1
0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-14 11:03:09 +02:00
sap-jenkins-library/vars/sonarExecuteScan.groovy

122 lines
5.2 KiB
Groovy

import com.sap.piper.JenkinsUtils
import com.sap.piper.PiperGoUtils
import com.sap.piper.Utils
import static com.sap.piper.Prerequisites.checkScript
import groovy.transform.Field
import java.nio.charset.StandardCharsets
@Field String STEP_NAME = getClass().getName()
@Field String METADATA_FILE = 'metadata/sonar.yaml'
void call(Map parameters = [:]) {
handlePipelineStepErrors(stepName: STEP_NAME, stepParameters: parameters) {
def stepParameters = [:].plus(parameters)
def script = checkScript(this, parameters) ?: this
stepParameters.remove('script')
def utils = parameters.juStabUtils ?: new Utils()
stepParameters.remove('juStabUtils')
def jenkinsUtils = parameters.jenkinsUtilsStub ?: new JenkinsUtils()
stepParameters.remove('jenkinsUtilsStub')
new PiperGoUtils(this, utils).unstashPiperBin()
utils.unstash('pipelineConfigAndTests')
script.commonPipelineEnvironment.writeToDisk(script)
writeFile(file: ".pipeline/tmp/${METADATA_FILE}", text: libraryResource(METADATA_FILE))
withEnv([
"PIPER_parametersJSON=${groovy.json.JsonOutput.toJson(stepParameters)}",
]) {
String customDefaultConfig = piperExecuteBin.getCustomDefaultConfigsArg()
String customConfigArg = piperExecuteBin.getCustomConfigArg(script)
// get context configuration
Map config = readJSON(text: sh(returnStdout: true, script: "./piper getConfig --contextConfig --stepMetadata '.pipeline/tmp/${METADATA_FILE}'${customDefaultConfig}${customConfigArg}"))
echo "Config: ${config}"
// get step configuration to access `instance` & `customTlsCertificateLinks` & `owner` & `repository` & `legacyPRHandling`
Map stepConfig = readJSON(text: sh(returnStdout: true, script: "./piper getConfig --stepMetadata '.pipeline/tmp/${METADATA_FILE}'${customDefaultConfig}${customConfigArg}"))
echo "StepConfig: ${stepConfig}"
// determine credentials to load
List credentials = []
List environment = []
if (config.sonarTokenCredentialsId)
credentials.add(string(credentialsId: config.sonarTokenCredentialsId, variable: 'PIPER_token'))
if(isPullRequest()){
checkMandatoryParameter(stepConfig, "owner")
checkMandatoryParameter(stepConfig, "repository")
if(stepConfig.legacyPRHandling) {
checkMandatoryParameter(config, "githubTokenCredentialsId")
if (config.githubTokenCredentialsId)
credentials.add(string(credentialsId: config.githubTokenCredentialsId, variable: 'PIPER_githubToken'))
}
environment.add("PIPER_changeId=${env.CHANGE_ID}")
environment.add("PIPER_changeBranch=${env.CHANGE_BRANCH}")
environment.add("PIPER_changeTarget=${env.CHANGE_TARGET }")
}
try {
// load certificates into cacerts file
loadCertificates(customTlsCertificateLinks: stepConfig.customTlsCertificateLinks, verbose: stepConfig.verbose)
// execute step
dockerExecute(
script: script,
dockerImage: config.dockerImage,
dockerWorkspace: config.dockerWorkspace,
dockerOptions: config.dockerOptions
) {
if(!fileExists('.git')) utils.unstash('git')
withSonarQubeEnv(stepConfig.instance) {
withCredentials(credentials) {
withEnv(environment){
sh "./piper ${STEP_NAME}${customDefaultConfig}${customConfigArg}"
}
}
}
jenkinsUtils.handleStepResults(STEP_NAME, false, false)
}
} finally {
def ignore = sh script: 'rm -rf .sonar-scanner .certificates', returnStatus: true
}
}
}
}
private void checkMandatoryParameter(config, key){
if (!config[key]) {
throw new IllegalArgumentException( "ERROR - NO VALUE AVAILABLE FOR ${key}")
}
}
private Boolean isPullRequest(){
return env.CHANGE_ID
}
private void loadCertificates(Map config) {
String certificateFolder = '.certificates/'
List wgetOptions = [
"--directory-prefix ${certificateFolder}"
]
List keytoolOptions = [
'-import',
'-noprompt',
'-storepass changeit',
"-keystore ${certificateFolder}cacerts"
]
if (config.customTlsCertificateLinks){
if(config.verbose){
wgetOptions.push('--verbose')
keytoolOptions.push('-v')
}else{
wgetOptions.push('--no-verbose')
}
config.customTlsCertificateLinks.each { url ->
def filename = new File(url).getName()
filename = URLDecoder.decode(filename, StandardCharsets.UTF_8.name())
sh "wget ${wgetOptions.join(' ')} ${url}"
sh "keytool ${keytoolOptions.join(' ')} -alias '${filename}' -file '${certificateFolder}${filename}'"
}
}
}