-
Notifications
You must be signed in to change notification settings - Fork 129
/
.cirrus.yml
133 lines (127 loc) · 4.47 KB
/
.cirrus.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
#
# ENV VARIABLES
#
env:
### Shared variables
ARTIFACTORY_URL: VAULT[development/kv/data/repox data.url]
ARTIFACTORY_DEPLOY_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer
ARTIFACTORY_DEPLOY_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer access_token]
ARTIFACTORY_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
# Possible values for ARTIFACTORY_DEPLOY_REPO: sonarsource-private-qa, sonarsource-public-qa
ARTIFACTORY_DEPLOY_REPO: sonarsource-public-qa
### Project variables
DEPLOY_PULL_REQUEST: true
CIRRUS_VAULT_URL: https://vault.sonar.build:8200
CIRRUS_VAULT_AUTH_PATH: jwt-cirrusci
CIRRUS_VAULT_ROLE: cirrusci-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}
NPM_CONFIG_//repox.jfrog.io/artifactory/api/npm/:_authToken: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
NPM_CONFIG_registry: https://repox.jfrog.io/artifactory/api/npm/npm
#
# RE-USABLE CONFIGS
#
only_sonarsource_qa: &ONLY_SONARSOURCE_QA
only_if: $CIRRUS_USER_COLLABORATOR == 'true' && ($CIRRUS_PR != "" || $CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BRANCH =~ "dogfood-on-.*")
docker_build_container_template: &CONTAINER_TEMPLATE
dockerfile: .cirrus/Dockerfile
docker_arguments:
CIRRUS_AWS_ACCOUNT: ${CIRRUS_AWS_ACCOUNT}
cluster_name: ${CIRRUS_CLUSTER_NAME}
builder_role: cirrus-builder
builder_image: docker-builder-v*
builder_instance_type: t2.small
region: eu-central-1
namespace: default
#
# TASKS
#
build_task:
<<: *ONLY_SONARSOURCE_QA
eks_container:
<<: *CONTAINER_TEMPLATE
cpu: 3.4
memory: 11G
env:
SONAR_TOKEN: VAULT[development/kv/data/next data.token]
SONAR_HOST_URL: VAULT[development/kv/data/next data.url]
GPG_SIGNING_KEY: VAULT[development/kv/data/sign data.key]
GPG_SIGNING_PASSPHRASE: VAULT[development/kv/data/sign data.passphrase]
folder: node_modules
install_script:
- bash scripts/install.sh
script:
- git fetch
- source cirrus-env BUILD
- npm run generate-its && git diff --exit-code # Ensure that the generated ITS are up-to-date
- npm run validate-ci
- npm run build
- npm run sonarqube
- npm run upload
check_size_task:
<<: *ONLY_SONARSOURCE_QA
eks_container:
<<: *CONTAINER_TEMPLATE
cpu: 3.4
memory: 11G
env:
SONAR_TOKEN: VAULT[development/kv/data/next data.token]
SONAR_HOST_URL: VAULT[development/kv/data/next data.url]
GPG_SIGNING_KEY: VAULT[development/kv/data/sign data.key]
GPG_SIGNING_PASSPHRASE: VAULT[development/kv/data/sign data.passphrase]
folder: node_modules
MAX_FILE_SIZE_MB: 40
install_script:
- bash scripts/install.sh
script:
- source cirrus-env BUILD
- npm run build
- |
du -a -m dist/*.vsix | awk '{print $1}' | xargs -I % bash -c '
echo "File size: % MB"
if [ % -ge $MAX_FILE_SIZE_MB ]; then
echo "Error: File size exceeds limit of $MAX_FILE_SIZE_MB MB."
exit 1
fi
'
promote_task:
depends_on:
- build
<<: *ONLY_SONARSOURCE_QA
eks_container:
<<: *CONTAINER_TEMPLATE
cpu: 1
env:
ARTIFACTORY_PROMOTE_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promoter access_token]
node_modules_cache:
folder: node_modules
install_script:
- bash scripts/install.sh
script:
- source cirrus-env PROMOTE
- npm run promote
mend_scan_task:
depends_on:
- build
only_if: $CIRRUS_BRANCH == "master"
timeout_in: 30m
eks_container:
<<: *CONTAINER_TEMPLATE
cpu: 2
memory: 2G
env:
WS_APIKEY: VAULT[development/kv/data/mend data.apikey]
WS_WSS_URL: VAULT[development/kv/data/mend data.url]
WS_USERKEY: VAULT[development/kv/data/mend data.userKey]
# No need to clone the full history.
# Depth of 1 is not enough because it would fail the build in case of consecutive pushes
# (example of error: "Hard resetting to c968ecaf7a1942dacecd78480b3751ac74d53c33...Failed to force reset to c968ecaf7a1942dacecd78480b3751ac74d53c33: object not found!")
CIRRUS_CLONE_DEPTH: 50
mend_script:
- bash scripts/install.sh
- source cirrus-env BUILD # to set the environment variable BUILD_NUMBER
- PROJECT_VERSION='NO-VERSION'
- echo $PROJECT_VERSION
- source ws_scan.sh
allow_failures: $CIRRUS_CRON != "nightly"
always:
ws_artifacts:
path: "whitesource/**/*"