corda/.ci/dev/regression/Jenkinsfile
2022-07-26 18:15:01 +01:00

495 lines
20 KiB
Groovy

#!groovy
/**
* Jenkins pipeline to build Corda OS release branches and tags.
* PLEASE NOTE: we DO want to run a build for each commit!!!
*/
@Library('corda-shared-build-pipeline-steps')
/**
* Sense environment
*/
boolean isReleaseBranch = (env.BRANCH_NAME =~ /^release\/os\/.*/)
boolean isReleaseTag = (env.TAG_NAME =~ /^release-.*(?<!_JDK11)$/)
boolean isInternalRelease = (env.TAG_NAME =~ /^internal-release-.*$/)
boolean isReleaseCandidate = (env.TAG_NAME =~ /^(release-.*(RC|HC).*(?<!_JDK11))$/)
boolean isReleasePatch = (env.TAG_NAME =~ /^release.*([1-9]\d*|0)(\.([1-9]\d*|0)){2}$/)
/*
** calculate the stage for NexusIQ evaluation
** * build for snapshots
** * stage-release: for release candidates and for health checks
** * release: for GA release
*/
def nexusDefaultIqStage = "build"
if (isReleaseTag) {
switch (env.TAG_NAME) {
case ~/.*-RC\d+(-.*)?/: nexusDefaultIqStage = "stage-release"; break;
case ~/.*-HC\d+(-.*)?/: nexusDefaultIqStage = "stage-release"; break;
default: nexusDefaultIqStage = "release"
}
}
/**
* make sure calculated default value of NexusIQ stage is first in the list
* thus making it default for the `choice` parameter
*/
def nexusIqStageChoices = [nexusDefaultIqStage].plus(
[
'develop',
'build',
'stage-release',
'release',
'operate'
].minus([nexusDefaultIqStage]))
/**
* Common Gradle arguments for all Gradle executions
*/
String COMMON_GRADLE_PARAMS = [
'--no-daemon',
'--stacktrace',
'--info',
'-Pcompilation.warningsAsErrors=false',
'-Ptests.failFast=true',
].join(' ')
pipeline {
agent { label 'standard' }
/*
* List options in alphabetical order
*/
options {
buildDiscarder(logRotator(daysToKeepStr: '14', artifactDaysToKeepStr: '14'))
parallelsAlwaysFailFast()
timeout(time: 6, unit: 'HOURS')
timestamps()
}
parameters {
choice choices: nexusIqStageChoices, description: 'NexusIQ stage for code evaluation', name: 'nexusIqStage'
booleanParam defaultValue: true, description: 'Run tests during this build?', name: 'DO_TEST'
}
/*
* List environment variables in alphabetical order
*/
environment {
ARTIFACTORY_BUILD_NAME = "Corda :: Publish :: Publish Release to Artifactory :: ${env.BRANCH_NAME}"
ARTIFACTORY_CREDENTIALS = credentials('artifactory-credentials')
CORDA_ARTIFACTORY_PASSWORD = "${env.ARTIFACTORY_CREDENTIALS_PSW}"
CORDA_ARTIFACTORY_USERNAME = "${env.ARTIFACTORY_CREDENTIALS_USR}"
DOCKER_URL = "https://index.docker.io/v1/"
EMAIL_RECIPIENTS = credentials('corda4-email-recipient')
SNYK_API_KEY = "c4-os-snyk"
}
stages {
stage('Compile') {
steps {
sh script: [
'./gradlew',
COMMON_GRADLE_PARAMS,
'clean',
'jar'
].join(' ')
}
}
stage('Stash') {
when {
expression { params.DO_TEST }
}
steps {
stash name: 'compiled', useDefaultExcludes: false
}
}
stage('Sonatype Check') {
steps {
script {
sh "./gradlew --no-daemon properties | grep -E '^(version|group):' >version-properties"
/* every build related to Corda X.Y (GA, RC, HC, patch or snapshot) uses the same NexusIQ application */
def version = sh (returnStdout: true, script: "grep ^version: version-properties | sed -e 's/^version: \\([0-9]\\+\\(\\.[0-9]\\+\\)\\+\\).*\$/\\1/'").trim()
def groupId = sh (returnStdout: true, script: "grep ^group: version-properties | sed -e 's/^group: //'").trim()
def artifactId = 'corda'
nexusAppId = "${groupId}-${artifactId}-${version}"
}
nexusPolicyEvaluation (
failBuildOnNetworkError: false,
iqApplication: selectedApplication(nexusAppId), // application *has* to exist before a build starts!
