For running open source vulnerability scans in de-coupled processes
it is helpful to allow that steps only create
compliance reports to inform users/teams
but not fail the pipeline.
This can now be achieved constitently with the flag:
`failOnSevereVulnerabilities`
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Sets git reference and gitRemoteCommitId.
Jenkins has 2 strategies - 'Merging the pull request with the current target branch revision' and 'The current pull request revision'. When 'Merging the pull request with the current target branch revision' is run, Jenkins creates a local merge commit and runs a job for that particular merge commitId. This commitId is then used for codeql to upload sarif, on upload it throws an error as the merge commit does not exist in github. To resolve this we have introduces a new variable 'gitRemoteCommitId' in commonPipelineEnvironment which gives the remote merge commit id.
* enable build without values
* add sap-client as option
* use function from /net/url to add parameters
Co-authored-by: tiloKo <70266685+tiloKo@users.noreply.github.com>
* including comma seperated strings as arguments
* fix unit test
* adding unit test
* fix unit test no param case
Co-authored-by: anilkeshav27 <you@example.com>
* Add ans implementation
* Remove todo comment
* Rename test function
Co-authored-by: Linda Siebert <39100394+LindaSieb@users.noreply.github.com>
* Better wording
Co-authored-by: Linda Siebert <39100394+LindaSieb@users.noreply.github.com>
* Add reading of response body function
* Use http pkg ReadResponseBody
* Check read error
* Better test case description
* Fix formatting
* Create own package for read response body
* Omit empty nested resource struct
* Separate Resource struct from Event struct
* Merge and unmarshall instead of only unmarshalling
* Improve status code error message
* Remove unchangeable event fields
* Separate event parts
* Change log level setter function
* Restructure ans send test
* Revert exporting readResponseBody function
Instead the code is duplicated in the xsuaa and ans package
* Add check correct ans setup request
* Add set options function for mocking
* Review fixes
* Correct function name
* Use strict unmarshalling
* Validate event
* Move functions
* Add documentation comments
* improve test
* Validate event
* Add logrus hook for ans
* Set defaults on new hook creation
* Fix log level on error
* Don't alter entry log level
* Set severity fatal on 'fatal error' log message
* Ensure that log entries don't affect each other
* Remove unnecessary correlationID
* Use file path instead of event template string
* Improve warning messages
* Add empty log message check
* Allow configuration from file and string
* Add sourceEventId to tags
* Change resourceType to Pipeline
* Use structured config approach
* Use new log level set function
* Check correct setup and return error
* Mock http requests
* Only send log level warning or higher
* Use new function name
* One-liner ifs
* Improve test name
* Fix tests
* Prevent double firing
* Reduce Fire test size
* Add error message to test
* Reduce newANSHook test size
* Further check error
* Rename to defaultEvent in hook struct
* Reduce ifs further
* Fix set error category test
The ansHook Fire test cannot run in parallel, as it would affect the
other tests that use the error category.
* Change function name to SetServiceKey
* Validate event
* Rename to eventTemplate in hook struct
* Move copy to event.go
* Fix function mix
* Remove unnecessary cleanup
* Remove parallel test
The translation fails now and again when parallel is on.
* Remove prefix test
* Remove unused copyEvent function
* Fix ifs
* Add docu comment
* Register ans hook from pkg
* register hook and setup event template seperately
* Exclusively read eventTemplate from environment
* setupEventTemplate tests
* adjust hook levels test
* sync tests- wlill still fail
* migrate TestANSHook_registerANSHook test
* fixes
* Add ans send event step
* Fix tests
* Add groovy wrapper
* Add groovy wrapper test
* Fix function names
* Reduce ifs
* Fix docu
* We always set the timestamp
* Validate event
* Test unknown field in json
* Make test list test
* Set all event fields as separate parameters
* Generate and fix code
* Review fixes
* Format test file
* Format go code
* Fix common steps tests
* Print event to console if verbose
Co-authored-by: Linda Siebert <39100394+LindaSieb@users.noreply.github.com>
Co-authored-by: Roland Stengel <r.stengel@sap.com>
* add Step azureBlobUpload
* add azure sdk and unit tests
* add Documentation
* fix Groovy Wrapper
* adopt the requested changes from awsS3Upload
* fix lint tests
* downgrade azure sdk to go 1.17
* multiple fixes e.g. use of temporary files for tests
* fix tests
* Update cmd/azureBlobUpload.go
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* Update cmd/azureBlobUpload.go
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* Update documentation/docs/steps/azureBlobUpload.md
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* Update documentation/docs/steps/azureBlobUpload.md
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* Update documentation/docs/steps/azureBlobUpload.md
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* Update documentation/docs/steps/azureBlobUpload.md
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* requested changes
* use latest version of azure sdk after update to go 1.18
* change staticcheck from 1.1.0 to 1.2.0
* try to fix lint test by pre-compiling go 1.18
* fix caching for lint test
* improve error handling by dividing runner
* improve error handling and add validation
* multiple naming fixes
* add new test for unmarshalling JSON-Structs
* Update cmd/azureBlobUpload_test.go
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* Update cmd/azureBlobUpload_test.go
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* Update cmd/azureBlobUpload_test.go
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* fix JSON unmarshall test
* Update documentation/docs/steps/azureBlobUpload.md
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* Update cmd/azureBlobUpload_test.go
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* Update cmd/azureBlobUpload.go
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* fix uploadFunc
Co-authored-by: Thorsten Duda <thorsten.duda@sap.com>
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
* adding arguments
* splitting strings into args and checking position
* addtional check on adding arguments
* unit testing
* refactoring code
* unit test clean up
* add unit test for multiple params in multiple scripts
* unit test name
Co-authored-by: anilkeshav27 <you@example.com>
* Improvements were made
* fixed tests
* fixed issues
* fix versioning
* fix Inclusive Language warnings
* gradle support to fortifyExecuteScan. Classpath resolving
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* fix(helmExecute): respect version from Chart
using version from CPE can create failure situations in case format is not semver.
