* changes to detectExec before master merge
* changes for detectExecuteScan
* self generated code added
* fix syntax errors and update docu
* added unit tests for fail and Group
* fix failOn bug
* add Groups as string array
* add Groups as string array
* tests and validation for groups, failOn
* Updated docs and added more tests
* documentation md files should not be changed
* Handle merge conflicts from PR 1845
* fix merge errors
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
This change enables the use of the new npmExecuteEndToEndTests in the
stages release and acceptance if it is configured. If it is not
configured, nothing should change.
This change adds a buildDescriptorExcludeList parameter to
npmExecuteScripts, to enable the exclusion of certain directories when
executing npm scripts. Previously, npmExecuteScripts could only execute
scripts in all packages.
Now it is possible to provide paths or patterns as elements of the
buildDescriptorExcludeList to exclude packages when executing npm scripts.
This change adds the missing report handling to npmExecuteEndToEndTests
step. In addition, it extends the testsPublishResults step to support
cucumber test results.
The multicloudDeploy step is newer and more capable compared to the old steps. For pipelines that don't configure the multicloudDeploy step, nothing should change.
* Whitesource MVP for Gradle, Golang, and NPM/Yarn
* Refactoring
* Refactor and cleanup, better error checking
* publish stepResults, use pkg/versioning, bubble up errors, add gomod versioning support
* Run gofmt and cleanup comments
* Resolve PR comments
* Update resources/metadata/whitesource.yaml
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* Only determine project coordinates if they are missing
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
* Gradle versioning artifact
* fix gradle artifact version regexp and refactor
* Fix token extraction from output buffer
* Fix some issues with pip and jsonfile versioning logic
* Remove useless spacing
* Remove unnecessary test file and fix naming style for JSONDescriptor
* Automatically download wss-unified-agent if file does not exist
* adds downloadVulnerabilityReport, checkSecurityViolations, minor refactoring
* adds config.ReportDirectoryName, improves readability
* Version-wide reporting for vulnerabilities and list of libraries.
* Refactor and improve build accuracy
* fix sed command
* Add includes file pattern config option
* Adds --exclude command line flag
* run go mod tidy and regenerate step framework
* Fix unit tests
* revert changes
* poll project status before downloading reports
* merge with master
* go mod tidy, go fmt, and fix whitesource unit test
* sync go.mod
* sync go.mod again
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* Fix alias cfServiceKeyName
* Adapt documentation
* Fix alias use in go files
Co-authored-by: Daniel Mieg <56156797+DanielMieg@users.noreply.github.com>
* add APIs for getNodes, getExtDescriptor, putExtDescriptor and uploadExtDescriptor
* add new params and extend the logic to enable upload or update extension descriptor to node
* extends unit tests
Co-authored-by: Zihe Cheng <zihe.cheng@sap.com>
Co-authored-by: Marcus Holl <marcus.holl@sap.com>
Ensure npm dev dependencies are available after mtaBuild as they are required by certain tests.
Co-authored-by: Kevin Hudemann <kevin.hudemann@sap.com>
Co-authored-by: Daniel Kurzynski <daniel.kurzynski@sap.com>
This change adds linting support for Java-/TypeScript projects based on the checkDefaultLint and checkUserLint steps from Cloud SDK Pipeline.
Following options are supported:
1. Define a linting script named ci-lint in the package.json file(s) of the project
2. Provide a configuration for ESLint as part of the project
3. If none of the above: ESLint is executed with a general purpose configuration.
Co-authored-by: Daniel Kurzynski <daniel.kurzynski@sap.com>
This change refactors the npm pkg and npmExecuteScripts implementations
to be reusable for future steps, e.g., npmExecuteLint.
In addition, it fixes few small bugs related to unit test execution on
Windows and the fileUtils mocking implementation.
Co-authored-by: Daniel Kurzynski <daniel.kurzynski@sap.com>
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
Extend mta build step to install maven artefacts after build to allow re-using them in later stages (additional unit or integration tests which might not be running as part of the "build" life-cycle).
* The metadata for artifactPrepareVersion-go specifies a container for when the buildTool is maven.
* The alias to 'mavenExecute' was removed. The problem with this is that when a section containers is included in the metadata, dockerImage will always be picked up from mavenExecute, the conditional dependency on buildTool will not even be considered. Parameters such as m2Path, projectSettingsFile and globalSettingsFile should be configured in general/maven if necessary.
