-
Notifications
You must be signed in to change notification settings - Fork 52
/
Copy path.cirrus.yml
245 lines (229 loc) · 8.66 KB
/
.cirrus.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
env:
CIRRUS_CLONE_DEPTH: "50"
CIRRUS_SHELL: bash
ARTIFACTORY_URL: VAULT[development/kv/data/repox data.url]
ARTIFACTORY_PRIVATE_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader
ARTIFACTORY_PRIVATE_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
ARTIFACTORY_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
auto_cancellation: $CIRRUS_BRANCH != $CIRRUS_DEFAULT_BRANCH
only_if_with_nightly: &ONLY_IF
skip: "changesIncludeOnly('docs/**/*', 'spec/**/*', 'README.md')"
only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == ""
&& ($CIRRUS_PR != "" || $CIRRUS_BRANCH == $CIRRUS_DEFAULT_BRANCH || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BRANCH =~ "dogfood-on-.*")
only_if_except_nightly: &ONLY_IF_EXCEPT_NIGHTLY
skip: "changesIncludeOnly('docs/**/*', 'spec/**/*', 'README.md')"
only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && $CIRRUS_BUILD_SOURCE != "cron"
&& ($CIRRUS_PR != "" || $CIRRUS_BRANCH == $CIRRUS_DEFAULT_BRANCH || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BRANCH =~ "dogfood-on-.*")
only_main_branches: &ONLY_MAIN_BRANCHES
skip: "changesIncludeOnly('docs/**/*', 'spec/**/*', 'README.md')"
only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_BRANCH == $CIRRUS_DEFAULT_BRANCH || $CIRRUS_BRANCH =~ "branch-.*")
orchestrator_monthly_cache_template: &ORCHESTRATOR_MONTHLY_CACHE_TEMPLATE
env:
JDK_VERSION: "17"
set_orchestrator_home_script: |
export THIS_MONTH=$(date '+%Y-%m')
echo "THIS_MONTH=${THIS_MONTH}" >> $CIRRUS_ENV
echo "ORCHESTRATOR_HOME=${CIRRUS_WORKING_DIR}/orchestrator/${THIS_MONTH}" >> $CIRRUS_ENV
mkdir_orchestrator_home_script: |
echo "Create dir ${ORCHESTRATOR_HOME} if needed"
mkdir -p ${ORCHESTRATOR_HOME}
orchestrator_cache:
folder: ${ORCHESTRATOR_HOME}
fingerprint_script: echo ${THIS_MONTH}
maven_cache_definition: &MAVEN_CACHE_DEFINITION
maven_cache:
folder: ${CIRRUS_WORKING_DIR}/.m2/repository
fingerprint_script:
- find . -name pom.xml -not -path './its/*' -exec cat {} \+
container_definition: &CONTAINER_DEFINITION
dockerfile: .cirrus/Dockerfile
docker_arguments:
CIRRUS_AWS_ACCOUNT: ${CIRRUS_AWS_ACCOUNT}
JDK_VERSION: ${JDK_VERSION}
region: eu-central-1
cluster_name: ${CIRRUS_CLUSTER_NAME}
builder_role: cirrus-builder
builder_image: docker-builder-v*
builder_instance_type: t3.xlarge
namespace: default
cpu: 4
memory: 6G
ec2_instance_definition: &WINVM_DEFINITION
experimental: true
image: base-windows-jdk17-v*
platform: windows
region: eu-central-1
type: c5.4xlarge
build_task:
# Build and Stage to repox
<<: *ONLY_IF
env:
JDK_VERSION: "17"
DEPLOY_PULL_REQUEST: "true"
ARTIFACTORY_DEPLOY_REPO: sonarsource-public-qa
ARTIFACTORY_DEPLOY_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer
ARTIFACTORY_DEPLOY_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer access_token]
SIGN_KEY: VAULT[development/kv/data/sign data.key]
PGP_PASSPHRASE: VAULT[development/kv/data/sign data.passphrase]
SONAR_HOST_URL: "not_used_but_needed_by_regular_mvn_build_deploy_analyze"
SONAR_TOKEN: "not_used_but_needed_by_regular_mvn_build_deploy_analyze"
eks_container:
<<: *CONTAINER_DEFINITION
memory: 2G
<<: *MAVEN_CACHE_DEFINITION
build_script:
- source cirrus-env BUILD
- regular_mvn_build_deploy_analyze -P dist-no-arch,dist-windows_x64,dist-linux_x64,dist-linux_aarch64,dist-macosx_x64,dist-macosx_aarch64 -Dmaven.test.skip=true -Dsonar.skip=true
cache_script:
- mvn -B -e -V -Pits dependency:go-offline # populate cache including ITs deps too
cleanup_before_cache_script: cleanup_maven_repository
test_linux_task:
# Run unit tests on Linux with Java 17 and SonarQube analysis on Next
depends_on:
- build
<<: *ONLY_IF_EXCEPT_NIGHTLY
eks_container:
<<: *CONTAINER_DEFINITION
env:
JDK_VERSION: "17"
DEPLOY_PULL_REQUEST: "false"
SONAR_HOST_URL: VAULT[development/kv/data/next data.url]
SONAR_TOKEN: VAULT[development/kv/data/next data.token]
<<: *MAVEN_CACHE_DEFINITION
script:
- source cirrus-env QA
- PULL_REQUEST_SHA=$GIT_SHA1 regular_mvn_build_deploy_analyze -P-deploy-sonarsource,-release,-sign -Dcommercial -Dmaven.install.skip=true -Dmaven.deploy.skip=true -Dsonar.coverage.jacoco.xmlReportPaths=$CIRRUS_WORKING_DIR/report-aggregate/target/site/jacoco-aggregate/jacoco.xml
cleanup_before_cache_script: cleanup_maven_repository
on_failure:
junit_artifacts:
path: '**/target/surefire-reports/TEST-*.xml'
format: junit
test_windows_task:
# Run UTs on Windows (Java 17)
depends_on:
- build
<<: *ONLY_IF_EXCEPT_NIGHTLY
ec2_instance:
<<: *WINVM_DEFINITION
env:
MAVEN_OPTS: '-Xmx4G'
maven_cache:
folder: ${CIRRUS_WORKING_DIR}/.m2/repository
script:
- source cirrus-env QA
- source set_maven_build_version $BUILD_NUMBER
- mvn -B -e -V verify -Dcommercial -Dmaven.test.redirectTestOutputToFile=false
cleanup_before_cache_script: cleanup_maven_repository
on_failure:
junit_artifacts:
path: '**/target/surefire-reports/TEST-*.xml'
format: junit
inspect_orchestrator_cache_task:
<<: *ONLY_IF_EXCEPT_NIGHTLY
depends_on: build
eks_container:
<<: *CONTAINER_DEFINITION
cpu: 1
memory: 2G
<<: *ORCHESTRATOR_MONTHLY_CACHE_TEMPLATE
inspect_cache_script: |
echo "Inspecting cache ${ORCHESTRATOR_HOME}..."
