diff --git a/.teamcity/builds/Build.kt b/.teamcity/builds/Build.kt index 38bd8e7..1537f55 100644 --- a/.teamcity/builds/Build.kt +++ b/.teamcity/builds/Build.kt @@ -22,22 +22,30 @@ class Build( if (forPullRequests) buildType(WhiteListCheck("${name}-whitelist-check", "white-list check")) if (forPullRequests) dependentBuildType(PRCheck("${name}-pr-check", "pr check")) - dependentBuildType( - Maven( - "${name}-build", - "build", - "test-compile", - "", - ), - ) - dependentBuildType( - Maven( - "${name}-test", - "test", - "verify", - size = LinuxSize.LARGE, - ), - ) + + parallel { + dependentBuildType(SemgrepCheck("${name}-semgrep-check", "semgrep check")) + + sequential { + dependentBuildType( + Maven( + "${name}-build", + "build", + "test-compile", + "", + ), + ) + dependentBuildType( + Maven( + "${name}-test", + "test", + "verify", + size = LinuxSize.LARGE, + ), + ) + } + } + dependentBuildType(complete) if (!forPullRequests) collectArtifacts(dependentBuildType(Release("${name}-release", "release"))) diff --git a/.teamcity/builds/Common.kt b/.teamcity/builds/Common.kt index 19dbf05..9fbd4b2 100644 --- a/.teamcity/builds/Common.kt +++ b/.teamcity/builds/Common.kt @@ -12,9 +12,13 @@ import jetbrains.buildServer.configs.kotlin.buildSteps.script const val GITHUB_OWNER = "neo4j" const val GITHUB_REPOSITORY = "neo4j-cdc-client" const val MAVEN_DEFAULT_ARGS = "--no-transfer-progress --batch-mode --show-version" +const val FULL_GITHUB_REPOSITORY = "$GITHUB_OWNER/$GITHUB_REPOSITORY" +const val GITHUB_URL = "https://github.com/$FULL_GITHUB_REPOSITORY" const val JAVA_VERSION = "11" +const val SEMGREP_DOCKER_IMAGE = "semgrep/semgrep:1.146.0" + enum class LinuxSize(val value: String) { SMALL("small"), LARGE("large") diff --git a/.teamcity/builds/Maven.kt b/.teamcity/builds/Maven.kt index d47ccff..322642d 100644 --- a/.teamcity/builds/Maven.kt +++ b/.teamcity/builds/Maven.kt @@ -4,7 +4,7 @@ import jetbrains.buildServer.configs.kotlin.BuildType import jetbrains.buildServer.configs.kotlin.buildFeatures.dockerSupport import jetbrains.buildServer.configs.kotlin.toId -class Maven( +open class Maven( id: String, name: String, goals: String, diff --git a/.teamcity/builds/NightlyBuild.kt b/.teamcity/builds/NightlyBuild.kt new file mode 100644 index 0000000..818b2a6 --- /dev/null +++ b/.teamcity/builds/NightlyBuild.kt @@ -0,0 +1,49 @@ +package builds + +import jetbrains.buildServer.configs.kotlin.Project +import jetbrains.buildServer.configs.kotlin.sequential +import jetbrains.buildServer.configs.kotlin.toId +import jetbrains.buildServer.configs.kotlin.triggers.schedule +import jetbrains.buildServer.configs.kotlin.triggers.vcs + +class NightlyBuild(name: String): Project({ + this.id(name.toId()) + this.name = name + + val complete = Empty("${name}-complete", "complete") + + val bts = sequential { + dependentBuildType(SemgrepCheck("${name}-semgrep-check", "semgrep check")) + dependentBuildType(complete) + } + + bts.buildTypes().forEach { + it.thisVcs() + + it.features { + enableCommitStatusPublisher() + } + + buildType(it) + } + + complete.triggers { + vcs { enabled = false } + + schedule { + branchFilter = buildString { + appendLine("+:main") + appendLine("+:refs/heads/main") + } + schedulingPolicy = daily { + hour = 7 + minute = 0 + } + triggerBuild = always() + withPendingChangesOnly = false + enforceCleanCheckout = true + enforceCleanCheckoutForDependencies = true + } + } + +}) diff --git a/.teamcity/builds/SemgrepCheck.kt b/.teamcity/builds/SemgrepCheck.kt new file mode 100644 index 0000000..9aea7a1 --- /dev/null +++ b/.teamcity/builds/SemgrepCheck.kt @@ -0,0 +1,33 @@ +package builds + +import jetbrains.buildServer.configs.kotlin.buildSteps.ScriptBuildStep + +class SemgrepCheck( + id: String, + name: String +): Maven( + id, + name, + "dependency:tree", + "-DoutputFile=maven_dep_tree.txt" +) { + + init { + + params.password("env.SEMGREP_APP_TOKEN", "%semgrep-app-token%") + params.text("env.SEMGREP_REPO_NAME", FULL_GITHUB_REPOSITORY) + params.text("env.SEMGREP_REPO_URL", GITHUB_URL) + params.text("env.SEMGREP_BRANCH", "%teamcity.build.branch%") + params.text("env.SEMGREP_JOB_URL", "%env.BUILD_URL%") + params.text("env.SEMGREP_COMMIT", "%env.BUILD_VCS_NUMBER%") + + steps.step(ScriptBuildStep { + scriptContent="semgrep ci --no-git-ignore" + dockerImagePlatform = ScriptBuildStep.ImagePlatform.Linux + dockerImage = SEMGREP_DOCKER_IMAGE + dockerRunParameters = + "--volume /var/run/docker.sock:/var/run/docker.sock --volume %teamcity.build.checkoutDir%/signingkeysandbox:/root/.gnupg" + }) + } + +} diff --git a/.teamcity/settings.kts b/.teamcity/settings.kts index 77d2216..f03f166 100644 --- a/.teamcity/settings.kts +++ b/.teamcity/settings.kts @@ -1,4 +1,5 @@ import builds.Build +import builds.NightlyBuild import jetbrains.buildServer.configs.kotlin.project import jetbrains.buildServer.configs.kotlin.version @@ -11,6 +12,7 @@ project { password("signing-key-passphrase", "%publish-signing-key-password%") password("github-commit-status-token", "%github-token%") password("github-pull-request-token", "%github-token%") + password("semgrep-app-token", "%semgrep-token%") } subProject( @@ -37,4 +39,5 @@ project { """ .trimIndent(), forPullRequests = true)) + subProject(NightlyBuild("nightly")) }