1
0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-14 11:03:09 +02:00
Commit Graph

4752 Commits

Author SHA1 Message Date
Googlom
33b8c489f9
fix dependencies with security issues (#4790)
* remove vault interaction from unit tests

* go mod tidy

* update some dependency minor versions

* update github.com/getsentry/sentry-go

* fix vault dependency

* update google.golang.org/api and cloud.google.com/go/storage

* fix unit test

---------

Co-authored-by: Gulom Alimov <gulomjon.alimov@sap.com>
2024-01-24 15:19:23 +05:00
ffeldmann
d0e205d018
chore: Disables webanalytics telemetry reporting by default (#4788)
* Disables telemetry reporting by default

* Update cmd/piper.go
2024-01-22 14:12:44 +01:00
Googlom
5d100ef79b
update dependencies from renovate bot
Co-authored-by: Gulom Alimov <gulomjon.alimov@sap.com>
2024-01-22 11:54:05 +01:00
renovate[bot]
f504beaa69
fix(deps): update github.com/motemen/go-nuts digest to 2658d01 (#4500)
* fix(deps): update github.com/motemen/go-nuts digest to 2658d01

* go mod tidy

* go mod tidy (merge conflict)

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Gulom Alimov <gulomjon.alimov@sap.com>
2024-01-22 15:31:56 +05:00
renovate[bot]
b022f6d471
fix(deps): update module github.com/getsentry/sentry-go to v0.26.0 (#4738)
* fix(deps): update module github.com/getsentry/sentry-go to v0.26.0

* go mod tidy

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Gulom Alimov <gulomjon.alimov@sap.com>
2024-01-22 15:09:34 +05:00
renovate[bot]
0764534edb
fix(deps): update module github.com/influxdata/influxdb-client-go/v2 to v2.13.0 (#4737)
* fix(deps): update module github.com/influxdata/influxdb-client-go/v2 to v2.13.0

* go mod tidy

* add new APIClient method to mock

* go mod tdiy

* go mod tidy again

* remove mocks

* update mockery and regenerate

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: jliempt <>
Co-authored-by: Gulom Alimov <gulomjon.alimov@sap.com>
Co-authored-by: Googlom <36107508+Googlom@users.noreply.github.com>
2024-01-22 14:54:34 +05:00
Googlom
0117942d25
update golang to 1.20 (#4783)
* update golang to 1.20

* update version in another places

* fix failing unit tests and lint

---------

Co-authored-by: Gulom Alimov <gulomjon.alimov@sap.com>
2024-01-22 10:18:32 +05:00
Daniel Mieg
d115858ead
Fix initial request (#4785) 2024-01-18 20:28:24 +01:00
Adrien LESUR
61564ea229
Run helm dependency before helm lint (#4777)
* Update helmExecute.go

* Update helmExecute_test.go

* Try fix format issue
2024-01-18 13:06:42 +06:00
Daria Kuznetsova
6920cad511
feat(codeqlExecuteScan): adding data to InfluxDB (#4780)
* added influxdb to params, added log for testing

* changed fields for codeql influx db

* added setting codeql findings to influx

* refactored

* fixed typo

* added tests
2024-01-17 11:38:16 +03:00
Dmitrii Pavlukhin
808b21fa79
Add maven native-like build workaround for detect (#4712)
* added-native-like-build

* pom-path-uncommented

* Run install only for maven

* Added log

* debug

* Print config params

* Added pipeline env

* Added parameter to specify path to pom.xml

* Returned condition

* Added logging of config in verbose mode

---------

Co-authored-by: Andrei Kireev <a-kireev1989@mail.ru>
Co-authored-by: Andrei Kireev <andrei.kireev@sap.com>
2024-01-15 22:50:22 +01:00
Googlom
9074822e57
allow reconfiguration of provider (#4776)
Co-authored-by: Gulom Alimov <gulomjon.alimov@sap.com>
2024-01-15 17:51:32 +05:00
Christopher Fenner
70b860f47f
feat: remove SAP web analytics reporting (#4773)
* improve vault logging

