Skip to content
Snippets Groups Projects
Commit 67ee980a authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

feat: initial release

parents
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 1448 additions and 0 deletions
.gitignore 0 → 100644
+ 26
0
View file @ 67ee980a
/target/
!.mvn/wrapper/maven-wrapper.jar
### STS ###
.apt_generated
.classpath
.factorypath
.project
.settings
.springBeans
.sts4-cache
### IntelliJ IDEA ###
.idea
*.iws
*.iml
*.ipr
### NetBeans ###
/nbproject/private/
/build/
/nbbuild/
/dist/
/nbdist/
/.nb-gradle/
\ No newline at end of file
.gitlab-ci.yml 0 → 100644
+ 44
0
View file @ 67ee980a
include:
- project: 'Orange-OpenSource/tbc/tools/gitlab-ci'
ref: 'master'
file: '/templates/validation.yml'
- project: 'Orange-OpenSource/tbc/kicker'
ref: 'master'
file: '/templates/validation.yml'
- project: 'Orange-OpenSource/tbc/bash'
ref: '1.0.0'
file: 'templates/gitlab-ci-bash.yml'
stages:
- build
- publish
variables:
GITLAB_CI_FILES: "templates/gitlab-ci-maven.yml"
BASH_SHELLCHECK_FILES: "*.sh"
extract-script:
stage: .pre
script:
- echo "#!/bin/bash" > script.sh
- sed -n '/BEGSCRIPT/,/ENDSCRIPT/p' "$GITLAB_CI_FILES" | sed 's/^ //' >> script.sh
- export LC_ALL=C.UTF-8
artifacts:
when: always
name: extracted template script
expire_in: 1h
paths:
- script.sh
release:
image: node:12
stage: publish
before_script:
- npm install -g semantic-release @semantic-release/gitlab @semantic-release/exec @semantic-release/git
script:
- semantic-release
only:
refs:
- master
variables:
- $TMPL_RELEASE_ENABLED
.gitlab/issue_templates/bug_report.md 0 → 100644
+ 53
0
View file @ 67ee980a
## Describe the bug
(Describe the problem clearly and concisely.)
## Expected behavior
(Describe the expected behavior clearly and concisely.)
## Actual behavior
(Describe the actual behavior clearly and concisely.)
## Logs and/or screenshots
(Join any relevant logs and/or screenshot. Please use code blocks (```) to format console output, logs, and code.)
## Context & Configuration
Link to a project, pipeline or job facing the bug: (please provide one if possible)
The issue was reproduced using:
* Version of the template: (type in the version)
* GitLab server(s): (Was it gitlab.com? A self-managed server? Which version? CE / EE? Which license?)
* GitLab runner(s): (type in any relevant information about the GitLab runner(s) you used)
Here is the `.gitlab-ci.yml` file:
```yaml
# Add your .gitlab-ci.yml here, if applicable and useful.
```
(If useful, list configured GitLab CI project and/or group variables.)
Configured GitLab CI project or group variables:
* `VARIABLE_1`
* `VARIABLE_2`
* ...
(Finally add any possible additional useful context info here.)
/label ~"kind/bug" ~"status/needs-investigation"
.gitlab/issue_templates/feature_request.md 0 → 100644
+ 11
0
View file @ 67ee980a
## Description
(Describe the feature clearly and concisely.)
## Implementation ideas
(If you have any implementation ideas, they can go here.)
(Any design change proposal could be also discussed on the _to be continuous_ Google Group: https://groups.google.com/g/tbc-dev.)
/label ~"kind/enhancement" ~"status/needs-investigation"
.gitlab/merge_request_templates/bug_fix.md 0 → 100644
+ 15
0
View file @ 67ee980a
## Presentation
(Necessarily link to an issue. If it doesn't exist, please create one.)
Fixes #999
## Checklist
* Documented:
* [ ] `README.md` reflects any job, variable or whichever visible change
* [ ] `kicker.json` reflects any job, variable or whichever visible change
* Tested & examplified:
* [ ] (url to a project sample successfully proving the merge request fixes the issue)
/label ~"kind/fix"
.gitlab/merge_request_templates/new_feature.md 0 → 100644
+ 29
0
View file @ 67ee980a
## Presentation
(Necessarily link to an issue. If it doesn't exist, please create one.)
Closes #999
## Checklist
* General:
* [ ] use [rules](https://docs.gitlab.com/ee/ci/yaml/#rules) instead of [only/except](https://docs.gitlab.com/ee/ci/yaml/#onlyexcept-advanced)
* [ ] optimized [cache](https://docs.gitlab.com/ee/ci/caching/) configuration (wherever applicable)
* Publicly usable:
* [ ] untagged runners
* [ ] no proxy configuration but support `http_proxy`/`https_proxy`/`no_proxy`
* [ ] no custom CA certificate(s) but supports `$CUSTOM_CA_CERTS` or `$DEFAULT_CA_CERTS` to declare custom CA certificate(s)
* [ ] internet hostnames/urls only
* Used Docker images:
* [ ] **public** images
* [ ] **official** images (when possible)
* [ ] `latest` tag (when possible)
* Documented:
* [ ] `README.md` documents the new feature
* [ ] `kicker.json` describes the new feature
* Tested & examplified:
* [ ] (url to a project sample successfully using the new feature)
/label ~"kind/enhancement"
.releaserc.yml 0 → 100644
+ 21
0
View file @ 67ee980a
plugins: [
"@semantic-release/commit-analyzer",
"@semantic-release/release-notes-generator",
"@semantic-release/gitlab",
[
"@semantic-release/exec",
{
"prepareCmd": "./bumpversion.sh \"${lastRelease.version}\" \"${nextRelease.version}\" \"${nextRelease.type}\""
}
],
[
"@semantic-release/git",
{
"assets": ["*.md", "templates/*.yml"]
}
]
]
branches:
- "master"
tagFormat: "${version}"
\ No newline at end of file
CONTRIBUTE.md 0 → 100644
+ 77
0
View file @ 67ee980a
# Contributors guide
**Want to contribute? Great!**
We try to make it easy, and all contributions, even the smaller ones, are more than welcome.