* When the step ends up being executed within dockerExecuteOnKubernetes, we need to preserve the .git folder. This folder would normally be excluded by the default excludes of the stash step. There was already a comment that suppressing this behavior by passing useDefaultExcludes: false was problematic (unfortunately without going into details), so I've added a new parameter to dockerExecute and dockerExecuteOnKubernetes named stashNoDefaultExcludes (note the reverted meaning to ease preserving the default behavior when this parameter is not provided). This parameter is passed to piperExecuteBin from the artifactPreferVersion groovy wrapper.
Provide a timeout parameters to malwarescan step. This is forwarded to the piper http layer. The default used there is 10 seconds with is not useable for that use case for larger files.
* Update fortify.yaml
* src, exclude and pythonAdditionalPaths are now lists of strings
* Re-implement pythonIncludes and pythonExcludes as aliases of src and exclude
* Fix using the correct separator (; on windows, : on everything else)
* Tokenize also python "includes"
* mvnCustomArgs was removed
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
* also reduce code duplication in token fetching
* concatenate classpaths from multi-maven projects
Co-authored-by: Daniel Kurzynski <daniel.kurzynski@sap.com>
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
Co-authored-by: Kevin Hudemann <kevin.hudemann@sap.com>
Co-authored-by: Daniel Kurzynski <daniel.kurzynski@sap.com>
* added new step gctsDeployCommit
* suggested PR fixes applied
* fixed test
* Remove unused imports
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* added URL encoding for 'request' parameter
* regenerate after change
* minor changes
* renamed step to 'gctsDeploy'
* changed name
* remove space
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* Create step to save container image
* add error handling for directory creation
* Update permissions
* remove indirection and add tests
* finalize tests
* Fix test to also run on linux environments
* Update cmd/containerSaveImage.go
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
* Update resources/metadata/savecontainer.yaml
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
* Update cmd/containerSaveImage.go
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
* Update cmd/containerSaveImage_test.go
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
* Update generated file
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
* Enable multiple repositories
* Improve readability
* Adapt documentation
* rerun generator
* Add initial info line
* Improve logging
* Enable configuration in GENERAL section
* Adapt yml abapEnvironmentPullGitRepo
* Add aliases for crendetialsId
* Change order of credentialsId aliases
* Change prio of different names of credentialsId
* Add docu to sidebar
* write flag for sonar execution to influx
* add missing step metadata file
* first attempt to read influx from disk
* add missing import
* correct glob pattern
* use file path
* correct type names
* cleanup
* fix code climate issue
* fix typo
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
* add test case
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
* artifactPrepareVersion: additional options
it is now possible to use
* a Unix timestamp number
* a short commit hash
* Add dedicated Docker versioning scheme
* fix docu
* enhanced step docu and metadata
* regenerate after changing metadata
* small wording change
Co-authored-by: Marcus Holl <marcus.holl@sap.com>
* add possible values for xsDeploy
* add possible values for protecodeExecuteScan
* add possible values for mtaBuild
* add possible values for artifactPrepareVersion
* add possible values for sonarExecuteScan
* add possible values for detectExecuteScan
* add possible values for checkmarxExecuteScan
* Update gctsCreateRepository.yaml
This change enables the use of the artifactPrepareVersion go step instead
of the deprecated artifactSetVersion groovy implementation for the Cloud
SDK Pipeline. The groovy wrapper for the artifactPrepareVersion step now
enables the use of the download cache and minor issues are fixed.
With the step gctsCreateRepository it is possible to create a local gCTS repository on an ABAP server
Co-authored-by: Marcus Holl <marcus.holl@sap.com>
* Extends kubernetesDeploy step to support Helm 3
Currently, the kubernetesDeploy step has no support to Helm 3 due to the fact that:
- the initialization command used works only for Helm 2
- the image used when running the helm CLI is based on Helm 2
The need for Helm 3 support comes from the fact that Helm 3 introduces major architectural changes,
more specifically, the removal of its server-side agent called Tiller - thus, being incompatible with
one another.
This commit adds this support by introducing a new configuration field (helmVersion).
By default, its values is set to 2 (Helm 2) to avoid breaking any existing functionalities.
