feat(detect): add customScanVersion to detect scan (#2790)

* add versioningModel parameter

* extract versioning model to own package

* move log message

* use versioning method

* add customScanVersion parameter

* use customScanVersion

* adjust docs on other steps

* add customScanVersion parameter

* use customScanVersion

* adjust docs on other steps

* change log message

* update test case

* fix typo

* correct variable name

cmd/detectExecuteScan.go

@@ -132,8 +132,12 @@ func addDetectArgs(args []string, config detectExecuteScanOptions, utils detectU
 		Version: config.Version,
 	}
 
-	_, detectVersionName := versioning.DetermineProjectCoordinates("", config.VersioningModel, coordinates)
-
+	detectVersionName := config.CustomScanVersion
+	if len(detectVersionName) > 0 {
+		log.Entry().Infof("Using custom version: %v", detectVersionName)
+	} else {
+		detectVersionName = versioning.ApplyVersioningModel(config.VersioningModel, coordinates)
+	}
 	//Split on spaces, the scanPropeties, so that each property is available as a single string
 	//instead of all properties being part of a single string
 	config.ScanProperties = piperutils.SplitAndTrim(config.ScanProperties, " ")

cmd/detectExecuteScan_generated.go

@@ -25,8 +25,9 @@ type detectExecuteScanOptions struct {
 	ServerURL                  string   `json:"serverUrl,omitempty"`
 	Groups                     []string `json:"groups,omitempty"`
 	FailOn                     []string `json:"failOn,omitempty"`
-	Version                    string   `json:"version,omitempty"`
 	VersioningModel            string   `json:"versioningModel,omitempty"`
+	Version                    string   `json:"version,omitempty"`
+	CustomScanVersion          string   `json:"customScanVersion,omitempty"`
 	ProjectSettingsFile        string   `json:"projectSettingsFile,omitempty"`
 	GlobalSettingsFile         string   `json:"globalSettingsFile,omitempty"`
 	M2Path                     string   `json:"m2Path,omitempty"`
@@ -110,8 +111,9 @@ func addDetectExecuteScanFlags(cmd *cobra.Command, stepConfig *detectExecuteScan
 	cmd.Flags().StringVar(&stepConfig.ServerURL, "serverUrl", os.Getenv("PIPER_serverUrl"), "Server URL to the Synopsis Detect (formerly BlackDuck) Server.")
 	cmd.Flags().StringSliceVar(&stepConfig.Groups, "groups", []string{}, "Users groups to be assigned for the Project")
 	cmd.Flags().StringSliceVar(&stepConfig.FailOn, "failOn", []string{`BLOCKER`}, "Mark the current build as fail based on the policy categories applied.")
-	cmd.Flags().StringVar(&stepConfig.Version, "version", os.Getenv("PIPER_version"), "Defines the version number of the artifact being build in the pipeline. It is used as source for the Detect version.")
 	cmd.Flags().StringVar(&stepConfig.VersioningModel, "versioningModel", `major`, "The versioning model used for result reporting (based on the artifact version). Example 1.2.3 using `major` will result in version 1")
+	cmd.Flags().StringVar(&stepConfig.Version, "version", os.Getenv("PIPER_version"), "Defines the version number of the artifact being build in the pipeline. It is used as source for the Detect version.")
+	cmd.Flags().StringVar(&stepConfig.CustomScanVersion, "customScanVersion", os.Getenv("PIPER_customScanVersion"), "A custom version used along with the uploaded scan results.")
 	cmd.Flags().StringVar(&stepConfig.ProjectSettingsFile, "projectSettingsFile", os.Getenv("PIPER_projectSettingsFile"), "Path or url to the mvn settings file that should be used as project settings file.")
 	cmd.Flags().StringVar(&stepConfig.GlobalSettingsFile, "globalSettingsFile", os.Getenv("PIPER_globalSettingsFile"), "Path or url to the mvn settings file that should be used as global settings file")
 	cmd.Flags().StringVar(&stepConfig.M2Path, "m2Path", os.Getenv("PIPER_m2Path"), "Path to the location of the local repository that should be used.")
@@ -242,6 +244,14 @@ func detectExecuteScanMetadata() config.StepData {
 						Mandatory:   false,
 						Aliases:     []config.Alias{{Name: "detect/failOn"}},
 					},
+					{
+						Name:        "versioningModel",
+						ResourceRef: []config.ResourceReference{},
+						Scope:       []string{"PARAMETERS", "GENERAL", "STAGES", "STEPS"},
+						Type:        "string",
+						Mandatory:   false,
+						Aliases:     []config.Alias{},
+					},
 					{
 						Name: "version",
 						ResourceRef: []config.ResourceReference{
@@ -256,9 +266,9 @@ func detectExecuteScanMetadata() config.StepData {
 						Aliases:   []config.Alias{{Name: "projectVersion"}, {Name: "detect/projectVersion"}},
 					},
 					{
-						Name:        "versioningModel",
+						Name:        "customScanVersion",
 						ResourceRef: []config.ResourceReference{},
-						Scope:       []string{"PARAMETERS", "GENERAL", "STAGES", "STEPS"},
+						Scope:       []string{"GENERAL", "STAGES", "STEPS", "PARAMETERS"},
 						Type:        "string",
 						Mandatory:   false,
 						Aliases:     []config.Alias{},

