diff --git a/.cirrus.yml b/.cirrus.yml index f87aab3b0..1c1e018eb 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -55,6 +55,36 @@ build_task: - regular_mvn_build_deploy_analyze cleanup_before_cache_script: cleanup_maven_repository +sonar_shadow_scan_and_issue_replication_task: + depends_on: + - build + # Only run when triggered by the cirrus-ci cron job named "nightly" + only_if: $CIRRUS_CRON == "nightly" + eks_container: + <<: *CONTAINER_DEFINITION + cpu: 4 + memory: 4G + env: + SONAR_PROJECT_KEY: "org.sonarsource.java:sonar-java-symbolic-execution" + SHADOW_ORGANIZATION: "sonarsource" + SHADOW_PROJECT_KEY: "SonarSource_sonar-java-symbolic-execution" + # to replicate issue states from next + SONAR_TOKEN: VAULT[development/kv/data/next data.token] + SONAR_HOST_URL: https://next.sonarqube.com/sonarqube + matrix: + - name: "sonarcloud.io" + SHADOW_SONAR_TOKEN: VAULT[development/kv/data/sonarcloud data.token] + SHADOW_SONAR_HOST_URL: "https://sonarcloud.io" + - name: "sonarqube.us" + SHADOW_SONAR_TOKEN: VAULT[development/kv/data/sonarqube-us data.token] + SHADOW_SONAR_HOST_URL: "https://sonarqube.us" + maven_cache: + folder: ${CIRRUS_WORKING_DIR}/.m2/repository + build_and_shadow_scan_script: + - source cirrus-env BUILD + - ./shadow-scan-and-issue-replication.sh + cleanup_before_cache_script: cleanup_maven_repository + ws_scan_task: <<: *ONLY_SONARSOURCE_QA eks_container: @@ -121,6 +151,7 @@ ruling_task: promote_task: depends_on: - build + - sonar_shadow_scan_and_issue_replication - ws_scan - ruling <<: *ONLY_SONARSOURCE_QA diff --git a/shadow-scan-and-issue-replication.sh b/shadow-scan-and-issue-replication.sh new file mode 100755 index 000000000..725db312d --- /dev/null +++ b/shadow-scan-and-issue-replication.sh @@ -0,0 +1,73 @@ +#!/usr/bin/env bash + +set -euo pipefail + +# IRIS: Issue Replication for Sonarqube +IRIS_JAR_URL="${ARTIFACTORY_URL}/sonarsource-private-releases/com/sonarsource/iris/iris/\[RELEASE\]/iris-\[RELEASE\]-jar-with-dependencies.jar" +IRIS_JAR_PATH="target/libs/iris.jar" + +function build_and_analyze_the_project() { + echo + echo "===== Build and analyze the project targeting a shadow SonarQube instance" + local BUILD_CMD + if [[ -e "gradlew" ]]; then + BUILD_CMD="./gradlew --info --stacktrace --console plain build sonar" + else + source set_maven_build_version "$BUILD_NUMBER" + BUILD_CMD="mvn -Pcoverage -Dmaven.test.redirectTestOutputToFile=false --batch-mode --errors --show-version verify sonar:sonar" + fi + ${BUILD_CMD} \ + -DbuildNumber="${BUILD_NUMBER}" \ + -Dsonar.host.url="${SHADOW_SONAR_HOST_URL}" \ + -Dsonar.token="${SHADOW_SONAR_TOKEN}" \ + -Dsonar.organization="${SHADOW_ORGANIZATION}" \ + -Dsonar.projectKey="${SHADOW_PROJECT_KEY}" \ + -Dsonar.analysis.buildNumber="${BUILD_NUMBER}" \ + -Dsonar.analysis.repository="${GITHUB_REPO}" \ + "$@" +} + +function download_iris() { + echo + echo "===== Download ${IRIS_JAR_URL}" + mkdir -p target/libs + curl --silent --fail-with-body --location --header "Authorization: Bearer ${ARTIFACTORY_PRIVATE_PASSWORD}" \ + --output "${IRIS_JAR_PATH}" "${IRIS_JAR_URL}" +} + +function run_iris() { + local DRY_RUN="$1" + java \ + -Diris.source.projectKey="${SONAR_PROJECT_KEY}" \ + -Diris.source.url="${SONAR_HOST_URL}" \ + -Diris.source.token="${SONAR_TOKEN}" \ + -Diris.destination.projectKey="${SHADOW_PROJECT_KEY}" \ + -Diris.destination.organization="${SHADOW_ORGANIZATION}" \ + -Diris.destination.url="${SHADOW_SONAR_HOST_URL}" \ + -Diris.destination.token="${SHADOW_SONAR_TOKEN}" \ + -Diris.dryrun="${DRY_RUN}" \ + -jar "${IRIS_JAR_PATH}" +} + +function run_iris_with_and_without_dry_run() { + echo + echo "===== Execute IRIS as dry-run" + if run_iris true; then + echo "===== Successful IRIS execution as dry-run" + echo "===== Execute IRIS for real" + if run_iris false; then + echo "===== Successful IRIS execution for real" + return 0 + else + echo "===== Failed IRIS execution for real" + return 1 + fi + else + echo "===== Failed IRIS execution as dry-run" + return 1 + fi +} + +build_and_analyze_the_project "$@" +download_iris +run_iris_with_and_without_dry_run