From 9761615667f4fec3a16f5c8ddb766d749736e5ee Mon Sep 17 00:00:00 2001 From: Carmine Vassallo Date: Mon, 26 Feb 2024 14:05:03 +0100 Subject: [PATCH] Draft task before the vault update --- .cirrus.yml | 250 ++++++++++++++++++++++++++++------------------------ 1 file changed, 137 insertions(+), 113 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index 2b55bce2..e6f8d039 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -6,10 +6,12 @@ env: DOCKER_USERNAME: VAULT[development/kv/data/docker/sonardockerrw data.username] DOCKER_PASSWORD: VAULT[development/kv/data/docker/sonardockerrw data.access_token_rwd] + DOCKER_GCLOUD_SA_KEY: empty #VAULT[development/kv/data/docker/sonardockerrw data.XXX] WS_PRODUCTNAME: SonarSource/docker-sonarqube STAGING_IMAGE_NAME: sonarsource/sonarqube PUBLIC_IMAGE_NAME: sonarqube + GCLOUD_REGISTRY: europe-west3-docker.pkg.dev/sonarqube-marketplace-provider/sonarqube-marketplace-registry CURRENT_LTS_VERSION: 9.9.4 CURRENT_VERSION: 10.4.0 NEXT_VERSION: 10.5.0 @@ -21,26 +23,10 @@ vm_instance_template: &VM_TEMPLATE region: eu-central-1 subnet_id: ${CIRRUS_AWS_SUBNET} - -multi_arch_build_task: +multi_arch_release_task: + only_if: $CIRRUS_CRON == 'nightly-mend-scan' env: matrix: - - version: 9/community - tag: $CURRENT_LTS_VERSION-community - - version: 9/developer - tag: $CURRENT_LTS_VERSION-developer - - version: 9/enterprise - tag: $CURRENT_LTS_VERSION-enterprise - - version: 9/datacenter/app - tag: $CURRENT_LTS_VERSION-datacenter-app - - version: 9/datacenter/search - tag: $CURRENT_LTS_VERSION-datacenter-search - - version: 10/community - tag: $NEXT_VERSION-community - - version: 10/developer - tag: $NEXT_VERSION-developer - - version: 10/enterprise - tag: $NEXT_VERSION-enterprise - version: 10/datacenter/app tag: $NEXT_VERSION-datacenter-app - version: 10/datacenter/search @@ -48,107 +34,145 @@ multi_arch_build_task: ec2_instance: <<: *VM_TEMPLATE login_script: - - docker login --username $DOCKER_USERNAME --password $DOCKER_PASSWORD + - base64 -d -i ${DOCKER_GCLOUD_SA_KEY} | docker login -u _json_key --password-stdin https://${GCLOUD_REGISTRY} setup_script: - docker run -t --rm --privileged tonistiigi/binfmt --install all - docker buildx create --name multibuilder --driver docker-container - docker buildx use multibuilder - docker buildx inspect --bootstrap build_script: - - echo "Build the ${STAGING_IMAGE_NAME}:${tag} image supporting two architectures, linux/amd64 and linux/arm64" - - .cirrus/multi-arch-build.sh ${STAGING_IMAGE_NAME} ${tag} ${version} + - echo "Build the ${PUBLIC_IMAGE_NAME}:${tag} image supporting two architectures, linux/amd64 and linux/arm64 and push to the GCP registry ${GCLOUD_REGISTRY}" + - git checkout ${CURRENT_VERSION} + - .cirrus/multi-arch-build.sh ${GCLOUD_REGISTRY}/${PUBLIC_IMAGE_NAME} ${tag} ${version} -private_scan_task: - env: - platform: amd64 - MEND_API_KEY: VAULT[development/kv/data/mend data.apikey] - WS_WSS_URL: https://saas-eu.whitesourcesoftware.com/agent - matrix: - - tag: $CURRENT_LTS_VERSION-datacenter-app - - tag: $NEXT_VERSION-datacenter-app - ec2_instance: - <<: *VM_TEMPLATE - login_script: - - docker login --username $DOCKER_USERNAME --password $DOCKER_PASSWORD - setup_script: - - /usr/bin/systemctl stop unattended-upgrades.service - - /usr/bin/pgrep apt | xargs -r kill -SIGINT || true - - /usr/bin/pgrep apt | xargs -r kill -SIGTERM || true - - /usr/bin/pgrep apt | xargs -r kill -SIGKILL || true ; /usr/bin/dpkg --configure -a - - apt-get remove -y unattended-upgrades - - apt-get update && apt-get install -y --no-install-recommends openjdk-17-jre - - curl -sSL https://unified-agent.s3.amazonaws.com/wss-unified-agent.jar -o wss-unified-agent.jar - - echo "docker.includes=${tag}" >> .cirrus/wss-unified-agent.config - scan_script: - - echo "Scan the ${STAGING_IMAGE_NAME}:${tag} image supporting linux/${platform}" - - .cirrus/pull.sh ${STAGING_IMAGE_NAME} ${tag} ${platform} - - java -jar wss-unified-agent.jar -c .cirrus/wss-unified-agent.config -apiKey $MEND_API_KEY -product ${WS_PRODUCTNAME} -project ${STAGING_IMAGE_NAME}:${tag} -wss.url ${WS_WSS_URL} -docker.scanImages true - depends_on: multi_arch_build +# multi_arch_build_task: +# env: +# matrix: +# - version: 9/community +# tag: $CURRENT_LTS_VERSION-community +# - version: 9/developer +# tag: $CURRENT_LTS_VERSION-developer +# - version: 9/enterprise +# tag: $CURRENT_LTS_VERSION-enterprise +# - version: 9/datacenter/app +# tag: $CURRENT_LTS_VERSION-datacenter-app +# - version: 9/datacenter/search +# tag: $CURRENT_LTS_VERSION-datacenter-search +# - version: 10/community +# tag: $NEXT_VERSION-community +# - version: 10/developer +# tag: $NEXT_VERSION-developer +# - version: 10/enterprise +# tag: $NEXT_VERSION-enterprise +# - version: 10/datacenter/app +# tag: $NEXT_VERSION-datacenter-app +# - version: 10/datacenter/search +# tag: $NEXT_VERSION-datacenter-search +# ec2_instance: +# <<: *VM_TEMPLATE +# login_script: +# - docker login --username $DOCKER_USERNAME --password $DOCKER_PASSWORD +# setup_script: +# - docker run -t --rm --privileged tonistiigi/binfmt --install all +# - docker buildx create --name multibuilder --driver docker-container +# - docker buildx use multibuilder +# - docker buildx inspect --bootstrap +# build_script: +# - echo "Build the ${STAGING_IMAGE_NAME}:${tag} image supporting two architectures, linux/amd64 and linux/arm64" +# - .cirrus/multi-arch-build.sh ${STAGING_IMAGE_NAME} ${tag} ${version} -public_scan_task: - only_if: $CIRRUS_CRON == 'nightly-mend-scan' - env: - platform: amd64 - MEND_API_KEY: VAULT[development/kv/data/mend data.apikey] - WS_WSS_URL: https://saas-eu.whitesourcesoftware.com/agent - matrix: - - tag: $CURRENT_LTS_VERSION-datacenter-app - - tag: $CURRENT_VERSION-datacenter-app - ec2_instance: - <<: *VM_TEMPLATE - setup_script: - - /usr/bin/systemctl stop unattended-upgrades.service - - /usr/bin/pgrep apt | xargs -r kill -SIGINT || true - - /usr/bin/pgrep apt | xargs -r kill -SIGTERM || true - - /usr/bin/pgrep