cmd/sonarExecuteScan.go

@@ -126,7 +126,7 @@ func runSonar(config sonarExecuteScanOptions, client piperhttp.Downloader, runne
 	if len(config.Version) > 0 {
 		version := config.CustomScanVersion
 		if len(version) > 0 {
-			log.Entry().Infof("using custom version: %v", version)
+			log.Entry().Infof("Using custom version: %v", version)
 		} else {
 			version = versioning.ApplyVersioningModel(config.VersioningModel, versioning.Coordinates{Version: config.Version})
 		}

resources/metadata/detect.yaml

@@ -159,24 +159,6 @@ spec:
           - PARAMETERS
           - STAGES
           - STEPS
-      - name: version
-        aliases:
-          - name: projectVersion
-          - name: detect/projectVersion
-        type: string
-        description: Defines the version number of the artifact being build in the pipeline. It is used as source for the Detect version.
-        longDescription: |-
-          Defines the version number of the artifact being build in the pipeline.
-          It is used for build version creation and as source for the Detect version.
-          **Typically it is available through the pipeline run.**
-          The project version of the Detect project is calculated using the [`versioningModel`](#versioningmodel).
-        resourceRef:
-          - name: commonPipelineEnvironment
-            param: artifactVersion
-        scope:
-          - PARAMETERS
-          - STAGES
-          - STEPS
       - name: versioningModel
         type: string
         description: The versioning model used for result reporting (based on the artifact version). Example 1.2.3 using `major` will result in version 1
@@ -195,6 +177,32 @@ spec:
           - major-minor
           - semantic
           - full
+      - name: version
+        aliases:
+          - name: projectVersion
+          - name: detect/projectVersion
+        type: string
+        description: Defines the version number of the artifact being build in the pipeline. It is used as source for the Detect version.
+        longDescription: |-
+          Defines the version number of the artifact being build in the pipeline.
+          It is used for build version creation and as source for the Detect version.
+          **Typically it is available through the pipeline run.**
+          The project version of the Detect project is calculated using the [`versioningModel`](#versioningmodel).
+        resourceRef:
+          - name: commonPipelineEnvironment
+            param: artifactVersion
+        scope:
+          - PARAMETERS
+          - STAGES
+          - STEPS
+      - name: customScanVersion
+        type: string
+        description: "A custom version used along with the uploaded scan results."
+        longDescription: |-
+          Defines a custom version for the Detect scan which deviates from the typical versioning pattern using [`version`](#version) and [`versioningModel`](#versioningModel).
+          It allows to set non-numeric versions as well and supersedes the value of [`version`](#version) which is calculated automatically.
+          The parameter is also used by other scan steps (e.g. Fortify, Sonar, WhiteSource) and thus allows a common custom version across scan tools.
+        scope: [GENERAL, STAGES, STEPS, PARAMETERS]
       - name: projectSettingsFile
         type: string
         description: "Path or url to the mvn settings file that should be used as project settings file."

resources/metadata/fortify.yaml

@@ -57,9 +57,9 @@ spec:
         type: string
         description: Custom version of the Fortify project used as source.
         longDescription: |-
-          Defines a custom version for the Fortify scan which deviates from the typical versioning pattern using [`version`](#version) and [`versioningModel`](#versioningModel)
-          It allows to set non-numeric versions as well and supersedes the value of [`version`](#version) and [`versioningModel`](#versioningModel) which is calculated automatically.
-          The parameter is also used by other scan steps (e.g. Sonar, WhiteSource) and thus allows a common custom version across scan tools.
+          Defines a custom version for the Fortify scan which deviates from the typical versioning pattern using [`version`](#version) and [`versioningModel`](#versioningModel).
+          It allows to set non-numeric versions as well and supersedes the value of [`version`](#version) which is calculated automatically.
+          The parameter is also used by other scan steps (e.g. Detect, Sonar, WhiteSource) and thus allows a common custom version across scan tools.
         scope:
           - GENERAL
           - PARAMETERS

resources/metadata/sonar.yaml

@@ -100,9 +100,9 @@ spec:
         type: string
         description: "A custom version used along with the uploaded scan results."
         longDescription: |-
-          Defines a custom version for the Sonar scan which deviates from the typical versioning pattern using [`version`](#version) and [`versioningModel`](#versioningModel)
+          Defines a custom version for the Sonar scan which deviates from the typical versioning pattern using [`version`](#version) and [`versioningModel`](#versioningModel).
           It allows to set non-numeric versions as well and supersedes the value of [`version`](#version) which is calculated automatically.
-          The parameter is also used by other scan steps (e.g. Fortify, WhiteSource) and thus allows a common custom version across scan tools.
+          The parameter is also used by other scan steps (e.g. Detect, Fortify, WhiteSource) and thus allows a common custom version across scan tools.
         scope: [GENERAL, STAGES, STEPS, PARAMETERS]
       - name: projectKey
         type: string

resources/metadata/whitesource.yaml

@@ -120,9 +120,9 @@ spec:
         type: string
         description: Custom version of the WhiteSource project used as source.
         longDescription: |-
-          Defines a custom version for the WhiteSource scan which deviates from the typical versioning pattern using [`version`](#version) and [`versioningModel`](#versioningModel)
+          Defines a custom version for the WhiteSource scan which deviates from the typical versioning pattern using [`version`](#version) and [`versioningModel`](#versioningModel).
           It allows to set non-numeric versions as well and supersedes the value of [`version`](#version) which is calculated automatically.
-          The parameter is also used by other scan steps (e.g. Fortify, Sonar) and thus allows a common custom version across scan tools.
+          The parameter is also used by other scan steps (e.g. Detect, Fortify, Sonar) and thus allows a common custom version across scan tools.
         scope:
           - GENERAL
           - PARAMETERS