This includes bug reports, fixes, documentation, examples...
But first, read this page (including the small print at the end).
## Legal
All original contributions to _to be continuous_ are licensed under the
[GNU Lesser General Public License](https://www.gnu.org/licenses/lgpl-3.0.html),
version 3.0 or later.
All contributions are subject to the [Developer Certificate of Origin](https://developercertificate.org/) (DCO).
The DCO is a lightweight way for contributors to certify that they wrote or otherwise have the right to submit the code they are contributing to the project.
The DCO text is also included verbatim in the [DCO.txt](DCO.txt) file in the root directory of the repository.
Contributors **must** _sign-off_ that they adhere to these requirements by adding a `Signed-off-by` line to commit messages, as shown below:
```text
This is the commit message
Signed-off-by: John Dev <john.dev@developer.example.org>
```
Git has a handy [`-s` command line option](https://git-scm.com/docs/git-commit#Documentation/git-commit.txt---signoff) to append this automatically to your commit message:
```bash
$ git commit -s -m 'This is the commit message'
```
## Reporting an issue
This project uses GitLab issues to manage the issues.
Before creating an issue:
1. upgrade your project to the latest released template version, and check whether your bug is still present,
2. have a look in the opened issues if your problem is already known/tracked, and possibly contribute to the thread with your own information.
If none of the above was met, open an issue directly in GitLab, select the appropriate issue template and fill-in each section when applicable.
## Submitting a code change
### Git Setup
Before contributing, make sure you have set up your Git authorship correctly:
```bash
git config --global user.name "Your Full Name"
git config --global user.email your.email@example.com
```
### Workflow
All submissions, including submissions by project members, need to be reviewed before being merged.
To contribute:
1. Create an issue describing the bug or enhancement you want to propose (select the right issue template).
2. Make sure the issue has been reviewed and agreed.
3. Create a Merge Request, from your **own** fork (see [forking workflow](https://docs.gitlab.com/ee/user/project/repository/forking_workflow.html) documentation).
Don't hesitate to mark your MR as `Draft` as long as you think it's not ready to be reviewed.
### Git Commit Conventions
In addition to being signed-off according the [Developer Certificate of Origin](https://developercertificate.org/) (see above),
Git commits in _to be continuous_ shall be:
1. **atomic** (1 commit `=` 1 and only 1 _thing_),
2. **semantic** (using [semantic-release commit message syntax](https://semantic-release.gitbook.io/semantic-release/#commit-message-format)).
You'll find extensive information about Git commit conventions on the [reference documentation website](https://orange-opensource.gitlab.io/tbc/doc/dev/workflow/#git-commit-guidelines).
### Coding Guidelines
The extensive _to be continuous_ coding guidelines can be found on the [reference documentation website](https://orange-opensource.gitlab.io/tbc/doc/dev/guidelines/).
DCO.txt 0 → 100644
+ 38
0
View file @ 67ee980a
Developer Certificate of Origin
Version 1.1
Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
1 Letterman Drive
Suite D4700
San Francisco, CA, 94129
Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.
Developer's Certificate of Origin 1.1
By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license
indicated in the file; or
(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source
license and I have the right under that license to submit that
work with modifications, whether created in whole or in part
by me, under the same open source license (unless I am
permitted to submit under a different license), as indicated
in the file; or
(c) The contribution was provided directly to me by some other
person who certified (a), (b) or (c) and I have not modified
it.
(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including all
personal information I submit with it, including my sign-off) is
maintained indefinitely and may be redistributed consistent with
this project or the open source license(s) involved.
\ No newline at end of file
LICENSE.txt 0 → 100644
+ 166
0
View file @ 67ee980a
GNU LESSER GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
This version of the GNU Lesser General Public License incorporates
the terms and conditions of version 3 of the GNU General Public
License, supplemented by the additional permissions listed below.
0. Additional Definitions.
As used herein, "this License" refers to version 3 of the GNU Lesser
General Public License, and the "GNU GPL" refers to version 3 of the GNU
General Public License.
"The Library" refers to a covered work governed by this License,
other than an Application or a Combined Work as defined below.
An "Application" is any work that makes use of an interface provided
by the Library, but which is not otherwise based on the Library.
Defining a subclass of a class defined by the Library is deemed a mode
of using an interface provided by the Library.
A "Combined Work" is a work produced by combining or linking an
Application with the Library. The particular version of the Library
with which the Combined Work was made is also called the "Linked
Version".
The "Minimal Corresponding Source" for a Combined Work means the
Corresponding Source for the Combined Work, excluding any source code
for portions of the Combined Work that, considered in isolation, are
based on the Application, and not on the Linked Version.
The "Corresponding Application Code" for a Combined Work means the
object code and/or source code for the Application, including any data
and utility programs needed for reproducing the Combined Work from the
Application, but excluding the System Libraries of the Combined Work.
