-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdefault.yml
More file actions
336 lines (290 loc) · 11.2 KB
/
default.yml
File metadata and controls
336 lines (290 loc) · 11.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
# ============================================================================
# GENERIC SERVICE VALIDATION PIPELINE
# ============================================================================
# Purpose: Validate integration with SonarQube and Nexus repositories
# Maintainer: DevOps Team
# Last Updated: 2025-10-20
# ============================================================================
trigger:
batch: false
branches:
include:
- main
paths:
exclude:
- README.md
- docs/**
- '*.md'
pr: none
# ============================================================================
# BUILD AGENT CONFIGURATION
# ============================================================================
pool:
name: your-build-agent-pool
demands:
- ImageOverride -equals ubuntu-custom
# ============================================================================
# PIPELINE VARIABLES
# ============================================================================
variables:
# Service URLs
- name: SONARQUBE_URL
value: https://sonarqube.example.com
- name: NEXUS_URL
value: https://nexus.example.com
- name: NODE_VERSION
value: 22.20.0
- name: SONARQUBE_TOKEN
value: $(SONARQUBE_TOKEN_SECRET) # Use Azure DevOps secret variable
# .NET Configuration
- name: DOTNET_CLI_TELEMETRY_OPTOUT
value: '1'
- name: DOTNET_NOLOGO
value: 'true'
- name: DOTNET_SKIP_FIRST_TIME_EXPERIENCE
value: 'true'
# ============================================================================
# STAGE 0: ENVIRONMENT SETUP
# ============================================================================
stages:
- stage: Environment_Setup
displayName: "🛠️ Environment Setup"
jobs:
- job: Setup_Tools
displayName: "Setup Development Tools"
steps:
# Load environment variables
- script: |
set -a
source /etc/environment 2>/dev/null || true
set +a
if [ -n "$NODE_EXTRA_CA_CERTS" ]; then
echo "##vso[task.setvariable variable=NODE_EXTRA_CA_CERTS;isOutput=true]$NODE_EXTRA_CA_CERTS"
echo "✅ NODE_EXTRA_CA_CERTS loaded: $NODE_EXTRA_CA_CERTS"
else
echo "⚠️ NODE_EXTRA_CA_CERTS not found in /etc/environment"
fi
if [ -n "$SONAR_SCANNER_OPTS" ]; then
echo "##vso[task.setvariable variable=SONAR_SCANNER_OPTS;isOutput=true]$SONAR_SCANNER_OPTS"
echo "✅ SONAR_SCANNER_OPTS loaded: $SONAR_SCANNER_OPTS"
else
echo "⚠️ SONAR_SCANNER_OPTS not found in /etc/environment"
fi
name: envVars
displayName: "Load Environment Variables"
# Install Ansible if needed
- script: |
if ! command -v ansible-playbook &> /dev/null; then
echo "📥 Installing Ansible..."
sudo apt-get update -qq
sudo apt-get install -y ansible
else
echo "✅ Ansible already installed"
fi
displayName: "Ensure Ansible is Installed"
# Run Ansible playbook (handles everything)
- script: |
ansible-playbook templates/setup-tools.yml \
--connection=local \
--inventory=localhost, \
--extra-vars "ansible_python_interpreter=/usr/bin/python3"
displayName: "Run Ansible Setup & Verification"
env:
ANSIBLE_FORCE_COLOR: 'true'
# ============================================================================
# STAGE 1: SONARQUBE CODE QUALITY VALIDATION
# ============================================================================
- stage: SonarQube_Validation
displayName: "🔍 Code Quality Analysis"
dependsOn: Environment_Setup
jobs:
# --------------------------------------------------------------------------
# Job 1.1: SonarQube using Azure DevOps Native Tasks
# --------------------------------------------------------------------------
- job: SonarQube_Tasks
displayName: "SonarQube - Azure DevOps Tasks"
steps:
# Load environment
- script: |
set -a
source /etc/environment 2>/dev/null || true
set +a
[ -n "$NODE_EXTRA_CA_CERTS" ] && echo "##vso[task.setvariable variable=NODE_EXTRA_CA_CERTS]$NODE_EXTRA_CA_CERTS"
[ -n "$SONAR_SCANNER_OPTS" ] && echo "##vso[task.setvariable variable=SONAR_SCANNER_OPTS]$SONAR_SCANNER_OPTS"
displayName: "Load Environment"
# Prepare SonarQube
- task: SonarQubePrepare@7
displayName: "Prepare SonarQube Analysis"
inputs:
SonarQube: 'sonarqube-service-connection'
scannerMode: 'dotnet'
projectKey: 'org:project:dotnet-sample'
projectName: 'dotnet-sample'
continueOnError: true
# Build .NET project
- script: |
dotnet new console -o DotnetSample --force
cd DotnetSample && dotnet build
dotnet test --no-build || echo "⚠️ No tests found"
displayName: "Build & Test .NET Project"
continueOnError: true
condition: succeededOrFailed()
# Analyze
- task: SonarQubeAnalyze@7
displayName: "Run Code Analysis"
inputs:
jdkversion: 'JAVA_HOME_17_X64'
continueOnError: true
condition: succeededOrFailed()
# Publish
- task: SonarQubePublish@7
displayName: "Publish Results"
inputs:
pollingTimeoutSec: '300'
continueOnError: true
condition: succeededOrFailed()
