Optionally use new go-based Whitesource step (#2079)

2025-01-16 05:16:08 +02:00 · 2020-09-30 08:56:16 +02:00 · 2020-09-30 08:56:16 +02:00 · e8f49df6a3
commit e8f49df6a3
parent 58b6c04cd2
3 changed files with 110 additions and 13 deletions
--- a/resources/com.sap.piper/pipeline/cloudSdkStageDefaults.yml
+++ b/resources/com.sap.piper/pipeline/cloudSdkStageDefaults.yml
@ -24,6 +24,13 @@ stages:
          - 'sonarTokenCredentialsId'
          - 'projectKey'
          - 'instance'
+  security:
+    stepConditions:
+      whitesourceExecuteScan:
+        configKeys:
+          - 'productName'
+          - 'orgAdminUserTokenCredentialsId'
+          - 'userTokenCredentialsId'
  frontendIntegrationTests:
    stepConditions:
      npmExecuteScripts:
--- a/test/groovy/WhitesourceExecuteScanTest.groovy
+++ b/test/groovy/WhitesourceExecuteScanTest.groovy
@ -15,7 +15,10 @@ import org.springframework.beans.factory.annotation.Autowired
 import util.*

 import static org.hamcrest.Matchers.*
+import static org.junit.Assert.assertEquals
+import static org.junit.Assert.assertNotEquals
 import static org.junit.Assert.assertThat
+import static org.junit.Assert.assertTrue

 class WhitesourceExecuteScanTest extends BasePiperTest {

@ -108,7 +111,7 @@ class WhitesourceExecuteScanTest extends BasePiperTest {
        def expectedEnvVars = ['env1': 'value1', 'env2': 'value2']
        def expectedOptions = '--opt1=val1 --opt2=val2 --opt3'
        def expectedWorkspace = '/path/to/workspace'
-        
+
        helper.registerAllowedMethod("readProperties", [Map], {
            def result = new Properties()
            result.putAll([
@ -120,11 +123,11 @@ class WhitesourceExecuteScanTest extends BasePiperTest {
            ])
            return result
        })
-        
-        nullScript.commonPipelineEnvironment.configuration =  
+
+        nullScript.commonPipelineEnvironment.configuration =
            MapUtils.merge(nullScript.commonPipelineEnvironment.configuration,
                [steps:[whitesourceExecuteScan:[
-                    dockerImage: expectedImage, 
+                    dockerImage: expectedImage,
                    dockerOptions: expectedOptions,
                    dockerEnvVars: expectedEnvVars,
                    dockerWorkspace: expectedWorkspace
@ -147,7 +150,7 @@ class WhitesourceExecuteScanTest extends BasePiperTest {
        assert expectedEnvVars.equals(dockerExecuteRule.dockerParams.dockerEnvVars)
        assert expectedWorkspace == dockerExecuteRule.dockerParams.dockerWorkspace
    }
-    
+
    @Test
    void testMaven() {
        helper.registerAllowedMethod("readProperties", [Map], {
@ -407,7 +410,7 @@ class WhitesourceExecuteScanTest extends BasePiperTest {
        assertThat(loggingRule.log, containsString('Unstash content: buildDescriptor'))
        assertThat(errorCaught, is(true))
    }
-    
+
    @Test
    void testSbt() {
        helper.registerAllowedMethod("readProperties", [Map], {
@ -1219,4 +1222,69 @@ class WhitesourceExecuteScanTest extends BasePiperTest {
        thrown.expectMessage("[whitesourceExecuteScan] Whitesource found 5 policy violations for your product")
        stepRule.step.checkViolationStatus(5)
    }
+
+    @Test
+    void testGoStepFeatureToggleOn() {
+        String calledStep = ''
+        String usedMetadataFile = ''
+        helper.registerAllowedMethod('piperExecuteBin', [Map, String, String, List], {
+            Map parameters, String stepName,
+            String metadataFile, List credentialInfo ->
+                calledStep = stepName
+                usedMetadataFile = metadataFile
+        })
+
+        stepRule.step.whitesourceExecuteScan([
+            script      : nullScript,
+            orgToken    : 'testOrgToken',
+            productName : 'SHC - Piper',
+            projectNames: ['piper-demo - 0.0.1'],
+            useGoStep   : true,
+        ])
+
+        assertEquals('whitesourceExecuteScan', calledStep)
+        assertEquals('metadata/whitesource.yaml', usedMetadataFile)
+    }
+
+    @Test
+    void testGoStepFeatureToggleImplicitOff() {
+        String calledStep = ''
+        String usedMetadataFile = ''
+        helper.registerAllowedMethod('piperExecuteBin', [Map, String, String, List], {
+            Map parameters, String stepName,
+            String metadataFile, List credentialInfo ->
+                calledStep = stepName
+                usedMetadataFile = metadataFile
+        })
+
+        helper.registerAllowedMethod("readProperties", [Map], {
+            def result = new Properties()
+            result.putAll([
+                "apiKey"        : "b39d1328-52e2-42e3-98f0-932709daf3f0",
+                "productName"   : "SHC - Piper",
+                "checkPolicies" : "true",
+                "projectName"   : "python-test",
+                "projectVersion": "1.0.0"
+            ])
+            return result
+        })
+
+        helper.registerAllowedMethod("publishHTML", [Map.class], { m ->
+            return null
+        })
+
+        stepRule.step.whitesourceExecuteScan([
+            script                           : nullScript,
+            whitesourceRepositoryStub        : whitesourceStub,
+            whitesourceOrgAdminRepositoryStub: whitesourceOrgAdminRepositoryStub,
+            descriptorUtilsStub              : descriptorUtilsStub,
+            scanType                         : 'maven',
+            juStabUtils                      : utils,
+            orgToken                         : 'testOrgToken',
+            whitesourceProductName           : 'testProduct',
+        ])
+
+        assertEquals('', calledStep)
+        assertEquals('', usedMetadataFile)
+    }
 }
--- a/vars/whitesourceExecuteScan.groovy
+++ b/vars/whitesourceExecuteScan.groovy
@ -1,4 +1,6 @@
+import com.sap.piper.BuildTool
 import com.sap.piper.DescriptorUtils
+import com.sap.piper.DownloadCacheUtils
 import com.sap.piper.GenerateDocumentation
 import com.sap.piper.JsonUtils
 import com.sap.piper.Utils
@ -7,7 +9,6 @@ import com.sap.piper.integration.WhitesourceRepository
 import com.sap.piper.ConfigurationHelper
 import com.sap.piper.WhitesourceConfigurationHelper
 import com.sap.piper.mta.MtaMultiplexer
-import groovy.text.GStringTemplateEngine
 import groovy.transform.Field
 import groovy.text.GStringTemplateEngine

