.cirrus.yml

env:
  CIRRUS_CLONE_DEPTH: "20"
  CIRRUS_SHELL: bash
  # Artifactory settings
  ARTIFACTORY_URL: VAULT[development/kv/data/repox data.url]
  ARTIFACTORY_PRIVATE_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader
  ARTIFACTORY_PRIVATE_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
  ARTIFACTORY_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
  ARTIFACTORY_DEPLOY_USERNAME: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer username]
  ARTIFACTORY_DEPLOY_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer access_token]
  ARTIFACTORY_DEPLOY_REPO: sonarsource-public-qa
  DEVELOCITY_TOKEN: VAULT[development/kv/data/develocity data.token]
  DEVELOCITY_ACCESS_KEY: develocity.sonar.build=${DEVELOCITY_TOKEN}
  DEPLOY_PULL_REQUEST: "true"
  # Gradle settings
  GRADLE_USER_HOME: ${CIRRUS_WORKING_DIR}/.gradle


eks_container: &CONTAINER_DEFINITION
  image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j17-g7-latest
  cluster_name: ${CIRRUS_CLUSTER_NAME}
  region: eu-central-1
  namespace: default

setup_gradle_cache_template: &SETUP_GRADLE_CACHE
  gradle_cache:
    folder: .gradle/caches
  fingerprint_script:
    - echo $CIRRUS_OS
    - cat **/*.gradle* **/gradle*.properties || true
  create_gradle_directory_script:
    - mkdir -p "${CIRRUS_WORKING_DIR}/.gradle"

log_develocity_url_script: &log_develocity_url_script |
  echo "Develocity URL: https://develocity.sonar.build/scans?search.publicHostnames=cirrus-ci-task-${CIRRUS_TASK_ID}"

only_if_sonarsource_qa_template: &ONLY_IF_SONARSOURCE_QA
  only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_PR != "" || $CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BRANCH =~ "dogfood-on-.*")

qa_task_filter_template: &QA_TASK_FILTER
  depends_on:
    - build
  <<: *ONLY_IF_SONARSOURCE_QA

build_task:
  eks_container:
    <<: *CONTAINER_DEFINITION
    cpu: 8
    memory: 4G
  env:
    SONAR_TOKEN: VAULT[development/kv/data/next data.token]
    SONAR_HOST_URL: VAULT[development/kv/data/next data.url]
    ORG_GRADLE_PROJECT_signingKey: VAULT[development/kv/data/sign data.key]
    ORG_GRADLE_PROJECT_signingPassword: VAULT[development/kv/data/sign data.passphrase]
    ORG_GRADLE_PROJECT_signingKeyId: VAULT[development/kv/data/sign data.key_id]
  <<: *SETUP_GRADLE_CACHE
  build_script:
    - *log_develocity_url_script
    - source cirrus-env BUILD
    - function gradle(){ ./gradlew "$@"; }; export -f gradle
    - gradle --version
    - source set_gradle_build_version
    - regular_gradle_build_deploy_analyze
  on_failure:
    error_log_artifacts:
      path: "hs_err_pid*.log"
    heap_dump_artifacts:
      path: "*.hprof"

mend_task:
  depends_on:
    - build
  only_if: $CIRRUS_USER_COLLABORATOR == 'true' && ($CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BRANCH =~ "mend-.*")
  eks_container:
    <<: *CONTAINER_DEFINITION
    cpu: 8
    memory: 4G
  env:
    WS_APIKEY: VAULT[development/kv/data/mend data.apikey]
  <<: SETUP_GRADLE_CACHE
  scan_script:
    - *log_develocity_url_script
    - source cirrus-env QA
    - ./gradlew clean build --exclude-task test
    - source export_ws_variables_from_gradle
    - source ws_scan.sh
  allow_failures: "true"
  always:
    ws_artifacts:
      path: "whitesource/**/*"

qa_plugin_task:
  <<: *QA_TASK_FILTER
  eks_container:
    <<: *CONTAINER_DEFINITION
    cpu: 8
    memory: 8G
  env:
    matrix:
      - SQ_VERSION: "LATEST_RELEASE"
      - SQ_VERSION: "DEV"
  <<: *SETUP_GRADLE_CACHE
  plugin_script:
    - *log_develocity_url_script
    - source cirrus-env QA
    - ./gradlew ":its:plugin:test" --project-prop plugin      
      "-Dsonar.runtimeVersion=${SQ_VERSION}"
      "-Dorchestrator.artifactory.accessToken=${ARTIFACTORY_ACCESS_TOKEN}"
      "-DbuildNumber=$BUILD_NUMBER"
      -I "${GRADLE_HOME}/init.d/repoxAuth.init.gradle.kts"
      --info --stacktrace --console plain --no-daemon --build-cache

qa_ruling_task:
  <<: *QA_TASK_FILTER
  eks_container:
    <<: *CONTAINER_DEFINITION
    cpu: 8
    memory: 8G
  <<: *SETUP_GRADLE_CACHE
  ruling_script:
    - *log_develocity_url_script
    - source cirrus-env QA
    - git submodule update --init its/sources
    - ./gradlew ":its:ruling:test" --project-prop ruling      
      "-Dsonar.runtimeVersion=LATEST_RELEASE"
      "-Dorchestrator.artifactory.accessToken=${ARTIFACTORY_ACCESS_TOKEN}"
      "-DbuildNumber=$BUILD_NUMBER"
      -I "${GRADLE_HOME}/init.d/repoxAuth.init.gradle.kts"
      --info --stacktrace --console plain --no-daemon --build-cache

promote_task:
  depends_on:
    - build
    - qa_plugin
    - qa_ruling
  eks_container:
    <<: *CONTAINER_DEFINITION
    cpu: 1
    memory: 1G
  env:
    ARTIFACTORY_URL: VAULT[development/kv/data/repox data.url]
    ARTIFACTORY_PROMOTE_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promoter access_token]
    GITHUB_TOKEN: VAULT[development/github/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promotion token]
  promote_script:
    - *log_develocity_url_script
    - function gradle(){ ./gradlew "$@"; }; export -f gradle
    - cirrus_promote_gradle multi