1. Exception to Section 3 of the GNU GPL.
You may convey a covered work under sections 3 and 4 of this License
without being bound by section 3 of the GNU GPL.
2. Conveying Modified Versions.
If you modify a copy of the Library, and, in your modifications, a
facility refers to a function or data to be supplied by an Application
that uses the facility (other than as an argument passed when the
facility is invoked), then you may convey a copy of the modified
version:
a) under this License, provided that you make a good faith effort to
ensure that, in the event an Application does not supply the
function or data, the facility still operates, and performs
whatever part of its purpose remains meaningful, or
b) under the GNU GPL, with none of the additional permissions of
this License applicable to that copy.
3. Object Code Incorporating Material from Library Header Files.
The object code form of an Application may incorporate material from
a header file that is part of the Library. You may convey such object
code under terms of your choice, provided that, if the incorporated
material is not limited to numerical parameters, data structure
layouts and accessors, or small macros, inline functions and templates
(ten or fewer lines in length), you do both of the following:
a) Give prominent notice with each copy of the object code that the
Library is used in it and that the Library and its use are
covered by this License.
b) Accompany the object code with a copy of the GNU GPL and this license
document.
4. Combined Works.
You may convey a Combined Work under terms of your choice that,
taken together, effectively do not restrict modification of the
portions of the Library contained in the Combined Work and reverse
engineering for debugging such modifications, if you also do each of
the following:
a) Give prominent notice with each copy of the Combined Work that
the Library is used in it and that the Library and its use are
covered by this License.
b) Accompany the Combined Work with a copy of the GNU GPL and this license
document.
c) For a Combined Work that displays copyright notices during
execution, include the copyright notice for the Library among
these notices, as well as a reference directing the user to the
copies of the GNU GPL and this license document.
d) Do one of the following:
0) Convey the Minimal Corresponding Source under the terms of this
License, and the Corresponding Application Code in a form
suitable for, and under terms that permit, the user to
recombine or relink the Application with a modified version of
the Linked Version to produce a modified Combined Work, in the
manner specified by section 6 of the GNU GPL for conveying
Corresponding Source.
1) Use a suitable shared library mechanism for linking with the
Library. A suitable mechanism is one that (a) uses at run time
a copy of the Library already present on the user's computer
system, and (b) will operate properly with a modified version
of the Library that is interface-compatible with the Linked
Version.
e) Provide Installation Information, but only if you would otherwise
be required to provide such information under section 6 of the
GNU GPL, and only to the extent that such information is
necessary to install and execute a modified version of the
Combined Work produced by recombining or relinking the
Application with a modified version of the Linked Version. (If
you use option 4d0, the Installation Information must accompany
the Minimal Corresponding Source and Corresponding Application
Code. If you use option 4d1, you must provide the Installation
Information in the manner specified by section 6 of the GNU GPL
for conveying Corresponding Source.)
5. Combined Libraries.
You may place library facilities that are a work based on the
Library side by side in a single library together with other library
facilities that are not Applications and are not covered by this
License, and convey such a combined library under terms of your
choice, if you do both of the following:
a) Accompany the combined library with a copy of the same work based
on the Library, uncombined with any other library facilities,
conveyed under the terms of this License.
b) Give prominent notice with the combined library that part of it
is a work based on the Library, and explaining where to find the
accompanying uncombined form of the same work.
6. Revised Versions of the GNU Lesser General Public License.
The Free Software Foundation may publish revised and/or new versions
of the GNU Lesser General Public License from time to time. Such new
versions will be similar in spirit to the present version, but may
differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the
Library as you received it specifies that a certain numbered version
of the GNU Lesser General Public License "or any later version"
applies to it, you have the option of following the terms and
conditions either of that published version or of any later version
published by the Free Software Foundation. If the Library as you
received it does not specify a version number of the GNU Lesser
General Public License, you may choose any version of the GNU Lesser
General Public License ever published by the Free Software Foundation.
If the Library as you received it specifies that a proxy can decide
whether future versions of the GNU Lesser General Public License shall
apply, that proxy's public statement of acceptance of any version is
permanent authorization for you to choose that version for the
Library.
\ No newline at end of file
README.md 0 → 100644
+ 310
0
View file @ 67ee980a
# GitLab CI template for Maven
This project implements a generic GitLab CI template for [Maven](https://maven.apache.org/).
It provides several features, usable in different modes (by configuration).
## Usage
In order to include this template in your project, add the following to your `gitlab-ci.yml`:
```yaml
include:
- project: 'Orange-OpenSource/tbc/maven'
ref: '1.0.0'
file: '/templates/gitlab-ci-maven.yml'
```
## Global configuration
The Maven template uses some global configuration used throughout all jobs.
| Name | description | default value |
| --------------------- | -------------------------------------- | ----------------- |
| `MAVEN_IMAGE` | The Docker image used to run Maven | `maven:latest` |
| `MAVEN_CFG_DIR` | The Maven configuration directory | `.m2` |
| `MAVEN_OPTS` | [Global Maven options](http://maven.apache.org/configure.html#maven_opts-environment-variable) | `-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=${MAVEN_CFG_DIR}/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true` |
| `MAVEN_CLI_OPTS` | Additional [Maven options](https://maven.apache.org/ref/3-LATEST/maven-embedder/cli.html) used on the command line | `--batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true -s ${MAVEN_CFG_DIR}/settings.xml` |
As you can see, your local Maven settings file is supposed to be located in `${MAVEN_CFG_DIR}/settings.xml`.
