* including a artifact cpe type
* removing type kind related to PR 3717
* clean up
* eliminating local path
* go formatting fix
Co-authored-by: anilkeshav27 <you@example.com>
* fix(fortifyExecuteScan): check audit data length in all cases
* fix(fortifyExecuteScan): check audit data length in all cases
* feat(SARIF): logging improvements in debug mode
* fix(logging): readability
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
* Add small fix
* fix unit-tests
* Add deploymentName and packageVersion as flags
* small fix
* Change getting version of helm chart
* small fix
Co-authored-by: “Vitalii <“vitalii.sidorov@sap.com”>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* feat(gitopsUpdateDeployment) forcePush
fix(gitopsUpdateDeployment) include registry
The push operation in this step can be forced to bypass branch-protection
Signed-off-by: Michael Sprauer <Michael.Sprauer@sap.com>
* add unit test
Signed-off-by: Michael Sprauer <Michael.Sprauer@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* feat(fortifyExecuteScan): query SSC once for batch audit data
* fix(fortifyExecuteScan): check audit data length in all cases
* feat(fortifyExecuteScan): in fpr_to_sarif, better detection of error cases, unit tests
* fix(log): comment useless error message
* fix(fortifyExecuteScan): clarify log message
* fix(fortifyExecuteScan): adapt unit tests
* Remove --backend-type
* Delete CTS in isChangeDevelopment and change Dockerimage of CM-Client
* fix groovy unit tests
* another fix of groovy unit tests
* try to fix import of fork for Jenkins-Testing
* add workflow to create Go Binary for Jenkins-Server
* Change RepoOwner to test in Fork
* remove previous changes
* adjust docker image for TransportRequestCreate and Release
* Remove CTS from Documentation
Co-authored-by: Thorsten Duda <thorsten.duda@sap.com>
* Add helm dependency command
* Change name of flag for package command
Co-authored-by: “Vitalii <“vitalii.sidorov@sap.com”>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* Reorders getApiInformation, changes variables to get start time, adjusts and adds test cases
* Changes the way to get apiInformation and reduces number of requests
* Changes getting pipeline start time from correct env variable
* Refactors getApiInformation functionality
* Adds GetBuildReason() for Azure and Jenkins
* Updates JobURL for ADO
* Implemented bom creation
* Made small fixes. Added integration tests
* go generate
* minor fixes
* fix tests
* Added unit tests
* minor fixes
* use fileutils
* integration tests optimization
* change integraton tests timeout to 25m
* Fix Inclusive Language warnings
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* Add runHelmCommand
* Add dryRun for debug
* Add default case in helmExecute
* Fix unit-tests
* small fix
* Fix RunHelmAdd and change RunHelmPublish methods
* Fix RunHelmPublish
* Fix unit-tests
* Fix unit-test
* small fix
* small fix
* small fix
* Add LintFlag PackageFlag PublishFlag flags
* Add tests for httpClient.go
* test
* test
* smal fix
* small fix
* Add getting name and version from Chart.yaml
* Add test
* Fix
* small fix
* Fix according to comments
* small fix
Co-authored-by: “Vitalii <“vitalii.sidorov@sap.com”>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Vitalii Sidorov <vitalii_sidorov@sap.com>
* fix(sarif): change format to fit omitempty cases better
* feat(fortifyExecuteScan): include category in sarif file
* fix(fortifyExecuteScan): access to undefined pointer in some cases
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
* (fix) match regexes in sliceContains to support vaultSecretNames
* add test for regex matching in sliceContains
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* Add bearer token retrieval function
Retrieving a bearer token from the xsuaa service on BTP is always the
same. With these functions one can retrieve a bearer token and set it
to the given header as 'Authorization'.
