1
0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-14 11:03:09 +02:00
Commit Graph

466 Commits

Author SHA1 Message Date
larsbrueckner
ab396ce6f3
toolrecord: fix web ui URLs for whitesource, close #6 (#3096) 2021-09-10 13:20:54 +02:00
larsbrueckner
45cb97c8d9
pkg/toolrecord: log json marshalling errors; fix issues in whitesource and blackduck (#3049)
* pkg/toolrecord: log json marshalling errors

* toolrecord package: add internal check to ensure that generated files
are not empty

* cmd/whitesourceExecuteScan.go : rework createToolRecordWhitesource to
include all scanned projects

* pkg/toolrecord: new helper function to override default display values

* cmd/whitesourceExecuteScan: improve toolrecord file

* cmd/detectExecuteScan.go fix toolrecord file creation #3

* pkg/toolrecord: log json marshalling errors

* toolrecord package: add internal check to ensure that generated files
are not empty

* cmd/whitesourceExecuteScan.go : rework createToolRecordWhitesource to
include all scanned projects

* pkg/toolrecord: new helper function to override default display values

* cmd/whitesourceExecuteScan: improve toolrecord file

* fix merge conflict
2021-09-09 10:50:33 +02:00
Siarhei Pazdniakou
d8d533b154
ADO - Vault Secret Rotation (#3084)
* Implemented vault secret rotation for ADO

* Added tests

* Fixed issues
2021-09-08 16:48:12 +02:00
Giridhar Shenoy
b92e7f699c
detectExecuteScan : Policy reports in HTML, JSON and for cumulus (#3057)
* add policy status reports

* add policy status and cumulus json

* update projectver link + test

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2021-09-07 17:17:03 +02:00
Sven Merk
89124801c6
fortifyExecuteScan: Fix overall report status (#3081)
* fortifyExecuteScan: Fix overall report status

* Update reporting.go
2021-09-01 14:07:12 +02:00
ffeldmann
380f1fbfec
Adds retry for whitesource download in case of 404 not found (#3063)
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-08-19 14:49:24 +02:00
Anil Keshav
d29ba346f2
[feat] https communication enhancement : Eliminate skip tls skip verify in the piper http client (#3062)
* modify wrapper http to hold ca rot

* modifying the http client for maven build

* adding checks

* eliminating seperate jks

* test tls true

* insecure flag remove

* error debug

* storing cert

* sap root cert

* error

* only child cert

* test

* maven test

* moving outside loop

* changing pointer

* dont download existing certs

* typo fix

* removing mavenBuild test

* code clean up

* making hadolint using always cert true

* custom tls link for hadolint trust

* error handel

* extended condition for modifying custom tls

* unit test case

* checing when to add the customLinks

* not breaking existing hadolint client config

Co-authored-by: Your Name <you@example.com>
2021-08-19 11:29:33 +02:00
Oliver Nocon
37cea1b998
chore(docker): do not swallow error (#3056) 2021-08-17 15:52:18 +02:00
Oliver Nocon
5096b3bfe1
fix(checkIfStepActive): respect explicit (de-)activation (#3055) 2021-08-17 11:20:04 +02:00
Mayur Belur Mohan
2d412d9f3c
IntegrationArtifactResource Command (#3027)
* IntegrationArtifactResource Command

* Remove unused code

* Formatting fix

* formatting fix

* formatting fix

* formatting fix

* formatting fix

* CodeReview Fixes

* Code Review Fix

* Code Review Fixes

* Code Review Fixes

* Format fix

* format fix

* format fix

* format fix

* Code Review Fix

Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
2021-08-12 09:11:02 +02:00
Oliver Nocon
97b84429f1
feat(Vault): custom prefix for test credentials (#3043)
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2021-08-11 16:20:08 +02:00
Anil Keshav
c66c868d7c
remove schema parameter from cycloneDX for npm build (#3038)
Co-authored-by: Your Name <you@example.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-08-10 16:22:13 +02:00
Daniel Mieg
9c76b89fb8
Add telemetry for abapEnvironment steps (#3016)
* Remove explicit telemetry from signature