The cache policy also declares the `${MAVEN_CFG_DIR}/repository` directory as cached (not to download Maven dependencies over and over again).
If you have a good reason to do differently, you'll have to override the `MAVEN_CLI_OPTS` variable as well as the [`cache`](https://docs.gitlab.com/ee/ci/yaml/README.html#cache) policy.
## Jobs
### `mvn-build` job
The Maven template features a job `mvn-build` that performs **build and tests** at once.
This stage is performed in a single job for **optimization** purpose (it saves time) and also
for test jobs dependency reasons (some test jobs such as SONAR analysis have a dependency on test results).
It uses the following variable:
| Name | description | default value |
| --------------------- | ---------------------------------------- | ----------------- |
| `MAVEN_BUILD_ARGS` | Maven arguments for the build & test job | `org.jacoco:jacoco-maven-plugin:prepare-agent verify org.jacoco:jacoco-maven-plugin:report` |
#### About Code Coverage
With its default arguments, the GitLab CI template for Maven forces the use of [JaCoCo Maven Plugin](https://www.eclemma.org/jacoco/trunk/doc/maven.html)
to compute code coverage during unit tests execution.
In addition it [makes the necessary](https://docs.gitlab.com/ee/user/project/pipelines/settings.html#test-coverage-parsing)
to integrate code coverage stats into your GitLab project: [report badge](https://docs.gitlab.com/ee/user/project/pipelines/settings.html#test-coverage-report-badge)
and viewable in merge requests.
If yo want to fix the JaCoCo plugin version or tweak the default configuration, you may have to configure the
[JaCoCo Maven Plugin](https://www.eclemma.org/jacoco/trunk/doc/maven.html) in your `pom.xml`, but be aware of the
following:
* do not declare JaCoCo executions for `prepare-agent` and `report` goals otherwise then would be ran twice during
unit tests (not necessarily with the expected configuration). If you really need to do so anyway, you'll have to
override the `$MAVEN_BUILD_ARGS` variable to remove explicit invocation to JaCoCo goals.
* make sure the `report` goal computes a CSV report, that is used by the Maven template to compute the global coverage stat.
More info:
* [Maven Surefire Plugin](https://maven.apache.org/surefire/maven-surefire-plugin)
* [`surefire:test` parameters](https://maven.apache.org/surefire/maven-surefire-plugin/test-mojo.html)
### SonarQube analysis job
This job is **disabled by default** and performs a SonarQube analysis of your code.
It is bound to the `test` stage, and uses the following variables:
| Name | description | default value |
| ------------------------ | -------------------------------------- | ----------------- |
| `SONAR_URL` | SonarQube server url | _none_ (disabled) |
| :lock: `SONAR_AUTH_TOKEN`| SonarQube authentication [token](https://docs.sonarqube.org/latest/user-guide/user-token/) (depends on your authentication method) | _none_ |
| :lock: `SONAR_LOGIN` | SonarQube login (depends on your authentication method) | _none_ |
| :lock: `SONAR_PASSWORD` | SonarQube password (depends on your authentication method) | _none_ |
| `SONAR_BASE_ARGS` | SonarQube [analysis arguments](https://docs.sonarqube.org/latest/analysis/analysis-parameters/) | `sonar:sonar -Dsonar.host.url=${SONAR_URL} -Dsonar.links.homepage=${CI_PROJECT_URL} -Dsonar.links.ci=${CI_PROJECT_URL}/-/pipelines -Dsonar.links.issue=${CI_PROJECT_URL}/-/issues -Dsonar.branch.name=${CI_COMMIT_REF_NAME}` |
| :lock: `SONAR_GITLAB_TOKEN` | GitLab [access token](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html) with `api` scope. When set, activates the [Sonar GitLab plugin](https://github.com/gabrie-allaigre/sonar-gitlab-plugin/#plugins-properties) integration. | _none_ |
| `SONAR_GITLAB_ARGS` | Extra arguments to use with [Sonar GitLab plugin](https://github.com/gabrie-allaigre/sonar-gitlab-plugin/#plugins-properties) | `-Dsonar.gitlab.url=${CI_SERVER_URL} -Dsonar.gitlab.user_token=${SONAR_GITLAB_TOKEN} -Dsonar.gitlab.project_id=${CI_PROJECT_ID} -Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA} -Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}` |
| `SONAR_AUTO_ON_DEV_DISABLED` | When set, SonarQube analysis becomes **manual** on development branches (automatic otherwise) | _none_ |
| `SONAR_QUALITY_GATE_ENABLED` | Enables blocking check of SonarQube [Quality Gate](https://docs.sonarqube.org/latest/user-guide/quality-gates/) | _none_ (disabled) |
#### About branch analysis
As you can see, default SonarQube analysis arguments uses the [Branch Analysis](https://docs.sonarqube.org/latest/branches/overview/)
feature (`sonar.branch.name` argument).
This is a great SonarQube feature but it assumes one of the following conditions:
* you are using a [Developer Edition](https://www.sonarqube.org/developer-edition/) version,
* or you are using Community Edition with an opensource plugin emulating the Branch Analysis feature:
* etiher [sonar-branch-community](https://github.com/msanez/sonar-branch-community),
* or [sonarqube-community-branch-plugin](https://github.com/mc1arke/sonarqube-community-branch-plugin),
* ...