* CodeClimate fixes
* Refactor test
* Add basic auth to token retrieve request
Co-authored-by: Thorsten Duda <thorsten.duda@sap.com>
* Activates debug information for environment variables
* Adds tests for environment variable reading
* Reduces batch size to send messages to Splunk to 5000
* including negative conditions
* clean up and todos
* removing debug logging
* clean up
* fix unit test name
* fixing unit tests
* negative stage test
Co-authored-by: anilkeshav27 <you@example.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* Refactors logfile sending logic, renaming of fields, adds proper piper sourcetype
* Sets maximum retries to three and transport timeout to 10 seconds for azure and jenkins
* feat(checkmarx) : Checkmarx JSON Report
* Test cases with some fix
* Information total and audited test assertions
* feat(checkmarx): align total/audited with existing calculation
* fix(checkmarx): Reporting unit test
Co-authored-by: Sumeet PATIL <sumeet.patil@sap.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
this was already used in fortifyExecuteScan, but had no effect.
Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>
Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>
* adds return in gcs upload in case error occurs e.g. no credentials, avoid nil pointer dereference
* Adds generated files
* Updates generated files
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* WIP
* New Logs
* Improving
* Determine log output based on available entities
* Increase width
* Add line
* Adapt TestPollEntity
* Format
* Fix query
* Adapt tests
* Fix test
* Improve formatting
* Retern early in case of no logs
* Remove duplicate log
* Implement helm step
* Create kubernetes package
* Refactoring helm.go
* Add package, test commands
* Add test for helm package
* Add tests for helm.go
* Add tests for helm.go
* Add tests for utils.go
* Add tests for helmExecute.go
* small fix
* Add helm lint
* small fix
* small fix
* Fix according to comments
* Fix test
* small fix
* Add helm add function
* Changes according to new comments
* Add helm push
* Add unit tests
* Add tests for helmExecute
* Add small fix
* small fix
* small fix
* Move DeployUtilsBundle from kubernetesDeploy to kubernetes package
* small fix
* small fix
* Add unit-tests
* Fix
* Update resources/metadata/helmExecute.yaml
* Update resources/metadata/helmExecute.yaml
* Add helm chart server parameterization
* small fix
* small fix
Co-authored-by: “Vitalii <“vitalii.sidorov@sap.com”>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* feat(FPRtoSARIF): boilerplate & comments
* Feat(Ingest): Build done, Vulnerabilities partway
* feat(Vulnerabilities): now entirely parsed
* feat(Ingestion): handle Description object
* feat(FprToSarif): integration in Piper step, full xml structure
* feat(fpr_to_sarif): base program. Need to replace names in messages
* feat(fpr_to_sarif): message substitution and custom definition integration
* fix(fpr_to_sarif): missing replacement in tools object
* fix(fortifyExecuteScan): unit tests
* fix(fpr_to_sarif): failing unit test
* Fix fortify folder creation for generating sarif
* deletion of unzip folder
* fix(fortifyExecuteScan): change logging to info
* feat(fpr_to_sarif): better unit test
* fix(fpr_to_sarif): pr tests failing
* feat(fpr_to_sarif): add specific properties to sarif
* feat(fpr_to_sarif): severity integration
* fix(fpr_to_sarif): unit test fixed
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Sumeet PATIL <sumeet.patil@sap.com>
* enable detect 7 script
* unit test uses detect7 as default
* add detect6 test case
* add check for OSEnv detect version
* add test for OSEnv detect version
* update customEnvironmentVariables docu
* fix linting
Co-authored-by: ffeldmann <f.feldmann@sap.com>
* sonarqube coverage: additional metrics
* sonarExecuteScan: add lines of code and language distribution to sonarscan.json
* sonarExecuteScan: consider branch in componentService requests
* SonarQube: Do not omit empty values in SonarCoverage
* sonarExecuteScan: Add integration tests for ComponentService getLinesOfCode
* fix tests
* sonarExecuteScan: use pullRequest in componentService
Co-authored-by: I550025 <r.kloe@sap.com>
Co-authored-by: Marc Bormeth <marc.bormeth@sap.com>
* adding config to piperNpmr
* scope in cli
* adding scope to repo url and npmrc
* publish to scoped
* removing scope
* changing scope position
* adding scope to userconfig
* adding registry=
* pack and then tar
* not removing tmp folder
* adding flag
* pack before publish
* adding log
* debug
* debug with change directory
* publishing created tar ball
* debug
* üath
* adding main npmrc
* renaming old npmrc file
* error renaming old npmrc file
* renaming err
* correcting npmrc file path
* renaming file back to original
* current working directory
* renaming the npmrc file
* avoiding change directory
* with current working dir
* adding dot
* renaming npmrc and defer removal
* rename files
* Update pkg/npm/publish.go
* Update pkg/npm/publish.go
Co-authored-by: anilkeshav27 <you@example.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* add stage scope to path parameter, fix project dir exist issue
* fix unit test for gradleExecuteBuild
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* some ideas..