iqScanPatterns: [[scanPattern: 'node/capsule/build/libs/corda*.jar']],
iqStage: params.nexusIqStage
)
}
}
stage('Generate Wiki Report') {
when {
expression { isReleaseTag && !isInternalRelease && !isReleaseCandidate }
beforeAgent true
}
agent {
docker {
image 'nexusiq-sonatype-cli:latest'
reuseNode true
registryUrl 'https://engineering-docker.software.r3.com/'
registryCredentialsId 'artifactory-credentials'
}
}
options {
retry(3)
}
environment {
NEXUS_APP_ID="${nexusAppId}"
NEXUS_APP_STAGE="${params.nexusIqStage}"
NEXUSIQ_CREDENTIALS = credentials('jenkins-nexusiq-credentials')
}
steps {
sh '''\
rm -f wiki-report.md
env NEXUSIQ_USERNAME="${NEXUSIQ_CREDENTIALS_USR}" \
NEXUSIQ_PASSWORD="${NEXUSIQ_CREDENTIALS_PSW}" \
/opt/app/wrapper wiki-report \
--app "${NEXUS_APP_ID}" \
--stage "${NEXUS_APP_STAGE}" >wiki-report.md
'''.stripIndent()
archiveArtifacts 'wiki-report.md'
}
}
stage('Generate Licence Report') {
when {
expression { isReleaseTag && !isInternalRelease && !isReleaseCandidate }
beforeAgent true
}
agent {
docker {
image 'nexusiq-licence-report:latest'
reuseNode true
registryUrl 'https://engineering-docker.software.r3.com/'
registryCredentialsId 'artifactory-credentials'
}
}
options {
retry(3)
}
environment {
NEXUS_APP_ID="${nexusAppId}"
NEXUS_APP_STAGE="${params.nexusIqStage}"
NEXUSIQ_CREDENTIALS = credentials('jenkins-nexusiq-credentials')
}
steps {
sh '''\
rm -rf report
env NEXUSIQ_USERNAME="${NEXUSIQ_CREDENTIALS_USR}" \
NEXUSIQ_PASSWORD="${NEXUSIQ_CREDENTIALS_PSW}" \
/opt/app/wrapper --write --outdir report \
--force \
--app "${NEXUS_APP_ID}" \
--stage "${NEXUS_APP_STAGE}"
'''.stripIndent()
archiveArtifacts 'report/*.md'
}
}
stage('Snyk Security') {
when {
expression { isReleaseTag || isReleaseCandidate || isReleaseBranch }
}
steps {
snykSecurityScan("${env.SNYK_API_KEY}", "--all-sub-projects --prune-repeated-subdependencies --debug --target-reference='${env.BRANCH_NAME}' --project-tags=Branch='${env.BRANCH_NAME.replaceAll("[^0-9|a-z|A-Z]+","_")}'")
}
}
stage('All Tests') {
when {
expression { params.DO_TEST }
beforeAgent true
}
parallel {
stage('Another agent') {
agent {
label 'standard'
}
options {
skipDefaultCheckout true
}
post {
always {
archiveArtifacts artifacts: '**/*.log', fingerprint: false
junit testResults: '**/build/test-results/**/*.xml', keepLongStdio: true
/*
* Copy all JUnit results files into a single top level directory.
* This is necessary to stop the allure plugin from hitting out
* of memory errors due to being passed many directories with
* long paths.
*
* File names are pre-pended with a prefix when
* copied to avoid collisions between files where the same test
* classes have run on multiple agents.
*/
fileOperations([fileCopyOperation(
includes: '**/build/test-results/**/*.xml',
targetLocation: 'allure-input',
flattenFiles: true,
renameFiles: true,
sourceCaptureExpression: '.*/([^/]+)$',
targetNameExpression: 'other-agent-$1')])
stash name: 'allure-input', includes: 'allure-input/**', useDefaultExcludes: false
}
cleanup {
deleteDir() /* clean up our workspace */
}
}
stages {
stage('Unstash') {
steps {
unstash 'compiled'
}
}
stage('Recompile') {
steps {
sh script: [
'./gradlew',
COMMON_GRADLE_PARAMS,
'jar'
].join(' ')
}
}
stage('Unit Test') {
steps {
sh script: [
'./gradlew',
COMMON_GRADLE_PARAMS,
'test'
].join(' ')
}
}
stage('Smoke Test') {
steps {
sh script: [
'./gradlew',
COMMON_GRADLE_PARAMS,
'smokeTest'
].join(' ')
}
}
stage('Slow Integration Test') {
steps {
sh script: [
'./gradlew',
COMMON_GRADLE_PARAMS,
'slowIntegrationTest'
].join(' ')
}
}
}
}
stage('Same agent') {
post {
always {
archiveArtifacts artifacts: '**/*.log', fingerprint: false
junit testResults: '**/build/test-results/**/*.xml', keepLongStdio: true
/*
* Copy all JUnit results files into a single top level directory.
* This is necessary to stop the allure plugin from hitting out
* of memory errors due to being passed many directories with
* long paths.
*
* File names are pre-pended with a prefix when
* copied to avoid collisions between files where the same test
* classes have run on multiple agents.
