forked from bellingard/sonar-scanner-npm
/
.cirrus.yml
127 lines (115 loc) · 4.3 KB
/
.cirrus.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
env:
CIRRUS_VAULT_URL: https://vault.sonar.build:8200
CIRRUS_VAULT_AUTH_PATH: jwt-cirrusci
CIRRUS_VAULT_ROLE: cirrusci-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}
ARTIFACTORY_URL: https://repox.jfrog.io/artifactory
ARTIFACTORY_PRIVATE_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader
ARTIFACTORY_PRIVATE_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
ARTIFACTORY_DEPLOY_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer access_token]
ARTIFACTORY_DEPLOY_REPO: sonarsource-npm-public-qa
ARTIFACTORY_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
# burgr notification
BURGR_URL: VAULT[development/kv/data/burgr data.url]
BURGR_USERNAME: VAULT[development/kv/data/burgr data.cirrus_username]
BURGR_PASSWORD: VAULT[development/kv/data/burgr data.cirrus_password]
SONAR_TOKEN: VAULT[development/kv/data/sonarcloud data.token]
# Use bash (instead of sh on linux or cmd.exe on windows)
CIRRUS_SHELL: bash
only_sonarsource_qa: &ONLY_SONARSOURCE_QA
only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_PR != "" || $CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BRANCH =~ "dogfood-on-.*")
container_definition: &CONTAINER_DEFINITION
dockerfile: .cirrus/Dockerfile
docker_arguments:
CIRRUS_AWS_ACCOUNT: ${CIRRUS_AWS_ACCOUNT}
cluster_name: ${CIRRUS_CLUSTER_NAME}
builder_role: cirrus-builder
builder_image: docker-builder-v*
builder_instance_type: t2.small
builder_subnet_id: ${CIRRUS_AWS_SUBNET}
region: eu-central-1
namespace: default
npmrc_script_definition: &NPMRC_SCRIPT_DEFINITION
npmrc_script:
- cp .cirrus/npmrc $CIRRUS_WORKING_DIR/.npmrc
- cp .cirrus/npmrc $CIRRUS_WORKING_DIR/tools/orchestrator/.npmrc
- cp .cirrus/npmrc $CIRRUS_WORKING_DIR/test/integration/.npmrc
ec2_instance: &INSTANCE_DEFINITION
experimental: true # see https://github.com/cirruslabs/cirrus-ci-docs/issues/1051
region: eu-central-1
subnet_id: ${CIRRUS_AWS_SUBNET}
type: t3.medium
image: base-windows-jdk17-v*
platform: windows
qa_script_definition: &QA_SCRIPT_DEFINITION
setup_script:
- ./scripts/qa.sh
- cd tools/orchestrator && npm run build
test_script:
# required by orchestrator
- export ARTIFACTORY_ACCESS_TOKEN=$ARTIFACTORY_DEPLOY_ACCESS_TOKEN
- npm run test-integration
build_task:
eks_container:
<<: *CONTAINER_DEFINITION
cpu: 4
memory: 8G
env:
SONAR_TOKEN: ENCRYPTED[6aa9305c4d78b8f753d86e26171ff2c6f40600c03d514cf2bff683d14d466078169f17a408af03ad2ee85de8458157b6]
<<: *NPMRC_SCRIPT_DEFINITION
build_script:
- if [ -n "${CIRRUS_BASE_BRANCH}" ]; then git fetch origin "${CIRRUS_BASE_BRANCH}"; fi
- npm run build
sonarcloud_analysis_script:
- node ./scripts/ci-analysis.js
publish_script:
- ./scripts/publish.sh
mend_task:
depends_on:
- build
eks_container:
<<: *CONTAINER_DEFINITION
cpu: 2
memory: 2G
# run only on master and long-term branches
only_if: $CIRRUS_USER_COLLABORATOR == 'true' && ($CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*")
env:
# TODO replace secret with vault
WS_APIKEY: ENCRYPTED[!3929c6148b9dfc751a2d17c590b15d755f82cd9c108f2de5f24a5b32f2a0c26144e921fab7e2c959fc2824d6d6d1550d!]
run_script:
- .cirrus/run_ws_scan.sh
allow_failures: 'true'
always:
mend_artifacts:
path: 'whitesource/**/*'
qa_task:
depends_on:
- build
<<: *ONLY_SONARSOURCE_QA
eks_container:
<<: *CONTAINER_DEFINITION
cpu: 4
memory: 8G
<<: *NPMRC_SCRIPT_DEFINITION
<<: *QA_SCRIPT_DEFINITION
qa_win_task:
depends_on:
- build
<<: *ONLY_SONARSOURCE_QA
<<: *INSTANCE_DEFINITION
<<: *NPMRC_SCRIPT_DEFINITION
<<: *QA_SCRIPT_DEFINITION
promote_task:
depends_on:
- qa
- qa_win
<<: *ONLY_SONARSOURCE_QA
eks_container:
<<: *CONTAINER_DEFINITION
cpu: 1
memory: 1G
env:
ARTIFACTORY_PROMOTE_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promoter access_token]
GITHUB_TOKEN: VAULT[development/github/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promotion token]
ARTIFACTS: sonarqube-scanner:tgz
script:
- ./scripts/promote.sh