3a9b
7
.ci/dev/nightly-regression/JenkinsfileSnykScan
Normal file
7
.ci/dev/nightly-regression/JenkinsfileSnykScan
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
@Library('corda-shared-build-pipeline-steps') _
|
||||||
|
|
||||||
|
cordaSnykScanPipeline (
|
||||||
|
snykTokenId: 'c4-os-snyk-api-token-secret',
|
||||||
|
// specify the Gradle submodules to scan and monitor on snyk Server
|
||||||
|
modulesToScan: ['node', 'capsule', 'bridge', 'bridgecapsule']
|
||||||
|
)
|
161
.ci/dev/regression/Jenkinsfile
vendored
161
.ci/dev/regression/Jenkinsfile
vendored
@ -5,6 +5,10 @@
|
|||||||
*/
|
*/
|
||||||
@Library('corda-shared-build-pipeline-steps')
|
@Library('corda-shared-build-pipeline-steps')
|
||||||
|
|
||||||
|
import com.r3.build.utils.GitUtils
|
||||||
|
|
||||||
|
GitUtils gitUtils = new GitUtils(this)
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Sense environment
|
* Sense environment
|
||||||
*/
|
*/
|
||||||
@ -14,34 +18,6 @@ boolean isInternalRelease = (env.TAG_NAME =~ /^internal-release-.*$/)
|
|||||||
boolean isReleaseCandidate = (env.TAG_NAME =~ /^(release-.*(RC|HC).*(?<!_JDK11))$/)
|
boolean isReleaseCandidate = (env.TAG_NAME =~ /^(release-.*(RC|HC).*(?<!_JDK11))$/)
|
||||||
def buildEdition = (isReleaseTag || isReleaseCandidate) ? "Corda Community Edition" : "Corda Open Source"
|
def buildEdition = (isReleaseTag || isReleaseCandidate) ? "Corda Community Edition" : "Corda Open Source"
|
||||||
|
|
||||||
/*
|
|
||||||
** calculate the stage for NexusIQ evaluation
|
|
||||||
** * build for snapshots
|
|
||||||
** * stage-release: for release candidates and for health checks
|
|
||||||
** * release: for GA release
|
|
||||||
*/
|
|
||||||
def nexusDefaultIqStage = "build"
|
|
||||||
if (isReleaseTag) {
|
|
||||||
switch (env.TAG_NAME) {
|
|
||||||
case ~/.*-RC\d+(-.*)?/: nexusDefaultIqStage = "stage-release"; break;
|
|
||||||
case ~/.*-HC\d+(-.*)?/: nexusDefaultIqStage = "stage-release"; break;
|
|
||||||
default: nexusDefaultIqStage = "release"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* make sure calculated default value of NexusIQ stage is first in the list
|
|
||||||
* thus making it default for the `choice` parameter
|
|
||||||
*/
|
|
||||||
def nexusIqStageChoices = [nexusDefaultIqStage].plus(
|
|
||||||
[
|
|
||||||
'develop',
|
|
||||||
'build',
|
|
||||||
'stage-release',
|
|
||||||
'release',
|
|
||||||
'operate'
|
|
||||||
].minus([nexusDefaultIqStage]))
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Common Gradle arguments for all Gradle executions
|
* Common Gradle arguments for all Gradle executions
|
||||||
*/
|
*/
|
||||||
@ -55,7 +31,7 @@ String COMMON_GRADLE_PARAMS = [
|
|||||||
].join(' ')
|
].join(' ')
|
||||||
|
|
||||||
pipeline {
|
pipeline {
|
||||||
agent { label 'standard' }
|
agent { label 'standard-latest-ami' }
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* List options in alphabetical order
|
* List options in alphabetical order
|
||||||
@ -68,7 +44,6 @@ pipeline {
|
|||||||
}
|
}
|
||||||
|
|
||||||
parameters {
|
parameters {
|
||||||
choice choices: nexusIqStageChoices, description: 'NexusIQ stage for code evaluation', name: 'nexusIqStage'
|
|
||||||
booleanParam defaultValue: true, description: 'Run tests during this build?', name: 'DO_TEST'
|
booleanParam defaultValue: true, description: 'Run tests during this build?', name: 'DO_TEST'
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -83,8 +58,9 @@ pipeline {
|
|||||||
CORDA_BUILD_EDITION = "${buildEdition}"
|
CORDA_BUILD_EDITION = "${buildEdition}"
|
