use bamboo config YAML

2022-11-10 13:17:01 +01:00 · 2022-11-10 13:17:01 +01:00 · 18d614f61c
commit 18d614f61c
parent 7472939f21
5 changed files with 312 additions and 0 deletions
--- a/bamboo-specs/bamboo.yml
+++ b/bamboo-specs/bamboo.yml
@ -0,0 +1,156 @@
+---
+version: 2
+
+plan:
+  project-key: RED
+  key: PYINFRA
+  name: pyinfra
+  description: Build for pyinfra
+
+stages:
+- Sonar Stage:
+    manual: false
+    final: false
+    jobs:
+    - Sonar Job
+
+- Licence Stage:
+    manual: false
+    final: false
+    jobs:
+    - Git Tag Job
+    - Licence Job
+
+Sonar Job:
+  key: SONAR
+  docker:
+    image: nexus.iqser.com:5001/infra/release_build:4.2.0
+    volumes:
+      ${bamboo.working.directory}: ${bamboo.working.directory}
+      ${bamboo.tmp.directory}: ${bamboo.tmp.directory}
+      /var/run/docker.sock: /var/run/docker.sock
+    docker-run-arguments: []
+  tasks:
+  - clean:
+      description: Clean working directory.
+  - checkout:
+      force-clean-build: 'false'
+      description: Checkout default repository.
+  - script:
+      interpreter: SHELL
+      file: bamboo-specs/scripts/config-keys.sh
+      description: Set config and keys.
+  - script:
+      interpreter: SHELL
+      file: bamboo-specs/scripts/sonar-scan.sh
+      argument: pyinfra
+      description: Run Sonarqube scan.
+  artifact-subscriptions: []
+
+Git Tag Job:
+  key: GITTAG
+  docker:
+    image: nexus.iqser.com:5001/infra/release_build:4.4.1
+    volumes:
+      ${bamboo.working.directory}: ${bamboo.working.directory}
+      ${bamboo.tmp.directory}: ${bamboo.tmp.directory}
+    docker-run-arguments: []
+  tasks:
+  - checkout:
+      force-clean-build: 'false'
+      description: Checkout default repository.
+  - script:
+      interpreter: SHELL
+      file: bamboo-specs/scripts/git-tag.sh
+      description: Build git tag.
+  - inject-variables:
+      file: git.tag
+      scope: LOCAL
+      namespace: g
+      description: Inject git tag.
+  - any-task:
+      plugin-key: com.atlassian.bamboo.plugins.vcs:task.vcs.tagging
+      configuration:
+        selectedRepository: defaultRepository
+        tagName: ${bamboo.g.gitTag}
+      description: ${bamboo.g.gitTag}
+  artifact-subscriptions: []
+
+Licence Job:
+  key: LICENCE
+  docker:
+    image: nexus.iqser.com:5001/infra/maven:3.6.2-jdk-13-3.0.0
+    volumes:
+      ${bamboo.working.directory}: ${bamboo.working.directory}
+      ${bamboo.tmp.directory}: ${bamboo.tmp.directory}
+      /etc/maven/settings.xml: /usr/share/maven/ref/settings.xml
+      /var/run/docker.sock: /var/run/docker.sock
+    docker-run-arguments: []
+  tasks:
+  - checkout:
+      force-clean-build: 'false'
+      description: Checkout default repository.
+  - script:
+      interpreter: SHELL
+      file: bamboo-specs/scripts/create-licence.sh
+      description: Build licence.