* Set log level

* ATC set error category
2021-08-04 17:31:16 +02:00
Oliver Nocon
f308fbfc0d
feat(getConfig) allow reading stage configuration (#3026)
* feat(getConfig) allow reading stage configuration

* update test

* use fix version of Selenium Image for Karma tests
2021-08-04 10:09:02 +02:00
Mayur Belur Mohan
c283b9319d
IntegrationArtifactUnDeploy Command (#3018)
* IntegrationArtifactUnDeploy Command

* formatting fix

* Code Review Fixex

* Code Review Fixes

* remove unused code

* Formating fixes

* formatting fixes

* formatting fix

Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
2021-08-02 16:27:16 +02:00
Oliver Nocon
6f32b437be
fix(dockerOptions) allow proper usage of empty values (#3025)
This follows up on #3024
Setting emptyValue to s.th. like `--entrypoint=''` will break in case the argument is properly escaped.

Docker will return with
`container process caused: exec: "''": executable file not found in $PATH`
2021-08-02 14:57:37 +02:00
Giridhar Shenoy
4aa59dbdcb
Move BlackDuck API helper to OS version (#3008)
* feat(detectExecuteScan): generate ip result json

json will currently only be created in success cases.

No information about policy violation details available in the step yet.

* update report name

* Update cmd/detectExecuteScan.go

Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>

* Update cmd/detectExecuteScan.go

Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>

* Update cmd/detectExecuteScan_test.go

Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>

* Update cmd/detectExecuteScan_test.go

Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>

* move blackduck api package

* fix broken unit test

* added tests for new api calls

Co-authored-by: OliverNocon <oliver.nocon@sap.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-08-02 11:18:58 +02:00
Oliver Nocon
f455a8a4a0
fix(dockerOptions) properly pass empty values (#3024)
it is possible to overwrite the entrypoint for docker execution:
https://docs.docker.com/engine/reference/run/#entrypoint-default-command-to-execute-at-runtime

This is ideally done by passing `entrypoint=''` and not pass two options to the call.
This also helps with escaping issues of the empty value on other systems.

Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2021-08-02 10:21:14 +02:00
Martin Zuber
aa50cfb78d
Improve determining PR key in Azure DevOps provider. (#3007) 2021-08-02 10:08:33 +02:00
Mayur Belur Mohan
2f2fd84193
GetIntegrationArtifactMPLError function (#3000)
* GetIntegrationArtifactMPLError function

* formating fixes

* formating fixes

* formatting fixes

* formatting fixes

* Formatting fixes

* formatting fixes

* Code Review Fixes

* Code Review Fixes

* Code Review Fixes

* Code Review Fixes
2021-07-28 12:00:41 +02:00
Oliver Feldmann
7259ccc726
Remove version from deploy step (#2978) 2021-07-27 09:51:56 +02:00
Siarhei Pazdniakou
7a325e6fc8
Convert step/stage condition logic to golang (#2993)
* Added checkIfStepActive step

* Implemented npmScripts condition. Code was refactored

* Added some unit tests

* Fixed go modules

* Fixed go modules

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-07-26 07:47:43 +02:00
ffeldmann
39858cde2b
fix(splunkHook): Adds check if responseBody is nil (#3002)
* Improved logging of splunk connectivity errors

* Splunk logging

* Moved error logging message

* Bugfix for response body

* Moves response body check, logging of connectivity errors

* Reformatting

* Adds check if response body is nil
2021-07-23 16:02:27 +02:00
larsbrueckner
dbbbe1f0b3
Updates to toolrecord framework (#2986)
* Toolrecord framework -
provide a common entry point for post processing code scan results

Changes to be committed:
	new file:   pkg/toolrecord/REAMDE_toolrecord.md
	new file:   pkg/toolrecord/toolrecord_main.go
	new file:   pkg/toolrecord/toolrecord_test.go

* Add toolrecord file to Checkmarx results
modified:   cmd/checkmarxExecuteScan.go

* Add toolrecord file to Fortify results
	modified:   cmd/fortifyExecuteScan.go

* Add toolrecord file to Whitesource results
modified:   cmd/whitesourceExecuteScan.go

