add sonar

bamboo-specs/src/main/java/buildjob/PlanSpec.java

@@ -21,6 +21,8 @@ import com.atlassian.bamboo.specs.builders.task.VcsTagTask;
 import com.atlassian.bamboo.specs.builders.trigger.BitbucketServerTrigger;
 import com.atlassian.bamboo.specs.model.task.InjectVariablesScope;
 import com.atlassian.bamboo.specs.util.BambooServer;
+import com.atlassian.bamboo.specs.builders.task.ScriptTask;
+import com.atlassian.bamboo.specs.model.task.ScriptTaskProperties.Location;
 
 import static com.atlassian.bamboo.specs.builders.task.TestParserTask.createJUnitParserTask;
 
@@ -53,7 +55,8 @@ public class PlanSpec {
     private PlanPermissions createPlanPermission(PlanIdentifier planIdentifier) {
         Permissions permission = new Permissions()
                 .userPermissions("atlbamboo", PermissionType.EDIT, PermissionType.VIEW, PermissionType.ADMIN, PermissionType.CLONE, PermissionType.BUILD)
-                .groupPermissions("red-backend", PermissionType.EDIT, PermissionType.VIEW, PermissionType.CLONE, PermissionType.BUILD)
+                .groupPermissions("development", PermissionType.EDIT, PermissionType.VIEW, PermissionType.CLONE, PermissionType.BUILD)
+                .groupPermissions("devplant", PermissionType.EDIT, PermissionType.VIEW, PermissionType.CLONE, PermissionType.BUILD)
                 .loggedInUserPermissions(PermissionType.VIEW)
                 .anonymousUserPermissionView();
         return new PlanPermissions(planIdentifier.getProjectKey(), planIdentifier.getPlanKey()).permissions(permission);
@@ -84,27 +87,18 @@ public class PlanSpec {
                                                 .checkoutItems(new CheckoutItem().defaultRepository()),
                                         new ScriptTask()
                                                 .description("Build")
-                                                .environmentVariables("MAVEN_OPTS="+JVM_ARGS)
-                                                .inlineBody("#!/bin/bash\n" +
-                                                        "set -e\n" +
-
-                                                        "export MAVEN_OPTS=\"$MAVEN_OPTS "+JVM_ARGS +"\"\n" +
-
-                                                        "if [[ \"${bamboo.version_tag}\" != \"dev\" ]]; then ${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn --no-transfer-progress -f ${bamboo_build_working_directory}/" + SERVICE_NAME + "-v1/pom.xml versions:set  -DnewVersion=${bamboo.version_tag}; fi\n" +
-                                                        "if [[ \"${bamboo.version_tag}\" != \"dev\" ]]; then ${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn --no-transfer-progress -f ${bamboo_build_working_directory}/" + SERVICE_NAME + "-image-v1/pom.xml versions:set  -DnewVersion=${bamboo.version_tag}; fi\n" +
-
-                                                        "if [[ \"${bamboo.version_tag}\" = \"dev\" ]]; then ${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn -f ${bamboo_build_working_directory}/" + SERVICE_NAME + "-v1/pom.xml --no-transfer-progress clean install -Djava.security.egd=file:/dev/./urandom; fi\n" +
-                                                        "if [[ \"${bamboo.version_tag}\" != \"dev\" ]]; then ${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn -f ${bamboo_build_working_directory}/" + SERVICE_NAME + "-v1/pom.xml --no-transfer-progress clean deploy -e -DdeployAtEnd=true -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ignore.validity.dates=true -DaltDeploymentRepository=iqser_release::default::https://nexus.iqser.com/repository/red-platform-releases; fi\n" +
-
-                                                        "${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn --no-transfer-progress -f ${bamboo_build_working_directory}/" + SERVICE_NAME + "-image-v1/pom.xml package\n" +
-                                                        "${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn --no-transfer-progress -f ${bamboo_build_working_directory}/" + SERVICE_NAME + "-image-v1/pom.xml docker:push\n" +
-
-                                                        "if [[ \"${bamboo.version_tag}\" = \"dev\" ]]; then echo \"gitTag=${bamboo.planRepository.1.branch}_${bamboo.buildNumber}\" > git.tag; fi\n" +
-                                                        "if [[ \"${bamboo.version_tag}\" != \"dev\" ]]; then echo \"gitTag=${bamboo.version_tag}\" > git.tag; fi\n"),
+                                                .location(Location.FILE)
+                                                .fileFromPath("bamboo-specs/src/main/resources/scripts/build-java.sh")
+                                                .argument(SERVICE_NAME),
                                         createJUnitParserTask()
                                                 .description("Resultparser")
                                                 .resultDirectories("**/test-reports/*.xml, **/target/surefire-reports/*.xml, **/target/failsafe-reports/*.xml")
                                                 .enabled(true),
+                                        new ScriptTask()
+                                                .description("Sonar")
+                                                .location(Location.FILE)
+                                                .fileFromPath("bamboo-specs/src/main/resources/scripts/sonar-java.sh")
+                                                .argument(SERVICE_NAME),
                                         new InjectVariablesTask()
                                                 .description("Inject git Tag")
                                                 .path("git.tag")