* Add getDefaults command (WIP) (#3444)
* add getYAML function for configs
* create getDefaults command(based on getConfig)
* add getDefaults command to CLI
* read defaults files, using github tokens as well
* write defaults to stdout as JSON object with YAMLs embedded
* catch case where no input files are given
* actually write output to file if outputFile is specified
* mark defaultsFile flag as required
* add basic tests
* add output (string) test
* adapt generateDefaults() to return output (used for test of previous commit)
* Changes to getDefaults() JSON output (#3449)
* change JSON output to contain separate fields
* filename -> filepath
* Apply suggestions from code review
* Apply suggestions from code review
* Update pkg/config/config_test.go
Co-authored-by: Jordi van Liempt <35920075+jliempt@users.noreply.github.com>
* fetch GH statistics
* move GH and Sonar integration tests to own files
* fix imports
* add integration test case
* add result type
* Apply suggestions from code review
* Fixed argument type in persist function
* Fixed gcp upload to be usable in internal piper
* Fixed import of packages
* Updated logs
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* changes to detectExec before master merge
* changes for detectExecuteScan
* self generated code added
* fix syntax errors and update docu
* added unit tests for fail and Group
* fix failOn bug
* add Groups as string array
* add Groups as string array
* tests and validation for groups, failOn
* Updated docs and added more tests
* documentation md files should not be changed
* Handle merge conflicts from PR 1845
* fix merge errors
* remove duplicate groups, merge error
* adding buildCode and buildTool as params
* switching build options
* building maven modules
* parameter correction
* parameter correction
* gnerate with new build parameter
* adding comments
* removing piper lib master and modifying goUtils to download 1.5.7 release
* first cleaning then installing
* multi module maven built
* multi module maven built removing unwanted code
* multi module maven built moving inside switch
* testing
* modifying the default use case to also call maven build
* modifying the default use case to also call maven build wih --
* corrected maven build command
* corrected maven build command with %v
* skipping test runs
* testing for MTA project with single pom
* adding absolute path to m2 path
* clean up
* adding switch for mta and maven and removing env from containers
* commiting changes for new detect step
* correting log message
* code clean up
* unit tests changes to detectExecute
* basic tests for new change
* restoring piperGoUtils to download correct piper binary
* code clean up
* code clean up
* protecodeExecuteScan :: versioning model draft - 1
* protecodeExecuteScan :: version model draft-2
* protecodeExecuteScan :: changing filename and version concatenation
* protecodeExecuteScan :: update documentation
* protecodeExecuteScan :: double URL encoding has been corrected & console messaging improved
* protecodeExecuteScan :: fixed Go/generate validation fail
* protecodeExecuteScan :: fixing failed unit tests
* protecodeExecuteScan :: Version field added
* protecodeExecuteScan :: Version field add => minor changes
* protecodeExecuteScan :: Version field add => fixing tests
Co-authored-by: D072410 <giridhar.shenoy@sap.com>
Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
* creating new npm rc file
* publishing to registry staging
* exposing base64 version of env variables
* changing encoding param
* fixing unit test for the new path
* debugging env var
* remove debug message
* update docu
* changing new npmrc file name
* adding new npmrc to ignore
* adding new npmrc to ignore
Co-authored-by: anilkeshav27 <you@example.com>
* fixed generated output parameters for influx
* change name to lower case
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* Add Changes for value of docker image
* Get docker image value
* Fix
* Fix unit
* Add chnages for kaniko and mta builds
* Fix
* Test changes
* Test
* Move func ResolveMetadata to stepmeta.go
* Fix
* Change getConfig.go
* Fix getting docker value for mta, npm and kaniko
* Fix according to suggestions
* Add func to get only value of docker image
* Test empty value of docker image
* Fix for getDockerImageValue
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* Removes unecessary fields from telemetry, restructuring splunk pkg