This is the case for maven artifacts, for example.
* chore: simplify condition
* chore: cleanup
* chore: cleanup
* explicitly adding tar extension to project name when constructing the targetFilePath for whitesource docker image download
* comments
* correcting comment for better readability
* replace spaces in the project name with underscroe
* better comments
* passing legacy format download
* appending format to value
* keeping the download format for protecode as legacy
* improving docu
* keeping legacy format the default
* keeping tar file name same as project name to avoid duplicate names
* keeping legacy format download hard coded
Co-authored-by: anilkeshav27 <you@example.com>
* create virtual env
* adding bin bash source
* using sources from bin bash
* trying with bash
* appending filename to source
* using standard pip install
* not using root user
* adding path for pip
* using virtual env
* using virtual env name in path
* removing virtual env
* adding file path manually
* using root
* not using root and postpone removing venv
* trying to use the python from venv
* test to remove the venve
* seeing which python
* using symlink for python
* unit test
* python docu stub
* fix unit test and yaml extra line
* fixing unit test
* unit test success case fix
* unit test fix
* unit test fixes
* unit test and default publish flag
* fix integration test
Co-authored-by: anilkeshav27 <you@example.com>
* Add small fix
* fix unit-tests
* Add deploymentName and packageVersion as flags
* small fix
* Change getting version of helm chart
* small fix
Co-authored-by: “Vitalii <“vitalii.sidorov@sap.com”>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* add parameter for uploading multiple assets
* use assetPathList parameter
* add test case
* fix typo
* fix test case
* generage ghClient mock
* add test files
* make function testable
* add test case
* regenerate mock
* regenerate mocks
* feat(gitopsUpdateDeployment) forcePush
fix(gitopsUpdateDeployment) include registry
The push operation in this step can be forced to bypass branch-protection
Signed-off-by: Michael Sprauer <Michael.Sprauer@sap.com>
* add unit test
Signed-off-by: Michael Sprauer <Michael.Sprauer@sap.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* Remove --backend-type
* Delete CTS in isChangeDevelopment and change Dockerimage of CM-Client
* fix groovy unit tests
* another fix of groovy unit tests
* try to fix import of fork for Jenkins-Testing
* add workflow to create Go Binary for Jenkins-Server
* Change RepoOwner to test in Fork
* remove previous changes
* adjust docker image for TransportRequestCreate and Release
* Remove CTS from Documentation
Co-authored-by: Thorsten Duda <thorsten.duda@sap.com>
* adding PIP to BuildTool.groovy
* trying to run the container with root
* only creating sdist
* including wheel distribution
* adding settings info
Co-authored-by: anilkeshav27 <you@example.com>
* first version to download script from git
* unit test adjust
* adding git token
* info messages
* removing extra info message
* changing file permission for scrtips
* modying sources to handle https download
* adding script downloads
* commenting the file permission change
* changing persmission
* adding header to download file
* adding perimssions
* adding perimssions
* not touching file permissions
* adding to pipeline
* return file name
* changing script name
* adding file permission changes
* adding file permission changes
* using current directory
* file permission
* downloading in .pipeline folder
* removing permission handeling
* improving the step docu
* improving the step docu
* unit test and code cleaning
* fix typo
* adding read execute permission
* fix unit test
* fix unit test
* removing negative test
Co-authored-by: anilkeshav27 <you@example.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* Add helm dependency command
* Change name of flag for package command
Co-authored-by: “Vitalii <“vitalii.sidorov@sap.com”>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
