detectExecuteScan: update versioning (#1845)

* detectExecuteScan: update versioning

align with Fortify to also use the same versioning model by default.

* fix CodeClimate findings

cmd/detectExecuteScan.go

@@ -9,6 +9,7 @@ import (
 	"github.com/SAP/jenkins-library/pkg/command"
 	"github.com/SAP/jenkins-library/pkg/log"
 	"github.com/SAP/jenkins-library/pkg/telemetry"
+	"github.com/SAP/jenkins-library/pkg/versioning"
 )
 
 func detectExecuteScan(config detectExecuteScanOptions, telemetryData *telemetry.CustomData) {
@@ -39,16 +40,24 @@ func runDetect(config detectExecuteScanOptions, command command.ShellRunner) {
 
 func addDetectArgs(args []string, config detectExecuteScanOptions) []string {
 
+	coordinates := struct {
+		Version string
+	}{
+		Version: config.Version,
+	}
+
+	_, detectVersionName := versioning.DetermineProjectCoordinates("", config.VersioningModel, coordinates)
+
 	args = append(args, config.ScanProperties...)
 
 	args = append(args, fmt.Sprintf("--blackduck.url=%v", config.ServerURL))
 	args = append(args, fmt.Sprintf("--blackduck.api.token=%v", config.APIToken))
 
 	args = append(args, fmt.Sprintf("--detect.project.name=%v", config.ProjectName))
-	args = append(args, fmt.Sprintf("--detect.project.version.name=%v", config.ProjectVersion))
+	args = append(args, fmt.Sprintf("--detect.project.version.name=%v", detectVersionName))
 	codeLocation := config.CodeLocation
 	if len(codeLocation) == 0 && len(config.ProjectName) > 0 {
-		codeLocation = fmt.Sprintf("%v/%v", config.ProjectName, config.ProjectVersion)
+		codeLocation = fmt.Sprintf("%v/%v", config.ProjectName, detectVersionName)
 	}
 	args = append(args, fmt.Sprintf("--detect.code.location.name=%v", codeLocation))
 

cmd/detectExecuteScan_generated.go

@@ -14,14 +14,15 @@ import (
 )
 
 type detectExecuteScanOptions struct {
-	APIToken       string   `json:"apiToken,omitempty"`
-	CodeLocation   string   `json:"codeLocation,omitempty"`
-	ProjectName    string   `json:"projectName,omitempty"`
-	ProjectVersion string   `json:"projectVersion,omitempty"`
-	Scanners       []string `json:"scanners,omitempty"`
-	ScanPaths      []string `json:"scanPaths,omitempty"`
-	ScanProperties []string `json:"scanProperties,omitempty"`
-	ServerURL      string   `json:"serverUrl,omitempty"`
+	APIToken        string   `json:"apiToken,omitempty"`
+	CodeLocation    string   `json:"codeLocation,omitempty"`
+	ProjectName     string   `json:"projectName,omitempty"`
+	Scanners        []string `json:"scanners,omitempty"`
+	ScanPaths       []string `json:"scanPaths,omitempty"`
+	ScanProperties  []string `json:"scanProperties,omitempty"`
+	ServerURL       string   `json:"serverUrl,omitempty"`
+	Version         string   `json:"version,omitempty"`
+	VersioningModel string   `json:"versioningModel,omitempty"`
 }
 