*/
fileOperations([fileCopyOperation(
includes: '**/build/test-results/**/*.xml',
targetLocation: 'allure-input',
flattenFiles: true,
renameFiles: true,
sourceCaptureExpression: '.*/([^/]+)$',
targetNameExpression: 'same-agent-$1')])
}
}
stages {
stage('Integration Test') {
steps {
sh script: [
'./gradlew',
COMMON_GRADLE_PARAMS,
'integrationTest'
].join(' ')
}
}
stage('Deploy Node') {
steps {
sh script: [
'./gradlew',
COMMON_GRADLE_PARAMS,
'deployNode'
].join(' ')
}
}
}
}
}
}
stage('Publish to Artifactory') {
when {
expression { isReleaseTag }
}
steps {
rtServer(
id: 'R3-Artifactory',
url: 'https://software.r3.com/artifactory',
credentialsId: 'artifactory-credentials'
)
rtGradleDeployer(
id: 'deployer',
serverId: 'R3-Artifactory',
repo: 'corda-releases'
)
rtGradleRun(
usesPlugin: true,
useWrapper: true,
switches: '-s --info',
tasks: 'artifactoryPublish',
deployerId: 'deployer',
buildName: env.ARTIFACTORY_BUILD_NAME
)
rtPublishBuildInfo(
serverId: 'R3-Artifactory',
buildName: env.ARTIFACTORY_BUILD_NAME
)
}
}
stage('Publish Release Candidate to Internal Repository') {
when {
expression { isReleaseCandidate }
}
steps {
withCredentials([
usernamePassword(credentialsId: 'docker-image-pusher-os',
usernameVariable: 'DOCKER_USERNAME',
passwordVariable: 'DOCKER_PASSWORD')
]) {
sh script: [
'./gradlew',
COMMON_GRADLE_PARAMS,
'-Pdocker.image.repository=entdocker.software.r3.com/corda',
'docker:pushDockerImage',
'--image OFFICIAL',
'--registry-url=entdocker.software.r3.com'
].join(' ')
}
}
}
stage('Publish Release to Docker Hub') {
when {
expression { isReleaseTag && !isInternalRelease && !isReleaseCandidate && !isReleasePatch}
}
steps {
withCredentials([
usernamePassword(credentialsId: 'corda-publisher-docker-hub-credentials',
usernameVariable: 'DOCKER_USERNAME',
passwordVariable: 'DOCKER_PASSWORD')
]) {
sh script: [
'./gradlew',
COMMON_GRADLE_PARAMS,
'docker:pushDockerImage',
'-Pdocker.image.repository=corda/corda',
'--image OFFICIAL'
].join(' ')
}
}
}
}
post {
always {
script {
try {
if (params.DO_TEST) {
unstash 'allure-input'
allure includeProperties: false,
jdk: '',
results: [[path: '**/allure-input']]
}
} catch (err) {
echo("Allure report generation failed: $err")
if (currentBuild.resultIsBetterOrEqualTo('SUCCESS')) {
currentBuild.result = 'UNSTABLE'
}
}
}
script
{
if (!isReleaseTag) {
// We want to send a summary email, but want to limit to once per day.
// Comparing the dates of the previous and current builds achieves this,
// i.e. we will only send an email for the first build on a given day.
def prevBuildDate = new Date(
currentBuild.previousBuild?.timeInMillis ?: 0).clearTime()
def currentBuildDate = new Date(
currentBuild.timeInMillis).clearTime()
if (prevBuildDate != currentBuildDate) {
def statusSymbol = '\u2753'
switch(currentBuild.result) {
case 'SUCCESS':
statusSymbol = '\u2705'
break;
case 'UNSTABLE':
statusSymbol = '\u26A0'
break;
case 'FAILURE':
statusSymbol = '\u274c'
break;
default:
break;
}
echo('First build for this date, sending summary email')
emailext to: '$DEFAULT_RECIPIENTS',
subject: "$statusSymbol" + '$BRANCH_NAME regression tests - $BUILD_STATUS',
mimeType: 'text/html',
body: '${SCRIPT, template="groovy-html.template"}'
} else {
echo('Already sent summary email today, suppressing')
}
}
}
}
success {
script {
sendSlackNotifications("good", "BUILD PASSED", false, "#corda-corda4-open-source-build-notifications")
if (isReleaseTag || isReleaseCandidate || isReleaseBranch) {
snykSecurityScan.generateHtmlElements()
}
}
}
unstable {
script {
sendSlackNotifications("warning", "BUILD UNSTABLE - Unstable Builds are likely a result of Nexus Sonar Scanner violations", false, "#corda-corda4-open-source-build-notifications")
if (isReleaseTag || isReleaseCandidate || isReleaseBranch) {
snykSecurityScan.generateHtmlElements()
}
}
}
failure {
script {
sendSlackNotifications("danger", "BUILD FAILURE", true, "#corda-corda4-open-source-build-notifications")
if (isReleaseTag || isReleaseBranch || isReleaseCandidate) {
sendEmailNotifications("${env.EMAIL_RECIPIENTS}")
}
}
}
cleanup {
deleteDir() /* clean up our workspace */
}
}
}