||||||
DOCKER_URL = "https://index.docker.io/v1/"
|
DOCKER_URL = "https://index.docker.io/v1/"
|
||||||
EMAIL_RECIPIENTS = credentials('corda4-email-recipient')
|
EMAIL_RECIPIENTS = credentials('corda4-email-recipient')
|
||||||
SNYK_API_KEY = "c4-os-snyk"
|
SNYK_API_KEY = "c4-os-snyk" //Jenkins credential type: Snyk Api token
|
||||||
CORDA_USE_CACHE = "corda-remotes"
|
SNYK_API_TOKEN = credentials('c4-os-snyk-api-token-secret') //Jenkins credential type: Secret text
|
||||||
|
C4_OS_SNYK_ORG_ID = credentials('corda4-os-snyk-org-id')
|
||||||
}
|
}
|
||||||
|
|
||||||
stages {
|
stages {
|
||||||
@ -108,93 +84,8 @@ pipeline {
|
|||||||
stash name: 'compiled', useDefaultExcludes: false
|
stash name: 'compiled', useDefaultExcludes: false
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
stage('Sonatype Check') {
|
|
||||||
steps {
|
|
||||||
script {
|
|
||||||
sh "./gradlew --no-daemon properties | grep -E '^(version|group):' >version-properties"
|
|
||||||
/* every build related to Corda X.Y (GA, RC, HC, patch or snapshot) uses the same NexusIQ application */
|
|
||||||
def version = sh (returnStdout: true, script: "grep ^version: version-properties | sed -e 's/^version: \\([0-9]\\+\\(\\.[0-9]\\+\\)\\+\\).*\$/\\1/'").trim()
|
|
||||||
def groupId = sh (returnStdout: true, script: "grep ^group: version-properties | sed -e 's/^group: //'").trim()
|
|
||||||
def artifactId = 'corda'
|
|
||||||
nexusAppId = "${groupId}-${artifactId}-${version}"
|
|
||||||
}
|
|
||||||
nexusPolicyEvaluation (
|
|
||||||
failBuildOnNetworkError: false,
|
|
||||||
iqApplication: selectedApplication(nexusAppId), // application *has* to exist before a build starts!
|
|
||||||
iqScanPatterns: [[scanPattern: 'node/capsule/build/libs/corda*.jar']],
|
|
||||||
iqStage: params.nexusIqStage
|
|
||||||
)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
stage('Generate Wiki Report') {
|
|
||||||
when {
|
|
||||||
expression { isReleaseTag && !isInternalRelease && !isReleaseCandidate }
|
|
||||||
beforeAgent true
|
|
||||||
}
|
|
||||||
agent {
|
|
||||||
docker {
|
|
||||||
image 'nexusiq-sonatype-cli:latest'
|
|
||||||
reuseNode true
|
|
||||||
registryUrl 'https://engineering-docker.software.r3.com/'
|
|
||||||
registryCredentialsId 'artifactory-credentials'
|
|
||||||
}
|
|
||||||
}
|
|
||||||
options {
|
|
||||||
retry(3)
|
|
||||||
}
|
|
||||||
environment {
|
|
||||||
NEXUS_APP_ID="${nexusAppId}"
|
|
||||||
NEXUS_APP_STAGE="${params.nexusIqStage}"
|
|
||||||
NEXUSIQ_CREDENTIALS = credentials('jenkins-nexusiq-credentials')
|
|
||||||
}
|
|
||||||
steps {
|
|
||||||
sh '''\
|
|
||||||
rm -f wiki-report.md
|
|
||||||
env NEXUSIQ_USERNAME="${NEXUSIQ_CREDENTIALS_USR}" \
|
|
||||||
NEXUSIQ_PASSWORD="${NEXUSIQ_CREDENTIALS_PSW}" \
|
|
||||||
/opt/app/wrapper wiki-report \
|
|
||||||
--app "${NEXUS_APP_ID}" \
|
|
||||||
--stage "${NEXUS_APP_STAGE}" >wiki-report.md
|
|
||||||
'''.stripIndent()
|
|
||||||
archiveArtifacts 'wiki-report.md'
|
|
||||||
}
|
|
||||||
}
|
|
||||||
stage('Generate Licence Report') {
|
|
||||||
when {
|
|
||||||
expression { isReleaseTag && !isInternalRelease && !isReleaseCandidate }
|
|
||||||
beforeAgent true
|
|
||||||
}
|
|
||||||
agent {
|
|
||||||
docker {
|
|
||||||
image 'nexusiq-licence-report:latest'
|
|
||||||
reuseNode true
|
|
||||||
registryUrl 'https://engineering-docker.software.r3.com/'
|
|
||||||
registryCredentialsId 'artifactory-credentials'
|
|
||||||
}
|
|
||||||
}
|
|
||||||
options {
|
|
||||||
retry(3)
|
|
||||||
}
|
|
||||||
environment {
|
|
||||||
NEXUS_APP_ID="${nexusAppId}"
