test/smarini/BUILD 6984 modularScripts

.cirrus.star

@@ -1,4 +1,4 @@
-load("github.com/SonarSource/cirrus-modules@b1f898b04170567791e1fd75f691f0266aab60af", "load_features") # 3.0.4
+load("github.com/SonarSource/cirrus-modules@5cd6425fdb78665f07284f2c12d495618a7bbc0a", "load_features") # 3.1.0
 
 def main(ctx):
     return load_features(ctx, only_if=dict())

.cirrus.yml

@@ -6,19 +6,21 @@ env:
   CIRRUS_SHELL: bash
 
 eks_container_definition: &CONTAINER_DEFINITION
-  image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:latest
+  image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:node20-yarn2.4.3
   cluster_name: ${CIRRUS_CLUSTER_NAME}
   region: eu-central-1
   namespace: default
-  docker_arguments:
-    CIRRUS_AWS_ACCOUNT: ${CIRRUS_AWS_ACCOUNT}
 
 build_task:
   auto_cancellation: $CIRRUS_BRANCH != 'master' && $CIRRUS_BRANCH != 'stable'
   eks_container:
     <<: *CONTAINER_DEFINITION
-    cpu: 2
-    memory: 2G
+    builder_role: cirrus-builder
+    builder_image: docker-builder-v*
+    builder_instance_type: t2.small
+    dockerfile: .cirrus/Dockerfile
+    docker_arguments:
+      CIRRUS_AWS_ACCOUNT: ${CIRRUS_AWS_ACCOUNT}
   env:
     ARTIFACTORY_DEPLOY_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer access_token]
     SONAR_HOST_URL: VAULT[development/kv/data/sonarcloud data.url]
@@ -38,7 +40,7 @@ build_task:
 
   build_script:
     - source cirrus-env BUILD
-    - regular_npm_build_deploy_analyze
+    - ./.cirrus/npm_build_deploy_analyze
 
 promote_task:
   depends_on:

.cirrus/Dockerfile

@@ -0,0 +1,28 @@
+ARG CIRRUS_AWS_ACCOUNT
+FROM ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j17-latest
+
+USER root
+
+# Update package list
+RUN apt-get update -y
+
+# Install some tools
+RUN apt-get install -y jq
+
+# Install vim
+RUN apt-get install -y vim
+
+# Install Node.js
+ARG NODE_VERSION=20.*
+RUN apt-get install -y nodejs=${NODE_VERSION}
+
+# Install Yarn
+RUN npm install -g yarn
+
+# Install sonar-scanner-npm
+RUN npm install -g sonarqube-scanner
+
+# Clean up cache after packages installation
+RUN apt-get clean
+
+USER sonarsource

.cirrus/analyze

@@ -0,0 +1,41 @@
+#!/bin/bash
+set -euo pipefail
+
+git fetch --unshallow || true
+
+if [ -n "${GITHUB_BASE_BRANCH:-}" ]; then
+    echo "Fetching base branch: $GITHUB_BASE_BRANCH"
+    git fetch origin "${GITHUB_BASE_BRANCH}"
+fi
+
+if [ -z "${PIPELINE_ID:-}" ]; then
+  PIPELINE_ID=$BUILD_NUMBER
+fi
+
+# Runs the SonarQube scanner with default and additional parameters.
+# Usage: run_sonar_scanner [additional_parameters...]
+run_sonar_scanner() {
+
+    local additional_params=("$@")
+
+    # echo "Running SonarQube scanner..."
+    if [ -z "${SONAR_HOST_URL:-}" ]; then
+      echo "SONAR_HOST_URL is required for SonarQube scanner"
+      exit 1
+    fi
+
+    if [ -z "${SONAR_TOKEN:-}" ]; then
+      echo "SONAR_TOKEN is required for SonarQube scanner"
+      exit 1
+    fi
+
+    npx sonarqube-scanner -X \
+        -Dsonar.host.url="$SONAR_HOST_URL" \
+        -Dsonar.token="$SONAR_TOKEN" \
+        -Dsonar.analysis.buildNumber="$BUILD_NUMBER" \
+        -Dsonar.analysis.pipeline="$PIPELINE_ID" \
+        -Dsonar.analysis.sha1="$GIT_SHA1" \
+        -Dsonar.analysis.repository="$GITHUB_REPO" \
+        "${additional_params[@]}"
+    echo "SonarQube scanner finished"
+}