+  artifact-subscriptions: []
+
+repositories:
+- RR / pyinfra:
+    scope: global
+
+triggers:
+- bitbucket-server-trigger
+
+branches:
+  create: for-new-branch
+  delete:
+    after-deleted-days: never
+    after-inactive-days: 14
+  link-to-jira: true
+
+notifications: []
+
+labels: []
+
+dependencies:
+  require-all-stages-passing: false
+  enabled-for-branches: true
+  block-strategy: none
+  plans: []
+
+other:
+  concurrent-build-plugin: system-default
+---
+version: 2
+
+plan:
+  key: RED-PYINFRA
+
+plan-permissions:
+- roles:
+  - logged-in
+  - anonymous
+  permissions:
+  - view
+- users:
+  - atlbamboo
+  permissions:
+  - view
+  - edit
+  - build
+  - clone
+  - admin
+  - view-configuration
+- groups:
+  - QA
+  - research
+  - Development
+  permissions:
+  - view
+  - edit
+  - build
+  - clone
+  - view-configuration
+...
--- a/bamboo-specs/scripts/config-keys.sh
+++ b/bamboo-specs/scripts/config-keys.sh
@ -0,0 +1,8 @@
+#!/bin/bash
+set -e
+
+mkdir -p ~/.ssh
+echo "${bamboo.bamboo_agent_ssh}" | base64 -d >> ~/.ssh/id_rsa
+echo "host vector.iqser.com" > ~/.ssh/config
+echo "    user bamboo-agent" >> ~/.ssh/config
+chmod 600 ~/.ssh/config ~/.ssh/id_rsa
--- a/bamboo-specs/scripts/create-licence.sh
+++ b/bamboo-specs/scripts/create-licence.sh
@ -0,0 +1,19 @@
+#!/bin/bash
+set -e
+
+if [[ \"${bamboo_version_tag}\" != \"dev\" ]]
+then
+    ${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn \
+                    -f ${bamboo_build_working_directory}/pom.xml \
+                    versions:set  \
+                    -DnewVersion=${bamboo_version_tag}
+
+    ${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn \
+                    -f ${bamboo_build_working_directory}/pom.xml \
+                    -B clean deploy \
+                    -e -DdeployAtEnd=true \
+                    -Dmaven.wagon.http.ssl.insecure=true \
+                    -Dmaven.wagon.http.ssl.allowall=true \
+                    -Dmaven.wagon.http.ssl.ignore.validity.dates=true \
+                    -DaltDeploymentRepository=iqser_release::default::https://nexus.iqser.com/repository/gin4-platform-releases
+fi
--- a/bamboo-specs/scripts/git-tag.sh
+++ b/bamboo-specs/scripts/git-tag.sh
@ -0,0 +1,73 @@
+#!/bin/bash
+set -e
+
+python3 -m venv build_venv
+source build_venv/bin/activate
+python3 -m pip install --upgrade pip
+pip install poetry
+
+
+# update version in poetry to latest version in git if it is lower
+check_poetry_version () {
+    projectVersion=$(poetry version -s)
+    tagCount=$(git rev-list --tags --max-count=1 | wc -l)
+
+    if [[ $tagCount -gt 0 ]]
+    then
+        gitVersion=$(git rev-list --tags --max-count=1 | git describe --tags)
+        echo "latest version tag in git:    ${gitVersion}"
+        echo "current version in project:   ${projectVersion}"
+
+        if [[ "$projectVersion" < "$gitVersion" ]]
+        then
+            echo "project version is behind"
+            echo "setting latest git tag as current version"
+            poetry version "$gitVersion"
+            updateVersion=0  # 0 means all is good means true, yes it's weird
+        elif [[ "$projectVersion" == "$gitVersion" ]]
+        then
+            echo "project version matches"
+            echo "keeping the project version"
+            updateVersion=0
+        else
+            echo "project version is higher"
+            echo "keeping the project version, be aware that a version might have been skipped"
+            updateVersion=1