If you're not in those cases, then the SonarQube analysis will fail with default parameters. You'll have to override the
default `SONAR_BASE_ARGS` and disable it by removing the `sonar.branch.name` argument.
#### About Sonar GitLab plugin
The [Sonar GitLab plugin](https://github.com/gabrie-allaigre/sonar-gitlab-plugin) uses the GitLab APIs to inline comments
into your commits directly in GitLab for each new anomaly.
As explained above, this template automatically enables the Sonar GitLab plugin if `SONAR_GITLAB_TOKEN` is set.
It will then simply append the `SONAR_GITLAB_ARGS` (overridable) to the SonarQube analysis arguments.
Comments added to GitLab will appear as owned by the user associated to the GitLab [access token](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html).
### `mvn-dependency-check` job
This job enables a manual [Dependency-Check](https://jeremylong.github.io/DependencyCheck/dependency-check-maven/configuration.html)
analysis.
It is bound to the `test` stage, and uses the following variables:
| Name | description | default value |
| --------------------- | -------------------------------------- | ----------------- |
| `MAVEN_DEPENDENCY_CHECK_ARGS` | Maven arguments for Dependency Check job | `org.owasp:dependency-check-maven:check -DretireJsAnalyzerEnabled=false -DassemblyAnalyzerEnabled=false` |
A Dependency Check is a quite long operation and therefore the job is configured to be ran __manually__ by default.
However, if you want to enable an automatic Dependency-Check scan, you will have to override the `rules` keyword for the `mvn-dependency-check` job.
Furthermore, if you want to upload Dependency-Check reports to SonarQube, you have to:
* Move `mvn-dependency-check` to the `build` stage
* Add `-Dformats=html,json,xml` to `MAVEN_DEPENDENCY_CHECK_ARGS` to output reports
* HTML report to read the report on SonarQube UI
* JSON report to create SonarQube issues from the report
* XML report to import into DefectDojo security dashboard
* Add `-Dsonar.dependencyCheck.htmlReportPath` and `-Dsonar.dependencyCheck.jsonReportPath` with the paths of the generated html and json reports to SonarQube arguments.
More info:
* [Maven Dependency-Check Plugin](https://jeremylong.github.io/DependencyCheck/dependency-check-maven/configuration.html)
### `mvn-checkmarx` job
From version `0.7.0`, the Checkmarx job is no longer part of the Maven template as it is now a standalone template.
### `mvn-snapshot` &amp; `mvn-release` jobs
Those jobs are **disabled by default** and perform respectively:
* a [Maven deploy](https://maven.apache.org/plugins/maven-deploy-plugin/) of your Java packages (jar, war or else),
* a [Maven release](http://maven.apache.org/maven-release/maven-release-plugin/index.html) of your current branch.
They are bound to the `publish` stage, and use the following variables:
| Name | description | default value |
| ----------------------------------- | ------------------------------------------------------------ | ----------------- |
| `MAVEN_DEPLOY_ENABLED` | Variable to enable a publish jobs | _none_ (disabled) |
| `MAVEN_DEPLOY_FROM_UNPROTECTED_DISABLED` | Variable to limit snapshot publication to protected branches | _none_ (disabled) |
| `MAVEN_DEPLOY_ARGS` | Maven arguments for the Snapshot job | `deploy -DskipTests` |
| `MAVEN_RELEASE_ARGS` | Maven arguments for the Release job | `release:prepare release:perform -DskipTests` |
| `MAVEN_RELEASE_SCM_COMMENT_PREFIX` | Maven release plugin [scmCommentPrefix](https://maven.apache.org/maven-release/maven-release-plugin/prepare-mojo.html#scmCommentPrefix) parameter | `[ci skip][maven-release-plugin]` |
More info:
* [Maven Deploy Plugin](https://maven.apache.org/plugins/maven-deploy-plugin/)
* [Maven Release Plugin](http://maven.apache.org/maven-release/maven-release-plugin/index.html)
#### Maven repository authentication
Your Maven repository may require authentication credentials to publish artifacts.
You shall handle them in the following way:
1. define all required credentials as :lock: [project variables](https://docs.gitlab.com/ee/ci/variables/#create-a-custom-variable-in-the-ui),
2. make sure your `pom.xml` (or ancestor) [declares your `<repository>` and `<snapshotRepository>` with server **id**s in a `<distributionManagement>` section](https://maven.apache.org/pom.html#repository),
3. in your `${MAVEN_CFG_DIR}/settings.xml` file, [define the repository servers credentials in the `<servers>` section](https://maven.apache.org/settings.html#Servers)
using the `${env.VARIABLE}` pattern (will be automatically evaluated and replaced by Maven).