.cirrus/includes/cirrus-env

@@ -0,0 +1,54 @@
+#!/bin/bash
+
+set +o verbose
+set -euo pipefail
+
+# generic environment variables used by Gradle build
+export GIT_SHA1=$CIRRUS_CHANGE_IN_REPO
+export GITHUB_BASE_BRANCH=${CIRRUS_BASE_BRANCH:-}
+export GITHUB_BRANCH=$CIRRUS_BRANCH
+export GITHUB_REPO=${CIRRUS_REPO_FULL_NAME}
+export PROJECT=${CIRRUS_REPO_NAME}
+export PULL_REQUEST=${CIRRUS_PR:-false}
+export PULL_REQUEST_SHA=${CIRRUS_BASE_SHA:-}
+export PIPELINE_ID=${CIRRUS_BUILD_ID}
+
+export LANG=C.UTF-8
+
+TASK_TYPE=$1
+if [[ "$TASK_TYPE" != "BUILD"* ]]; then
+  export SONARSOURCE_QA=true
+fi
+
+: "${CI_BUILD_NUMBER?missing parameter. See https://xtranet-sonarsource.atlassian.net/wiki/spaces/RE/pages/2992210934}"
+BUILD_NUMBER=${CI_BUILD_NUMBER}
+BUILD_ID=${CI_BUILD_NUMBER}
+echo "BUILD_NUMBER: $BUILD_NUMBER"
+export BUILD_NUMBER BUILD_ID
+
+if [[ "${GITHUB_TOKEN:-}" == "ENCRYPTED"* ]]; then
+  echo "Unsetting GITHUB_TOKEN"
+  unset GITHUB_TOKEN
+fi
+
+M2_SOURCE=~/.m2
+if [[ -f "/c/buildTools-docker/mvn/settings-public-auth.xml" ]]; then
+  # /c/buildTools-docker/mvn is populated during Windows image creation
+  M2_SOURCE=/c/buildTools-docker/mvn
+fi
+
+[[ ! -d ~/.m2 ]] && mkdir ~/.m2
+if [[ "${TASK_TYPE}" == *"-PRIVATE" || "${TASK_TYPE}" == "QA"* || "${TASK_TYPE}" == "PROMOTE"* ]]; then
+  cp "${M2_SOURCE}/settings-private.xml" ~/.m2/settings.xml
+else
+  if [[ -n "${ARTIFACTORY_ACCESS_TOKEN:-}" ]]; then
+    cp "${M2_SOURCE}/settings-public-auth.xml" ~/.m2/settings.xml
+  else
+    echo "No ARTIFACTORY_ACCESS_TOKEN found, Repox will not be accessible".
+  fi
+fi
+
+case $BUILD_ID in
+    ''|*[!0-9]*) echo "$BUILD_ID is not a number" && exit 1 ;;
+esac
+set -o verbose

.cirrus/includes/cirrus_error_advices

@@ -0,0 +1,53 @@
+#!/bin/bash
+# This script is responsible to provide functions to give advices to end users.
+# If during the execution of a re-ci-images base scripts some errors occurs, then some advices might be given
+# in order to assist the user to resolve them (when possible).
+#
+# WARN: Please do not use this script out of  re-ci-images base bash scripts.
+# (using it in another context might break in future releases)
+#
+# Usage: source includes/cirrus_error_advices
+
+# Requires the environment variables:
+# none are required yet the functions are able to autofix
+
+function is_using_cirrus(){
+  [ "${CIRRUS_CI:-false}" == "true" ]
+}
+
+# CIRRUS_REPO_NAME is provided out of the box by Cirrus CI
+function print_invalid_github_token_for_cirrus_advice(){
+    REPOSITORY_SHORTNAME=${CIRRUS_REPO_NAME:-"REPOSITORY_NAME"}
+   echo "Tips:"
+   cat <<EOF
+
+  1) Check the Hashicorp Vault policy for this repository in
+
+    https://github.com/SonarSource/re-terraform-aws-vault/tree/master/orders
+
+    The policy of this repository should contains the following declarations:
+
+    $REPOSITORY_SHORTNAME
+      secrets:
+        github:
+          presets: [default]
+          customs:
+            - <<: *github_promotion
+              repositories: [$REPOSITORY_SHORTNAME]
+
+    and
+
+    github_promotion: &github_promotion
+      organization: SonarSource
+      suffix: promotion
+      description: add a github check containing the build version to the current commit (required by cirrus_promote_maven)
+      permissions: {statuses: write}
+
+  2) Check the .cirrus.yml file:
+
+    The token should be declared this way:
+
+    GITHUB_TOKEN: VAULT[development/github/token/\${CIRRUS_REPO_OWNER}-\${CIRRUS_REPO_NAME}-promotion token]
+  "
+EOF
+}