 // DetectExecuteScanCommand Executes Synopsis Detect scan
@@ -83,15 +84,15 @@ func addDetectExecuteScanFlags(cmd *cobra.Command, stepConfig *detectExecuteScan
 	cmd.Flags().StringVar(&stepConfig.APIToken, "apiToken", os.Getenv("PIPER_apiToken"), "Api token to be used for connectivity with Synopsis Detect server.")
 	cmd.Flags().StringVar(&stepConfig.CodeLocation, "codeLocation", os.Getenv("PIPER_codeLocation"), "An override for the name Detect will use for the scan file it creates.")
 	cmd.Flags().StringVar(&stepConfig.ProjectName, "projectName", os.Getenv("PIPER_projectName"), "Name of the Synopsis Detect (formerly BlackDuck) project.")
-	cmd.Flags().StringVar(&stepConfig.ProjectVersion, "projectVersion", os.Getenv("PIPER_projectVersion"), "Version of the Synopsis Detect (formerly BlackDuck) project.")
 	cmd.Flags().StringSliceVar(&stepConfig.Scanners, "scanners", []string{`signature`}, "List of scanners to be used for Synopsis Detect (formerly BlackDuck) scan.")
 	cmd.Flags().StringSliceVar(&stepConfig.ScanPaths, "scanPaths", []string{`.`}, "List of paths which should be scanned by the Synopsis Detect (formerly BlackDuck) scan.")
 	cmd.Flags().StringSliceVar(&stepConfig.ScanProperties, "scanProperties", []string{`--blackduck.signature.scanner.memory=4096`, `--blackduck.timeout=6000`, `--blackduck.trust.cert=true`, `--detect.policy.check.fail.on.severities=BLOCKER,CRITICAL,MAJOR`, `--detect.report.timeout=4800`, `--logging.level.com.synopsys.integration=DEBUG`}, "Properties passed to the Synopsis Detect (formerly BlackDuck) scan. You can find details in the [Synopsis Detect documentation](https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/622846/Using+Synopsys+Detect+Properties)")
 	cmd.Flags().StringVar(&stepConfig.ServerURL, "serverUrl", os.Getenv("PIPER_serverUrl"), "Server url to the Synopsis Detect (formerly BlackDuck) Server.")
+	cmd.Flags().StringVar(&stepConfig.Version, "version", os.Getenv("PIPER_version"), "Defines the version number of the artifact being build in the pipeline. It is used as source for the Detect version.")
+	cmd.Flags().StringVar(&stepConfig.VersioningModel, "versioningModel", `major`, "The versioning model used for result reporting (based on the artifact version). Example 1.2.3 using `major` will result in version 1")
 
 	cmd.MarkFlagRequired("apiToken")
 	cmd.MarkFlagRequired("projectName")
-	cmd.MarkFlagRequired("projectVersion")
 }
 
 // retrieve step metadata
@@ -128,14 +129,6 @@ func detectExecuteScanMetadata() config.StepData {
 						Mandatory:   true,
 						Aliases:     []config.Alias{{Name: "detect/projectName"}},
 					},
-					{
-						Name:        "projectVersion",
-						ResourceRef: []config.ResourceReference{},
-						Scope:       []string{"PARAMETERS", "STAGES", "STEPS"},
-						Type:        "string",
-						Mandatory:   true,
-						Aliases:     []config.Alias{{Name: "detect/projectVersion"}},
-					},
 					{
 						Name:        "scanners",
 						ResourceRef: []config.ResourceReference{},
@@ -168,6 +161,22 @@ func detectExecuteScanMetadata() config.StepData {
 						Mandatory:   false,
 						Aliases:     []config.Alias{{Name: "detect/serverUrl"}},
 					},
+					{
+						Name:        "version",
+						ResourceRef: []config.ResourceReference{{Name: "commonPipelineEnvironment", Param: "artifactVersion"}},
+						Scope:       []string{"PARAMETERS", "STAGES", "STEPS"},
+						Type:        "string",
+						Mandatory:   false,
+						Aliases:     []config.Alias{{Name: "projectVersion"}, {Name: "detect/projectVersion"}},
+					},
+					{
+						Name:        "versioningModel",
+						ResourceRef: []config.ResourceReference{},
+						Scope:       []string{"PARAMETERS", "GENERAL", "STAGES", "STEPS"},
+						Type:        "string",
+						Mandatory:   false,
+						Aliases:     []config.Alias{},
+					},
 				},
 			},
 		},

cmd/detectExecuteScan_test.go

@@ -2,9 +2,10 @@ package cmd
 
 import (
 	"fmt"
-	"github.com/SAP/jenkins-library/pkg/mock"
 	"testing"
 
+	"github.com/SAP/jenkins-library/pkg/mock"
+
 	"github.com/SAP/jenkins-library/pkg/log"
 	"github.com/stretchr/testify/assert"
 )
@@ -40,14 +41,15 @@ func TestAddDetectArgs(t *testing.T) {
 		{
 			args: []string{"--testProp1=1"},
 			options: detectExecuteScanOptions{
-				ScanProperties: []string{"--scan1=1", "--scan2=2"},
-				ServerURL:      "https://server.url",
-				APIToken:       "apiToken",
-				ProjectName:    "testName",
-				ProjectVersion: "1.0",
-				CodeLocation:   "",
-				Scanners:       []string{"signature"},
-				ScanPaths:      []string{"path1", "path2"},
+				ScanProperties:  []string{"--scan1=1", "--scan2=2"},
+				ServerURL:       "https://server.url",
+				APIToken:        "apiToken",
+				ProjectName:     "testName",
+				Version:         "1.0",
+				VersioningModel: "major-minor",
+				CodeLocation:    "",
+				Scanners:        []string{"signature"},
+				ScanPaths:       []string{"path1", "path2"},
 			},
 			expected: []string{
 				"--testProp1=1",
@@ -64,13 +66,14 @@ func TestAddDetectArgs(t *testing.T) {
 		{
 			args: []string{"--testProp1=1"},
 			options: detectExecuteScanOptions{
-				ServerURL:      "https://server.url",
-				APIToken:       "apiToken",
-				ProjectName:    "testName",
-				ProjectVersion: "1.0",
-				CodeLocation:   "testLocation",
-				Scanners:       []string{"source"},
-				ScanPaths:      []string{"path1", "path2"},
+				ServerURL:       "https://server.url",
+				APIToken:        "apiToken",
+				ProjectName:     "testName",
+				Version:         "1.0",
+				VersioningModel: "major-minor",
+				CodeLocation:    "testLocation",
+				Scanners:        []string{"source"},
+				ScanPaths:       []string{"path1", "path2"},
 			},
 			expected: []string{
 				"--testProp1=1",