* Use deployTool field to decide between Helm 2 or 3
* Remove helm init and replace wait for atomic in v3
* Update cmd/kubernetesDeploy.go
Nice catch!
Co-Authored-By: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* Add documentation for kubernetesDeploy step
* Add helm3 example for kubernetesDeploy step using mandatory fields
* Add new line at the end of kubernetesDeploy documentation
* Link kubernetesDeploy step with docs generator
* Add possible values for deployTool in kubernetesDeploy
* dummy change
* Revert "dummy change"
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* use sonar go in groovy
* use SONAR_TOKEN
* only use owner/repo if both are set
* trim version to major version digit
* fix code climate issues
* remove Sonar defaults
* use sonar go step
* use SONAR_TOKEN
* use certs from parameters
* use docker workspace & options
* add instance parameter
* implement branchName
* implement branchName
* remove duplicate default
* update docs
* fix TODOs
* remove merge mess
* fix code climate issue
* address comments
* respect custom defaults and custom config file name
* fix typo
* remove obsolete test cases
* disable CommonStepChecks
* check step config instead of context config
* remove TODOs
* respect jenkins PR envvars
* use value from stepConfig
* Update vars/sonarExecuteScan.groovy
* rename options to config
* correct type for options
* add test cases
* log sonar.options in debug message
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* iterate over found pom.xml files for maven projects, deploy found artifacts
* classifiers are found by testing prefix/suffix of artifact
* Remove additionalClassifiers option
* Improve documentation
* Fix fallback for finalBuildName
* Ignore mvn modules with packaging != pom but no target dir
* Fail when main artifact is missing, add more tests
Co-authored-by: Stephan Aßmus <stephan.assmus@sap.com>
* Add ReportAggregator to collect information about executed stages and create reports
* ReportAggregator is used by the SAP Cloud SDK to collect information about which stages were executed,
code coverage and many more measurements.
* based on the measurements a pdf report can be generated which can be used to get a certification by SAP
* Add ReportAggregator to collect information about executed stages and create reports
* ReportAggregator is used by the SAP Cloud SDK to collect information about which stages were executed,
code coverage and many more measurements.
* based on the measurements a pdf report can be generated which can be used to get a certification by SAP
Artifacts to upload are assembled for MTA projects and Maven projects with optional application sub-module. Then maven deploy:deploy-file is used as backend to upload bundles of artifacts plus sub-artifacts.
Co-authored-by: Florian Wilhelm <florian.wilhelm02@sap.com>
* Golang step metadata: Config aliases for steps
This will ease following scenarios:
* config migration due to step name changes
* re-use of more general config, e.g. `mavenExecute` in `mavenBuild`
* fix CodeClimate finding
* Fix panic if original stage config does not exist yet
* add static code checks for maven based projects as:
* pmd plugin
* spotBugs plugin
* test modules as unit-tests and integration-tests will be ignored by default. Additional modules to ignore are configurable
* for pmd: rulesets and excludes are configurable
* for spotBugs: includeFilter and excludeFilter are configurable
* Update schema and hcp deployer version in mta.yaml file
* Add name parameter in mta yaml file
* Rename template_mta.yml to template_mta.yaml
* Fix indentation
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
Co-authored-by: Marcus Holl <marcus.holl@sap.com>
* Protecode as go implementation
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
The DebugReport is a global instance where steps can store information relevant for diagnosing failed pipelines. In the SDK Pipeline, this is used to generate a debug report within the postActionArchiveDebugLog step. The reason for adding this to Piper is to feed information about extended or overwritten stages in piperStageWrapper into the DebugReport, as was done before in the SDK Pipeline's equivalent runAsStage step.
* Use commonPipelineEnvironment in go binary
* Update groovy part incl. tests
* Rework structure and naming
* Support influx resources in steps
* Update tests and some cleanups
* Add correct defer handling
* Address PR feedback
* Fix test
* Update resources.go
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
* chore(go): add schema for go metadata files
* chore(go): use k8s container definition in schema
* chore(go): add reusable schema definitions
* chore(go): add further schema definitions
* docs(schema): add description how to use metadata schema
* tests(testsPublishResults): evaluate file pattern for cobertura
* tests(testsPublishResults): test for cobertura in UI5 projects
* feat(testsPublishResults): collect cobertura of UI5 projects by default
# Changes
This PR adds a new step: cloudFoundryServiceCreate
There is a cf community plugin [Create-Service-Push](https://github.com/dawu415/CF-CLI-Create-Service-Push-Plugin) available to apply infrastructure as code to Cloud Foundry. The plugin uses a manifest.yml to create services in a targeted CF space.