**Example 1** (using the [GitLab Maven Repository](https://docs.gitlab.com/ee/user/packages/maven_repository/)):
`pom.xml`:
```xml
<!-- ... -->
<distributionManagement>
<snapshotRepository>
<id>gitlab-maven</id>
<url>${env.CI_API_V4_URL}/projects/${env.CI_PROJECT_ID}/packages/maven</url>
</snapshotRepository>
<repository>
<id>gitlab-maven</id>
<url>${env.CI_API_V4_URL}/projects/${env.CI_PROJECT_ID}/packages/maven</url>
</repository>
</distributionManagement>
<!-- ... -->
```
`${MAVEN_CFG_DIR}/settings.xml`:
```xml
<settings>
<servers>
<!-- required when using GitLab's package registry to deploy -->
<!-- see: https://gitlab.tech.orange/help/user/packages/maven_repository/index.md#creating-maven-packages-with-gitlab-cicd-using-maven -->
<server>
<id>gitlab-maven</id>
<configuration>
<httpHeaders>
<property>
<name>Job-Token</name>
<value>${env.CI_JOB_TOKEN}</value>
</property>
</httpHeaders>
</configuration>
</server>
</servers>
</settings>
```
**Example 2** (using an Artifactory repository with same credentials for snapshot &amp; release):
`pom.xml`:
```xml
<!--... -->
<distributionManagement>
<snapshotRepository>
<id>artifactory</id>
<url>https://artifactory.acme.host/artifactory/maven-snapshot-repo</url>
</snapshotRepository>
<repository>
<id>artifactory</id>
<url>https://artifactory.acme.host/artifactory/maven-release-repo</url>
</repository>
</distributionManagement>
<!--...-->
```
`${MAVEN_CFG_DIR}/settings.xml`:
```xml
<settings>
<servers>
<server>
<id>artifactory</id>
<username>${env.ARTIFACTORY_USER}</username>
<password>${env.ARTIFACTORY_PASSWORD}</password>
</server>
</servers>
<mirrors>
<mirror>
<id>artifactory.mirror</id>
<mirrorOf>central</mirrorOf>
<name>Artifactory Maven 2 central repository mirror</name>
<url>https://artifactory.acme.host/artifactory/maven-virtual-repo/</url>
</mirror>
</mirrors>
</settings>
```
#### SCM authentication
A Maven release involves some Git push operations.
You can either use a ssh key or an authenticated and authorized Git user.
##### Using a SSH key
We recommend you to use a [project deploy key](https://docs.gitlab.com/ee/user/project/deploy_keys/#project-deploy-keys) with write access to your project.
The key should not have a passphrase (see [how to generate a new SSH key pair](https://docs.gitlab.com/ce/ssh/README.html#generating-a-new-ssh-key-pair)).
Specify :lock: `$GIT_PRIVATE_KEY` as protected project variable with the private part of the deploy key.
```PEM
-----BEGIN OPENSSH PRIVATE KEY-----
blablabla
-----END OPENSSH PRIVATE KEY-----
```
The template handle both classic variable and file variable.
:warning: The scm connections in your pom.xml should use the ssh protocol
```xml
<scm>
<connection>scm:git:git@gitlab-host/path/to/my/project.git</connection>
<developerConnection>scm:git:git@gitlab-host/path/to/my/project.git</developerConnection>
...
</scm>
```
##### Using Git user authentication
Simply specify :lock: `$GIT_USERNAME` and :lock: `$GIT_PASSWORD` as protected project variables : they will be dynamically
evaluated and appended to the Maven release arguments.
Note that the password should be an access token with `read_repository` and `write_repository` scopes.
:warning: The scm connections in your pom.xml should use the https protocol
```xml
<scm>
<connection>scm:git:https://gitlab-host/path/to/my/project.git</connection>
<developerConnection>scm:git:https://gitlab-host/path/to/my/project.git</developerConnection>
...
</scm>
```
bumpversion.sh 0 → 100755
+ 41
0
View file @ 67ee980a
#!/usr/bin/env bash
function log_info() {
>&2 echo -e "[\\e[1;94mINFO\\e[0m] $*"
}
function log_warn() {
>&2 echo -e "[\\e[1;93mWARN\\e[0m] $*"
}
function log_error() {
>&2 echo -e "[\\e[1;91mERROR\\e[0m] $*"
}
# check number of arguments
if [[ "$#" -le 2 ]]; then
log_error "Missing arguments"
log_error "Usage: $0 <current version> <next version>"
exit 1
fi
curVer=$1
nextVer=$2
relType=$3
if [[ "$curVer" ]]; then
log_info "Bump version from \\e[33;1m${curVer}\\e[0m to \\e[33;1m${nextVer}\\e[0m (release type: $relType)..."
# replace in README
sed -e "s/ref: '$curVer'/ref: '$nextVer'/" README.md > README.md.next
mv -f README.md.next README.md
# replace in template and variants
for tmpl in templates/*.yml
do
sed -e "s/\"$curVer\"/\"$nextVer\"/" "$tmpl" > "$tmpl.next"
mv -f "$tmpl.next" "$tmpl"
done
else
log_info "Bump version to \\e[33;1m${nextVer}\\e[0m (release type: $relType): this is the first release (skip)..."
