Merge pull request #776 from andre2007/whitesourceExecuteScan

whitesourceExecuteScan: Add scanType dub
2025-02-07 13:42:23 +02:00 · 2019-07-19 14:53:59 +02:00 · 2019-07-19 14:53:59 +02:00 · bf869515c4
commit bf869515c4
parent cb245b1ce2 b1b480a7e1
5 changed files with 57 additions and 4 deletions
--- a/resources/default_pipeline_environment.yml
+++ b/resources/default_pipeline_environment.yml
@ -394,6 +394,13 @@ steps:
        && mkdir -p \$GOPATH/src/${config.whitesource.projectName.substring(0, config.whitesource.projectName.lastIndexOf('/'))}
        && ln -s \$(pwd) \$GOPATH/src/${config.whitesource.projectName}
        && cd \$GOPATH/src/${config.whitesource.projectName} && dep ensure
+    dub:
+      buildDescriptorFile: './dub.json'
+      dockerImage: 'buildpack-deps:stretch-curl'
+      dockerWorkspace: '/home/dub'
+      stashContent:
+        - 'buildDescriptor'
+        - 'checkmarx'
    sbt:
      buildDescriptorFile: './build.sbt'
      dockerImage: 'hseeberger/scala-sbt:8u181_2.12.8_1.2.8'
--- a/src/com/sap/piper/WhitesourceConfigurationHelper.groovy
+++ b/src/com/sap/piper/WhitesourceConfigurationHelper.groovy
@ -79,6 +79,11 @@ class WhitesourceConfigurationHelper implements Serializable {
                    [name: 'excludes', value: '**/*sources.jar **/*javadoc.jar']
                ]
                break
+            case 'dub':
+                mapping += [
+                    [name: 'includes', value: '**/*.d **/*.di']
+                ]
+                break
            default:
                script.echo "[Warning][Whitesource] Configuration for scanType: '${config.scanType}' is not yet hardened, please do a quality assessment of your scan results."
        }
--- a/test/groovy/WhitesourceExecuteScanTest.groovy
+++ b/test/groovy/WhitesourceExecuteScanTest.groovy
@ -88,6 +88,7 @@ class WhitesourceExecuteScanTest extends BasePiperTest {
        helper.registerAllowedMethod( "getSbtGAV", [String], {return [group: 'com.sap.sbt', artifact: 'test-scala', version: '1.2.3']})
        helper.registerAllowedMethod( "getPipGAV", [String], {return [artifact: 'test-python', version: '1.2.3']})
        helper.registerAllowedMethod( "getMavenGAV", [String], {return [group: 'com.sap.maven', artifact: 'test-java', version: '1.2.3']})
+        helper.registerAllowedMethod( "getDubGAV", [String], {return [group: 'com.sap.dlang', artifact: 'test-dub', version: '1.2.3']})

        nullScript.commonPipelineEnvironment.configuration = nullScript.commonPipelineEnvironment.configuration ?: [:]
        nullScript.commonPipelineEnvironment.configuration['steps'] = nullScript.commonPipelineEnvironment.configuration['steps'] ?: [:]
@ -404,6 +405,46 @@ class WhitesourceExecuteScanTest extends BasePiperTest {
        assertThat(writeFileRule.files['./wss-unified-agent.config.d3aa80454919391024374ba46b4df082d15ab9a3'], containsString('projectName=com.sap.sbt.test-scala'))
    }

+    @Test
+    void testDub() {
+
+        helper.registerAllowedMethod("readProperties", [Map], {
+            def result = new Properties()
+            result.putAll([
+                "apiKey": "b39d1328-52e2-42e3-98f0-932709daf3f0",
+                "productName": "SHC - Piper",
+                "checkPolicies": "true",
+                "projectName": "python-test",
+                "projectVersion": "2.0.0"
+            ])
+            return result
+        })
+
+        stepRule.step.whitesourceExecuteScan([
+            script                               : nullScript,
+            whitesourceRepositoryStub            : whitesourceStub,
+            whitesourceOrgAdminRepositoryStub    : whitesourceOrgAdminRepositoryStub,
+            descriptorUtilsStub                  : descriptorUtilsStub,
+            scanType                             : 'dub',
+            juStabUtils                          : utils,
+            productName                          : 'testProductName',
+            orgToken                             : 'testOrgToken',
+            reporting                            : false
+        ])
+
+        assertThat(loggingRule.log, containsString('Unstash content: buildDescriptor'))
+        assertThat(loggingRule.log, containsString('Unstash content: checkmarx'))
+
+        assertThat(shellRule.shell, Matchers.hasItems(
+            is('curl --location --output wss-unified-agent.jar https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar'),
+            is('./bin/java -jar wss-unified-agent.jar -c \'./wss-unified-agent.config.d3aa80454919391024374ba46b4df082d15ab9a3\' -apiKey \'testOrgToken\' -userKey \'token-0815\' -product \'testProductName\'')
+        ))
+
+        assertThat(writeFileRule.files['./wss-unified-agent.config.d3aa80454919391024374ba46b4df082d15ab9a3'], containsString('apiKey=testOrgToken'))
+        assertThat(writeFileRule.files['./wss-unified-agent.config.d3aa80454919391024374ba46b4df082d15ab9a3'], containsString('productName=testProductName'))
+        assertThat(writeFileRule.files['./wss-unified-agent.config.d3aa80454919391024374ba46b4df082d15ab9a3'], containsString('userKey=token-0815'))
+    }
+
    @Test
    void testGo() {
        nullScript.commonPipelineEnvironment.gitHttpsUrl = 'https://github.wdf.sap.corp/test/golang'
--- a/test/groovy/com/sap/piper/WhitesourceConfigurationHelperTest.groovy
+++ b/test/groovy/com/sap/piper/WhitesourceConfigurationHelperTest.groovy
@ -122,11 +122,10 @@ class WhitesourceConfigurationHelperTest extends BasePiperTest {
                containsString("apiKey=abcd"),
                containsString("productName=DIST - name1"),
                containsString("productToken=1234"),
-                containsString("userKey=0000")
+                containsString("userKey=0000"),
+                containsString("includes=**/*.d **/*.di")
            )
        )
-
-        assertThat(jlr.log, containsString("[Whitesource] Configuration for scanType: 'dub' is not yet hardened, please do a quality assessment of your scan results."))
    }

    @Test
--- a/vars/whitesourceExecuteScan.groovy
+++ b/vars/whitesourceExecuteScan.groovy
@ -63,7 +63,7 @@ import static com.sap.piper.Prerequisites.checkScript
    'userTokenCredentialsId',
    /**
     * Type of development stack used to implement the solution.
-     * @possibleValues `golang`, `maven`, `mta`, `npm`, `pip`, `sbt`
+     * @possibleValues `golang`, `maven`, `mta`, `npm`, `pip`, `sbt`, `dub`
     */
    'scanType',
    /**
@ -436,6 +436,7 @@ private resolveProjectIdentifiers(script, descriptorUtils, config) {
                gav = descriptorUtils.getGoGAV(config.buildDescriptorFile, new URI(script.commonPipelineEnvironment.getGitHttpsUrl()))
                break
            case 'dub':
+                gav = descriptorUtils.getDubGAV(config.buildDescriptorFile)
                break
            case 'maven':
                gav = descriptorUtils.getMavenGAV(config.buildDescriptorFile)