diff --git a/bamboo-specs/src/main/java/buildjob/PlanSpec.java b/bamboo-specs/src/main/java/buildjob/PlanSpec.java index e2c7fe08..73fbb425 100644 --- a/bamboo-specs/src/main/java/buildjob/PlanSpec.java +++ b/bamboo-specs/src/main/java/buildjob/PlanSpec.java @@ -21,6 +21,8 @@ import com.atlassian.bamboo.specs.builders.task.VcsTagTask; import com.atlassian.bamboo.specs.builders.trigger.BitbucketServerTrigger; import com.atlassian.bamboo.specs.model.task.InjectVariablesScope; import com.atlassian.bamboo.specs.util.BambooServer; +import com.atlassian.bamboo.specs.builders.task.ScriptTask; +import com.atlassian.bamboo.specs.model.task.ScriptTaskProperties.Location; import static com.atlassian.bamboo.specs.builders.task.TestParserTask.createJUnitParserTask; @@ -53,7 +55,8 @@ public class PlanSpec { private PlanPermissions createPlanPermission(PlanIdentifier planIdentifier) { Permissions permission = new Permissions() .userPermissions("atlbamboo", PermissionType.EDIT, PermissionType.VIEW, PermissionType.ADMIN, PermissionType.CLONE, PermissionType.BUILD) - .groupPermissions("red-backend", PermissionType.EDIT, PermissionType.VIEW, PermissionType.CLONE, PermissionType.BUILD) + .groupPermissions("development", PermissionType.EDIT, PermissionType.VIEW, PermissionType.CLONE, PermissionType.BUILD) + .groupPermissions("devplant", PermissionType.EDIT, PermissionType.VIEW, PermissionType.CLONE, PermissionType.BUILD) .loggedInUserPermissions(PermissionType.VIEW) .anonymousUserPermissionView(); return new PlanPermissions(planIdentifier.getProjectKey(), planIdentifier.getPlanKey()).permissions(permission); @@ -84,27 +87,18 @@ public class PlanSpec { .checkoutItems(new CheckoutItem().defaultRepository()), new ScriptTask() .description("Build") - .environmentVariables("MAVEN_OPTS="+JVM_ARGS) - .inlineBody("#!/bin/bash\n" + - "set -e\n" + - - "export MAVEN_OPTS=\"$MAVEN_OPTS "+JVM_ARGS +"\"\n" + - - "if [[ \"${bamboo.version_tag}\" != \"dev\" ]]; then ${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn --no-transfer-progress -f ${bamboo_build_working_directory}/" + SERVICE_NAME + "-v1/pom.xml versions:set -DnewVersion=${bamboo.version_tag}; fi\n" + - "if [[ \"${bamboo.version_tag}\" != \"dev\" ]]; then ${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn --no-transfer-progress -f ${bamboo_build_working_directory}/" + SERVICE_NAME + "-image-v1/pom.xml versions:set -DnewVersion=${bamboo.version_tag}; fi\n" + - - "if [[ \"${bamboo.version_tag}\" = \"dev\" ]]; then ${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn -f ${bamboo_build_working_directory}/" + SERVICE_NAME + "-v1/pom.xml --no-transfer-progress clean install -Djava.security.egd=file:/dev/./urandom; fi\n" + - "if [[ \"${bamboo.version_tag}\" != \"dev\" ]]; then ${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn -f ${bamboo_build_working_directory}/" + SERVICE_NAME + "-v1/pom.xml --no-transfer-progress clean deploy -e -DdeployAtEnd=true -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ignore.validity.dates=true -DaltDeploymentRepository=iqser_release::default::https://nexus.iqser.com/repository/red-platform-releases; fi\n" + - - "${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn --no-transfer-progress -f ${bamboo_build_working_directory}/" + SERVICE_NAME + "-image-v1/pom.xml package\n" + - "${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn --no-transfer-progress -f ${bamboo_build_working_directory}/" + SERVICE_NAME + "-image-v1/pom.xml docker:push\n" + - - "if [[ \"${bamboo.version_tag}\" = \"dev\" ]]; then echo \"gitTag=${bamboo.planRepository.1.branch}_${bamboo.buildNumber}\" > git.tag; fi\n" + - "if [[ \"${bamboo.version_tag}\" != \"dev\" ]]; then echo \"gitTag=${bamboo.version_tag}\" > git.tag; fi\n"), + .location(Location.FILE) + .fileFromPath("bamboo-specs/src/main/resources/scripts/build-java.sh") + .argument(SERVICE_NAME), createJUnitParserTask() .description("Resultparser") .resultDirectories("**/test-reports/*.xml, **/target/surefire-reports/*.xml, **/target/failsafe-reports/*.xml") .enabled(true), + new ScriptTask() + .description("Sonar") + .location(Location.FILE) + .fileFromPath("bamboo-specs/src/main/resources/scripts/sonar-java.sh") + .argument(SERVICE_NAME), new InjectVariablesTask() .description("Inject git Tag") .path("git.tag") diff --git a/bamboo-specs/src/main/resources/scripts/build-java.sh b/bamboo-specs/src/main/resources/scripts/build-java.sh new file mode 100755 index 00000000..60dfe783 --- /dev/null +++ b/bamboo-specs/src/main/resources/scripts/build-java.sh @@ -0,0 +1,51 @@ +#!