test

SamirM-BE · SamirM-BE · commit 5cf387e347a2 · 2024-12-16T16:04:32.000+01:00
diff --git a/.cirrus/analyze b/.cirrus/analyze
@@ -0,0 +1,41 @@
+#!/bin/bash
+set -euo pipefail
+
+git fetch --unshallow || true
+
+if [ -n "${GITHUB_BASE_BRANCH:-}" ]; then
+    echo "Fetching base branch: $GITHUB_BASE_BRANCH"
+    git fetch origin "${GITHUB_BASE_BRANCH}"
+fi
+
+if [ -z "${PIPELINE_ID:-}" ]; then
+  PIPELINE_ID=$BUILD_NUMBER
+fi
+
+# Runs the SonarQube scanner with default and additional parameters.
+# Usage: run_sonar_scanner [additional_parameters...]
+run_sonar_scanner() {
+
+    local additional_params=("$@")
+
+    # echo "Running SonarQube scanner..."
+    if [ -z "${SONAR_HOST_URL:-}" ]; then
+      echo "SONAR_HOST_URL is required for SonarQube scanner"
+      exit 1
+    fi
+
+    if [ -z "${SONAR_TOKEN:-}" ]; then
+      echo "SONAR_TOKEN is required for SonarQube scanner"
+      exit 1
+    fi
+
+    npx sonarqube-scanner -X \
+        -Dsonar.host.url="$SONAR_HOST_URL" \
+        -Dsonar.token="$SONAR_TOKEN" \
+        -Dsonar.analysis.buildNumber="$BUILD_NUMBER" \
+        -Dsonar.analysis.pipeline="$PIPELINE_ID" \
+        -Dsonar.analysis.sha1="$GIT_SHA1" \
+        -Dsonar.analysis.repository="$GITHUB_REPO" \
+        "${additional_params[@]}"
+    echo "SonarQube scanner finished"
+}
diff --git a/.cirrus/includes/cirrus_error_advices b/.cirrus/includes/cirrus_error_advices
@@ -0,0 +1,53 @@
+#!/bin/bash
+# This script is responsible to provide functions to give advices to end users.
+# If during the execution of a re-ci-images base scripts some errors occurs, then some advices might be given
+# in order to assist the user to resolve them (when possible).
+#
+# WARN: Please do not use this script out of  re-ci-images base bash scripts.
+# (using it in another context might break in future releases)
+#
+# Usage: source includes/cirrus_error_advices
+
+# Requires the environment variables:
+# none are required yet the functions are able to autofix
+
+function is_using_cirrus(){
+  [ "${CIRRUS_CI:-false}" == "true" ]
+}
+
+# CIRRUS_REPO_NAME is provided out of the box by Cirrus CI
+function print_invalid_github_token_for_cirrus_advice(){
+    REPOSITORY_SHORTNAME=${CIRRUS_REPO_NAME:-"REPOSITORY_NAME"}
+   echo "Tips:"
+   cat <<EOF
+
+  1) Check the Hashicorp Vault policy for this repository in
+
+    https://github.com/SonarSource/re-terraform-aws-vault/tree/master/orders
+
+    The policy of this repository should contains the following declarations:
+
+    $REPOSITORY_SHORTNAME
+      secrets:
+        github:
+          presets: [default]
+          customs:
+            - <<: *github_promotion
+              repositories: [$REPOSITORY_SHORTNAME]
+
+    and
+
+    github_promotion: &github_promotion
+      organization: SonarSource
+      suffix: promotion
+      description: add a github check containing the build version to the current commit (required by cirrus_promote_maven)
+      permissions: {statuses: write}
+
+  2) Check the .cirrus.yml file:
+
+    The token should be declared this way:
+
+    GITHUB_TOKEN: VAULT[development/github/token/\${CIRRUS_REPO_OWNER}-\${CIRRUS_REPO_NAME}-promotion token]
+  "
+EOF
+}
diff --git a/.cirrus/includes/git_utils b/.cirrus/includes/git_utils
@@ -0,0 +1,34 @@
+#!/bin/bash
+# Git-related utility functions
+
+set -euo pipefail
+
+fetch_git_history() {
+    git fetch --unshallow || true
+}
+
+fetch_pr_references() {
+    if [ -n "${GITHUB_BASE_BRANCH:-}" ]; then
+        git fetch origin "${GITHUB_BASE_BRANCH}"
+    fi
+}
+
+is_master_branch() {
+    [[ "${GITHUB_BRANCH}" == "master" ]]
+}
+
+is_maintenance_branch() {
+    [[ "${GITHUB_BRANCH}" == "branch-"* ]]
+}
+
+is_pull_request() {
+    [[ "${PULL_REQUEST:-}" != "false" ]]
+}
+
+is_dogfood_branch() {
+    [[ "${GITHUB_BRANCH}" == "dogfood-on-"* ]]
+}
+
+is_long_lived_feature_branch() {
+    [[ "${GITHUB_BRANCH}" == "feature/long/"* ]]
+}
diff --git a/.cirrus/includes/jfrog_utils.sh b/.cirrus/includes/jfrog_utils.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+set -euo pipefail
+
+function extract_module_names() {
+  artifact=$1
+  module=$(echo "$artifact" | sed -E "s,^([^/]+/[^/]+/([^/]+))/([^/]+)/(([0-9].)+[0-9]+)/.*$,\1:\3:\4," | sed "s,/,.,g")
+  echo "$module"
+}
+
+function extract_artifacts() {
+  public_artifacts=()
+  private_artifacts=()
+  artifacts=$(grep Installing | sed 's,.*\.m2/repository/,,')
+  while read -r artifact; do
+    if [[ $artifact == "org/"* ]]; then