* unset umask (#2927)

* (feat) adds error logging output for downloading reports from whitesource (#2928)

* Add toolrecord file to Protecode results

* address code climate findings (1/2)

* address codeclimate findings (2/2)

* add comments to all methods

* Toolrecord library:
- move all toolrun files into a subdirectory
- fix timestamp generation in filenames

* add protecode group's URL to toolrecord data

* fix syntax error from previous commit in cmd/protecodeExecuteScan.go

* toolrecord: fix projectVersionID and generated URLs in fortifyExecuteScan.go

* cmd/fortifyExecuteScan.go: replace a hard-coded servername with
config.ServerURL

* update description

* add toolrecord file to detectExecuteScan

* toolrecord/whitesource: add project names as context

Co-authored-by: Kevin Stiehl <kevin.stiehl@numericas.de>
Co-authored-by: ffeldmann <felix@bnbit.de>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2021-07-23 08:48:48 +02:00
Anil Keshav
3c41788405
fix(mavenBuild) looses trust to existing java cacerts (#2977)
* using default java truststore

* default java keytore

* remove trust store

* working directory

* change dir java_home

* env variable

* trying to find jre home

* changing directory to jre home and java home

* trying java jre

* remving $

* trying to search the cacerts

* copying existing cacerts

* removing change directory

* searching for secrutiy folder only

* searching cacerts

* new path for cacert

* path to ca-cert

* new trust store

* changing cacert location

* only adding maven_opts env variable once

* log message

* ca cert path from user

* handelling interface modification

* enhance logs and code clean up

* code clean up

Co-authored-by: Your Name <you@example.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
2021-07-22 11:06:46 +02:00
Mayur Belur Mohan
a763112fe6
integrationArtifactUpload Fixes (#2987)
* integrationArtifactUpload Fixes

* format fixes

* Doc fixes

* Fix unit tests

Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
2021-07-16 16:09:55 +02:00
Sven Merk
ee6d46a77c
fix(protecodeExecuteScan): Fix typo in report name (#2982)
* Fix exclude and enhance docs

* Fix test

* Fix test

* Add reporting to checkmarx step

* Improve text

* Add protecode report

* Fix fmt

* Add error handling

* Fix report name
2021-07-16 09:08:28 +02:00
Christopher Fenner
f78777f784
feat(npm): allow to publish artifact to registry (#2871)
* add new paraeters

* update generated sources

* run npm publish

* add repositoryUrl parameter

* handle registry credentials

* rename parameter

* handle base64encoding

* remove vault reference

* make username secret

* add publish method

* use publish method

* use dedicated registry

* use dry run

* fix

* prepend path

* fix workdir

* move code to npm package

* do changes

* update dependencies

* correct property init

* remomve dry-run

* regenerate

* add mock

* add logging

* add debug log

* dry-run

* remove try run

* remove append

* add debug outut

* change

* add debug output

* changes

* cleanup

* use different auth property

* add credential utils

* add debug log outputs

* remove auth handling & reuse writeFile

* rename

* fix debug output

* remove comments

* update comment

* rename function

* update docs

* update generated files

* handle npm ignore

* remove commented code

* add debug output
2021-07-15 14:46:04 +02:00
ffeldmann
4922a75ac1
Improves error logging for Splunk hook (#2966)
* Improved logging of splunk connectivity errors

* Splunk logging

* Moved error logging message

* Bugfix for response body

* Moves response body check, logging of connectivity errors

* Reformatting
2021-07-14 08:48:48 +02:00
ffeldmann
e9d8175c9b
Adds retry mechanism for whitesource in case the download of the unified agent or JRE fails (#2961) 2021-07-13 20:36:36 +02:00
Sven Merk
3e7595920f
feat(protecodeExecuteScan): Add protecode report (#2981)
* Fix exclude and enhance docs

* Fix test

* Fix test

* Add reporting to checkmarx step

* Improve text

* Add protecode report

* Fix fmt

* Add error handling
2021-07-12 12:20:25 +02:00
Sven Merk
9571fd28f4
feat(checkmarxExecuteScan): Reporting for pipeline optimization (#2976)
* Fix exclude and enhance docs

* Fix test

* Fix test

* Add reporting to checkmarx step

* Improve text
2021-07-09 10:19:42 +02:00
Oliver Nocon
805a8fd88f
feat(config): read config/defaults with authentication (#2975)
* feat(config):read config/defaults with authentication

This change allows to use defaults and config files from a protected GitHub repository.