* remove swa calls

* Revert "improve vault logging"

This reverts commit 8335bbf365.
2024-01-15 13:17:53 +01:00
Dmitrii Pavlukhin
86a59eb412
Mend fix for the config path calculation (#4766)
* fix-for-the-scan-path-in-custom-pipelines

* amended-scan-path-logic

* minor-changes

* returned-old-way-of handling-config

* returned-old-way

* removed-comments
2024-01-15 10:30:19 +03:00
Marco Rosa
6ac8fd155b
chore: Update CODEOWNERS for credentialdiggerScan step (#4348)
* Update CODEOWNERS for credentialdiggerScan step

* Update .github/CODEOWNERS

* Update .github/CODEOWNERS

---------

Co-authored-by: Ashly Mathew <ashlymathew93@gmail.com>
Co-authored-by: Ashly Mathew <ashly.mathew@sap.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
2024-01-10 14:01:17 +01:00
renovate[bot]
01b0f44da3
chore(deps): update actions/setup-go action to v5 (#4751)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
2024-01-10 11:53:11 +01:00
renovate[bot]
92791bed3a
chore(deps): update actions/setup-python action to v5 (#4752)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-01-10 11:52:10 +01:00
Jk1484
5b68fc6095
throw a warning if value of a config is of the wrong type (#4700) 2024-01-10 15:02:11 +05:00
Googlom
2b2c441949
fix: handle legacy stage name differences (#4733)
* add name difference handler function

* add conditions for setting keys

---------

Co-authored-by: Gulom Alimov <gulomjon.alimov@sap.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
2024-01-10 10:39:29 +01:00
Dmitrii Pavlukhin
89e1e01ae9
Temporary Fix docker images timeout issue (#4762)
* returned-the-old-way-of-handling-images

* introduced-additional-parameter

* amended-the-description

* amended-condition
2024-01-09 15:22:54 +03:00
Googlom
ac5cf17317
refactor(orchestrator): Use singleton in orchestrator package and rename methods (#4639)
* rename interface, types and methods.
some type changes and refactor

* update dependent methods and variables

* fix unit tests

* a bit more refactor and fix

* concurrent safe singleton

* return old Options struct

* refactor creating config provider and fix nil pointer derefernce

* fix unit test and linter errors

* introduce resetting config provider (for unit tests)

* fix annoying error message when config provider is not configured

---------

Co-authored-by: Gulom Alimov <gulomjon.alimov@sap.com>
Co-authored-by: Muhammadali Nazarov <muhammadalinazarov@gmail.com>
2024-01-09 16:01:15 +05:00
Adam Horacek
a5ea24dfb0
feat(configs): vaultCredentialEnvPrefix to support several prefixes (#4745)
* feat(configs): vaultCredentialEnvPrefix to support several prefixes

* minor refactoring

* docs

---------

Co-authored-by: Muhammadali Nazarov <muhammadalinazarov@gmail.com>
2024-01-09 13:07:53 +05:00
Dmitrii Pavlukhin
32657c44d7
changed-save-name (#4759) 2024-01-08 15:53:15 +03:00
Dmitrii Pavlukhin
f5f72bcc7c
Remove useDetect7 option (#4717)
* removed-detect7-option

* linting-fix

* removed-comment
2024-01-08 13:21:44 +03:00
Dmitrii Pavlukhin
6cc6a4e80a
Feature - whitesourceExecuteScan - adding ability to scan multiple docker images (#4755)
* added-multiple-images-scan-logic

* amended-description

* added-reference-to-common-pipeline-env
2024-01-05 18:23:55 +03:00
Vyacheslav Starostin
0688a05847
fix(imagePushToRegistry): image tag shouldn't contain plus sign (#4756) 2024-01-05 16:41:30 +06:00
renovate[bot]
014e8f073c
fix(deps): update module golang.org/x/crypto to v0.17.0 [security] (#4728)
* fix(deps): update module golang.org/x/crypto to v0.17.0 [security]