* Removes t.skip() and reactivates integration test
* Adjusts tests for fatalHook and helper functions, including log test
* Moves pipelinetelemetry to inner source, removes pipelineTelemetry from telemetry pkg, using generic map[string]interface for splunk
* Removes Read JSON from fatalHook -> moves to inner source
* Removed log output test
* go fmt
* log step telemetry data send to splunk
* Adjusts error logging
* Adds log information in case api information could not be retrieved
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* Adds GetLog() function to orchestrator
* Fixes BUILD_NUMBER env variable
* Fixes correct env var for JENKINS_HOME
* Adds getEnv to read env variables with default value, adds test for jenkins GetLog() implementation
* Adds possibility to read errorJsons; updates splunk package for log files (WIP)
* Uncommenting dev code
* Adds GetLog() function to orchestrator
* Fixes BUILD_NUMBER env variable
* Fixes correct env var for JENKINS_HOME
* Adds getEnv to read env variables with default value, adds test for jenkins GetLog() implementation
* Adds possibility to read errorJsons; updates splunk package for log files (WIP)
* Uncommenting dev code
* Adds GetRequest function which holds the response in memory (not saved to disk)
* Implements GetLog() function for ADO, adds function to read PipelineRuntime
* PAT has been revoked
* Changes http package, s.t. if password only is required basic auth works too
* Adds env variable for azure token, error handling in case of unauthenticated/nil response
* Adds logging output in case env variable can not be read and fallback variable needs to be used
* Adds usage of environment variables for auth, uses jenkins api
* Adds init functionality for orchestrators, updates GetLog() and GetPipelineStartTime() function
* Adds initaliziation function for orchestrator authetnication
* Adds settings struct for orchestrator authentication
* Adds function to whole logfile to Splunk
* Struct for pipeline related telemetry information
* Increase messagebatch size to 10k
* Changes splunk package to a pointer based implementation, updates generated files and corresponding template and tests for splunk
* Changes telemetry package to pointer based implementation to have multiple telemetry objects, adjusted tests and splunk implementation
* Changes content type to txt
* Send telemetry independent of logfiles, increases amount of messages per file
* Adds JobURL for orchestrators and UnknownOrchestrator as fallback
* telemetry makes use of orchestrator specific information
* Adds orchestrator independent correlationID
* Adds custom fields for pipeline status
* go fmt
* Removes env var test - no env variables are read anymore
* Use UnknownOrchestratorConfigProvider in case the orchestrator can not be initalized
* Removes Custom fields from telemetry as these can not be reflected in SWA
* Adds custom telemetry information (piperHash,..) to each step telemetry information
* Removes falltrough in case no orchestrator has been found
* Updates tests for orchestrator package
* Adds orchestrator import in generated files
* Updates generator files for internal library
* Adds orchestrator telemetry information to steps
* Updates generated files, fatalHook writes to cpe
* Go generate from master, go fmt
* Adds Custom Data field LastErrorCode
* Removes GetLog() test
* Update init_unix.go
* Update docker_integration_test_executor.go
* Update integration_api_cli_test.go
* Reverts go1.17 fmt formatting
* Reverts go1.17 fmt formatting
* Reverts go1.17 fmt formatting
* Renames customTelemetryData to stepTelemetryData
* Adjustments to orchestrator-package, cleanup, adds JobName
* Adjusts commonPipelineEnvironment path
* Adds pipelineTelemetry struct to telemetry package, removes pipeline telemetry structs from splunk package
* Go fmt
* Changes path for errorDetails, adds debug information
* Removes custom fields from step, adds orchestrator, commithash to baseMetadata
* Adjusts tests for telemetry package
* Adds tests for orchestrator
* Updates generated files, initalization of splunk client only if its available in the config
* Fixes typo in helper go
* Update pkg/http/downloader.go
* Update pkg/http/downloader.go
* Update pkg/log/fatalHook.go
* Update fatalHook.go
* Update pkg/splunk/splunk.go
* Update pkg/telemetry/data.go
* Adds GetBuildStatus() and GetAPIInformation() to orchestrators
* error formatting
* Bugfix: dont send telemetry data if disabled, adjusts test
