mirror of
https://github.com/corda/corda.git
synced 2024-12-19 13:08:04 +00:00
477 lines
19 KiB
Groovy
477 lines
19 KiB
Groovy
#!groovy
|
|
/**
|
|
* Jenkins pipeline to build Corda OS release branches and tags.
|
|
* PLEASE NOTE: we DO want to run a build for each commit!!!
|
|
*/
|
|
@Library('corda-shared-build-pipeline-steps')
|
|
|
|
/**
|
|
* Sense environment
|
|
*/
|
|
boolean isReleaseBranch = (env.BRANCH_NAME =~ /^release\/os\/.*/)
|
|
boolean isReleaseTag = (env.TAG_NAME =~ /^release-.*(?<!_JDK11)$/)
|
|
boolean isInternalRelease = (env.TAG_NAME =~ /^internal-release-.*$/)
|
|
boolean isReleaseCandidate = (env.TAG_NAME =~ /^(release-.*(RC|HC).*(?<!_JDK11))$/)
|
|
boolean isReleasePatch = (env.TAG_NAME =~ /^release.*([1-9]\d*|0)(\.([1-9]\d*|0)){2}$/)
|
|
|
|
/*
|
|
** calculate the stage for NexusIQ evaluation
|
|
** * build for snapshots
|
|
** * stage-release: for release candidates and for health checks
|
|
** * release: for GA release
|
|
*/
|
|
def nexusDefaultIqStage = "build"
|
|
if (isReleaseTag) {
|
|
switch (env.TAG_NAME) {
|
|
case ~/.*-RC\d+(-.*)?/: nexusDefaultIqStage = "stage-release"; break;
|
|
case ~/.*-HC\d+(-.*)?/: nexusDefaultIqStage = "stage-release"; break;
|
|
default: nexusDefaultIqStage = "release"
|
|
}
|
|
}
|
|
|
|
/**
|
|
* make sure calculated default value of NexusIQ stage is first in the list
|
|
* thus making it default for the `choice` parameter
|
|
*/
|
|
def nexusIqStageChoices = [nexusDefaultIqStage].plus(
|
|
[
|
|
'develop',
|
|
'build',
|
|
'stage-release',
|
|
'release',
|
|
'operate'
|
|
].minus([nexusDefaultIqStage]))
|
|
|
|
/**
|
|
* Common Gradle arguments for all Gradle executions
|
|
*/
|
|
String COMMON_GRADLE_PARAMS = [
|
|
'--no-daemon',
|
|
'--stacktrace',
|
|
'--info',
|
|
'-Pcompilation.warningsAsErrors=false',
|
|
'-Ptests.failFast=true',
|
|
].join(' ')
|
|
|
|
pipeline {
|
|
agent { label 'standard' }
|
|
|
|
/*
|
|
* List options in alphabetical order
|
|
*/
|
|
options {
|
|
buildDiscarder(logRotator(daysToKeepStr: '14', artifactDaysToKeepStr: '14'))
|
|
parallelsAlwaysFailFast()
|
|
timeout(time: 6, unit: 'HOURS')
|
|
timestamps()
|
|
}
|
|
|
|
parameters {
|
|
choice choices: nexusIqStageChoices, description: 'NexusIQ stage for code evaluation', name: 'nexusIqStage'
|
|
booleanParam defaultValue: true, description: 'Run tests during this build?', name: 'DO_TEST'
|
|
}
|
|
|
|
/*
|
|
* List environment variables in alphabetical order
|
|
*/
|
|
environment {
|
|
ARTIFACTORY_BUILD_NAME = "Corda :: Publish :: Publish Release to Artifactory :: ${env.BRANCH_NAME}"
|
|
ARTIFACTORY_CREDENTIALS = credentials('artifactory-credentials')
|
|
CORDA_ARTIFACTORY_PASSWORD = "${env.ARTIFACTORY_CREDENTIALS_PSW}"
|
|
CORDA_ARTIFACTORY_USERNAME = "${env.ARTIFACTORY_CREDENTIALS_USR}"
|
|
DOCKER_URL = "https://index.docker.io/v1/"
|
|
EMAIL_RECIPIENTS = credentials('corda4-email-recipient')
|
|
SNYK_API_KEY = "c4-os-snyk"
|
|
}
|
|
|
|
stages {
|
|
stage('Compile') {
|
|
steps {
|
|
sh script: [
|
|
'./gradlew',
|
|
COMMON_GRADLE_PARAMS,
|
|
'clean',
|
|
'jar'
|
|
].join(' ')
|
|
}
|
|
}
|
|
|
|
stage('Stash') {
|
|
when {
|
|
expression { params.DO_TEST }
|
|
}
|
|
steps {
|
|
stash name: 'compiled', useDefaultExcludes: false
|
|
}
|
|
}
|
|
stage('Sonatype Check') {
|
|
steps {
|
|
script {
|
|
sh "./gradlew --no-daemon properties | grep -E '^(version|group):' >version-properties"
|
|
/* every build related to Corda X.Y (GA, RC, HC, patch or snapshot) uses the same NexusIQ application */
|
|
def version = sh (returnStdout: true, script: "grep ^version: version-properties | sed -e 's/^version: \\([0-9]\\+\\(\\.[0-9]\\+\\)\\+\\).*\$/\\1/'").trim()
|
|
def groupId = sh (returnStdout: true, script: "grep ^group: version-properties | sed -e 's/^group: //'").trim()
|
|
def artifactId = 'corda'
|
|
nexusAppId = "${groupId}-${artifactId}-${version}"
|
|
}
|
|
nexusPolicyEvaluation (
|
|
failBuildOnNetworkError: false,
|
|
iqApplication: selectedApplication(nexusAppId), // application *has* to exist before a build starts!