@ -70,7 +71,12 @@ import static com.sap.piper.Prerequisites.checkScript
     * Whether verbose output should be produced.
     * @possibleValues `true`, `false`
     */
-    'verbose'
+    'verbose',
+    /**
+     * Toggle to activate the new go-implementation of the step. Off by default.
+     * @possibleValues true, false
+     */
+    'useGoStep',
 ]
@Field Set STEP_CONFIG_KEYS = GENERAL_CONFIG_KEYS + [
    /**
@ -245,7 +251,7 @@ void call(Map parameters = [:]) {
        def statusCode = 1

        //initialize CPE for passing whiteSourceProjects
-        if(script.commonPipelineEnvironment.getValue('whitesourceProjectNames') == null) {
+        if (script.commonPipelineEnvironment.getValue('whitesourceProjectNames') == null) {
            script.commonPipelineEnvironment.setValue('whitesourceProjectNames', [])
        }

@ -256,9 +262,25 @@ void call(Map parameters = [:]) {
            .mixinStepConfig(script.commonPipelineEnvironment, STEP_CONFIG_KEYS, CONFIG_KEY_COMPATIBILITY)
            .mixinStageConfig(script.commonPipelineEnvironment, stageName, STEP_CONFIG_KEYS, CONFIG_KEY_COMPATIBILITY)
            .mixin([
-                style : libraryResource('piper-os.css')
+                style: libraryResource('piper-os.css')
            ])
            .mixin(parameters, PARAMETER_KEYS, CONFIG_KEY_COMPATIBILITY)
+            .addIfEmpty('scanType', script.commonPipelineEnvironment.getBuildTool())
+            .use()
+
+        if (config.useGoStep == true && config.scanType != "unified-agent") {
+            parameters = DownloadCacheUtils.injectDownloadCacheInParameters(script, parameters, BuildTool.MTA)
+
+            List credentials = [
+                [type: 'token', id: 'orgAdminUserTokenCredentialsId', env: ['PIPER_orgToken']],
+                [type: 'token', id: 'userTokenCredentialsId', env: ['PIPER_userToken']],
+            ]
+            piperExecuteBin(parameters, "whitesourceExecuteScan", "metadata/whitesource.yaml", credentials)
+            return
+        }
+
+        // Apply Groovy specific config handling if not using the go-step.
+        config = ConfigurationHelper.newInstance(this, config)
            .dependingOn('scanType').mixin('buildDescriptorFile')
            .dependingOn('scanType').mixin('dockerImage')
            .dependingOn('scanType').mixin('dockerWorkspace')
@ -284,9 +306,9 @@ void call(Map parameters = [:]) {
        script.commonPipelineEnvironment.setInfluxStepData('whitesource', false)

        utils.pushToSWA([
-            step: STEP_NAME,
+            step         : STEP_NAME,
            stepParamKey1: 'scanType',
-            stepParam1: config.scanType
+            stepParam1   : config.scanType
        ], config)

        echo "Parameters: scanType: ${config.scanType}"
@ -294,7 +316,7 @@ void call(Map parameters = [:]) {
        def whitesourceRepository = parameters.whitesourceRepositoryStub ?: new WhitesourceRepository(this, config)
        def whitesourceOrgAdminRepository = parameters.whitesourceOrgAdminRepositoryStub ?: new WhitesourceOrgAdminRepository(this, config)

-        if(config.whitesource.orgAdminUserTokenCredentialsId) {
+        if (config.whitesource.orgAdminUserTokenCredentialsId) {
            statusCode = triggerWhitesourceScanWithOrgAdminUserKey(script, config, utils, descriptorUtils, parameters, whitesourceRepository, whitesourceOrgAdminRepository)
        } else {
            statusCode = triggerWhitesourceScanWithUserKey(script, config, utils, descriptorUtils, parameters, whitesourceRepository, whitesourceOrgAdminRepository)