+        fi
+    else
+        updateVersion=1
+    fi
+
+    return $updateVersion
+}
+
+
+if [[ "$bamboo_planRepository_branchName" == "master" ]]
+then
+    if check_poetry_version
+    then
+        echo "updating version number by one minor increment"
+        poetry version minor
+    fi
+    newVersion="$(poetry version -s)"
+    echo "new release on master with version:   $newVersion"
+elif [[ "$bamboo_planRepository_branchName" =~ "release*|hotfix*|bugfix*|feature*" ]]
+then
+    if check_poetry_version
+    then
+        echo "updating version number by one patch increment"
+        poetry version patch
+    fi
+    newVersion="$(poetry version -s)"
+    echo "new release on $bamboo_planRepository_branchName with version:    $newVersion"
+elif [[ "${bamboo_version_tag}" != "dev" ]]
+then
+    newVersion="${bamboo_version_tag}"
+    echo "new special version build with:   $newVersion"
+else
+    newVersion="${bamboo_planRepository_1_branch}_${bamboo_buildNumber}"
+    echo "dev build with tag:   ${newVersion}"
+
+fi
+
+echo "gitTag=${newVersion}" > git.tag
--- a/bamboo-specs/scripts/sonar-scan.sh
+++ b/bamboo-specs/scripts/sonar-scan.sh
@ -0,0 +1,56 @@
+#!/bin/bash
+set -e
+
+export JAVA_HOME=/usr/bin/sonar-scanner/jre
+
+python3 -m venv build_venv
+source build_venv/bin/activate
+python3 -m pip install --upgrade pip
+python3 -m pip install dependency-check
+python3 -m pip install docker-compose
+python3 -m pip install coverage
+
+# This is disabled since there are currently no tests in this project.
+# If tests are added this can be enabled again
+# echo "coverage report generation"
+# bash run_tests.sh
+
+# if [ ! -f reports/coverage.xml ]
+# then
+#   exit 1
+# fi
+
+SERVICE_NAME=$1
+
+echo "dependency-check:aggregate"
+mkdir -p reports
+dependency-check --enableExperimental -f JSON -f XML \
+  --disableAssembly -s . -o reports --project $SERVICE_NAME --exclude ".git/**" --exclude "venv/**" \
+  --exclude "build_venv/**" --exclude "**/__pycache__/**" --exclude "bamboo-specs/**"
+
+if [[ -z "${bamboo_repository_pr_key}" ]]
+then
+    echo "Sonar Scan for branch: ${bamboo_planRepository_1_branch}"
+    /usr/bin/sonar-scanner/bin/sonar-scanner -X\
+     -Dsonar.projectKey=RED_$SERVICE_NAME \
+      -Dsonar.host.url=https://sonarqube.iqser.com \
+      -Dsonar.login=${bamboo_sonarqube_api_token_secret} \
+      -Dsonar.dependencyCheck.jsonReportPath=reports/dependency-check-report.json \
+      -Dsonar.dependencyCheck.xmlReportPath=reports/dependency-check-report.xml \
+      -Dsonar.dependencyCheck.htmlReportPath=reports/dependency-check-report.html \
+      -Dsonar.python.coverage.reportPaths=reports/coverage.xml
+
+else
+    echo "Sonar Scan for PR with key1: ${bamboo_repository_pr_key}"
+    /usr/bin/sonar-scanner/bin/sonar-scanner \
+      -Dsonar.projectKey=RED_$SERVICE_NAME \
+      -Dsonar.host.url=https://sonarqube.iqser.com \
+      -Dsonar.login=${bamboo_sonarqube_api_token_secret} \
+      -Dsonar.pullrequest.key=${bamboo_repository_pr_key} \
+      -Dsonar.pullrequest.branch=${bamboo_repository_pr_sourceBranch} \
+      -Dsonar.pullrequest.base=${bamboo_repository_pr_targetBranch} \
+      -Dsonar.dependencyCheck.jsonReportPath=reports/dependency-check-report.json \
+      -Dsonar.dependencyCheck.xmlReportPath=reports/dependency-check-report.xml \
+      -Dsonar.dependencyCheck.htmlReportPath=reports/dependency-check-report.html \
+      -Dsonar.python.coverage.reportPaths=reports/coverage.xml
+fi