* go fmt
* Use correct error handling
* Update pkg/telemetry/telemetry.go
* Fixes telemetry disabled in the tests
* Fixes http tests
* Log fatal errors to logFile
* Adds CustomReportingConfig to hooks
* Cleanup comments in splunk package
* Adds possibility to send telemetry to custom endpoint
* Adds debug output for the payload
* Debug output for the payload as a string
* Adds test cases for changes in telemetry package
* go fmt
* Adds generated files for new step
* Reverts changes for http tests, causing problems with go1.15, changes need to be applied for newer go version >=1.17
* Adjusts test for sonarExecuteScan
* Adjusts test for sonarExecuteScan
* Adds explanation for customreportingConfig
* Makes disableing of customSend more obvious
* Adds custom step reporting to each step, updates generated files, adjusts helper testdata
* fixes unit test wrong usage of logging
* Send pipeline data altough there has been no error, adjust test cases
* Reverts changes for customReporting
* Updates generated files, removes customReporting
* Removes writing errorDetails to CPE
* Reverts usage of customreporting
* go fmt
* reverts changes in http_test
* reverts changes in http_test
* Skips integration cnb test
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* feat: first parts of new run struct
* add parts for new stage condition handling
* update conditions
* feat: finalize conditions and tests
* feat(checkIfStepActive): support new CRD style conditions
* feat(docs): allow generating stage docs
* chore(docs): make step directory configurable
* fix: tests
* add option to output file
* Update checkIfStepActive_test.go
* create build settings for maven
* cases for when mavenBuild may be present
* fixing unit test for mavenBuild to include cpe
* changing position of buildSettngsJson to be called atfter build runs
* package
* extending the struct for other build types
* adding values for mta build settings
* changing config data type
* adding npm build settings
* unit tests
* fix trailing space
* typo correction in yaml
* Vitalii/build settings info (#3277)
* Add buildsettings package
* Improve buildSetting package for mta, npm
* Add unit-test
* Fix
* Fix
Co-authored-by: Vitalii Sidorov <vitalii.sidorov@sap.com>
* review changes
* removing buildTool param
* changing npm script name
* fix npmExecute tests
* including build settings info in npm struct
Co-authored-by: Your Name <you@example.com>
Co-authored-by: kingvvgo <56587879+kingvvgo@users.noreply.github.com>
Co-authored-by: Vitalii Sidorov <vitalii.sidorov@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* Fixed validation for possibleValues option
* Change oneof-custom to possible-values
* go generate
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* new checks for commitIDs
* new checks for commitIDs
* relocate step from build stage to initial checks + refac
* log list
* fix log + check
* log format
* fix unit tests
Co-authored-by: Christian Luttenberger <42861202+bluesbrother84@users.noreply.github.com>
* empty cpe values from disk and cpe map on condition
* changing log level
* changing log level from info to edbug
* changing empty logic for empty string
* adding toBeEmptied condition
Co-authored-by: Your Name <you@example.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* [WIP] bindings support for cnbBuild step
Co-authored-by: Pavel Busko <pavel.busko@sap.com>
* add unit tests
Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>
* switch to mapstruct for more meaningful errors
Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>
* add integration test for bindings
Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>
* Add documentation for cnbBuild.bindings
Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>
* fixed unit tests
Co-authored-by: Pavel Busko <pavel.busko@sap.com>
* apply codeclimate suggestions
Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>
* renamed field "secret" to "key"
Co-authored-by: Pavel Busko <pavel.busko@sap.com>
Co-authored-by: Pavel Busko <pavel.busko@sap.com>
* Adds retry for whitesource download in case of 404 not found
* Adds retry mechanism for 'forbidden errors' which occasional happen when downloading the unified agent
Co-authored-by: tiloKo <70266685+tiloKo@users.noreply.github.com>
confirm no longer done based on package status but now based on boolean indicator which is set during assembly step.
Thus confirm can now be placed after release packages.