.cirrus/includes/git_utils

@@ -0,0 +1,34 @@
+#!/bin/bash
+# Git-related utility functions
+
+set -euo pipefail
+
+fetch_git_history() {
+    git fetch --unshallow || true
+}
+
+fetch_pr_references() {
+    if [ -n "${GITHUB_BASE_BRANCH:-}" ]; then
+        git fetch origin "${GITHUB_BASE_BRANCH}"
+    fi
+}
+
+is_master_branch() {
+    [[ "${GITHUB_BRANCH}" == "master" ]]
+}
+
+is_maintenance_branch() {
+    [[ "${GITHUB_BRANCH}" == "branch-"* ]]
+}
+
+is_pull_request() {
+    [[ "${PULL_REQUEST:-}" != "false" ]]
+}
+
+is_dogfood_branch() {
+    [[ "${GITHUB_BRANCH}" == "dogfood-on-"* ]]
+}
+
+is_long_lived_feature_branch() {
+    [[ "${GITHUB_BRANCH}" == "feature/long/"* ]]
+}

.cirrus/includes/jfrog_utils.sh

@@ -0,0 +1,39 @@
+#!/bin/bash
+set -euo pipefail
+
+function extract_module_names() {
+  artifact=$1
+  module=$(echo "$artifact" | sed -E "s,^([^/]+/[^/]+/([^/]+))/([^/]+)/(([0-9].)+[0-9]+)/.*$,\1:\3:\4," | sed "s,/,.,g")
+  echo "$module"
+}
+
+function extract_artifacts() {
+  public_artifacts=()
+  private_artifacts=()
+  artifacts=$(grep Installing | sed 's,.*\.m2/repository/,,')
+  while read -r artifact; do
+    if [[ $artifact == "org/"* ]]; then
+      public_artifacts+=("$artifact")
+    elif [[ $artifact == "com/"* ]]; then
+      private_artifacts+=("$artifact")
+    fi
+  done <<<"$artifacts"
+}
+
+function upload_artifacts() {
+  jfrog config add test --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_DEPLOY_PASSWORD"
+  pushd "${CIRRUS_WORKING_DIR}/.m2/repository/"
+  for artifact in "${public_artifacts[@]}"; do
+    echo "Deploying public artifact: $artifact"
+    module=$(extract_module_names "$artifact")
+    jfrog rt u --module "$module" --build-name "${CIRRUS_REPO_NAME}" --build-number "${BUILD_ID}" "$artifact" "${ARTIFACTORY_DEPLOY_REPO}"
+  done
+
+  jfrog config edit test --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_PRIVATE_DEPLOY_PASSWORD"
+  for artifact in "${private_artifacts[@]}"; do
+    echo "Deploying private artifact: $artifact"
+    module=$(extract_module_names "$artifact")
+    jfrog rt u --module "$module" --build-name "${CIRRUS_REPO_NAME}" --build-number "${BUILD_ID}" "$artifact" "${ARTIFACTORY_PRIVATE_DEPLOY_REPO}"
+  done
+  popd
+}

.cirrus/includes/version_util

@@ -0,0 +1,22 @@
+#!/bin/bash
+# This script is responsible to provide functions to verify that the specified version follows the Sonar way proposed
+# by the RE Team.
+#
+# Usage: source includes/version_util
+
+# Requires the environment variables:
+# none are required yet the functions are able to autofix
+
+
+# Verify that the version declared in pom.xml or in gradle.properties
+# use the following pattern: x.x.x.x (<major>.<minor>.<patch>.<buildNumber>) and warn if not.
+# Args:
+#  $1 The version string to check
+function check_version_format(){
+  local version=$1
+  local extracted_points="${version//[^.]}"
+  local point_count=${#extracted_points}
+  if [[ "$point_count" != 3 ]]; then
+    echo "WARN: This version $version does not match the standardized format used commonly across the organization: '<MAJOR>.<MINOR>.<PATCH>.<BUILD NUMBER>'."
+  fi
+}