fi
kicker.json 0 → 100644
+ 164
0
View file @ 67ee980a
{
"name": "Maven",
"description": "Build and test with [Maven](https://maven.apache.org/)",
"template_path": "templates/gitlab-ci-maven.yml",
"kind": "build",
"variables": [
{
"name": "MAVEN_IMAGE",
"description": "The Docker image used to run Maven - **it is highly recommended to set the specific version your project needs**",
"default": "maven:latest"
},
{
"name": "MAVEN_CFG_DIR",
"description": "The Maven configuration directory",
"default": ".m2",
"advanced": true
},
{
"name": "MAVEN_OPTS",
"description": "[Global Maven options](http://maven.apache.org/configure.html#maven_opts-environment-variable)",
"default": "-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=${MAVEN_CFG_DIR}/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true",
"advanced": true
},
{
"name": "MAVEN_CLI_OPTS",
"description": "Additional [Maven options](https://maven.apache.org/ref/3-LATEST/maven-embedder/cli.html) used on the command line",
"default": "--batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true -s ${MAVEN_CFG_DIR}/settings.xml",
"advanced": true
},
{
"name": "MAVEN_BUILD_ARGS",
"description": "Maven arguments for the build & test job",
"default": "org.jacoco:jacoco-maven-plugin:prepare-agent verify org.jacoco:jacoco-maven-plugin:report",
"advanced": true
}
],
"features": [
{
"id": "sonar",
"name": "SONAR",
"description": "Code quality and security analysis with [SONARQube](https://www.sonarqube.org/)",
"variables": [
{
"name": "SONAR_URL",
"type": "url",
"description": "SonarQube server url",
"mandatory": true
},
{
"name": "SONAR_AUTH_TOKEN",
"description": "SonarQube authentication [token](https://docs.sonarqube.org/latest/user-guide/user-token/) (depends on your authentication method)",
"secret": true
},
{
"name": "SONAR_LOGIN",
"description": "SonarQube login (depends on your authentication method)",
"secret": true
},
{
"name": "SONAR_PASSWORD",
"description": "SonarQube password (depends on your authentication method)",
"secret": true
},
{
"name": "SONAR_BASE_ARGS",
"description": "SonarQube [analysis arguments](https://docs.sonarqube.org/latest/analysis/analysis-parameters/)",
"default": "sonar:sonar -Dsonar.host.url=${SONAR_URL} -Dsonar.links.homepage=${CI_PROJECT_URL} -Dsonar.links.ci=${CI_PROJECT_URL}/-/pipelines -Dsonar.links.issue=${CI_PROJECT_URL}/-/issues -Dsonar.branch.name=${CI_COMMIT_REF_NAME}",
"advanced": true
},
{
"name": "SONAR_GITLAB_TOKEN",
"description": "GitLab API access token. When set, activates the [Sonar GitLab plugin](https://github.com/gabrie-allaigre/sonar-gitlab-plugin/#plugins-properties) integration",
"secret": true
},
{
"name": "SONAR_GITLAB_ARGS",
"description": "Extra arguments to use with [Sonar GitLab plugin](https://github.com/gabrie-allaigre/sonar-gitlab-plugin/#plugins-properties)",
"default": "-Dsonar.gitlab.url=${CI_SERVER_URL} -Dsonar.gitlab.user_token=${SONAR_GITLAB_TOKEN} -Dsonar.gitlab.project_id=${CI_PROJECT_ID} -Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA} -Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}",
"advanced": true
},
{
"name": "SONAR_AUTO_ON_DEV_DISABLED",
"description": "When set, SonarQube analysis becomes **manual** on development branches (automatic otherwise)",
"type": "boolean"
},
{
"name": "SONAR_QUALITY_GATE_ENABLED",
"description": "Enable blocking check of SonarQube [Quality Gate](https://docs.sonarqube.org/latest/user-guide/quality-gates/) (for `master` branch)",
"type": "boolean"
}
]
},
{
"id": "dependency-check",
"name": "Dependency-Check",
"description": "[Dependency-Check](https://jeremylong.github.io/DependencyCheck/dependency-check-maven/configuration.html) analysis",
"variables": [
{
"name": "MAVEN_DEPENDENCY_CHECK_ARGS",
"description": "Maven arguments for Dependency Check job",
"default": "org.owasp:dependency-check-maven:check -DretireJsAnalyzerEnabled=false -DassemblyAnalyzerEnabled=false -Dformats=HTML,JSON,XML",
"advanced": true
}
]
},
{
"id": "publish",
"name": "Publish",
"description": "Publish [Snapshot](https://maven.apache.org/plugins/maven-deploy-plugin/) & [Releases](http://maven.apache.org/maven-release/maven-release-plugin) to a Nexus repository",
"enable_with": "MAVEN_DEPLOY_ENABLED",
"variables": [
{
"name": "MAVEN_DEPLOY_ARGS",
"description": "Maven arguments for the Snapshot job",
"default": "deploy -DskipTests",
"advanced": true
},
{
"name": "MAVEN_DEPLOY_FROM_UNPROTECTED_DISABLED",
"description": "Set to limit snapshot publication to protected branches",
"type": "boolean",
"advanced": true
},
{
"name": "MAVEN_RELEASE_ARGS",
"description": "Maven arguments for the Release job",
"default": "release:prepare release:perform -DskipTests",
"advanced": true
},
{
"name": "MAVEN_RELEASE_SCM_COMMENT_PREFIX",
"description": "Maven release plugin [scmCommentPrefix](https://maven.apache.org/maven-release/maven-release-plugin/prepare-mojo.html#scmCommentPrefix) parameter",
"default": "[ci skip][maven-release-plugin]",
"advanced": true
},
{
"name": "GIT_USERNAME",
"description": "Git username (if you wish to release using Git credentials)",
"secret": true
},
{
"name": "GIT_PASSWORD",
"description": "Git password (if you wish to release using Git credentials)",
"secret": true
},
{
"name": "GIT_PRIVATE_KEY",
"description": "Git private SSH key (if you wish to release using SSH key or GitLab Deploy Key)",
"secret": true
},
{
"name": "MAVEN_REPOSITORY_USERNAME",
"description": "Maven repository username (inject in your settings.xml as ${env.MAVEN_REPOSITORY_USERNAME})",
"secret": true
},
{
"name": "MAVEN_REPOSITORY_PASSWORD",
"description": "Maven repository password (inject in your settings.xml as ${env.MAVEN_REPOSITORY_PASSWORD})",
"secret": true
}
]
}
]
}
logo.png 0 → 100644
+ 0
0
View file @ 67ee980a
logo.png

15 KiB

templates/gitlab-ci-maven.yml 0 → 100644
+ 453
0
View file @ 67ee980a
# =========================================================================================
# Copyright (C) 2021 Orange
#
# This program is free software; you can redistribute it and/or modify it under the terms
# of the GNU Lesser General Public License as published by the Free Software Foundation;
# either version 3 of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
# without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# See the GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License along with this