# --------------------------------------------------------------------------
# Job 1.2: SonarQube CLI Scanner
# --------------------------------------------------------------------------
- job: SonarQube_CLI
displayName: "SonarQube - CLI Scanner"
steps:
# Load environment
- script: |
set -a
source /etc/environment 2>/dev/null || true
set +a
displayName: "Load Environment"
# Run CLI Analysis
- script: |
dotnet tool install --global dotnet-sonarscanner || true
export PATH="$PATH:$HOME/.dotnet/tools"
dotnet new console -o DotnetSample --force && cd DotnetSample
dotnet sonarscanner begin \
/k:"org:project:dotnet-sample" \
/n:"dotnet-sample" \
/d:sonar.host.url="$(SONARQUBE_URL)" \
/d:sonar.token="$(SONARQUBE_TOKEN)"
dotnet build
dotnet test --no-build || true
dotnet sonarscanner end /d:sonar.token="$(SONARQUBE_TOKEN)"
displayName: "Run CLI Analysis"
continueOnError: true
# ============================================================================
# STAGE 2: NEXUS PACKAGE REPOSITORY VALIDATION
# ============================================================================
- stage: Nexus_Validation
displayName: "🧩 Package Repository Connectivity"
dependsOn: Environment_Setup
jobs:
# --------------------------------------------------------------------------
# Job 2.1: npm - lodash
# --------------------------------------------------------------------------
- job: npm_lodash
displayName: "npm - lodash"
steps:
- script: |
set -e
NODE_VERSION="$(NODE_VERSION)"
NEXUS_NODE_URL="$(NEXUS_URL)/repository/npm-proxy/dist/v${NODE_VERSION}"
curl -fsSL "${NEXUS_NODE_URL}/node-v${NODE_VERSION}-linux-x64.tar.gz" -o node.tar.gz
tar -xzf node.tar.gz
echo "##vso[task.prependpath]$(pwd)/node-v${NODE_VERSION}-linux-x64/bin"
rm node.tar.gz
displayName: "Install Node.js from Nexus"
- script: |
set -e
TEST_DIR="$(Agent.TempDirectory)/npm-test"
mkdir -p "$TEST_DIR" && cd "$TEST_DIR"
cat > .npmrc << 'EOF'
registry=https://nexus.example.com/repository/npm-hosted/
cafile=/etc/ssl/certs/ca-certificates.crt
strict-ssl=true
audit=false
EOF
displayName: "Configure npm"
- task: npmAuthenticate@0
inputs:
workingFile: '$(Agent.TempDirectory)/npm-test/.npmrc'
customEndpoint: 'Nexus-npm-connection'
- script: |
cd "$(Agent.TempDirectory)/npm-test"
npm init -y
npm install lodash
node -e "const _ = require('lodash'); console.log('✅ lodash', _.VERSION, 'installed')"
cd .. && rm -rf npm-test
displayName: "Test lodash"
continueOnError: true
# --------------------------------------------------------------------------
# Job 2.2: NuGet Pull
# --------------------------------------------------------------------------
- job: NuGet_Pull
displayName: "NuGet - Pull Test (Newtonsoft.Json)"
steps:
- task: NuGetAuthenticate@1
inputs:
nuGetServiceConnections: 'Nexus-NuGet-connection'
- script: |
set -e
TEST_DIR="$(Agent.TempDirectory)/nuget-test"
mkdir -p "$TEST_DIR" && cd "$TEST_DIR"
dotnet new classlib --force
dotnet add package Newtonsoft.Json --version 13.0.3 \
--source https://nexus.example.com/repository/nuget-hosted/
dotnet list package | grep -q "Newtonsoft.Json.*13.0.3"
echo "✅ Newtonsoft.Json installed"
cd .. && rm -rf nuget-test
displayName: "Test NuGet Pull"
# --------------------------------------------------------------------------
# Job 2.3: NuGet Push
# --------------------------------------------------------------------------
- job: NuGet_Push
displayName: "NuGet - Push Test (DotNetCoreCLI)"
steps:
# Create test package
- script: |
set -e
TEST_DIR="$(Agent.TempDirectory)/nuget-push-test"
mkdir -p "$TEST_DIR" && cd "$TEST_DIR"
dotnet new classlib -n TestPackage.$(Build.BuildId) --force
cd TestPackage.$(Build.BuildId)
dotnet pack -c Release \
-p:Version=1.0.$(Build.BuildId) \
-o $(Agent.TempDirectory)/nuget-push-output
echo "✅ Package created: TestPackage.$(Build.BuildId).1.0.$(Build.BuildId).nupkg"
displayName: "Create Test Package"
# Push to Nexus hosted repository
- task: DotNetCoreCLI@2
displayName: "Push to Nexus Hosted Repo"
inputs:
command: 'push'
packagesToPush: '$(Agent.TempDirectory)/nuget-push-output/*.nupkg'
nuGetFeedType: 'external'
externalEndpoint: 'Nexus-NuGet-Push-connection'
continueOnError: true
# --------------------------------------------------------------------------
# Job 2.4: Maven
# --------------------------------------------------------------------------
- job: Maven
displayName: "Maven - Dependency Test"
steps:
- script: |
set -e
TEST_DIR="$(Agent.TempDirectory)/maven-test"
mkdir -p "$TEST_DIR" && cd "$TEST_DIR"
mvn archetype:generate \
-DgroupId=com.example.test \
-DartifactId=maven-test \
-DarchetypeArtifactId=maven-archetype-quickstart \
-DarchetypeVersion=1.4 \
-DinteractiveMode=false
cd maven-test
mvn dependency:resolve
mvn clean compile
cd ../.. && rm -rf maven-test
echo "✅ Maven test completed"
displayName: "Test Maven"
continueOnError: true
# ============================================================================
# END OF PIPELINE
# ============================================================================