cmd/fortifyExecuteScan.go

@@ -5,7 +5,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"github.com/bmatcuk/doublestar"
 	"io"
 	"io/ioutil"
 	"math"
@@ -16,6 +15,8 @@ import (
 	"strings"
 	"time"
 
+	"github.com/bmatcuk/doublestar"
+
 	"github.com/google/go-github/v28/github"
 	"github.com/google/uuid"
 
@@ -70,7 +71,7 @@ func runFortifyScan(config fortifyExecuteScanOptions, sys fortify.System, comman
 		return fmt.Errorf("unable to get project coordinates from descriptor %v: %w", config.BuildDescriptorFile, err)
 	}
 	log.Entry().Debugf("determined project coordinates %v", gav)
-	fortifyProjectName, fortifyProjectVersion := versioning.DetermineProjectCoordinates(config.ProjectName, config.DefaultVersioningModel, gav)
+	fortifyProjectName, fortifyProjectVersion := versioning.DetermineProjectCoordinates(config.ProjectName, config.VersioningModel, gav)
 	project, err := sys.GetProjectByName(fortifyProjectName, config.AutoCreate, fortifyProjectVersion)
 	if err != nil {
 		return fmt.Errorf("Failed to load project %v: %w", fortifyProjectName, err)

cmd/fortifyExecuteScan_generated.go

@@ -54,7 +54,7 @@ type fortifyExecuteScanOptions struct {
 	DeltaMinutes                    int      `json:"deltaMinutes,omitempty"`
 	SpotCheckMinimum                int      `json:"spotCheckMinimum,omitempty"`
 	FprDownloadEndpoint             string   `json:"fprDownloadEndpoint,omitempty"`
-	DefaultVersioningModel          string   `json:"defaultVersioningModel,omitempty"`
+	VersioningModel                 string   `json:"versioningModel,omitempty"`
 	PythonInstallCommand            string   `json:"pythonInstallCommand,omitempty"`
 	ReportTemplateID                int      `json:"reportTemplateId,omitempty"`
 	FilterSetTitle                  string   `json:"filterSetTitle,omitempty"`
@@ -225,7 +225,7 @@ func addFortifyExecuteScanFlags(cmd *cobra.Command, stepConfig *fortifyExecuteSc
 	cmd.Flags().IntVar(&stepConfig.DeltaMinutes, "deltaMinutes", 5, "The number of minutes for which an uploaded FPR artifact is considered to be recent and healthy, if exceeded an error will be thrown")
 	cmd.Flags().IntVar(&stepConfig.SpotCheckMinimum, "spotCheckMinimum", 1, "The minimum number of issues that must be audited per category in the `Spot Checks of each Category` folder to avoid an error being thrown")
 	cmd.Flags().StringVar(&stepConfig.FprDownloadEndpoint, "fprDownloadEndpoint", `/download/currentStateFprDownload.html`, "Fortify SSC endpoint for FPR downloads")
-	cmd.Flags().StringVar(&stepConfig.DefaultVersioningModel, "defaultVersioningModel", `major`, "The default project versioning model used for creating the version based on the build descriptor version to report results in SSC, can be one of `'major'`, `'major-minor'`, `'semantic'`, `'full'`")
+	cmd.Flags().StringVar(&stepConfig.VersioningModel, "versioningModel", `major`, "The default project versioning model used for creating the version based on the build descriptor version to report results in SSC, can be one of `'major'`, `'major-minor'`, `'semantic'`, `'full'`")
 	cmd.Flags().StringVar(&stepConfig.PythonInstallCommand, "pythonInstallCommand", `{{.Pip}} install --user .`, "Additional install command that can be run when `buildTool: 'pip'` is used which allows further customizing the execution environment of the scan")
 	cmd.Flags().IntVar(&stepConfig.ReportTemplateID, "reportTemplateId", 18, "Report template ID to be used for generating the Fortify report")
 	cmd.Flags().StringVar(&stepConfig.FilterSetTitle, "filterSetTitle", `SAP`, "Title of the filter set to use for analysing the results")
@@ -554,12 +554,12 @@ func fortifyExecuteScanMetadata() config.StepData {
 						Aliases:     []config.Alias{{Name: "fortifyFprDownloadEndpoint"}},
 					},
 					{
-						Name:        "defaultVersioningModel",
+						Name:        "versioningModel",
 						ResourceRef: []config.ResourceReference{},
-						Scope:       []string{"PARAMETERS", "STAGES", "STEPS"},
+						Scope:       []string{"PARAMETERS", "GENERAL", "STAGES", "STEPS"},
 						Type:        "string",
 						Mandatory:   false,
-						Aliases:     []config.Alias{},
+						Aliases:     []config.Alias{{Name: "defaultVersioningModel"}},
 					},
 					{
 						Name:        "pythonInstallCommand",

