Optionally use new go-based Whitesource step (#2079)

resources/com.sap.piper/pipeline/cloudSdkStageDefaults.yml

@@ -24,6 +24,13 @@ stages:
           - 'sonarTokenCredentialsId'
           - 'projectKey'
           - 'instance'
+  security:
+    stepConditions:
+      whitesourceExecuteScan:
+        configKeys:
+          - 'productName'
+          - 'orgAdminUserTokenCredentialsId'
+          - 'userTokenCredentialsId'
   frontendIntegrationTests:
     stepConditions:
       npmExecuteScripts:

test/groovy/WhitesourceExecuteScanTest.groovy

@@ -15,7 +15,10 @@ import org.springframework.beans.factory.annotation.Autowired
 import util.*
 
 import static org.hamcrest.Matchers.*
+import static org.junit.Assert.assertEquals
+import static org.junit.Assert.assertNotEquals
 import static org.junit.Assert.assertThat
+import static org.junit.Assert.assertTrue
 
 class WhitesourceExecuteScanTest extends BasePiperTest {
 
@@ -1219,4 +1222,69 @@ class WhitesourceExecuteScanTest extends BasePiperTest {
         thrown.expectMessage("[whitesourceExecuteScan] Whitesource found 5 policy violations for your product")
         stepRule.step.checkViolationStatus(5)
     }
+
+    @Test
+    void testGoStepFeatureToggleOn() {
+        String calledStep = ''
+        String usedMetadataFile = ''
+        helper.registerAllowedMethod('piperExecuteBin', [Map, String, String, List], {
+            Map parameters, String stepName,
+            String metadataFile, List credentialInfo ->
+                calledStep = stepName
+                usedMetadataFile = metadataFile
+        })
+
+        stepRule.step.whitesourceExecuteScan([
+            script      : nullScript,
+            orgToken    : 'testOrgToken',
+            productName : 'SHC - Piper',
+            projectNames: ['piper-demo - 0.0.1'],
+            useGoStep   : true,
+        ])
+
+        assertEquals('whitesourceExecuteScan', calledStep)
+        assertEquals('metadata/whitesource.yaml', usedMetadataFile)
+    }
+
+    @Test
+    void testGoStepFeatureToggleImplicitOff() {
+        String calledStep = ''
+        String usedMetadataFile = ''
+        helper.registerAllowedMethod('piperExecuteBin', [Map, String, String, List], {
+            Map parameters, String stepName,
+            String metadataFile, List credentialInfo ->
+                calledStep = stepName
+                usedMetadataFile = metadataFile
+        })
+
+        helper.registerAllowedMethod("readProperties", [Map], {
+            def result = new Properties()
+            result.putAll([
+                "apiKey"        : "b39d1328-52e2-42e3-98f0-932709daf3f0",
+                "productName"   : "SHC - Piper",
+                "checkPolicies" : "true",
+                "projectName"   : "python-test",
+                "projectVersion": "1.0.0"
+            ])
+            return result
+        })
+
+        helper.registerAllowedMethod("publishHTML", [Map.class], { m ->
+            return null
+        })
+
+        stepRule.step.whitesourceExecuteScan([
+            script                           : nullScript,
+            whitesourceRepositoryStub        : whitesourceStub,
+            whitesourceOrgAdminRepositoryStub: whitesourceOrgAdminRepositoryStub,
+            descriptorUtilsStub              : descriptorUtilsStub,
+            scanType                         : 'maven',
+            juStabUtils                      : utils,
+            orgToken                         : 'testOrgToken',
+            whitesourceProductName           : 'testProduct',
+        ])
+
+        assertEquals('', calledStep)
+        assertEquals('', usedMetadataFile)
+    }
 }

vars/whitesourceExecuteScan.groovy

@@ -1,4 +1,6 @@
+import com.sap.piper.BuildTool
 import com.sap.piper.DescriptorUtils
+import com.sap.piper.DownloadCacheUtils
 import com.sap.piper.GenerateDocumentation
 import com.sap.piper.JsonUtils
 import com.sap.piper.Utils
@@ -7,7 +9,6 @@ import com.sap.piper.integration.WhitesourceRepository
 import com.sap.piper.ConfigurationHelper
 import com.sap.piper.WhitesourceConfigurationHelper
 import com.sap.piper.mta.MtaMultiplexer
-import groovy.text.GStringTemplateEngine
 import groovy.transform.Field
 import groovy.text.GStringTemplateEngine
 
@@ -70,7 +71,12 @@ import static com.sap.piper.Prerequisites.checkScript
      * Whether verbose output should be produced.
      * @possibleValues `true`, `false`
      */
-    'verbose'
+    'verbose',
+    /**
+     * Toggle to activate the new go-implementation of the step. Off by default.
+     * @possibleValues true, false
+     */
+    'useGoStep',
 ]
 @Field Set STEP_CONFIG_KEYS = GENERAL_CONFIG_KEYS + [
     /**
@@ -259,6 +265,22 @@ void call(Map parameters = [:]) {
                 style: libraryResource('piper-os.css')
             ])
             .mixin(parameters, PARAMETER_KEYS, CONFIG_KEY_COMPATIBILITY)
+            .addIfEmpty('scanType', script.commonPipelineEnvironment.getBuildTool())
+            .use()
+
+        if (config.useGoStep == true && config.scanType != "unified-agent") {
+            parameters = DownloadCacheUtils.injectDownloadCacheInParameters(script, parameters, BuildTool.MTA)
+
+            List credentials = [
+                [type: 'token', id: 'orgAdminUserTokenCredentialsId', env: ['PIPER_orgToken']],
+                [type: 'token', id: 'userTokenCredentialsId', env: ['PIPER_userToken']],
+            ]
+            piperExecuteBin(parameters, "whitesourceExecuteScan", "metadata/whitesource.yaml", credentials)
+            return
+        }
+
+        // Apply Groovy specific config handling if not using the go-step.
+        config = ConfigurationHelper.newInstance(this, config)
             .dependingOn('scanType').mixin('buildDescriptorFile')
             .dependingOn('scanType').mixin('dockerImage')
             .dependingOn('scanType').mixin('dockerWorkspace')