+      public_artifacts+=("$artifact")
+    elif [[ $artifact == "com/"* ]]; then
+      private_artifacts+=("$artifact")
+    fi
+  done <<<"$artifacts"
+}
+
+function upload_artifacts() {
+  jfrog config add test --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_DEPLOY_PASSWORD"
+  pushd "${CIRRUS_WORKING_DIR}/.m2/repository/"
+  for artifact in "${public_artifacts[@]}"; do
+    echo "Deploying public artifact: $artifact"
+    module=$(extract_module_names "$artifact")
+    jfrog rt u --module "$module" --build-name "${CIRRUS_REPO_NAME}" --build-number "${BUILD_ID}" "$artifact" "${ARTIFACTORY_DEPLOY_REPO}"
+  done
+
+  jfrog config edit test --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_PRIVATE_DEPLOY_PASSWORD"
+  for artifact in "${private_artifacts[@]}"; do
+    echo "Deploying private artifact: $artifact"
+    module=$(extract_module_names "$artifact")
+    jfrog rt u --module "$module" --build-name "${CIRRUS_REPO_NAME}" --build-number "${BUILD_ID}" "$artifact" "${ARTIFACTORY_PRIVATE_DEPLOY_REPO}"
+  done
+  popd
+}
diff --git a/.cirrus/includes/version_util b/.cirrus/includes/version_util
@@ -0,0 +1,22 @@
+#!/bin/bash
+# This script is responsible to provide functions to verify that the specified version follows the Sonar way proposed
+# by the RE Team.
+#
+# Usage: source includes/version_util
+
+# Requires the environment variables:
+# none are required yet the functions are able to autofix
+
+
+# Verify that the version declared in pom.xml or in gradle.properties
+# use the following pattern: x.x.x.x (<major>.<minor>.<patch>.<buildNumber>) and warn if not.
+# Args:
+#  $1 The version string to check
+function check_version_format(){
+  local version=$1
+  local extracted_points="${version//[^.]}"
+  local point_count=${#extracted_points}
+  if [[ "$point_count" != 3 ]]; then
+    echo "WARN: This version $version does not match the standardized format used commonly across the organization: '<MAJOR>.<MINOR>.<PATCH>.<BUILD NUMBER>'."
+  fi
+}
diff --git a/.cirrus/npm_deploy b/.cirrus/npm_deploy
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+set -euo pipefail
+
+# Required environment variables
+: "${ARTIFACTORY_URL?Environment variable missing}"
+: "${ARTIFACTORY_DEPLOY_ACCESS_TOKEN?Environment variable missing}"
+
+jfrog config remove repox > /dev/null 2>&1 # Do not log if the repox config were not present
+jfrog config add repox --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_DEPLOY_ACCESS_TOKEN"
+
+jfrog_npm_publish() {
+
+  local repo_resolve=${1:-npm}
+  local repo_deploy=${2:-sonarsource-npm-public-qa}
+  local build_name=${3:-$CIRRUS_REPO_NAME}
+  local build_number=${4:-$BUILD_NUMBER}
+
+
+  jfrog npm-config --repo-resolve "$repo_resolve" --repo-deploy "$repo_deploy"
+  jfrog npm publish --build-name="$build_name" --build-number="$build_number"
+  jfrog rt build-publish "$build_name" "$build_number"
+}
diff --git a/.cirrus/npm_version_utils b/.cirrus/npm_version_utils
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+set -euo pipefail
+
+PACKAGE_JSON="package.json"
+
+function get_current_version() {
+  CURRENT_VERSION=$(jq -r .version "$PACKAGE_JSON")
+  if [ -z "$CURRENT_VERSION" ] || [ "$CURRENT_VERSION" == "null" ]; then
+    echo "Could not get version from $PACKAGE_JSON" >&2
+    exit 1
+  fi
+
+  echo "$CURRENT_VERSION"
+}
+
+function set_npm_version_with_build_id() {
+  local BUILD_ID=$1
+
+  CURRENT_VERSION=$(get_current_version)
+
+  RELEASE_VERSION=${CURRENT_VERSION%"-SNAPSHOT"}
+
+  # In case of 2 digits, we need to add the 3rd digit (0 obviously)
+  # Mandatory in order to compare versions (patch VS non patch)
+  DIGIT_COUNT=$(echo "${RELEASE_VERSION//./ }" | wc -w)
+  if [ "$DIGIT_COUNT" -lt 3 ]; then
+      RELEASE_VERSION="$RELEASE_VERSION.0"
+  fi
+  NEW_VERSION="$RELEASE_VERSION-$BUILD_ID"
+
+  echo "Replacing version $CURRENT_VERSION with $NEW_VERSION"
+  npm version --no-git-tag-version --allow-same-version "$NEW_VERSION"
+  export PROJECT_VERSION=$NEW_VERSION
+}
diff --git a/.cirrus/yarn_build_deploy_analyze b/.cirrus/yarn_build_deploy_analyze
@@ -0,0 +1,122 @@
+#!/bin/bash
+# shellcheck source=/dev/null
+
+set -euo pipefail
+
+source "$(dirname "$0")"/includes/git_utils
+source "$(dirname "$0")"/includes/version_util
+source "$(dirname "$0")"/analyze
+source "$(dirname "$0")"/npm_deploy
+source "$(dirname "$0")"/npm_version_utils
+
+
+if is_master_branch && ! is_pull_request; then
+  echo "On master branch and not a pull request."