* changes to detectExec before master merge
* changes for detectExecuteScan
* self generated code added
* fix syntax errors and update docu
* added unit tests for fail and Group
* fix failOn bug
* add Groups as string array
* add Groups as string array
* tests and validation for groups, failOn
* Updated docs and added more tests
* documentation md files should not be changed
* Handle merge conflicts from PR 1845
* fix merge errors
* remove duplicate groups, merge error
* adding buildCode and buildTool as params
* switching build options
* building maven modules
* parameter correction
* parameter correction
* gnerate with new build parameter
* adding comments
* removing piper lib master and modifying goUtils to download 1.5.7 release
* first cleaning then installing
* multi module maven built
* multi module maven built removing unwanted code
* multi module maven built moving inside switch
* testing
* modifying the default use case to also call maven build
* modifying the default use case to also call maven build wih --
* corrected maven build command
* corrected maven build command with %v
* skipping test runs
* testing for MTA project with single pom
* adding absolute path to m2 path
* clean up
* adding switch for mta and maven and removing env from containers
* commiting changes for new detect step
* correting log message
* code clean up
* unit tests changes to detectExecute
* basic tests for new change
* restoring piperGoUtils to download correct piper binary
* code clean up
* code clean up
* protecodeExecuteScan :: fixing file upload for binaries
* protecodeExecuteScan :: fixing protecode generate file
* Fix upload test
* protecodeExecuteScan -> fixing tests
Co-authored-by: D072410 <giridhar.shenoy@sap.com>
Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
* support for untar in fileutils
* handeling strip component level like tar cli
Co-authored-by: Your Name <you@example.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Thorsten Duda <thorsten.duda@sap.com>
* Implemented validation for the option possibleValues
* Has been added the option mandatoryIf to config with validation
* Fixed issues found during code review
* improved golang template
* Fixed tests. Added validation for mandatoryIf option
* Fix typo
* Fixed tests
* Validation was refactored. Added options
* Added default value for parameters with possibleValues option
* Validation was moved after the configuration resolution
* Canceled some default values
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* extend orchestator to provide stage name
* use orchestrator specific stage name
* fix test case
* remove comment
* fix test case
* prettify
* change something..
* do not exit
* Update pkg/orchestrator/azureDevOps.go
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* mta build config
* http request to upload mtar
* adding basic auth
* using put
* test file name
* hard coding the mta org and artifact is
* new version
* new version
* mtar group
* errors
* better error message
* log info
* log info
* correct mtar artifact name
* adding teh correct name
* test
* name changes
* clean up
* changing mtarVersion to version
* changing artifact name
* forcing release build
* forcing release build
* force profile
* force profile
* force profile
* force profile
* force profile
* force profile
* force profile
* force profile update
* force profile update
* profile update
* debug
* debug
* debug
* debug
* rewrite xml update
* rewrite xml update
* unmarshal solution
* unmarshal solution
* unmarshal solution
* unmarshal solution
* unmarshal solution
* unmarshal solution
* unmarshal solution
* unmarshal solution
* unmarshal solution
* outputin publish repo url
* removing fetch coordinates condition
* checking settings xml
* fixing artifact id cpe
* release artifact, package and group to cpe
* including versioning type as a cpe
* creating new settings xml file
* creating parent folder
* creating parent folder
* creating parent folder
* creating parent folder
* creating parent folder
* creating parent folder
* creating parent folder
* creating parent folder
* creating parent folder
* creating parent folder
* changing to project settings
* function name change
* using glbl settings xml
* modiying the npm settings
* modiying the npm settings
* modiying the npm settings
* modiying the npm settings
* using file path join for m2 settings file
* generator
* unit tests
* hardening error message
* removing versioningType
* removing versioningType
* new vault profile paths
* error message improvement
* unit test fixes
Co-authored-by: Your Name <you@example.com>
* add policy status reports
* add policy status and cumulus json
* update projectver link + test
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
* modify wrapper http to hold ca rot
* modifying the http client for maven build
* adding checks
* eliminating seperate jks
* test tls true
* insecure flag remove
* error debug
* storing cert
* sap root cert
* error
* only child cert
* test
* maven test
* moving outside loop
* changing pointer
* dont download existing certs
* typo fix
* removing mavenBuild test
* code clean up
* making hadolint using always cert true
* custom tls link for hadolint trust
* error handel
* extended condition for modifying custom tls
* unit test case
* checing when to add the customLinks
* not breaking existing hadolint client config
Co-authored-by: Your Name <you@example.com>
This follows up on #3024
Setting emptyValue to s.th. like `--entrypoint=''` will break in case the argument is properly escaped.