The proposed step provides an interface to this plugin.
Already done:
- [x] Tests
- [x] Documentation
Further actions:
- a Refactoring: Move varOptions and varsFileOption code into a class and make us of this here and in cloudFoundryDeploy step. -> Is it ok to use the CfManifestUtils, or add it as a new class to variablesubstitiion package?
- enhance the s4sdk cf cli docker image to include the plugin.
* Provide additional opts for cf deploy
Inside cloudFoundyDeploy we use these cf commands
o login
o plugins
o blue-green-deploy
o push
o deploy
o bg-deploy
o stop
o logout
o logout and stop does not provide any options
o plugins provides options (--checksum --outdated) but it is unlikely that
these options can be used in a reasonable way during the deploy process.
o login now uses `loginOpts`
o The other commands uses now `deployOpts`
* provide additional opts also for cf api calls
* Provide more log when verbose
* re-use mtaDeployParameters and adjust names of other params (api, login) accordingly
* Streamline naming
* distinuish between cfNative and mta deploy params
* Add cfNativeDeployParam default
* login and api paramters are not under cloudFoundry
* Take proper jnlp image as default for Kubernetes execution
Following changes are contained:
* removal of custom jnlp image as default
* allow customization of jnlp image via system environment
fixes#757
* add documentation
* add Slack notification to post stage
* add Slack notification to init stage
* add trigger condition for Slack notification
* fix whitespaces
* use capital stage name
* add tests for init stage
* remove unused import
* add tests for post stage
* minor changes
* fix typo
* whitesourceExecuteScan - fix stashing behavior for golang
**changes:**
golang scan requires sources to be present. They are already part of the `checkmarx` stash which can be used here.
* fix tests
* handlePipelineStepErrors - allow step timeouts
This adds another resilience option:
A timeout can be configured for steps in order to stop step execution, continue with the pipeline while setting build status to "UNSTABLE"
* Define pod using k8s yaml manifest
The Kubernetes plugin allows to define pods directly via the Kubernetes
API specification:
https://github.com/jenkinsci/kubernetes-plugin#using-yaml-to-define-pod-templates
This has the advantage of unlocking Kubernetes features which are not
exposed via the Kubernetes plugin, including all Kubernetes security
featues.
Using the Kubernetes API directly is also better from development
point of view because it is stable and better desgined then the API the
plugin offers.
* Make the Kubernetes ns configurable
If one Jenkins Master is used by multiple Teams, it is desirable to
schedule K8S workloads in seperatae workspaces.
* Add securityContext to define uid and fsGroup
In the context of the Jenkins k8s plugin it is uids and fsGroups play an
important role, because the containers share a common file system.
Therefore it is benefical to configure this data centraly.
* fix indention
* Undo format changes
* Extend and fix unit tests
* Fix port mapping
* Don't set uid globally
This does not work with jaas due to permissions problems.
* Fix sidecar test
* Make security context configurable at stage level
* Extract json serialization
* Cleanup unit tests
* Provide flag for skipping docker image pulls
Usefull for testing while developing images. Without pulling images it is possible to
use images available in the local registry only.
* Project "Piper" Template: framework and structure
This is the first in a series of Pull-Requests to provide a fully functional Pipeline template into the library.
This PR contains:
* general Pipeline structure incl. tests
* Pipeline initialization incl. tests
* Hollow pipeline stages incl. tests
* first set of default values
* add gitUrls to commonPipelineEnvironment
* set correct git information on commonPipelineEnvironment
Fix stashing behavior to include all files in workspace.
This was for example an issue for PR-voting in Docker pipeline since `Dockerfile` has been excluded from stashing
The following features were added:
Lock resources for deployment
New parameters: environment, vmArguments
Assert password does not start with @
Link to cloud cockpit
Only execute rolling update if app is running
Show logs if deployment failed
Restart app after normal deployment
Use neo namespace for parameters
Align parameter names with neo sdk: size, application, source
Remove vmSize check as done by the tool itself
Add reporting of operations-related data to Influx (if configured), like:
* Version of deployed artifact
* Deployment time
* Target infrastructure for deployment
* add wrapper for stages contained in library
`piperStageWrapper` provides a wrapper for stages which we may include into the library.