The options `--customConfig` and `--defaultConfig` already allowed to provide a link to an uprotected file.

Now, by passing a value in the form `<hostname>:<token>` to parameter `gitHubTokens` (this parameter can be passed multiple times) a token can be provided for dedicated hosts.

This makes it possible to use a link like
`https://api.github.com/repos/SAP/jenkins-library/contents/resources/my-defaults.yml?ref=master`
as reference to a default file or similarly as reference to a configuration file.

* update generation to allow protected config/defaults

* fix CodeClimate issues

* update missing generations
2021-07-08 15:26:07 +02:00
Roland Stengel
e2fa05587d
RFC Upload GO (#2903)
* RFC Upload GO
- yaml review
- add cpe
- harmonize with solman
2021-07-01 13:11:21 +02:00
Siarhei Pazdniakou
54f2a0d471
Added go-based influxWriteData step (#2890)
* Added go-based influxWriteData step

* Wrote tests & fixed issues

* Fixed issues

* Created go-based step tests. Fixed issues

* Fixed issues

* Integration test was added

Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2021-06-30 11:18:49 +02:00
Thorsten Duda
7910df0e8c
new step integrationArtifactTriggerIntegrationTest (#2951)
* new step integrationArtifactTriggerIntegrationTest

* add new step into allow list

* add the new step to main command

* refer cpe

* remove unused unit tests

* Check methods and URLs of http request

* Add TriggerIntegration to mockingutils

* Format code

Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
Co-authored-by: Linda Siebert <linda.siebert@sap.com>
2021-06-29 14:50:19 +02:00
Linda Siebert
78a29d782b
CPI - Introduce service key (#2901)
* Switch to service key for CPI GetMplStatus

Introduces read method for service key files, mock utils and tests.

* Use secret text instead of file

* Change serviceKey definition

* Update cpiUpload to use Service Key

retrieved the host and uaa information from service key

* Update cpiDeploy to use service key

retrieved the host and uaa information from service key

* Update cpiServiceEndpoint to use Service Key

retrieved the host and uaa information from service key

* Update cpiDownload to use Service Key

retrieved the host and uaa information from service key

* Update cpiUpdateConfig to use Service Key

retrieved the host and uaa information from service key

* Refactor serviceKey var name

* Fixed references to service key to follow the real format

they should be accessed through oauth instead of uaa because of the format of the json

* Rename ServiceKey to APIServiceKey

To support having a different service key(and for readability), we need to change the name to API.

* Add STAGES and STEPS yaml

add in to each yaml file of cpi integration

* Revert "Add STAGES and STEPS yaml"

This reverts commit aa2665d158.

* Change comments/formatting commonUtils

Make comments more understandable and follow code climate suggestions

* Change documentation files for steps

remove OAuth and host and change credentials to be servicekey

Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
Co-authored-by: Thorsten Duda <thorsten.duda@sap.com>
2021-06-28 10:50:33 +02:00
Marc Bormeth
b5357f9437
feat: Add environment information to orchestrator package (#2942)
* Fix Orchestrator detection

* Add unit tests

* Add environment info to orchestrator package
2021-06-25 10:50:56 +02:00
Kevin Stiehl
a48b8afc31
fix(commonPipelineEnvironment): keep json numbers untouched (#2908)
* keep numbers untouched

* rebase master
2021-06-23 20:20:43 +02:00
larsbrueckner
61fe88e199
Add "toolrecord" files to Fortify, Checkmarx, Protecode and Whitesource results (#2929)
* Toolrecord framework -
provide a common entry point for post processing code scan results