|
|
||||||
NEXUS_APP_STAGE="${params.nexusIqStage}"
|
|
||||||
NEXUSIQ_CREDENTIALS = credentials('jenkins-nexusiq-credentials')
|
|
||||||
}
|
|
||||||
steps {
|
|
||||||
sh '''\
|
|
||||||
rm -rf report
|
|
||||||
env NEXUSIQ_USERNAME="${NEXUSIQ_CREDENTIALS_USR}" \
|
|
||||||
NEXUSIQ_PASSWORD="${NEXUSIQ_CREDENTIALS_PSW}" \
|
|
||||||
/opt/app/wrapper --write --outdir report \
|
|
||||||
--force \
|
|
||||||
--app "${NEXUS_APP_ID}" \
|
|
||||||
--stage "${NEXUS_APP_STAGE}"
|
|
||||||
'''.stripIndent()
|
|
||||||
archiveArtifacts 'report/*.md'
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
stage('Snyk Security') {
|
stage('Snyk Security') {
|
||||||
when {
|
when {
|
||||||
expression { isReleaseTag || isReleaseCandidate || isReleaseBranch }
|
expression { isReleaseTag || isReleaseCandidate || isReleaseBranch }
|
||||||
}
|
}
|
||||||
@ -209,6 +100,22 @@ pipeline {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
stage('Generate Snyk License Report') {
|
||||||
|
when {
|
||||||
|
expression { isReleaseTag || isReleaseCandidate || isReleaseBranch }
|
||||||
|
}
|
||||||
|
steps {
|
||||||
|
snykLicenseGeneration(env.SNYK_API_TOKEN, env.C4_OS_SNYK_ORG_ID)
|
||||||
|
}
|
||||||
|
post {
|
||||||
|
always {
|
||||||
|
script {
|
||||||
|
archiveArtifacts artifacts: 'snyk-license-report/*-snyk-license-report.html', allowEmptyArchive: true, fingerprint: true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
stage('All Tests') {
|
stage('All Tests') {
|
||||||
when {
|
when {
|
||||||
expression { params.DO_TEST }
|
expression { params.DO_TEST }
|
||||||
@ -420,6 +327,9 @@ pipeline {
|
|||||||
post {
|
post {
|
||||||
always {
|
always {
|
||||||
script {
|
script {
|
||||||
|
if (gitUtils.isReleaseTag()) {
|
||||||
|
gitUtils.getGitLog(env.TAG_NAME, env.GIT_URL.replace('https://github.com/corda/', ''), scm.userRemoteConfigs[0].credentialsId)
|
||||||
|
}
|
||||||
try {
|
try {
|
||||||
if (params.DO_TEST) {
|
if (params.DO_TEST) {
|
||||||
unstash 'allure-input'
|
unstash 'allure-input'
|
||||||
@ -475,20 +385,23 @@ pipeline {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
success {
|
success {
|
||||||
script {
|
script {
|
||||||
sendSlackNotifications("good", "BUILD PASSED", false, "#corda-corda4-open-source-build-notifications")
|
sendSlackNotifications("good", "BUILD PASSED", false, "#corda-corda4-open-source-build-notifications")
|
||||||
if (isReleaseTag || isReleaseCandidate || isReleaseBranch) {
|
if (isReleaseTag || isReleaseCandidate || isReleaseBranch) {
|
||||||
snykSecurityScan.generateHtmlElements()
|
snykSecurityScan.generateHtmlElements()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
unstable {
|
unstable {
|
||||||
script {
|
script {
|
||||||
sendSlackNotifications("warning", "BUILD UNSTABLE - Unstable Builds are likely a result of Nexus Sonar Scanner violations", false, "#corda-corda4-open-source-build-notifications")
|
sendSlackNotifications("warning", "BUILD UNSTABLE", false, "#corda-corda4-open-source-build-notifications")
|
||||||
if (isReleaseTag || isReleaseCandidate || isReleaseBranch) {
|
if (isReleaseTag || isReleaseCandidate || isReleaseBranch) {
|
||||||
snykSecurityScan.generateHtmlElements()
|
snykSecurityScan.generateHtmlElements()
|
||||||
}
|
}
|
||||||
}
|
if (isReleaseTag || isReleaseCandidate || isReleaseBranch) {
|
||||||
|
snykSecurityScan.generateHtmlElements()
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
failure {
|
failure {
|
||||||
script {
|
script {
|
||||||
|
Loading…
Reference in New Issue
Block a user