BUILD-6984 test new scripts

Author: SamirM-BE

.github/workflows/build.yml

@@ -0,0 +1,25 @@
+name: Node.js CI
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [14.x, 16.x, 18.x]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    - name: Set up Node.js ${{ matrix.node-version }}
+      uses: actions/setup-node@v2
+      with:
+        node-version: ${{ matrix.node-version }}
+
+    - name: Execute npm_build_deploy_analyze script
+      run: ./npm_build_deploy_analyze

analyze

@@ -0,0 +1,46 @@
+#!/bin/bash
+set -euo pipefail
+
+echo "Starting script..."
+
+# SonarQube-related utility functions
+
+: "${SONAR_HOST_URL?Environment variable missing}"
+: "${SONAR_TOKEN?Environment variable missing}"
+
+echo "SONAR_HOST_URL: $SONAR_HOST_URL"
+echo "SONAR_TOKEN: $SONAR_TOKEN"
+
+git fetch --unshallow || true
+
+if [ -n "${GITHUB_BASE_BRANCH:-}" ]; then
+    echo "Fetching base branch: $GITHUB_BASE_BRANCH"
+    git fetch origin "${GITHUB_BASE_BRANCH}"
+fi
+
+if [ -z "$PIPELINE_ID" ]; then
+  PIPELINE_ID=$BUILD_NUMBER
+  echo "PIPELINE_ID not set, using BUILD_NUMBER: $BUILD_NUMBER"
+else
+  echo "PIPELINE_ID: $PIPELINE_ID"
+fi
+
+# Runs the SonarQube scanner with default and additional parameters.
+# Usage: run_sonar_scanner [additional_parameters...]
+run_sonar_scanner() {
+
+    local additional_params=("$@")
+
+    echo "Running sonar-scanner with parameters: ${additional_params[*]}"
+
+    sonar-scanner -X \
+        -Dsonar.host.url="$SONAR_HOST_URL" \
+        -Dsonar.token="$SONAR_TOKEN" \
+        -Dsonar.analysis.buildNumber="$BUILD_NUMBER" \
+        -Dsonar.analysis.pipeline="$PIPELINE_ID" \
+        -Dsonar.analysis.sha1="$GIT_SHA1" \
+        -Dsonar.analysis.repository="$GITHUB_REPO" \
+        "${additional_params[@]}"
+}
+
+echo "Script finished."

includes/cirrus-env

@@ -0,0 +1,54 @@
+#!/bin/bash
+
+set +o verbose
+set -euo pipefail
+
+# generic environment variables used by Gradle build
+export GIT_SHA1=$CIRRUS_CHANGE_IN_REPO
+export GITHUB_BASE_BRANCH=${CIRRUS_BASE_BRANCH:-}
+export GITHUB_BRANCH=$CIRRUS_BRANCH
+export GITHUB_REPO=${CIRRUS_REPO_FULL_NAME}
+export PROJECT=${CIRRUS_REPO_NAME}
+export PULL_REQUEST=${CIRRUS_PR:-false}
+export PULL_REQUEST_SHA=${CIRRUS_BASE_SHA:-}
+export PIPELINE_ID=${CIRRUS_BUILD_ID}
+
+export LANG=C.UTF-8
+
+TASK_TYPE=$1
+if [[ "$TASK_TYPE" != "BUILD"* ]]; then
+  export SONARSOURCE_QA=true
+fi
+
+: "${CI_BUILD_NUMBER?missing parameter. See https://xtranet-sonarsource.atlassian.net/wiki/spaces/RE/pages/2992210934}"
+BUILD_NUMBER=${CI_BUILD_NUMBER}
+BUILD_ID=${CI_BUILD_NUMBER}
+echo "BUILD_NUMBER: $BUILD_NUMBER"
+export BUILD_NUMBER BUILD_ID
+
+if [[ "${GITHUB_TOKEN:-}" == "ENCRYPTED"* ]]; then
+  echo "Unsetting GITHUB_TOKEN"
+  unset GITHUB_TOKEN
+fi
+
+M2_SOURCE=~/.m2
+if [[ -f "/c/buildTools-docker/mvn/settings-public-auth.xml" ]]; then
+  # /c/buildTools-docker/mvn is populated during Windows image creation
+  M2_SOURCE=/c/buildTools-docker/mvn
+fi
+
+[[ ! -d ~/.m2 ]] && mkdir ~/.m2
+if [[ "${TASK_TYPE}" == *"-PRIVATE" || "${TASK_TYPE}" == "QA"* || "${TASK_TYPE}" == "PROMOTE"* ]]; then
+  cp "${M2_SOURCE}/settings-private.xml" ~/.m2/settings.xml
+else
+  if [[ -n "${ARTIFACTORY_ACCESS_TOKEN:-}" ]]; then
+    cp "${M2_SOURCE}/settings-public-auth.xml" ~/.m2/settings.xml
+  else
+    echo "No ARTIFACTORY_ACCESS_TOKEN found, Repox will not be accessible".
+  fi
+fi
+
+case $BUILD_ID in
+    ''|*[!0-9]*) echo "$BUILD_ID is not a number" && exit 1 ;;
+esac
+set -o verbose