* go mod tidy

* undo accidental change

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: jliempt <>
2023-12-27 09:21:44 +01:00
tiloKo
c7ac43595f
Update targetVector.go (#4736)
missing space
2023-12-22 13:15:35 +01:00
Daria Kuznetsova
439a7ad82e
fix(codeqlExecuteScan): init empty GitHub repo before mirroring code (#4714)
* added initializing empty repo

* updated go.mod

* updated go.mod

* updated go.sum

* updated go.mod

* updated go.mod

* updated go.mod

---------

Co-authored-by: sumeet patil <sumeet.patil@sap.com>
2023-12-21 11:20:44 +03:00
Daniel Mieg
dbc3d41b37
SAP_COM_0948 (#4715)
* SAP_COM_0948 clone, pull & checkout

* Fix log output

* Enable compatibility for old tests

* Fix tests

* Add tests for SAP_COM_0948

* Change message

* Add tags for test

* add retry for error code 501

---------

Co-authored-by: tiloKo <70266685+tiloKo@users.noreply.github.com>
2023-12-19 15:16:48 +01:00
thtri
13a97c8aea
fix(checkmarx):disable failOnMissingReports (#4713)
* fix(checkmarx):disable failOnMissingReports

* fix(checkmarx):disable failOnMissingReports

---------

Co-authored-by: sumeet patil <sumeet.patil@sap.com>
2023-12-19 08:54:51 +01:00
Jordi van Liempt
0b585ed932
Revert "Fix sidecar conditionals (#4672)" (#4727)
This reverts commit cd8c93ea6c.
2023-12-18 16:01:33 +01:00
Oliver Burré
c3d420a752
docs: update gatlingExecuteTests example (#4726)
There is no testModule parameter in gatlingExecuteTests, the correct parameter to be used is pomPath
2023-12-18 14:53:13 +01:00
Ralf Pannemans
cd8c93ea6c
Fix sidecar conditionals (#4672)
* fix sidecar conditionals

Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>

* Fix unit tests

Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>

* Consider parameter used in conditions of sidecars

Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>

---------

Co-authored-by: Johannes Dillmann <j.dillmann@sap.com>
Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>
2023-12-18 16:03:58 +04:00
Oliver Nocon
6587808062
fix(npm): don't publish sboms in npm package (#4692)
Co-authored-by: Anil Keshav <anil.keshav@sap.com>
2023-12-13 23:06:59 +05:30
Daria Kuznetsova
4f5ed26031
fix(codeqlExecuteScan): support http(s) urls for maven settings files (#4718) 2023-12-13 11:55:07 +03:00
Daria Kuznetsova
405e42a1c3
fix(codeqlExecuteScan): filter quality issues for SAST to pass/fail (#4703)
* added filtering issues by tag

* added optional group of issues

* fixed tests

---------

Co-authored-by: sumeet patil <sumeet.patil@sap.com>
2023-12-13 10:43:04 +03:00
michaelkubiaczyk
f39dec68a5
Cxone updated release (#4723)
* Initial in progress

* compiling but not yet functional

* Missed file

* updated checkmarxone step

* Working up to fetching a project then breaks

* Missed file

* Breaks when retrieving projects+proxy set

* Create project & run scan working, now polling

* Fixed polling

* added back the zipfile remove command

* Fixed polling again

* Generates and downloads PDF report

* Updated and working, prep for refactor

* Added compliance steps

* Cleanup, reporting, added groovy connector

* fixed groovy file

* checkmarxone to checkmarxOne

* checkmarxone to checkmarxOne

* split credentials (id+secret, apikey), renamed pullrequestname to branch, groovy fix

* Fixed filenames & yaml

* missed the metadata_generated.go

* added json to sarif conversion

* fix:type in new checkmarxone package

* fix:type in new checkmarxone package

* removed test logs, added temp error log for creds

* extra debugging to fix crash

* improved auth logging, fixed query parse issue

* fixed bug with group fetch when using oauth user

* CWE can be -1 if not defined, can't be uint

* Query also had CweID

* Disabled predicates-fetch in sarif generation

* Removing leftover info log message

* Better error handling

* fixed default preset configuration

* removing .bat files - sorry

* Cleanup per initial review

* refactoring per Gist, fixed project find, add apps

* small fix - sorry for commit noise while testing

* Fixing issues with incremental scans.