|
|
iqScanPatterns: [[scanPattern: 'node/capsule/build/libs/corda*.jar']],
|
|
iqStage: params.nexusIqStage
|
|
)
|
|
}
|
|
}
|
|
stage('Generate Wiki Report') {
|
|
when {
|
|
expression { isReleaseTag && !isInternalRelease && !isReleaseCandidate }
|
|
beforeAgent true
|
|
}
|
|
agent {
|
|
docker {
|
|
image 'nexusiq-sonatype-cli:latest'
|
|
reuseNode true
|
|
registryUrl 'https://engineering-docker.software.r3.com/'
|
|
registryCredentialsId 'artifactory-credentials'
|
|
}
|
|
}
|
|
options {
|
|
retry(3)
|
|
}
|
|
environment {
|
|
NEXUS_APP_ID="${nexusAppId}"
|
|
NEXUS_APP_STAGE="${params.nexusIqStage}"
|
|
NEXUSIQ_CREDENTIALS = credentials('jenkins-nexusiq-credentials')
|
|
}
|
|
steps {
|
|
sh '''\
|
|
rm -f wiki-report.md
|
|
env NEXUSIQ_USERNAME="${NEXUSIQ_CREDENTIALS_USR}" \
|
|
NEXUSIQ_PASSWORD="${NEXUSIQ_CREDENTIALS_PSW}" \
|
|
/opt/app/wrapper wiki-report \
|
|
--app "${NEXUS_APP_ID}" \
|
|
--stage "${NEXUS_APP_STAGE}" >wiki-report.md
|
|
'''.stripIndent()
|
|
archiveArtifacts 'wiki-report.md'
|
|
}
|
|
}
|
|
stage('Generate Licence Report') {
|
|
when {
|
|
expression { isReleaseTag && !isInternalRelease && !isReleaseCandidate }
|
|
beforeAgent true
|
|
}
|
|
agent {
|
|
docker {
|
|
image 'nexusiq-licence-report:latest'
|
|
reuseNode true
|
|
registryUrl 'https://engineering-docker.software.r3.com/'
|
|
registryCredentialsId 'artifactory-credentials'
|
|
}
|
|
}
|
|
options {
|
|
retry(3)
|
|
}
|
|
environment {
|
|
NEXUS_APP_ID="${nexusAppId}"
|
|
NEXUS_APP_STAGE="${params.nexusIqStage}"
|
|
NEXUSIQ_CREDENTIALS = credentials('jenkins-nexusiq-credentials')
|
|
}
|
|
steps {
|
|
sh '''\
|
|
rm -rf report
|
|
env NEXUSIQ_USERNAME="${NEXUSIQ_CREDENTIALS_USR}" \
|
|
NEXUSIQ_PASSWORD="${NEXUSIQ_CREDENTIALS_PSW}" \
|
|
/opt/app/wrapper --write --outdir report \
|
|
--force \
|
|
--app "${NEXUS_APP_ID}" \
|
|
--stage "${NEXUS_APP_STAGE}"
|
|
'''.stripIndent()
|
|
archiveArtifacts 'report/*.md'
|
|
}
|
|
}
|
|
|
|
stage('Snyk Security') {
|
|
when {
|
|
expression { isReleaseTag || isReleaseCandidate || isReleaseBranch }
|
|
}
|
|
steps {
|
|
script {
|
|
// Invoke Snyk for each Gradle sub project we wish to scan
|
|
def modulesToScan = ['node', 'capsule', 'bridge', 'bridgecapsule']
|
|
modulesToScan.each { module ->
|
|
snykSecurityScan("${env.SNYK_API_KEY}", "--sub-project=$module --configuration-matching='^runtimeClasspath\$' --prune-repeated-subdependencies --debug --target-reference='${env.BRANCH_NAME}' --project-tags=Branch='${env.BRANCH_NAME.replaceAll("[^0-9|a-z|A-Z]+","_")}'")
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
stage('All Tests') {
|
|
when {
|
|
expression { params.DO_TEST }
|
|
beforeAgent true
|
|
}
|
|
parallel {
|
|
stage('Another agent') {
|
|
agent {
|
|
label 'standard'
|
|
}
|
|
options {
|
|
skipDefaultCheckout true
|
|
}
|
|
post {
|
|
always {
|
|
archiveArtifacts artifacts: '**/*.log', fingerprint: false
|
|
junit testResults: '**/build/test-results/**/*.xml', keepLongStdio: true
|
|
/*
|
|
* Copy all JUnit results files into a single top level directory.