resources/metadata/detect.yaml

@@ -1,7 +1,7 @@
 metadata:
   name: detectExecuteScan
   description: Executes Synopsis Detect scan
-  longDescription: |
+  longDescription: |-
     This step executes [Synopsis Detect](https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/62423113/Synopsys+Detect) scans.
 spec:
   inputs:
@@ -49,16 +49,6 @@ spec:
         - PARAMETERS
         - STAGES
         - STEPS
-      - name: projectVersion
-        description: Version of the Synopsis Detect (formerly BlackDuck) project.
-        aliases:
-          - name: detect/projectVersion
-        type: string
-        mandatory: true
-        scope:
-        - PARAMETERS
-        - STAGES
-        - STEPS
       - name: scanners
         description: List of scanners to be used for Synopsis Detect (formerly BlackDuck) scan.
         aliases:
@@ -113,6 +103,42 @@ spec:
         - PARAMETERS
         - STAGES
         - STEPS
+      - name: version
+        aliases:
+          - name: projectVersion
+          - name: detect/projectVersion
+        type: string
+        description: Defines the version number of the artifact being build in the pipeline. It is used as source for the Detect version.
+        longDescription: |-
+          Defines the version number of the artifact being build in the pipeline.
+          It is used for build version creation and as source for the Detect version.
+          **Typically it is available through the pipeline run.**
+          The project version of the Detect project is calculated using the [`versioningModel`](#versioningmodel).
+        resourceRef:
+          - name: commonPipelineEnvironment
+            param: artifactVersion
+        scope:
+          - PARAMETERS
+          - STAGES
+          - STEPS
+      - name: versioningModel
+        type: string
+        description: The versioning model used for result reporting (based on the artifact version). Example 1.2.3 using `major` will result in version 1
+        longDescription: |-
+          The versioning model used for result reporting (based on the artifact version).
+          For example: the version 1.2.3 of the artifact will result in a version 1 to report into, when `versioningModel: major` is used and will result in a version 1.2 when `versioningModel: major-minor` is used.
+          Recommendation for a Continuous Delivery process is to use `versioningModel: major`.
+        scope:
+          - PARAMETERS
+          - GENERAL
+          - STAGES
+          - STEPS
+        default: "major"
+        possibleValues:
+          - major
+          - major-minor
+          - semantic
+          - full
   containers:
     - name: openjdk
       image: openjdk:11

resources/metadata/fortify.yaml

@@ -380,15 +380,24 @@ spec:
         - STAGES
         - STEPS
       default: "/download/currentStateFprDownload.html"
-    - name: defaultVersioningModel
+    - name: versioningModel
+      aliases:
+        - name: defaultVersioningModel
+          deprecated: true
       type: string
       description: "The default project versioning model used for creating the version based on the build descriptor version to report results in SSC, can be one of `'major'`,
         `'major-minor'`, `'semantic'`, `'full'`"
       scope:
         - PARAMETERS
+        - GENERAL
         - STAGES
         - STEPS
       default: "major"
+      possibleValues:
+        - major
+        - major-minor
+        - semantic
+        - full
     - name: pythonInstallCommand
       type: string
       description: "Additional install command that can be run when `buildTool: 'pip'`