+
+  git fetch origin "${GITHUB_BRANCH}"
+  echo "Fetched origin ${GITHUB_BRANCH}."
+
+  CURRENT_VERSION=$(get_current_version)
+  echo "Current version: $CURRENT_VERSION"
+
+  set_npm_version_with_build_id "$BUILD_NUMBER"
+  echo "Set yarn version with build ID: $BUILD_NUMBER."
+
+  check_version_format "$PROJECT_VERSION"
+  echo "Checked version format: $PROJECT_VERSION."
+
+  echo "Installing yarn dependencies..."
+  yarn install --immutable
+
+  echo "Running tests..."
+  yarn test
+
+  echo "Running Sonar Scanner..."
+  run_sonar_scanner \
+      -Dsonar.projectVersion="$CURRENT_VERSION"
+
+  echo "Building project..."
+  yarn build
+
+  echo "Publishing to JFrog..."
+  jfrog_npm_publish "$@"
+
+elif is_maintenance_branch && not_pull_request; then
+  git fetch origin "${GITHUB_BRANCH}"
+
+  CURRENT_VERSION=$(get_current_version)
+
+  if [[ $CURRENT_VERSION =~ "-SNAPSHOT" ]]; then
+    echo "======= Found SNAPSHOT version ======="
+    # Do not deploy a SNAPSHOT version but the release version related to this build
+    set_npm_version_with_build_id "$BUILD_NUMBER"
+    check_version_format "$CURRENT_VERSION"
+  else
+    echo "======= Found RELEASE version ======="
+    echo "======= Deploy $CURRENT_VERSION ======="
+    check_version_format "$CURRENT_VERSION"
+  fi
+
+  yarn install --immutable
+  yarn test
+  run_sonar_scanner \
+      -Dsonar.branch.name="$GITHUB_BRANCH"
+
+  yarn build
+  jfrog_npm_publish "$@"
+
+elif is_pull_request; then
+  # Do not deploy a SNAPSHOT version but the release version related to this build and PR
+  set_npm_version_with_build_id "$BUILD_NUMBER"
+
+  if [ "${DEPLOY_PULL_REQUEST:-}" == "true" ]; then
+    echo '======= with deploy ======='
+
+    check_version_format "$PROJECT_VERSION"
+
+    yarn install --immutable
+
+    yarn test
+    run_sonar_scanner \
+      -Dsonar.analysis.prNumber="$PULL_REQUEST"
+
+    yarn build
+    jfrog_npm_publish "$@"
+
+  else
+    echo '======= no deploy ======='
+
+    yarn install --immutable
+
+    run_sonar_scanner \
+      -Dsonar.analysis.prNumber="$PULL_REQUEST"
+
+    yarn build
+  fi
+
+elif is_dogfood_branch && not_pull_request; then
+  echo '======= Build dogfood branch ======='
+
+  CURRENT_VERSION=$(get_current_version)
+
+  set_npm_version_with_build_id "$BUILD_NUMBER"
+  check_version_format "$PROJECT_VERSION"
+
+  yarn install --immutable
+  yarn build
+  jfrog_npm_publish "$@"
+
+elif is_long_lived_feature_branch && not_pull_request; then
+  yarn install --immutable
+
+  yarn test
+  run_sonar_scanner \
+      -Dsonar.branch.name="$GITHUB_BRANCH"
+
+  yarn build
+
+else
+  yarn install --immutable
+  yarn test
+  yarn build
+fi