|
|
* This is necessary to stop the allure plugin from hitting out
|
|
* of memory errors due to being passed many directories with
|
|
* long paths.
|
|
*
|
|
* File names are pre-pended with a prefix when
|
|
* copied to avoid collisions between files where the same test
|
|
* classes have run on multiple agents.
|
|
*/
|
|
fileOperations([fileCopyOperation(
|
|
includes: '**/build/test-results/**/*.xml',
|
|
targetLocation: 'allure-input',
|
|
flattenFiles: true,
|
|
renameFiles: true,
|
|
sourceCaptureExpression: '.*/([^/]+)$',
|
|
targetNameExpression: 'other-agent-$1')])
|
|
stash name: 'allure-input', includes: 'allure-input/**', useDefaultExcludes: false
|
|
}
|
|
cleanup {
|
|
deleteDir() /* clean up our workspace */
|
|
}
|
|
}
|
|
stages {
|
|
stage('Unstash') {
|
|
steps {
|
|
unstash 'compiled'
|
|
}
|
|
}
|
|
stage('Recompile') {
|
|
steps {
|
|
sh script: [
|
|
'./gradlew',
|
|
COMMON_GRADLE_PARAMS,
|
|
'jar'
|
|
].join(' ')
|
|
}
|
|
}
|
|
stage('Unit Test') {
|
|
steps {
|
|
sh script: [
|
|
'./gradlew',
|
|
COMMON_GRADLE_PARAMS,
|
|
'test'
|
|
].join(' ')
|
|
}
|
|
}
|
|
stage('Smoke Test') {
|
|
steps {
|
|
sh script: [
|
|
'./gradlew',
|
|
COMMON_GRADLE_PARAMS,
|
|
'smokeTest'
|
|
].join(' ')
|
|
}
|
|
}
|
|
stage('Slow Integration Test') {
|
|
steps {
|
|
sh script: [
|
|
'./gradlew',
|
|
COMMON_GRADLE_PARAMS,
|
|
'slowIntegrationTest'
|
|
].join(' ')
|
|
}
|
|
}
|
|
}
|
|
}
|
|
stage('Same agent') {
|
|
post {
|
|
always {
|
|
archiveArtifacts artifacts: '**/*.log', fingerprint: false
|
|
junit testResults: '**/build/test-results/**/*.xml', keepLongStdio: true
|
|
/*
|
|
* Copy all JUnit results files into a single top level directory.
|
|
* This is necessary to stop the allure plugin from hitting out
|
|
* of memory errors due to being passed many directories with
|
|
* long paths.
|
|
*
|
|
* File names are pre-pended with a prefix when
|
|
* copied to avoid collisions between files where the same test
|
|
* classes have run on multiple agents.
