/
.cirrus.default.yml
323 lines (306 loc) · 12.4 KB
/
.cirrus.default.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
env:
CIRRUS_CLONE_DEPTH: "1"
CIRRUS_SHELL: bash
ARTIFACTORY_URL: VAULT[development/kv/data/repox data.url]
ARTIFACTORY_PRIVATE_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader
ARTIFACTORY_PRIVATE_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
ARTIFACTORY_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
BURGR_URL: VAULT[development/kv/data/burgr data.url]
BURGR_USERNAME: VAULT[development/kv/data/burgr data.cirrus_username]
BURGR_PASSWORD: VAULT[development/kv/data/burgr data.cirrus_password]
SONAR_HOST_URL: VAULT[development/kv/data/next data.url]
SONAR_TOKEN: VAULT[development/kv/data/next data.token]
SLACK_TOKEN: VAULT[development/kv/data/slack data.token]
CIRRUS_PIPELINE_NAME: "SLE default"
auto_cancellation: $CIRRUS_BRANCH != 'master'
only_if_with_nightly: &ONLY_IF
skip: "changesIncludeOnly('docs/*', '**/README.md')"
only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == ""
&& ($CIRRUS_PR != "" || $CIRRUS_BRANCH == $CIRRUS_DEFAULT_BRANCH || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BRANCH =~ "dogfood-on-.*")
only_if_except_nightly: &ONLY_IF_EXCEPT_NIGHTLY
skip: "changesIncludeOnly('docs/*', '**/README.md')"
only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && $CIRRUS_BUILD_SOURCE != "cron"
&& ($CIRRUS_PR != "" || $CIRRUS_BRANCH == $CIRRUS_DEFAULT_BRANCH || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BRANCH =~ "dogfood-on-.*")
only_pr_and_maintained_branches: &ONLY_PR_AND_MAINTAINED_BRANCHES
skip: "changesIncludeOnly('docs/*', '**/README.md')"
only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && $CIRRUS_BUILD_SOURCE != "cron"
&& ($CIRRUS_PR != "" || $CIRRUS_BRANCH == $CIRRUS_DEFAULT_BRANCH || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BRANCH =~ "dogfood-on-.*")
only_main_branches: &ONLY_MAIN_BRANCHES
skip: "changesIncludeOnly('docs/*', '**/README.md')"
only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_BRANCH == $CIRRUS_DEFAULT_BRANCH || $CIRRUS_BRANCH =~ "branch-.*")
eks_container: &CONTAINER_DEFINITION
image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j17-m3.9-latest
region: eu-central-1
cluster_name: ${CIRRUS_CLUSTER_NAME}
namespace: default
eks_builder_container: &BUILDER_CONTAINER_DEFINITION
<<: *CONTAINER_DEFINITION
dockerfile: .cirrus/Dockerfile
docker_arguments:
CIRRUS_AWS_ACCOUNT: ${CIRRUS_AWS_ACCOUNT}
builder_role: cirrus-builder
builder_image: docker-builder-v*
builder_instance_type: m6a.large
builder_subnet_id: ${CIRRUS_AWS_SUBNET}
maven_cache: &SETUP_MAVEN_CACHE
maven_cache:
folder: ${CIRRUS_WORKING_DIR}/.m2/repository
fingerprint_script:
- /usr/bin/find . -name pom.xml -not -path './its/*' -exec cat {} \+
- cat target-platforms/build.target target-platforms/commons.target
maven_cache_qa: &SETUP_MAVEN_CACHE_QA
maven_cache:
folder: ${CIRRUS_WORKING_DIR}/.m2/repository
fingerprint_script:
- echo $TARGET_PLATFORM
- /usr/bin/find . -name pom.xml -not -path './its/*' -exec cat {} \+
- cat target-platforms/commons.target its/target-platforms/*.target
build_task:
# name: "Build and stage to repox"
<<: *ONLY_IF
eks_container:
<<: *BUILDER_CONTAINER_DEFINITION
cpu: 4
memory: 8G
type: m6a.large
env:
ARTIFACTORY_DEPLOY_REPO: sonarsource-public-qa
ARTIFACTORY_DEPLOY_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer
ARTIFACTORY_DEPLOY_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer access_token]
SIGN_KEY: VAULT[development/kv/data/sign data.key]
PGP_PASSPHRASE: VAULT[development/kv/data/sign data.passphrase]
DEPLOY_PULL_REQUEST: true
SM_API_KEY: VAULT[development/kv/data/sign/2023-2025 data.apikey]
SM_CERT: VAULT[development/kv/data/sign/2023-2025 data.cert]
SM_CERT_FP: VAULT[development/kv/data/sign/2023-2025 data.cert_fp]