Docker will return with
`container process caused: exec: "''": executable file not found in $PATH`
* feat(detectExecuteScan): generate ip result json
json will currently only be created in success cases.
No information about policy violation details available in the step yet.
* update report name
* Update cmd/detectExecuteScan.go
Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>
* Update cmd/detectExecuteScan.go
Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>
* Update cmd/detectExecuteScan_test.go
Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>
* Update cmd/detectExecuteScan_test.go
Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>
* move blackduck api package
* fix broken unit test
* added tests for new api calls
Co-authored-by: OliverNocon <oliver.nocon@sap.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
it is possible to overwrite the entrypoint for docker execution:
https://docs.docker.com/engine/reference/run/#entrypoint-default-command-to-execute-at-runtime
This is ideally done by passing `entrypoint=''` and not pass two options to the call.
This also helps with escaping issues of the empty value on other systems.
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
* Added checkIfStepActive step
* Implemented npmScripts condition. Code was refactored
* Added some unit tests
* Fixed go modules
* Fixed go modules
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* Improved logging of splunk connectivity errors
* Splunk logging
* Moved error logging message
* Bugfix for response body
* Moves response body check, logging of connectivity errors
* Reformatting
* Adds check if response body is nil
* Toolrecord framework -
provide a common entry point for post processing code scan results
Changes to be committed:
new file: pkg/toolrecord/REAMDE_toolrecord.md
new file: pkg/toolrecord/toolrecord_main.go
new file: pkg/toolrecord/toolrecord_test.go
* Add toolrecord file to Checkmarx results
modified: cmd/checkmarxExecuteScan.go
* Add toolrecord file to Fortify results
modified: cmd/fortifyExecuteScan.go
* Add toolrecord file to Whitesource results
modified: cmd/whitesourceExecuteScan.go
* unset umask (#2927)
* (feat) adds error logging output for downloading reports from whitesource (#2928)
* Add toolrecord file to Protecode results
* address code climate findings (1/2)
* address codeclimate findings (2/2)
* add comments to all methods
* Toolrecord library:
- move all toolrun files into a subdirectory
- fix timestamp generation in filenames
* add protecode group's URL to toolrecord data
* fix syntax error from previous commit in cmd/protecodeExecuteScan.go
* toolrecord: fix projectVersionID and generated URLs in fortifyExecuteScan.go
* cmd/fortifyExecuteScan.go: replace a hard-coded servername with
config.ServerURL
* update description
* add toolrecord file to detectExecuteScan
* toolrecord/whitesource: add project names as context
Co-authored-by: Kevin Stiehl <kevin.stiehl@numericas.de>
Co-authored-by: ffeldmann <felix@bnbit.de>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
* using default java truststore
* default java keytore
* remove trust store
* working directory
* change dir java_home
* env variable
* trying to find jre home
* changing directory to jre home and java home
* trying java jre
* remving $
* trying to search the cacerts
* copying existing cacerts
* removing change directory
* searching for secrutiy folder only
* searching cacerts
* new path for cacert
* path to ca-cert
* new trust store
* changing cacert location
* only adding maven_opts env variable once
* log message
* ca cert path from user
* handelling interface modification
* enhance logs and code clean up
* code clean up
Co-authored-by: Your Name <you@example.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* feat(config):read config/defaults with authentication
This change allows to use defaults and config files from a protected GitHub repository.
The options `--customConfig` and `--defaultConfig` already allowed to provide a link to an uprotected file.
Now, by passing a value in the form `<hostname>:<token>` to parameter `gitHubTokens` (this parameter can be passed multiple times) a token can be provided for dedicated hosts.