bamboo-specs/src/main/resources/scripts/build-java.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+set -e
+
+SERVICE_NAME=$1
+
+if [[ "${bamboo_version_tag}" = "dev" ]]
+then 
+    ${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn \
+        -f ${bamboo_build_working_directory}/$SERVICE_NAME-v1/pom.xml \
+        --no-transfer-progress \
+        clean install \
+        -Djava.security.egd=file:/dev/./urandomelse
+else        
+    ${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn \
+        --no-transfer-progress \
+        -f ${bamboo_build_working_directory}/$SERVICE_NAME-v1/pom.xml \
+        versions:set \
+        -DnewVersion=${bamboo_version_tag}
+    ${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn \
+        --no-transfer-progress \
+        -f ${bamboo_build_working_directory}/$SERVICE_NAME-image-v1/pom.xml \
+        versions:set  \
+        -DnewVersion=${bamboo_version_tag}
+    ${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn \
+        -f ${bamboo_build_working_directory}/$SERVICE_NAME-v1/pom.xml \
+        --no-transfer-progress \
+        clean deploy \
+        -e \
+        -DdeployAtEnd=true \
+        -Dmaven.wagon.http.ssl.insecure=true \
+        -Dmaven.wagon.http.ssl.allowall=true \
+        -Dmaven.wagon.http.ssl.ignore.validity.dates=true \
+        -DaltDeploymentRepository=iqser_release::default::https://nexus.iqser.com/repository/red-platform-releases
+fi
+
+${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn \
+    --no-transfer-progress \
+    -f ${bamboo_build_working_directory}/$SERVICE_NAME-image-v1/pom.xml \
+    package
+
+${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn \
+    --no-transfer-progress \
+    -f ${bamboo_build_working_directory}/$SERVICE_NAME-image-v1/pom.xml \
+    docker:push
+
+if [[ "${bamboo_version_tag}" = "dev" ]]
+then 
+    echo "gitTag=${bamboo_planRepository_1_branch}_${bamboo_buildNumber}" > git.tag
+else
+    echo "gitTag=${bamboo_version_tag}" > git.tag
+fi

bamboo-specs/src/main/resources/scripts/sonar-java.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+set -e
+
+SERVICE_NAME=$1
+
+echo "dependency-check:aggregate"
+${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn \
+    --no-transfer-progress \
+    -f ${bamboo_build_working_directory}/$SERVICE_NAME-v1/pom.xml \
+    org.owasp:dependency-check-maven:aggregate
+
+if [[ -z "${bamboo_repository_pr_key}" ]]
+then
+    echo "Sonar Scan for branch: ${bamboo_planRepository_1_branch}"
+    ${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn \
+            --no-transfer-progress \
+            -f ${bamboo_build_working_directory}/$SERVICE_NAME-v1/pom.xml \
+            sonar:sonar \
+            -Dsonar.projectKey=RED_$SERVICE_NAME \
+            -Dsonar.host.url=https://sonarqube.iqser.com \
+            -Dsonar.login=${bamboo_sonarqube_api_token_secret} \
+            -Dsonar.branch.name=${bamboo_planRepository_1_branch} \
+            -Dsonar.dependencyCheck.jsonReportPath=target/dependency-check-report.json \
+            -Dsonar.dependencyCheck.xmlReportPath=target/dependency-check-report.xml \
+            -Dsonar.dependencyCheck.htmlReportPath=target/dependency-check-report.html
+            
+else
+    echo "Sonar Scan for PR with key1: ${bamboo_repository_pr_key}"
+    ${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn \
+            --no-transfer-progress \
+            -f ${bamboo_build_working_directory}/$SERVICE_NAME-v1/pom.xml \
+            sonar:sonar \
+            -Dsonar.projectKey=RED_$SERVICE_NAME \
+            -Dsonar.host.url=https://sonarqube.iqser.com \
+            -Dsonar.login=${bamboo_sonarqube_api_token_secret} \
+            -Dsonar.pullrequest.key=${bamboo_repository_pr_key} \
+            -Dsonar.pullrequest.branch=${bamboo_repository_pr_sourceBranch} \
+            -Dsonar.pullrequest.base=${bamboo_repository_pr_targetBranch} \
+            -Dsonar.dependencyCheck.jsonReportPath=target/dependency-check-report.json \
+            -Dsonar.dependencyCheck.xmlReportPath=target/dependency-check-report.xml \
+            -Dsonar.dependencyCheck.htmlReportPath=target/dependency-check-report.html
+fi

redaction-service-v1/pom.xml

@@ -52,4 +52,63 @@
 
     </dependencyManagement>
 
+    <build>
+        <pluginManagement>
+            <plugins>
+                <plugin>
+                    <groupId>org.sonarsource.scanner.maven</groupId>
+                    <artifactId>sonar-maven-plugin</artifactId>
+                    <version>3.9.0.2155</version>
+                    </plugin>                    
+                <plugin>
+                    <groupId>org.owasp</groupId>
+                    <artifactId>dependency-check-maven</artifactId>
+                    <version>6.3.1</version>
+                    <configuration>
+                        <format>ALL</format>
+                    </configuration>
+                </plugin>
+                <plugin>
+                    <groupId>org.jacoco</groupId>
+                    <artifactId>jacoco-maven-plugin</artifactId>
+                    <executions>
+                        <execution>
+                            <id>prepare-agent</id>
+                            <goals>
+                                <goal>prepare-agent</goal>
+                            </goals>
+                        </execution>
+                        <execution>
+                            <id>report</id>
+                            <goals>
+                                <goal>report</goal>
+                            </goals>
+                        </execution>
+                    </executions>
+                </plugin>
+            </plugins>
+        </pluginManagement>
+        <plugins>
+            <plugin>
+                <groupId>org.jacoco</groupId>
+                <artifactId>jacoco-maven-plugin</artifactId>
+                <version>0.8.7</version>
+                <executions>
+                    <execution>
+                        <id>prepare-agent</id>
+                        <goals>
+                            <goal>prepare-agent</goal>
+                        </goals>
+                    </execution>
+                    <execution>
+                        <id>report</id>
+                        <goals>
+                            <goal>report-aggregate</goal>
+                        </goals>
+                        <phase>verify</phase>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
 </project>