|
|
*/
|
|
fileOperations([fileCopyOperation(
|
|
includes: '**/build/test-results/**/*.xml',
|
|
targetLocation: 'allure-input',
|
|
flattenFiles: true,
|
|
renameFiles: true,
|
|
sourceCaptureExpression: '.*/([^/]+)$',
|
|
targetNameExpression: 'same-agent-$1')])
|
|
}
|
|
}
|
|
stages {
|
|
stage('Integration Test') {
|
|
steps {
|
|
sh script: [
|
|
'./gradlew',
|
|
COMMON_GRADLE_PARAMS,
|
|
'integrationTest'
|
|
].join(' ')
|
|
}
|
|
}
|
|
|
|
stage('Deploy Node') {
|
|
steps {
|
|
sh script: [
|
|
'./gradlew',
|
|
COMMON_GRADLE_PARAMS,
|
|
'deployNode'
|
|
].join(' ')
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
stage('Publish to Artifactory') {
|
|
when {
|
|
expression { isReleaseTag }
|
|
}
|
|
steps {
|
|
rtServer(
|
|
id: 'R3-Artifactory',
|
|
url: 'https://software.r3.com/artifactory',
|
|
credentialsId: 'artifactory-credentials'
|
|
)
|
|
rtGradleDeployer(
|
|
id: 'deployer',
|
|
serverId: 'R3-Artifactory',
|
|
repo: 'corda-releases'
|
|
)
|
|
rtGradleRun(
|
|
usesPlugin: true,
|
|
useWrapper: true,
|
|
switches: '-s --info',
|
|
tasks: 'artifactoryPublish',
|
|
deployerId: 'deployer',
|
|
buildName: env.ARTIFACTORY_BUILD_NAME
|
|
)
|
|
rtPublishBuildInfo(
|
|
serverId: 'R3-Artifactory',
|
|
buildName: env.ARTIFACTORY_BUILD_NAME
|
|
)
|
|
}
|
|
}
|
|
|
|
stage('Publish Release to Docker Hub') {
|
|
when {
|
|
expression { isReleaseTag && !isInternalRelease && !isReleaseCandidate && !isReleasePatch}
|
|
}
|
|
steps {
|
|
withCredentials([
|
|
usernamePassword(credentialsId: 'corda-publisher-docker-hub-credentials',
|
|
usernameVariable: 'DOCKER_USERNAME',
|
|
passwordVariable: 'DOCKER_PASSWORD')
|
|
]) {
|
|
sh script: [
|
|
'./gradlew',
|
|
COMMON_GRADLE_PARAMS,
|
|
'pushOfficialImages'
|
|
].join(' ')
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
post {
|
|
always {
|
|
script {
|
|
try {
|
|
if (params.DO_TEST) {
|
|
unstash 'allure-input'
|
|
allure includeProperties: false,
|
|
jdk: '',
|
|
results: [[path: '**/allure-input']]
|
|
}
|
|
} catch (err) {
|
|
echo("Allure report generation failed: $err")
|
|
|
|
if (currentBuild.resultIsBetterOrEqualTo('SUCCESS')) {
|
|
currentBuild.result = 'UNSTABLE'
|
|
}
|
|
}
|
|
}
|
|
|
|
script
|
|
{
|
|
if (!isReleaseTag) {
|
|
// We want to send a summary email, but want to limit to once per day.
|
|
// Comparing the dates of the previous and current builds achieves this,
|
|
// i.e. we will only send an email for the first build on a given day.
|
|
def prevBuildDate = new Date(
|
|
currentBuild.previousBuild?.timeInMillis ?: 0).clearTime()
|
|
def currentBuildDate = new Date(
|
|
currentBuild.timeInMillis).clearTime()
|
|
|
|
if (prevBuildDate != currentBuildDate) {
|
|
def statusSymbol = '\u2753'
|
|
switch(currentBuild.result) {
|
|
case 'SUCCESS':
|
|
statusSymbol = '\u2705'
|
|
break;
|
|
case 'UNSTABLE':
|
|
statusSymbol = '\u26A0'
|
|
break;
|
|
case 'FAILURE':
|
|
statusSymbol = '\u274c'
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
|
|
echo('First build for this date, sending summary email')
|
|
emailext to: '$DEFAULT_RECIPIENTS',
|
|
subject: "$statusSymbol" + '$BRANCH_NAME regression tests - $BUILD_STATUS',
|
|
mimeType: 'text/html',
|
|
body: '${SCRIPT, template="groovy-html.template"}'
|
|
} else {
|
|
echo('Already sent summary email today, suppressing')
|
|
}
|
|
}
|
|
}
|
|
}
|
|
success {
|
|
script {
|
|
sendSlackNotifications("good", "BUILD PASSED", false, "#corda-corda4-open-source-build-notifications")
|
|
if (isReleaseTag || isReleaseCandidate || isReleaseBranch) {
|
|
snykSecurityScan.generateHtmlElements()
|
|
}
|
|
}
|
|
}
|
|
unstable {
|
|
script {
|
|
sendSlackNotifications("warning", "BUILD UNSTABLE - Unstable Builds are likely a result of Nexus Sonar Scanner violations", false, "#corda-corda4-open-source-build-notifications")
|
|
if (isReleaseTag || isReleaseCandidate || isReleaseBranch) {
|
|
snykSecurityScan.generateHtmlElements()
|
|
}
|
|
}
|
|
}
|
|
failure {
|
|
script {
|
|
sendSlackNotifications("danger", "BUILD FAILURE", true, "#corda-corda4-open-source-build-notifications")
|
|
if (isReleaseTag || isReleaseBranch || isReleaseCandidate) {
|
|
sendEmailNotifications("${env.EMAIL_RECIPIENTS}")
|
|
}
|
|
}
|
|
}
|
|
cleanup {
|
|
deleteDir() /* clean up our workspace */
|
|
}
|
|
}
|
|
}
|