cd "${ORCHESTRATOR_HOME}"
ls -l
find .
echo "Inspecting cache done."
mend_scan_task:
# Run Mend analysis
depends_on:
- build
<<: *ONLY_MAIN_BRANCHES
eks_container:
<<: *CONTAINER_DEFINITION
env:
WS_APIKEY: VAULT[development/kv/data/mend data.apikey]
JDK_VERSION: "11"
<<: *MAVEN_CACHE_DEFINITION
whitesource_script:
- source cirrus-env QA
- source set_maven_build_version $BUILD_NUMBER
- mvn clean install -DskipTests
- source ws_scan.sh
cleanup_before_cache_script: cleanup_maven_repository
allow_failures: "true"
always:
ws_artifacts:
path: "whitesource/**/*"
qa_task:
# Run ITs
depends_on:
- build
<<: *ONLY_IF_EXCEPT_NIGHTLY
<<: *ORCHESTRATOR_MONTHLY_CACHE_TEMPLATE
eks_container:
<<: *CONTAINER_DEFINITION
cpu: 4
memory: 8G
env:
ARTIFACTORY_API_KEY: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
GITHUB_TOKEN: VAULT[development/github/token/licenses-ro token]
MAVEN_OPTS: '-Xmx4G'
matrix:
- env:
SQ_VERSION: "SonarCloud"
JDK_VERSION: "17"
CATEGORY: "-Dgroups=SonarCloud"
SONARCLOUD_IT_PASSWORD: VAULT[development/team/sonarlint/kv/data/sonarcloud-it data.password]
QA_CATEGORY: SonarCloud
- env:
SQ_VERSION: "DEV"
JDK_VERSION: "17"
CATEGORY: "-DexcludedGroups=SonarCloud"
QA_CATEGORY: SQDogfood
- env:
SQ_VERSION: "LATEST_RELEASE"
JDK_VERSION: "17"
CATEGORY: "-DexcludedGroups=SonarCloud"
QA_CATEGORY: SQLatest
- env:
SQ_VERSION: "LATEST_RELEASE[9.9]"
JDK_VERSION: "17"
CATEGORY: "-DexcludedGroups=SonarCloud"
QA_CATEGORY: SQLts99
<<: *MAVEN_CACHE_DEFINITION
qa_script: |
source cirrus-env QA
source set_maven_build_version $BUILD_NUMBER
if [[ ${CIRRUS_PR:-} != "" || $CIRRUS_BRANCH == $CIRRUS_DEFAULT_BRANCH || $CIRRUS_BRANCH =~ "branch-".* || $CIRRUS_BRANCH =~ "dogfood-on-".* ]]; then
mvn -f its/pom.xml -Dsonar.runtimeVersion=${SQ_VERSION} ${CATEGORY} -B -e -V verify surefire-report:report
else
mvn clean install -DskipTests
mvn -rf its -Pits -Dsonar.runtimeVersion=${SQ_VERSION} ${CATEGORY} -B -e -V verify surefire-report:report
fi
cleanup_before_cache_script:
- cleanup_maven_repository
on_failure:
junit_artifacts:
path: '**/target/surefire-reports/TEST-*.xml'
format: junit
log_artifacts:
path: "**/target/**/sonarqube*/logs/*.log"
promote_task:
# Promotion
depends_on:
- build
- test_linux
- test_windows
- mend_scan
- qa
<<: *ONLY_IF_EXCEPT_NIGHTLY
eks_container:
<<: *CONTAINER_DEFINITION
cpu: 2
memory: 4G
env:
JDK_VERSION: "11"
ARTIFACTORY_PROMOTE_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promoter access_token]
GITHUB_TOKEN: VAULT[development/github/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promotion token]
<<: *MAVEN_CACHE_DEFINITION
script: cirrus_promote_maven
cleanup_before_cache_script: cleanup_maven_repository