* removing maxretries

* Updated per PR feedback, further changes todo toda

* JSON Report changes and reporting cleanup

* removing .bat (again?)

* adding docs, groovy unit test, linter fixes

* Started adding tests maybe 15% covered

* fix(checkmarxOne): test cases for pkg and reporting

* fix(checkmarxOne):fix formatting

* feat(checkmarxone): update interface with missing method

* feat(checkmarxone):change runStep signature to be able to inject dependency

* feat(checkmarxone): add tests for step (wip)

* Adding a bit more coverage

* feat(checkmarxOne): fix code review

* feat(checkmarxOne): fix code review

* feat(checkmarxOne): fix code review

* feat(checkmarxOne): fix integration test PR

* adding scan-summary bug workaround, reportgen fail

* enforceThresholds fix when no results passed in

* fixed gap when preset empty in yaml & project conf

* fixed another gap in preset selection

* fix 0-result panic

* fail when no preset is set anywhere

* removed comment

* initial project-under-app support

* fixing sarif reportgen

* some cleanup of error messages

* post-merge test fixes

* revert previous upstream merge

* adding "incremental" to "full" triggers

* wrong boolean

* project-in-application api change prep

* Fixing SARIF report without preset access

* fix sarif deeplink

* removing comments

* fix(cxone):formatting

* fix(cxone):formatting

---------

Co-authored-by: thtri <trinhthanhhai@gmail.com>
Co-authored-by: Thanh-Hai Trinh <thanh.hai.trinh@sap.com>
2023-12-12 20:24:03 +01:00
Vyacheslav Starostin
083826485c
imagePushToRegistry: update sourceImages and targetImages parameters (#4707)
* Add imageTag param

* Make imageTag mandatory if tagArtifactVersion is true && update logic

* Make sourceRegistryURL mandatory if localDockerImagePath is not set

* Make some param mandatoryIf

* Change format of sourceImages param

* Add source image tag

* Update sourceImages and targetImages params

* Delete unused function

* Clean up tests

* Update

* Update metadata file

* Update tests

* Fix test

* Fix tests
2023-12-12 15:05:03 +06:00
dependabot[bot]
a342f49834
build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 (#4689)
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/v3/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v3.0.0...v3.0.1)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: jliempt <>
2023-12-05 12:56:41 +01:00
renovate[bot]
4725ce2dc8
chore(deps): update actions/setup-node action to v4 (#4710)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-05 12:33:15 +01:00
renovate[bot]
f58bc66ae1
chore(deps): update actions/setup-java action to v4 (#4709)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Jordi van Liempt <35920075+jliempt@users.noreply.github.com>
2023-12-05 12:19:40 +01:00
renovate[bot]
c1371b1094
fix(deps): update module golang.org/x/oauth2 to v0.15.0 (#4666)
* fix(deps): update module golang.org/x/oauth2 to v0.15.0

* go mod tidy

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: jliempt <>
2023-12-05 11:50:40 +01:00
renovate[bot]
74242ebf89
fix(deps): update module golang.org/x/mod to v0.14.0 (#4665)
* fix(deps): update module golang.org/x/mod to v0.14.0

* go mod tidy

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: jliempt <>
2023-12-05 10:45:03 +01:00
sumeet patil
a6dccf995d
fix(codeqlExecuteScan): Fix for GlobalSettingsFile url checks (#4708) 2023-12-05 13:43:29 +05:30
sumeet patil
e6a7432025
fix(codeqlExecuteScan): url checks for settings file (#4706) 2023-12-04 15:32:12 +05:30
Ralf Pannemans
6efb21b30b
Add support for volume mounts (#4673)
* Add support for volume mounts