This makes it possible to use a link like
`https://api.github.com/repos/SAP/jenkins-library/contents/resources/my-defaults.yml?ref=master`
as reference to a default file or similarly as reference to a configuration file.
* update generation to allow protected config/defaults
* fix CodeClimate issues
* update missing generations
* new step integrationArtifactTriggerIntegrationTest
* add new step into allow list
* add the new step to main command
* refer cpe
* remove unused unit tests
* Check methods and URLs of http request
* Add TriggerIntegration to mockingutils
* Format code
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
Co-authored-by: Linda Siebert <linda.siebert@sap.com>
* Switch to service key for CPI GetMplStatus
Introduces read method for service key files, mock utils and tests.
* Use secret text instead of file
* Change serviceKey definition
* Update cpiUpload to use Service Key
retrieved the host and uaa information from service key
* Update cpiDeploy to use service key
retrieved the host and uaa information from service key
* Update cpiServiceEndpoint to use Service Key
retrieved the host and uaa information from service key
* Update cpiDownload to use Service Key
retrieved the host and uaa information from service key
* Update cpiUpdateConfig to use Service Key
retrieved the host and uaa information from service key
* Refactor serviceKey var name
* Fixed references to service key to follow the real format
they should be accessed through oauth instead of uaa because of the format of the json
* Rename ServiceKey to APIServiceKey
To support having a different service key(and for readability), we need to change the name to API.
* Add STAGES and STEPS yaml
add in to each yaml file of cpi integration
* Revert "Add STAGES and STEPS yaml"
This reverts commit aa2665d158.
* Change comments/formatting commonUtils
Make comments more understandable and follow code climate suggestions
* Change documentation files for steps
remove OAuth and host and change credentials to be servicekey
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
Co-authored-by: Thorsten Duda <thorsten.duda@sap.com>
* make use of new read,writePipelineEnv Steps in groovy
* remove unused cat
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* Make sonarExecuteScan orchestrator-agnostic
* Increase coverage + support empty or false env vars
* Use cleared env for unit tests
* Refactor to standalone package
* Fix review findings
* Fix review findings
* Fix unit test
* Add logging
* Refactor
* Add to codeowners 😎
* Apply suggestions from code review
* Remove unreachable code
* no message
* fix typos
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* modifying detect.maven.excluded.scopes from TEST to test
* new maven alt deployment flags
* changing flag names
* tlsCertificate addtion
* adding publish flags
* new flags
* publish flag
* enhance maven builds
* enhance maven builds
* creating new settings xml
* updating project settings
* changing interface for artifactPreparation that uses the same maven util niterface
* adding general scope to maven params
* global reference
* removing vault tmp
* debuging deployment user
* more debug
* maven build paras
* using smaller case
* adding incorrect error check
* adding deployment flags
* code refactor
* unit tests
* changing scope of paramter for tls certs
* new scope for tls
* remove trailing space in mavenBuild.yaml
* trailing space fix
* typo fix and jenkins secret
* including jenkins credentials for repo pass in the maven build groovy
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* Adds headCommitId, which stores the head commit has of the current build, includes tests and generated files
* Adds headCommitId, which stores the head commit has of the current build, includes tests and generated files
* Go fmt fix
* Fixes artifactoryPrepareVersion test
* Removes xMake CommitId
* "ignoreSourceFiles" parameter removed from general section and added to specific build tool section
* Update configHelper_test.go
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* Don't fail if components list is empty. Resolves failures when scanning images from Crossplane.
* Update formatting with go fmt
* Update pkg/protecode/protecode.go
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* Update pkg/protecode/protecode.go
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* Fix change, make consistent
Co-authored-by: d.small@sap.com <d.small@sap.com>
Co-authored-by: dee0 <dsmallzero@gmail.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* add versioningModel parameter
* extract versioning model to own package
* move log message
* use versioning method
* add customScanVersion parameter
* use customScanVersion
* adjust docs on other steps
* update test case
* Add dir to whitesource scan
* Add default for "dir" option
* Change param name to workDir
* Change param name WorkDir to ScanPath
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* Fix project lookup
* Added test for space
* Update pkg/fortify/fortify.go
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