apt | xargs -r kill -SIGKILL || true ; /usr/bin/dpkg --configure -a - - apt-get remove -y unattended-upgrades - - apt-get update && apt-get install -y --no-install-recommends openjdk-17-jre - - curl -sSL https://unified-agent.s3.amazonaws.com/wss-unified-agent.jar -o wss-unified-agent.jar - - echo "docker.includes=${tag}" >> .cirrus/wss-unified-agent.config - scan_script: - - echo "Scan the ${PUBLIC_IMAGE_NAME}:${tag} image" - - docker pull "${PUBLIC_IMAGE_NAME}:${tag}" - - .cirrus/pull.sh ${PUBLIC_IMAGE_NAME} ${tag} ${platform} - - java -jar wss-unified-agent.jar -c .cirrus/wss-unified-agent.config -apiKey $MEND_API_KEY -product ${WS_PRODUCTNAME} -project ${PUBLIC_IMAGE_NAME}:${tag} -wss.url ${WS_WSS_URL} -docker.scanImages true +# private_scan_task: +# env: +# platform: amd64 +# MEND_API_KEY: VAULT[development/kv/data/mend data.apikey] +# WS_WSS_URL: https://saas-eu.whitesourcesoftware.com/agent +# matrix: +# - tag: $CURRENT_LTS_VERSION-datacenter-app +# - tag: $NEXT_VERSION-datacenter-app +# ec2_instance: +# <<: *VM_TEMPLATE +# login_script: +# - docker login --username $DOCKER_USERNAME --password $DOCKER_PASSWORD +# setup_script: +# - /usr/bin/systemctl stop unattended-upgrades.service +# - /usr/bin/pgrep apt | xargs -r kill -SIGINT || true +# - /usr/bin/pgrep apt | xargs -r kill -SIGTERM || true +# - /usr/bin/pgrep apt | xargs -r kill -SIGKILL || true ; /usr/bin/dpkg --configure -a +# - apt-get remove -y unattended-upgrades +# - apt-get update && apt-get install -y --no-install-recommends openjdk-17-jre +# - curl -sSL https://unified-agent.s3.amazonaws.com/wss-unified-agent.jar -o wss-unified-agent.jar +# - echo "docker.includes=${tag}" >> .cirrus/wss-unified-agent.config +# scan_script: +# - echo "Scan the ${STAGING_IMAGE_NAME}:${tag} image supporting linux/${platform}" +# - .cirrus/pull.sh ${STAGING_IMAGE_NAME} ${tag} ${platform} +# - java -jar wss-unified-agent.jar -c .cirrus/wss-unified-agent.config -apiKey $MEND_API_KEY -product ${WS_PRODUCTNAME} -project ${STAGING_IMAGE_NAME}:${tag} -wss.url ${WS_WSS_URL} -docker.scanImages true +# depends_on: multi_arch_build + +# public_scan_task: +# only_if: $CIRRUS_CRON == 'nightly-mend-scan' +# env: +# platform: amd64 +# MEND_API_KEY: VAULT[development/kv/data/mend data.apikey] +# WS_WSS_URL: https://saas-eu.whitesourcesoftware.com/agent +# matrix: +# - tag: $CURRENT_LTS_VERSION-datacenter-app +# - tag: $CURRENT_VERSION-datacenter-app +# ec2_instance: +# <<: *VM_TEMPLATE +# setup_script: +# - /usr/bin/systemctl stop unattended-upgrades.service +# - /usr/bin/pgrep apt | xargs -r kill -SIGINT || true +# - /usr/bin/pgrep apt | xargs -r kill -SIGTERM || true +# - /usr/bin/pgrep apt | xargs -r kill -SIGKILL || true ; /usr/bin/dpkg --configure -a +# - apt-get remove -y unattended-upgrades +# - apt-get update && apt-get install -y --no-install-recommends openjdk-17-jre +# - curl -sSL https://unified-agent.s3.amazonaws.com/wss-unified-agent.jar -o wss-unified-agent.jar +# - echo "docker.includes=${tag}" >> .cirrus/wss-unified-agent.config +# scan_script: +# - echo "Scan the ${PUBLIC_IMAGE_NAME}:${tag} image" +# - docker pull "${PUBLIC_IMAGE_NAME}:${tag}" +# - .cirrus/pull.sh ${PUBLIC_IMAGE_NAME} ${tag} ${platform} +# - java -jar wss-unified-agent.jar -c .cirrus/wss-unified-agent.config -apiKey $MEND_API_KEY -product ${WS_PRODUCTNAME} -project ${PUBLIC_IMAGE_NAME}:${tag} -wss.url ${WS_WSS_URL} -docker.scanImages true + +# multi_arch_test_task: +# matrix: +# - env: +# CIRRUS_ARCH: arm64 +# INSTANCE_TYPE: t4g.large +# AMI_NAME: docker-builder-arm64-v* +# - env: +# CIRRUS_ARCH: amd64 +# INSTANCE_TYPE: t3.large +# AMI_NAME: docker-builder-v* +# env: +# matrix: +# - test_name: docker +# tag: $CURRENT_LTS_VERSION-community +# - test_name: docker +# tag: $CURRENT_LTS_VERSION-developer +# - test_name: docker +# tag: $CURRENT_LTS_VERSION-enterprise +# - test_name: docker-compose +# tag: $CURRENT_LTS_VERSION-datacenter +# - test_name: docker +# tag: $NEXT_VERSION-community +# - test_name: docker +# tag: $NEXT_VERSION-developer +# - test_name: docker +# tag: $NEXT_VERSION-enterprise +# - test_name: docker-compose +# tag: $NEXT_VERSION-datacenter +# ec2_instance: +# <<: *VM_TEMPLATE +# image: ${AMI_NAME} +# type: ${INSTANCE_TYPE} +# architecture: ${CIRRUS_ARCH} +# login_script: +# - docker login --username $DOCKER_USERNAME --password $DOCKER_PASSWORD +# test_script: +# - echo "Test the ${STAGING_IMAGE_NAME}:${tag} image supporting linux/${CIRRUS_ARCH}" +# - sysctl -w vm.max_map_count=524288 # set the recommended memory for ES +# - ulimit -n 131072 # set the recommended number of opened file descriptors for ES +# - ./run-tests.sh "${STAGING_IMAGE_NAME}:${tag}" "${test_name}" +# depends_on: multi_arch_build -multi_arch_test_task: - matrix: - - env: - CIRRUS_ARCH: arm64 - INSTANCE_TYPE: t4g.large - AMI_NAME: docker-builder-arm64-v* - - env: - CIRRUS_ARCH: amd64 - INSTANCE_TYPE: t3.large - AMI_NAME: docker-builder-v* - env: - matrix: - - test_name: docker - tag: $CURRENT_LTS_VERSION-community - - test_name: docker - tag: $CURRENT_LTS_VERSION-developer - - test_name: docker - tag: $CURRENT_LTS_VERSION-enterprise - - test_name: docker-compose - tag: $CURRENT_LTS_VERSION-datacenter - - test_name: docker - tag: $NEXT_VERSION-community - - test_name: docker - tag: $NEXT_VERSION-developer - - test_name: docker - tag: $NEXT_VERSION-enterprise - - test_name: docker-compose - tag: $NEXT_VERSION-datacenter - ec2_instance: - <<: *VM_TEMPLATE - image: ${AMI_NAME} - type: ${INSTANCE_TYPE} - architecture: ${CIRRUS_ARCH} - login_script: - - docker login --username $DOCKER_USERNAME --password $DOCKER_PASSWORD - test_script: - - echo "Test the ${STAGING_IMAGE_NAME}:${tag} image supporting linux/${CIRRUS_ARCH}" - - sysctl -w vm.max_map_count=524288 # set the recommended memory for ES - - ulimit -n 131072 # set the recommended number of opened file descriptors for ES - - ./run-tests.sh "${STAGING_IMAGE_NAME}:${tag}" "${test_name}" - depends_on: multi_arch_build