includes/cirrus_error_advices

@@ -0,0 +1,53 @@
+#!/bin/bash
+# This script is responsible to provide functions to give advices to end users.
+# If during the execution of a re-ci-images base scripts some errors occurs, then some advices might be given
+# in order to assist the user to resolve them (when possible).
+#
+# WARN: Please do not use this script out of  re-ci-images base bash scripts.
+# (using it in another context might break in future releases)
+#
+# Usage: source includes/cirrus_error_advices
+
+# Requires the environment variables:
+# none are required yet the functions are able to autofix
+
+function is_using_cirrus(){
+  [ "${CIRRUS_CI:-false}" == "true" ]
+}
+
+# CIRRUS_REPO_NAME is provided out of the box by Cirrus CI
+function print_invalid_github_token_for_cirrus_advice(){
+    REPOSITORY_SHORTNAME=${CIRRUS_REPO_NAME:-"REPOSITORY_NAME"}
+   echo "Tips:"
+   cat <<EOF
+
+  1) Check the Hashicorp Vault policy for this repository in
+
+    https://github.com/SonarSource/re-terraform-aws-vault/tree/master/orders
+
+    The policy of this repository should contains the following declarations:
+
+    $REPOSITORY_SHORTNAME
+      secrets:
+        github:
+          presets: [default]
+          customs:
+            - <<: *github_promotion
+              repositories: [$REPOSITORY_SHORTNAME]
+
+    and
+
+    github_promotion: &github_promotion
+      organization: SonarSource
+      suffix: promotion
+      description: add a github check containing the build version to the current commit (required by cirrus_promote_maven)
+      permissions: {statuses: write}
+
+  2) Check the .cirrus.yml file:
+
+    The token should be declared this way:
+
+    GITHUB_TOKEN: VAULT[development/github/token/\${CIRRUS_REPO_OWNER}-\${CIRRUS_REPO_NAME}-promotion token]
+  "
+EOF
+}

includes/git_utils

@@ -0,0 +1,41 @@
+#!/bin/bash
+# Git-related utility functions
+
+set -euo pipefail
+
+fetch_git_history() {
+    echo "Fetching git history..."
+    git fetch --unshallow || true
+}
+
+fetch_pr_references() {
+    if [ -n "${GITHUB_BASE_BRANCH:-}" ]; then
+        echo "Fetching PR references for base branch: $GITHUB_BASE_BRANCH"
+        git fetch origin "${GITHUB_BASE_BRANCH}"
+    fi
+}
+
+is_master_branch() {
+    echo "Checking if current branch is master: $GITHUB_BRANCH"
+    [[ "${GITHUB_BRANCH}" == "master" ]]
+}
+
+is_maintenance_branch() {
+    echo "Checking if current branch is a maintenance branch: $GITHUB_BRANCH"
+    [[ "${GITHUB_BRANCH}" == "branch-"* ]]
+}
+
+is_pull_request() {
+    echo "Checking if this is a pull request: ${PULL_REQUEST:-}"
+    [[ "${PULL_REQUEST:-}" != "false" ]]
+}
+
+is_dogfood_branch() {
+    echo "Checking if current branch is a dogfood branch: $GITHUB_BRANCH"
+    [[ "${GITHUB_BRANCH}" == "dogfood-on-"* ]]
+}
+
+is_long_lived_feature_branch() {
+    echo "Checking if current branch is a long-lived feature branch: $GITHUB_BRANCH"
+    [[ "${GITHUB_BRANCH}" == "feature/long/"* ]]
+}

includes/jfrog_utils.sh

@@ -0,0 +1,39 @@
+#!/bin/bash
+set -euo pipefail
+
+function extract_module_names() {
+  artifact=$1
+  module=$(echo "$artifact" | sed -E "s,^([^/]+/[^/]+/([^/]+))/([^/]+)/(([0-9].)+[0-9]+)/.*$,\1:\3:\4," | sed "s,/,.,g")
+  echo "$module"
+}
+
+function extract_artifacts() {
+  public_artifacts=()
+  private_artifacts=()
+  artifacts=$(grep Installing | sed 's,.*\.m2/repository/,,')
+  while read -r artifact; do
+    if [[ $artifact == "org/"* ]]; then
+      public_artifacts+=("$artifact")
+    elif [[ $artifact == "com/"* ]]; then
+      private_artifacts+=("$artifact")
+    fi
+  done <<<"$artifacts"
+}
+
+function upload_artifacts() {
+  jfrog config add test --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_DEPLOY_PASSWORD"
+  pushd "${CIRRUS_WORKING_DIR}/.m2/repository/"
+  for artifact in "${public_artifacts[@]}"; do
+    echo "Deploying public artifact: $artifact"
+    module=$(extract_module_names "$artifact")
+    jfrog rt u --module "$module" --build-name "${CIRRUS_REPO_NAME}" --build-number "${BUILD_ID}" "$artifact" "${ARTIFACTORY_DEPLOY_REPO}"
+  done
+
+  jfrog config edit test --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_PRIVATE_DEPLOY_PASSWORD"
+  for artifact in "${private_artifacts[@]}"; do
+    echo "Deploying private artifact: $artifact"
+    module=$(extract_module_names "$artifact")
+    jfrog rt u --module "$module" --build-name "${CIRRUS_REPO_NAME}" --build-number "${BUILD_ID}" "$artifact" "${ARTIFACTORY_PRIVATE_DEPLOY_REPO}"
+  done
+  popd
+}

includes/version_util

@@ -0,0 +1,22 @@
+#!/bin/bash
+# This script is responsible to provide functions to verify that the specified version follows the Sonar way proposed
+# by the RE Team.
+#
+# Usage: source includes/version_util
+
+# Requires the environment variables:
+# none are required yet the functions are able to autofix
+
+
+# Verify that the version declared in pom.xml or in gradle.properties
+# use the following pattern: x.x.x.x (<major>.<minor>.<patch>.<buildNumber>) and warn if not.
+# Args:
+#  $1 The version string to check
+function check_version_format(){
+  local version=$1
+  local extracted_points="${version//[^.]}"
+  local point_count=${#extracted_points}
+  if [[ "$point_count" != 3 ]]; then
+    echo "WARN: This version $version does not match the standardized format used commonly across the organization: '<MAJOR>.<MINOR>.<PATCH>.<BUILD NUMBER>'."
+  fi
+}