Changes to be committed:
	new file:   pkg/toolrecord/REAMDE_toolrecord.md
	new file:   pkg/toolrecord/toolrecord_main.go
	new file:   pkg/toolrecord/toolrecord_test.go

* Add toolrecord file to Checkmarx results
modified:   cmd/checkmarxExecuteScan.go

* Add toolrecord file to Fortify results
	modified:   cmd/fortifyExecuteScan.go

* Add toolrecord file to Whitesource results
modified:   cmd/whitesourceExecuteScan.go

* unset umask (#2927)

* (feat) adds error logging output for downloading reports from whitesource (#2928)

* Add toolrecord file to Protecode results

* address code climate findings (1/2)

* address codeclimate findings (2/2)

* add comments to all methods

Co-authored-by: Kevin Stiehl <kevin.stiehl@numericas.de>
Co-authored-by: ffeldmann <felix@bnbit.de>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2021-06-23 15:05:00 +02:00
Sven Merk
ab9e154d10
Replace io.Copy (#2934)
* Replace io.Copy

* Test coverage

* Improve test

* Fix fmt

* Improve error handling in test

* Fix code

* Improve test error log

* Fix fmt

* Fix unix file handles

* Fix error message

* Resolve code climate issue
2021-06-23 14:41:52 +02:00
ffeldmann
6671afb909
(feat) adds error logging output for downloading reports from whitesource (#2928) 2021-06-21 13:36:08 +02:00
Kevin Stiehl
792d435a7f
fix(commonPipelineEnvironment) file and directory permissions (#2924) 2021-06-18 09:56:31 +02:00
Kevin Stiehl
173e887064
[CPE] Missing pipeline environment in sonar docker container (#2909)
* execute writepipeline env in sonar

* non exisitng dir is no error

* add log message
2021-06-16 11:46:55 +02:00
Oliver Nocon
0b48bfcc73
feat: retrieve metadata by stepName - corrected (#2892)
* refactored getConfig to allow stepName param for metadata fetching

* extended step generator

* go generate

* Update cmd/getConfig.go

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>

* Update cmd/getConfig.go

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>

* Update cmd/getConfig.go

* update generated files

* update golden files to care for generator update

* update and add tests

* update generated files

* Update cmd/getConfig.go

* Update cmd/getConfig.go

* update/fix formatting

* feat: retrieve metadata by stepName - corrected

* update generation

* update condition logic for defaults

* update generation & tests

* support multiple conditions

* update generation

* Add generated

Co-authored-by: Leander Schulz <leander.schulz01@sap.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Sven Merk <s.merk@sap.com>
2021-06-16 08:43:30 +02:00
Christopher Fenner
367ca6211a
refactor(protecode): simplify protecode calls (#2838)
* simplify protecode calls

* add todos

* reomve todo

* restore go.sum

* Update cmd/protecodeExecuteScan.go

Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>

* Apply suggestions from code review

* remove productID

Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
2021-06-15 22:29:24 +02:00
Sven Merk
a43f46465a
feat(fortifyExecuteScan): HTML report for Fortify (#2879)
* Tune test

* Fix report implementation

* Fix tests

* Fix values

* Fix code and test

* Report writing fix

* Commit generated sources

* Update cmd/fortifyExecuteScan.go

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>

* Externalize report generation

* Fix fmt

* Fix fmt 2

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
2021-06-15 14:53:42 +02:00
Kevin Stiehl
d1c8abc6b3
refactor: move common pipeline environment handling to golang (#2823)
* make use of new read,writePipelineEnv Steps in groovy

* remove unused cat

Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
2021-06-15 14:34:56 +02:00
Sven Merk
7fa31ae9cc
feat(http): Resilience via retry on intermittent communication issues (#2877)
* feat(http): Resilience on connectivity issues

* Update whitesourceExecuteScan.go

* Update splunk_test.go

* Fix initialization

* Change http interaction

* Fix fmt and tests

* Final test fix
2021-06-15 11:13:24 +02:00
Marcus Holl
fe5ce61d9e
rfc upload (#2533)
* Add RFC upload command
2021-06-14 12:36:18 +02:00