-
Notifications
You must be signed in to change notification settings - Fork 21
/
.cirrus.yml
166 lines (152 loc) · 5.67 KB
/
.cirrus.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
env:
CIRRUS_CLONE_DEPTH: "1"
CIRRUS_SHELL: bash
ARTIFACTORY_URL: https://repox.jfrog.io/artifactory
ARTIFACTORY_PRIVATE_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader
ARTIFACTORY_PRIVATE_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
SONAR_HOST_URL: VAULT[development/kv/data/next data.url]
SONAR_TOKEN: VAULT[development/kv/data/next data.token]
SLACK_TOKEN: VAULT[development/kv/data/slack data.token]
SLACK_CHANNEL: squad-ide-vscode-bots
NPM_CONFIG_//repox.jfrog.io/artifactory/api/npm/:_authToken: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
NPM_CONFIG_registry: https://repox.jfrog.io/artifactory/api/npm/npm
auto_cancellation: $CIRRUS_BRANCH != $CIRRUS_DEFAULT_BRANCH
only_if_with_nightly: &ONLY_IF
skip: "changesIncludeOnly('README.md')"
only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == ""
only_if_except_nightly: &ONLY_IF_EXCEPT_NIGHTLY
skip: "changesIncludeOnly('README.md')"
only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && $CIRRUS_BUILD_SOURCE != "cron"
only_pr_and_maintained_branches: &ONLY_PR_AND_MAINTAINED_BRANCHES
skip: "changesIncludeOnly('README.md')"
only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && $CIRRUS_BUILD_SOURCE != "cron"
&& ($CIRRUS_PR != "" || $CIRRUS_BRANCH == $CIRRUS_DEFAULT_BRANCH || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BRANCH =~ "dogfood-on-.*")
only_main_branches: &ONLY_MAIN_BRANCHES
skip: "changesIncludeOnly('README.md')"
only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_BRANCH == $CIRRUS_DEFAULT_BRANCH || $CIRRUS_BRANCH =~ "branch-.*")
container_definition: &CONTAINER_DEFINITION
image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j17-latest
region: eu-central-1
cluster_name: ${CIRRUS_CLUSTER_NAME}
namespace: default
cpu: 4
memory: 4G
ec2_instance_definition: &WINVM_DEFINITION
experimental: true
image: base-windows-jdk17-v*
platform: windows
region: eu-central-1
type: t3.large
maven_cache: &MAVEN_CACHE
maven_cache:
folder: ${CIRRUS_WORKING_DIR}/.m2/repository
fingerprint_script:
- cat pom.xml
build_task:
# name: "Build and stage to repox"
# alias: build
<<: *ONLY_IF
eks_container:
<<: *CONTAINER_DEFINITION
env:
ARTIFACTORY_DEPLOY_REPO: sonarsource-public-qa
ARTIFACTORY_DEPLOY_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer
ARTIFACTORY_DEPLOY_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer access_token]
SIGN_KEY: VAULT[development/kv/data/sign data.key]
PGP_PASSPHRASE: VAULT[development/kv/data/sign data.passphrase]
DEPLOY_PULL_REQUEST: true
<<: *MAVEN_CACHE
build_script:
- source cirrus-env BUILD-PRIVATE
- regular_mvn_build_deploy_analyze -Dmaven.test.skip=true -Dsonar.skip=true
cleanup_before_cache_script: cleanup_maven_repository
on_failure:
slack_notification_script: |
source slack-failure-notification
qa_linux_task:
# name: "Run unit tests on Linux with Java 17 and SonarQube analysis on Next"
# alias: qa_linux
depends_on:
- build
<<: *ONLY_IF_EXCEPT_NIGHTLY
eks_container:
<<: *CONTAINER_DEFINITION
env:
DEPLOY_PULL_REQUEST: false
<<: *MAVEN_CACHE
qa_script:
- source cirrus-env QA
- PULL_REQUEST_SHA=$GIT_SHA1 regular_mvn_build_deploy_analyze -P-deploy-sonarsource,-release,-sign -Dcommercial -Dmaven.install.skip=true -Dmaven.deploy.skip=true
cleanup_before_cache_script: cleanup_maven_repository
on_failure:
junit_artifacts:
path: '**/target/surefire-reports/TEST-*.xml'
format: junit
slack_notification_script: |
source slack-failure-notification
qa_windows_task:
# name: "Run unit tests on Windows with Java 17"
# alias: qa_windows
depends_on:
- build
<<: *ONLY_IF_EXCEPT_NIGHTLY
ec2_instance:
<<: *WINVM_DEFINITION
<<: *MAVEN_CACHE
qa_script:
- source cirrus-env QA
- source set_maven_build_version $BUILD_NUMBER
- mvn -B -e -V verify -Dcommercial -Dmaven.test.redirectTestOutputToFile=false
cleanup_before_cache_script: cleanup_maven_repository
on_failure:
junit_artifacts:
path: '**/target/surefire-reports/TEST-*.xml'
format: junit
slack_notification_script: |
source slack-failure-notification
mend_scan_task:
# name: "Mend scan"
# alias: mend_scan
depends_on:
- build
<<: *ONLY_MAIN_BRANCHES
eks_container:
<<: *CONTAINER_DEFINITION
cpu: 4
memory: 2G
env:
WS_APIKEY: VAULT[development/kv/data/mend data.apikey]
<<: *MAVEN_CACHE
mend_script:
- source cirrus-env QA
- source set_maven_build_version $BUILD_NUMBER
- mvn clean install -DskipTests
- source ws_scan.sh
cleanup_before_cache_script: cleanup_maven_repository
allow_failures: "true"
always:
ws_scan_artifacts:
path: "whitesource/**/*"
on_failure:
slack_notification_script: |
source slack-failure-notification
promote_task:
depends_on:
- build
- qa_linux
- qa_windows
- mend_scan
<<: *ONLY_PR_AND_MAINTAINED_BRANCHES
eks_container:
<<: *CONTAINER_DEFINITION
cpu: 0.5
memory: 500M
env:
ARTIFACTORY_PROMOTE_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promoter access_token]
GITHUB_TOKEN: VAULT[development/github/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promotion token]
<<: *MAVEN_CACHE
promote_script: cirrus_promote_maven
cleanup_before_cache_script: cleanup_maven_repository
on_failure:
slack_notification_script: |
source slack-failure-notification