* Adatpt unit test to include VolumeMounts

Co-authored-by: Ralf Pannemans <ralf.pannemans@sap.com>

* Only accept volumeMounts with the name volume

---------

Co-authored-by: Johannes Dillmann <j.dillmann@sap.com>
Co-authored-by: Philipp Stehle <philipp.stehle@sap.com>
Co-authored-by: Anil Keshav <anil.keshav@sap.com>
2023-12-01 13:33:08 +01:00
Daria Kuznetsova
aab4de4597
feat(codeqlExecuteScan): added params projectSettingsFile and globalSettingsFile (#4702)
* added settings file params

* added checking build tool
2023-12-01 12:45:31 +03:00
Anil Keshav
8dc2a1bfb4
feat: Add imagePushToRegistry step (#4609)
* imagePushToRegistry new step

* adding copy and push functionality

* including only copy correctly

* groovy step for imagePushToRegistry

* create .docker folder

* imagePushToRegistry new step

* adding copy and push functionality

* including only copy correctly

* groovy step for imagePushToRegistry

* create .docker folder

* fix CopyImage

* test

* test

* Correct docker config path

* Update

* Update

* Update

* Update

* Update

* Use creds from Vault

* Use creds from Vault

* Use creds from Vault

* Use creds from Vault

* Test

* Comment some logic

* Test: move regexp logic

* Test

* Update

* Update

* Clean up

* Update

* Update

* Update interface

* Rename function

* imagePushToRegistry: small refactoring (#4688)

* imagePushToRegistry new step

* adding copy and push functionality

* including only copy correctly

* groovy step for imagePushToRegistry

* create .docker folder

* Correct docker config path

* Update

* Update

* Update

* Update

* Update

* Use creds from Vault

* Use creds from Vault

* Use creds from Vault

* Use creds from Vault

* Test

* Comment some logic

* Test: move regexp logic

* Test

* Update

* Update

* Clean up

* Update

* Update

---------

Co-authored-by: Keshav <anil.keshav@sap.com>
Co-authored-by: Muhammadali Nazarov <muhammadalinazarov@gmail.com>

* Update step yaml file

* Update interface

* Rename func

* Update tests

* Update interface, create mock methods, update tests

* Update mock

* Add md file

* Fix groovy doc, unit test, go unit test

* Update

* Add unit tests

* Support tagLatest param

* Fetch source creds from Vault

* Update yaml file

* Support multiple images

* Update test

* Support copy images in parallel

* Update yaml

* Clean up

* Return err if no creds provided

* Fix tests

* Add err msg

* Add debug log

* Do not use CPE for targetImages

* Support platform

* Delete Jenkins specific creds

* Update groovy: do not handle Jenkins creds

* Delete unused code

* Fix: Support platform

* Fix: Support platform

* Apply suggestion from code review

Co-authored-by: Egor Balakin <14162703+m1ron0xFF@users.noreply.github.com>

* Apply suggestion from code review

Co-authored-by: Egor Balakin <14162703+m1ron0xFF@users.noreply.github.com>

* Add tests for parseDockerImageName

* Add comment that tagArtifactVersion is not supported yet

* Set limit of running goroutines

* Fix: Set limit of running goroutines

* The tagArtifactVersion is not supported yet

---------

Co-authored-by: Muhammadali Nazarov <muhammadalinazarov@gmail.com>
Co-authored-by: Egor Balakin <egor.balakin@sap.com>
Co-authored-by: Vyacheslav Starostin <vyacheslav.starostin@sap.com>
Co-authored-by: Vyacheslav Starostin <32613074+vstarostin@users.noreply.github.com>
Co-authored-by: Egor Balakin <14162703+m1ron0xFF@users.noreply.github.com>
2023-11-30 15:06:31 +06:00
Oliver Feldmann
cce7c0d384
Use new env var (#4698) 2023-11-29 12:29:29 +01:00