SM_CLIENT_CERT_FILE_BASE64: VAULT[development/kv/data/sign/2023-2025 data.client_cert_file_base64]
SM_CLIENT_CERT_FILE: ${CIRRUS_WORKING_DIR}/Certificate.pkcs12.p12
SM_CLIENT_CERT_PASSWORD: VAULT[development/kv/data/sign/2023-2025 data.client_cert_password]
SM_HOST: VAULT[development/kv/data/sign/2023-2025 data.host]
codesigning_file:
path: ${SM_CLIENT_CERT_FILE}.b64
variable_name: SM_CLIENT_CERT_FILE_BASE64
<<: *SETUP_MAVEN_CACHE
build_script: |
base64 --decode "${SM_CLIENT_CERT_FILE}.b64" > "${SM_CLIENT_CERT_FILE}"
source cirrus-env BUILD-PRIVATE
.cirrus/regular_mvn_build_deploy_analyze -Dmaven.test.skip=true -Dsonar.skip=true -Dcyclonedx.skip=false
site_artifacts:
paths: org.sonarlint.eclipse.site/target/org.sonarlint.eclipse.site-*.zip
type: application/zip
cleanup_before_cache_script: cleanup_maven_repository
on_failure:
slack_notification_script: |
.cirrus/slack-notification.sh
validate_task:
# name: "Run unit tests on Linux"
depends_on:
- build
<<: *ONLY_IF_EXCEPT_NIGHTLY
eks_container:
<<: *BUILDER_CONTAINER_DEFINITION
cpu: 4
memory: 8G
type: m6a.large
env:
DEPLOY_PULL_REQUEST: false
DISPLAY: :10
<<: *SETUP_MAVEN_CACHE
xvfb_background_script: |
/etc/init.d/xvfb start
qa_script: |
metacity --sm-disable --replace &
sleep 10 # give metacity some time to start
source cirrus-env QA
mvn -B -e -V verify -P-deploy-sonarsource,-release,-sign
/etc/init.d/xvfb stop
cleanup_before_cache_script: cleanup_maven_repository
on_failure:
mvn_log_artifacts:
path: "${CIRRUS_WORKING_DIR}/org.sonarlint.eclipse.core.tests/target/work/data/.metadata/.log"
xvfb_log_artifacts:
path: "${CIRRUS_WORKING_DIR}/Xvfb.out"
junit_artifacts:
path: '**/target/surefire-reports/TEST-*.xml'
format: junit
slack_notification_script: |
.cirrus/slack-notification.sh
qa_task:
# name: "Run ITs"
depends_on:
- build
<<: *ONLY_IF_EXCEPT_NIGHTLY
eks_container:
<<: *BUILDER_CONTAINER_DEFINITION
cpu: 6
memory: 12G
type: m6a.large
env:
ARTIFACTORY_API_KEY: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
GITHUB_TOKEN: VAULT[development/github/token/licenses-ro token]
SONARCLOUD_IT_PASSWORD: VAULT[development/team/sonarlint/kv/data/sonarcloud-it data.password]
DISPLAY: :10
MAVEN_OPTS: -Xmx3072m
matrix:
- env:
TARGET_PLATFORM: 'oldest'
SQ_VERSION: 'LATEST_RELEASE[8.9]'
QA_CATEGORY: 'Oldest'
- env:
TARGET_PLATFORM: 'latest'
SQ_VERSION: 'LATEST_RELEASE[9.9]'
QA_CATEGORY: 'Latest-LTS'
- env:
TARGET_PLATFORM: 'latest'
SQ_VERSION: 'DEV'
QA_CATEGORY: 'Latest'
<<: *SETUP_MAVEN_CACHE_QA
download_staged_update_site_script: |
set -euo pipefail
source cirrus-env QA
source .cirrus/set_maven_build_version $BUILD_NUMBER
mvn -B -e -V dependency:unpack -Dtycho.mode=maven -Dartifact=org.sonarsource.sonarlint.eclipse:org.sonarlint.eclipse.site:${PROJECT_VERSION}:zip -DoutputDirectory=${CIRRUS_WORKING_DIR}/staged-repository
prepare_background_script: |
set -euo pipefail
/etc/init.d/xvfb start
metacity --sm-disable --replace &
sleep 10 # give metacity some time to start
echo 'Recording tests on video'
ffmpeg -loglevel warning -f x11grab -video_size 1920x1080 -i ${DISPLAY} -codec:v libx264 -r 12 ${CIRRUS_WORKING_DIR}/recording_${QA_CATEGORY}.mp4
run_its_script: |
echo "Run Maven ITs for Eclipse ${TARGET_PLATFORM} and Server ${SQ_VERSION}"
mvn -B -e -V org.jacoco:jacoco-maven-plugin:prepare-agent verify -f its/pom.xml -Pcoverage \
-Dtarget.platform=${TARGET_PLATFORM} -Dtycho.localArtifacts=ignore -Dsonarlint-eclipse.p2.url="file://${CIRRUS_WORKING_DIR}/staged-repository" -Dsonar.runtimeVersion=${SQ_VERSION} \
-Djacoco.append=true -Djacoco.destFile=${CIRRUS_WORKING_DIR}/it-coverage.exec
mv it-coverage.exec it-coverage-${QA_CATEGORY}.exec
cleanup_before_cache_script: cleanup_maven_repository
always:
stop_recording_script: |
pkill -SIGINT -f ffmpeg
while pgrep ffmpeg >/dev/null; do sleep 1; done
/etc/init.d/xvfb stop
test_recording_artifacts:
path: "${CIRRUS_WORKING_DIR}/recording_${QA_CATEGORY}.mp4"
log_artifacts:
path: "its/build/idea-sandbox/system/log"
jacoco_artifacts:
path: "${CIRRUS_WORKING_DIR}/it-coverage*.exec"
on_failure:
xvfb_log_artifacts:
path: "${CIRRUS_WORKING_DIR}/Xvfb.out"
reports_artifacts:
path: "**/reports/**/*"
junit_artifacts:
paths:
- "**/test-results/**/*.xml"
- "**/target/surefire-reports/TEST-*.xml"
format: junit
slack_notification_script: |
.cirrus/slack-notification.sh
sonarqube_task:
# name: "Run SonarQube analysis"
depends_on:
- qa
<<: *ONLY_IF_EXCEPT_NIGHTLY
eks_container:
<<: *BUILDER_CONTAINER_DEFINITION
cpu: 4
memory: 8G
type: m6a.large
env:
DEPLOY_PULL_REQUEST: false
DISPLAY: :10
<<: *SETUP_MAVEN_CACHE
prepare_background_script: |
set -euo pipefail
/etc/init.d/xvfb start
metacity --sm-disable --replace &
sleep 10 # give metacity some time to start
sonarqube_script: |
set -euo pipefail
mkdir ${CIRRUS_WORKING_DIR}/org.sonarlint.eclipse.core.tests/target/
curl --no-progress-meter https://api.cirrus-ci.com/v1/artifact/build/$CIRRUS_BUILD_ID/jacoco.zip -o jacoco.zip
unzip jacoco.zip -d ${CIRRUS_WORKING_DIR}/org.sonarlint.eclipse.core.tests/target/
source cirrus-env QA
.cirrus/regular_mvn_build_deploy_analyze \
-P-deploy-sonarsource,-release,-sign -Dmaven.install.skip=true -Dmaven.deploy.skip=true \
-Pcoverage -Djacoco.append=true -Dsonar.coverage.jacoco.xmlReportPaths=${CIRRUS_WORKING_DIR}/org.sonarlint.eclipse.core.tests/target/site/jacoco-aggregate/jacoco.xml
/etc/init.d/xvfb stop
cleanup_before_cache_script: cleanup_maven_repository
on_failure:
xvfb_log_artifacts:
path: "${CIRRUS_WORKING_DIR}/Xvfb.out"
slack_notification_script: |
.cirrus/slack-notification.sh
mend_scan_task:
# Run Mend analysis
depends_on:
- build
<<: *ONLY_MAIN_BRANCHES
eks_container:
<<: *BUILDER_CONTAINER_DEFINITION
cpu: 4
memory: 8G
type: m6a.large
env:
WS_APIKEY: VAULT[development/kv/data/mend data.apikey]
<<: *SETUP_MAVEN_CACHE
whitesource_script:
- source cirrus-env QA
- source .cirrus/set_maven_build_version $BUILD_NUMBER
- mvn -B -e -V clean install -DskipTests -Dcyclonedx.skip=false
- source ws_scan.sh
cleanup_before_cache_script: cleanup_maven_repository
allow_failures: "true"
always:
ws_artifacts:
path: "whitesource/**/*"
on_failure:
slack_notification_script: |
.cirrus/slack-notification.sh
promote_task:
depends_on:
- validate
- qa
- sonarqube
<<: *ONLY_PR_AND_MAINTAINED_BRANCHES
eks_container:
<<: *CONTAINER_DEFINITION
cpu: 2
memory: 4G
type: m6a.large
env:
ARTIFACTORY_PROMOTE_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promoter access_token]
GITHUB_TOKEN: VAULT[development/github/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promotion token]
# artifacts which will have downloadable links in burgr
ARTIFACTS: org.sonarsource.sonarlint.eclipse:org.sonarlint.eclipse.site:zip,org.sonarsource.sonarlint.eclipse:sonarlint-eclipse-parent:json:cyclonedx
<<: *SETUP_MAVEN_CACHE
promote_script: |
.cirrus/cirrus_promote_maven
cleanup_before_cache_script: cleanup_maven_repository
on_failure:
slack_notification_script: |
.cirrus/slack-notification.sh
dogfood_task:
# name: "Update internal dogfooding p2"
# alias: "update_dogfood_repo"
depends_on:
- promote
only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && $CIRRUS_BRANCH == $CIRRUS_DEFAULT_BRANCH
eks_container:
<<: *BUILDER_CONTAINER_DEFINITION
cpu: 2
memory: 4G
type: m6a.large
env:
AWS_ACCESS_KEY_ID: VAULT[development/aws/sts/downloads access_key]
AWS_SECRET_ACCESS_KEY: VAULT[development/aws/sts/downloads secret_key]
AWS_SESSION_TOKEN: VAULT[development/aws/sts/downloads security_token]
AWS_DEFAULT_REGION: eu-central-1
dogfood_script: |
source cirrus-env QA
source .cirrus/set_maven_build_version "$BUILD_NUMBER"
.cirrus/publish-dogfood-site.sh
on_failure:
slack_notification_script: |
.cirrus/slack-notification.sh