This follows up on #3024
Setting emptyValue to s.th. like `--entrypoint=''` will break in case the argument is properly escaped.
Docker will return with
`container process caused: exec: "''": executable file not found in $PATH`
* feat(detectExecuteScan): generate ip result json
json will currently only be created in success cases.
No information about policy violation details available in the step yet.
* update report name
* Update cmd/detectExecuteScan.go
Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>
* Update cmd/detectExecuteScan.go
Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>
* Update cmd/detectExecuteScan_test.go
Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>
* Update cmd/detectExecuteScan_test.go
Co-authored-by: Giridhar Shenoy <giridhar.shenoy@sap.com>
* move blackduck api package
* fix broken unit test
* added tests for new api calls
Co-authored-by: OliverNocon <oliver.nocon@sap.com>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
it is possible to overwrite the entrypoint for docker execution:
https://docs.docker.com/engine/reference/run/#entrypoint-default-command-to-execute-at-runtime
This is ideally done by passing `entrypoint=''` and not pass two options to the call.
This also helps with escaping issues of the empty value on other systems.
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
* Added checkIfStepActive step
* Implemented npmScripts condition. Code was refactored
* Added some unit tests
* Fixed go modules
* Fixed go modules
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* Improved logging of splunk connectivity errors
* Splunk logging
* Moved error logging message
* Bugfix for response body
* Moves response body check, logging of connectivity errors
* Reformatting
* Adds check if response body is nil
* Toolrecord framework -
provide a common entry point for post processing code scan results
Changes to be committed:
new file: pkg/toolrecord/REAMDE_toolrecord.md
new file: pkg/toolrecord/toolrecord_main.go
new file: pkg/toolrecord/toolrecord_test.go
* Add toolrecord file to Checkmarx results
modified: cmd/checkmarxExecuteScan.go
* Add toolrecord file to Fortify results
modified: cmd/fortifyExecuteScan.go
* Add toolrecord file to Whitesource results
modified: cmd/whitesourceExecuteScan.go
* unset umask (#2927)
* (feat) adds error logging output for downloading reports from whitesource (#2928)
* Add toolrecord file to Protecode results
* address code climate findings (1/2)
* address codeclimate findings (2/2)
* add comments to all methods
* Toolrecord library:
- move all toolrun files into a subdirectory
- fix timestamp generation in filenames
* add protecode group's URL to toolrecord data
* fix syntax error from previous commit in cmd/protecodeExecuteScan.go
* toolrecord: fix projectVersionID and generated URLs in fortifyExecuteScan.go
* cmd/fortifyExecuteScan.go: replace a hard-coded servername with
config.ServerURL
* update description
* add toolrecord file to detectExecuteScan
* toolrecord/whitesource: add project names as context
Co-authored-by: Kevin Stiehl <kevin.stiehl@numericas.de>
Co-authored-by: ffeldmann <felix@bnbit.de>
Co-authored-by: Sven Merk <33895725+nevskrem@users.noreply.github.com>
* using default java truststore
* default java keytore
* remove trust store
* working directory
* change dir java_home
* env variable
* trying to find jre home
* changing directory to jre home and java home
* trying java jre
* remving $
* trying to search the cacerts
* copying existing cacerts
* removing change directory
* searching for secrutiy folder only
* searching cacerts
* new path for cacert
* path to ca-cert
* new trust store
* changing cacert location
* only adding maven_opts env variable once
* log message
* ca cert path from user
* handelling interface modification
* enhance logs and code clean up
* code clean up
Co-authored-by: Your Name <you@example.com>
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* feat(config):read config/defaults with authentication
This change allows to use defaults and config files from a protected GitHub repository.
The options `--customConfig` and `--defaultConfig` already allowed to provide a link to an uprotected file.
Now, by passing a value in the form `<hostname>:<token>` to parameter `gitHubTokens` (this parameter can be passed multiple times) a token can be provided for dedicated hosts.
This makes it possible to use a link like
`https://api.github.com/repos/SAP/jenkins-library/contents/resources/my-defaults.yml?ref=master`
as reference to a default file or similarly as reference to a configuration file.
* update generation to allow protected config/defaults
* fix CodeClimate issues
* update missing generations
* new step integrationArtifactTriggerIntegrationTest
* add new step into allow list
* add the new step to main command
* refer cpe
* remove unused unit tests
* Check methods and URLs of http request
* Add TriggerIntegration to mockingutils
* Format code
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
Co-authored-by: Linda Siebert <linda.siebert@sap.com>
* Switch to service key for CPI GetMplStatus
Introduces read method for service key files, mock utils and tests.
* Use secret text instead of file
* Change serviceKey definition
* Update cpiUpload to use Service Key
retrieved the host and uaa information from service key
* Update cpiDeploy to use service key
retrieved the host and uaa information from service key
* Update cpiServiceEndpoint to use Service Key
retrieved the host and uaa information from service key
* Update cpiDownload to use Service Key
retrieved the host and uaa information from service key
* Update cpiUpdateConfig to use Service Key
retrieved the host and uaa information from service key
* Refactor serviceKey var name
* Fixed references to service key to follow the real format
they should be accessed through oauth instead of uaa because of the format of the json
* Rename ServiceKey to APIServiceKey
To support having a different service key(and for readability), we need to change the name to API.
* Add STAGES and STEPS yaml
add in to each yaml file of cpi integration
* Revert "Add STAGES and STEPS yaml"
This reverts commit aa2665d158.
* Change comments/formatting commonUtils
Make comments more understandable and follow code climate suggestions
* Change documentation files for steps
remove OAuth and host and change credentials to be servicekey
Co-authored-by: Oliver Feldmann <oliver.feldmann@sap.com>
Co-authored-by: Thorsten Duda <thorsten.duda@sap.com>
* make use of new read,writePipelineEnv Steps in groovy
* remove unused cat
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* Make sonarExecuteScan orchestrator-agnostic
* Increase coverage + support empty or false env vars
* Use cleared env for unit tests
* Refactor to standalone package
* Fix review findings
* Fix review findings
* Fix unit test
* Add logging
* Refactor
* Add to codeowners 😎
* Apply suggestions from code review
* Remove unreachable code
* no message
* fix typos
Co-authored-by: Christopher Fenner <26137398+CCFenner@users.noreply.github.com>
* modifying detect.maven.excluded.scopes from TEST to test
* new maven alt deployment flags
* changing flag names
* tlsCertificate addtion
* adding publish flags
* new flags
* publish flag
* enhance maven builds
* enhance maven builds
* creating new settings xml
* updating project settings
* changing interface for artifactPreparation that uses the same maven util niterface
* adding general scope to maven params
* global reference
* removing vault tmp
* debuging deployment user
* more debug
* maven build paras
* using smaller case
* adding incorrect error check
* adding deployment flags
* code refactor
* unit tests
* changing scope of paramter for tls certs
* new scope for tls
* remove trailing space in mavenBuild.yaml
* trailing space fix
* typo fix and jenkins secret
* including jenkins credentials for repo pass in the maven build groovy
Co-authored-by: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
* Adds headCommitId, which stores the head commit has of the current build, includes tests and generated files
* Adds headCommitId, which stores the head commit has of the current build, includes tests and generated files
* Go fmt fix
* Fixes artifactoryPrepareVersion test
* Removes xMake CommitId