It will take care about extension capabilities, locking, node handling, ... which should be a capability of every stage contained in the library.
This step allows to easily create a new release for your GitHub repository
* include PR review feedback - add additional labels
* consider return status of api call
This step allows to restart a set of steps in order to retry in case of e.g. infrastructure failures which first need to be fixed.
* update documentation
This step allows to perform a basic health check on an installed application.
It verifies that your app has a simple health endpoint available and that there is no error when calling it.
It comes with an extension to executeDocker and executeDockerOnKubernetes to run sidecar containers.
This helps to execute Selenium tests using two Docker images:
1. Execution runtime for tests (e.g. node image)
2. Selenium instance which holds Selenium server + browser
* add documentation & some name cleanup
* include PR feedback
* add step documentation to structure
* Create executeDockerOnKubernetes.groovy
* Update dockerExecute.groovy
* Create SysEnvTest.groovy
* Update default_pipeline_environment.yml
* Update executeDockerOnKubernetes.groovy
* Create utils object
* update docker image
* Update mavenExecute.groovy
* Use pipeline-lib than piper
* Check container name
* Always change ownership to 1000
* Check for map
* Fix command
* Move chmod to docker execute
* Use generic name for the pod
* runAsPod has been added
* Return false if script has no k8smapping
* fix syntax error
* Null checks
* Returnn dockerImage name
* Check method body
* Return container name
* Cleanup echos
* Use runAsPod
* Rename step
* Use official jenkins JNLP agent image
* Construct containersMap
* Check if kubernetes plugin is active
* Support JaaS
* pass script object
* Move configuration to default section
* Use generic flag to check if running in k8s
* fix jnlp agent name
* Solve travis errors
* Improvements to config and changes to name of the method
* Improvements to config
* Fix type
* Rename stash config
* add import
* Fix map order
* Fix jnlp agent name
* cleanup config usage
* Check if config is enabled
* Use nested k8s mapping
* Support custom docker workspace and move flag to env
* Feature/k8s stage (#1)
* Use nested k8s mapping
* Support custom docker workspace and move flag to env
* Check dockerOptions value
* Support local execution
* Add tests for dockerExecute
* Move config to step and Fix tests
* Use step configuration while running as a pod
* Streamline parameter and config initialization
* Streamline parameter and tests
* Cleanup and align variable name
* Use default JNLP agent if one not defined in config
* Add tests for runInsidePod. Ensure lowercase container names.
* Improve tests and remove unused code block
* Fix permission issues
* Perform stashing and unstashing inside container
* Use custom jnlp agent due to user id restriction
* Fix tests after jnlp agent change
* Address review comments
* Initialize script to default value if null
* Address review comments
* Update exeception handling and documentation
* Improve documentation
* correct indent
* Link documents to the index page
* Merge containerExecute and dockerExecuteOnKuberenetes step and address comments.
* Update dockerExecute.md
* Update dockerExecuteOnKubernetes.md
* Update default_pipeline_environment.yml
* update documentation
* Update documentation. Use annotation for singleton
* Update DockerExecuteOnKubernetesTest.groovy
* Update dockerExecute.groovy
* Update dockerExecuteOnKubernetes.groovy
* Improve documentation and test case names
* neoDeploy: switch to chained ConfigurationHelper (#244)
* switch neoDeploy to chained ConfigurationHelper
* update imports
* Improve tests
* Address review comments
* Improve documentation
* made dockerImage non-mandatory parm, improved test
* add comment regarding userid assumption
Disable download logs in Maven by default
This commit adds a flag to Maven by default, which disables the messages
like "Downloading from central".
The logger is set to level "warn", so errors will still be visible, but
successful messages won't clutter logs anymore.
This option is also set by default in the GitLab CI template file for
maven.
See [1] for reference on the option.
1: https://stackoverflow.com/a/35653426/8843830
* Make commit of new version optional in `artifactSetVersion` step
You might not want to add a new commit for each version, when versions
are automatically created. This commit makes this feature optional, but
enabled by default to maintain API compatibility.
* Set `gitCommitId` if null
* Improve documentation of `commitVersion` parameter
* Allow to operate in a code checkout without `.git` directory