/bin/bash +set -e + +SERVICE_NAME=$1 + +if [[ "${bamboo_version_tag}" = "dev" ]] +then + ${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn \ + -f ${bamboo_build_working_directory}/$SERVICE_NAME-v1/pom.xml \ + --no-transfer-progress \ + clean install \ + -Djava.security.egd=file:/dev/./urandomelse +else + ${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn \ + --no-transfer-progress \ + -f ${bamboo_build_working_directory}/$SERVICE_NAME-v1/pom.xml \ + versions:set \ + -DnewVersion=${bamboo_version_tag} + ${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn \ + --no-transfer-progress \ + -f ${bamboo_build_working_directory}/$SERVICE_NAME-image-v1/pom.xml \ + versions:set \ + -DnewVersion=${bamboo_version_tag} + ${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn \ + -f ${bamboo_build_working_directory}/$SERVICE_NAME-v1/pom.xml \ + --no-transfer-progress \ + clean deploy \ + -e \ + -DdeployAtEnd=true \ + -Dmaven.wagon.http.ssl.insecure=true \ + -Dmaven.wagon.http.ssl.allowall=true \ + -Dmaven.wagon.http.ssl.ignore.validity.dates=true \ + -DaltDeploymentRepository=iqser_release::default::https://nexus.iqser.com/repository/red-platform-releases +fi + +${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn \ + --no-transfer-progress \ + -f ${bamboo_build_working_directory}/$SERVICE_NAME-image-v1/pom.xml \ + package + +${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn \ + --no-transfer-progress \ + -f ${bamboo_build_working_directory}/$SERVICE_NAME-image-v1/pom.xml \ + docker:push + +if [[ "${bamboo_version_tag}" = "dev" ]] +then + echo "gitTag=${bamboo_planRepository_1_branch}_${bamboo_buildNumber}" > git.tag +else + echo "gitTag=${bamboo_version_tag}" > git.tag +fi diff --git a/bamboo-specs/src/main/resources/scripts/sonar-java.sh b/bamboo-specs/src/main/resources/scripts/sonar-java.sh new file mode 100755 index 00000000..cfad6b01 --- /dev/null +++ b/bamboo-specs/src/main/resources/scripts/sonar-java.sh @@ -0,0 +1,42 @@ +#!/bin/bash +set -e + +SERVICE_NAME=$1 + +echo "dependency-check:aggregate" +${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn \ + --no-transfer-progress \ + -f ${bamboo_build_working_directory}/$SERVICE_NAME-v1/pom.xml \ + org.owasp:dependency-check-maven:aggregate + +if [[ -z "${bamboo_repository_pr_key}" ]] +then + echo "Sonar Scan for branch: ${bamboo_planRepository_1_branch}" + ${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn \ + --no-transfer-progress \ + -f ${bamboo_build_working_directory}/$SERVICE_NAME-v1/pom.xml \ + sonar:sonar \ + -Dsonar.projectKey=RED_$SERVICE_NAME \ + -Dsonar.host.url=https://sonarqube.iqser.com \ + -Dsonar.login=${bamboo_sonarqube_api_token_secret} \ + -Dsonar.branch.name=${bamboo_planRepository_1_branch} \ + -Dsonar.dependencyCheck.jsonReportPath=target/dependency-check-report.json \ + -Dsonar.dependencyCheck.xmlReportPath=target/dependency-check-report.xml \ + -Dsonar.dependencyCheck.htmlReportPath=target/dependency-check-report.html + +else + echo "Sonar Scan for PR with key1: ${bamboo_repository_pr_key}" + ${bamboo_capability_system_builder_mvn3_Maven_3}/bin/mvn \ + --no-transfer-progress \ + -f ${bamboo_build_working_directory}/$SERVICE_NAME-v1/pom.xml \ + sonar:sonar \ + -Dsonar.projectKey=RED_$SERVICE_NAME \ + -Dsonar.host.url=https://sonarqube.iqser.com \ + -Dsonar.login=${bamboo_sonarqube_api_token_secret} \ + -Dsonar.pullrequest.key=${bamboo_repository_pr_key} \ + -Dsonar.pullrequest.branch=${bamboo_repository_pr_sourceBranch} \ + -Dsonar.pullrequest.base=${bamboo_repository_pr_targetBranch} \ + -Dsonar.dependencyCheck.jsonReportPath=target/dependency-check-report.json \ + -Dsonar.dependencyCheck.xmlReportPath=target/dependency-check-report.xml \ + -Dsonar.dependencyCheck.htmlReportPath=target/dependency-check-report.html +fi diff --git a/redaction-service-v1/pom.xml b/redaction-service-v1/pom.xml index ee796600..a26607d4 100644 --- a/redaction-service-v1/pom.xml +++ b/redaction-service-v1/pom.xml @@ -52,4 +52,63 @@ + + + + + org.sonarsource.scanner.maven + sonar-maven-plugin + 3.9.0.2155 + + + org.owasp + dependency-check-maven + 6.3.1 + + ALL + + + + org.jacoco + jacoco-maven-plugin + + + prepare-agent + + prepare-agent + + + + report + + report + + + + + + + + + org.jacoco + jacoco-maven-plugin + 0.8.7 + + + prepare-agent + + prepare-agent + + + + report + + report-aggregate + + verify + + + + +