# program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
# Floor, Boston, MA 02110-1301, USA.
# =========================================================================================
variables:
# Maven image (can be overriden)
MAVEN_IMAGE: "maven:latest"
# default production ref name (pattern)
PROD_REF: '/^master$/'
# default integration ref name (pattern)
INTEG_REF: '/^develop$/'
# default configuration directory
MAVEN_CFG_DIR: ".m2"
# This will suppress any download for dependencies and plugins or upload messages which would clutter the console log.
# `showDateTime` will show the passed time in milliseconds. You need to specify `--batch-mode` to make this work.
MAVEN_OPTS: >-
-Dhttps.protocols=TLSv1.2
-Dmaven.repo.local=${MAVEN_CFG_DIR}/repository
-Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN
-Dorg.slf4j.simpleLogger.showDateTime=true
-Djava.awt.headless=true
# As of Maven 3.3.0 instead of this you may define these options in `.mvn/maven.config` so the same config is used
# when running from the command line.
# `installAtEnd` and `deployAtEnd` are only effective with recent version of the corresponding plugins.
MAVEN_CLI_OPTS: >-
--batch-mode
--errors
--fail-at-end
--show-version
-DinstallAtEnd=true
-DdeployAtEnd=true
-s ${MAVEN_CFG_DIR}/settings.xml
# Maven build arguments
MAVEN_BUILD_ARGS: "org.jacoco:jacoco-maven-plugin:prepare-agent verify org.jacoco:jacoco-maven-plugin:report"
# Sonar base analysis default args
# see: https://docs.sonarqube.org/latest/analysis/analysis-parameters/
# default uses branch analysis: https://docs.sonarqube.org/latest/branches/overview/
SONAR_BASE_ARGS: >-
sonar:sonar
-Dsonar.host.url=${SONAR_URL}
-Dsonar.links.homepage=${CI_PROJECT_URL}
-Dsonar.links.ci=${CI_PROJECT_URL}/-/pipelines
-Dsonar.links.issue=${CI_PROJECT_URL}/-/issues
-Dsonar.branch.name=${CI_COMMIT_REF_NAME}
# Sonar GitLab plugin args
# see: https://github.com/gabrie-allaigre/sonar-gitlab-plugin/#plugins-properties
# -> enabled if $SONAR_GITLAB_TOKEN is set
SONAR_GITLAB_ARGS: >-
-Dsonar.gitlab.url=${CI_SERVER_URL}
-Dsonar.gitlab.user_token=${SONAR_GITLAB_TOKEN}
-Dsonar.gitlab.project_id=${CI_PROJECT_ID}
-Dsonar.gitlab.commit_sha=${CI_COMMIT_SHA}
-Dsonar.gitlab.ref_name=${CI_COMMIT_REF_NAME}
# Dependency Check arguments
MAVEN_DEPENDENCY_CHECK_ARGS: >-
org.owasp:dependency-check-maven:check
-DretireJsAnalyzerEnabled=false
-DassemblyAnalyzerEnabled=false
-Dformats=HTML,JSON,XML
# Maven deploy arguments
MAVEN_DEPLOY_ARGS: "deploy -DskipTests"
# Maven release arguments
MAVEN_RELEASE_ARGS: "release:prepare release:perform -Darguments=-DskipTests"
MAVEN_RELEASE_SCM_COMMENT_PREFIX: "[ci skip][maven-release-plugin]"
stages:
- build
- test
- publish
.mvn-scripts: &mvn-scripts |
# BEGSCRIPT
set -e
function log_info() {
echo -e "[\\e[1;94mINFO\\e[0m] $*"
}
function log_warn() {
echo -e "[\\e[1;93mWARN\\e[0m] $*"
}
function log_error() {
echo -e "[\\e[1;91mERROR\\e[0m] $*"
}
function output_coverage() {
jacoco_reports=$(find . -name "${JACOCO_CSV_REPORT:-jacoco.csv}")
if [[ -n "$jacoco_reports" ]]
then
log_info "--- \\e[32mJaCoCo report(s) found\\e[0m (\\e[33;1m${jacoco_reports}\\e[0m): output"
# shellcheck disable=SC2046,SC2086
awk -F',' '{ instructions += $4 + $5; covered += $5 } END { print covered"/"instructions " instructions covered"; print 100*covered/instructions "% covered" }' $(find . -name "${JACOCO_CSV_REPORT:-jacoco.csv}")
else
log_info "--- \\e[32mJaCoCo report(s) not found: skip"
fi
}
function sonar_http_auth_args() {
if [[ -n "$SONAR_AUTH_TOKEN" ]]
then
echo "$SONAR_AUTH_TOKEN:"
elif [[ -n "$SONAR_LOGIN" ]] && [[ -n "$SONAR_PASSWORD" ]]
then
echo "$SONAR_LOGIN:$SONAR_PASSWORD"
else
echo ""
fi
}
function sonar_quality_gate_check() {
log_info "--- Waiting for Sonar analysis end..."
taskId=$(grep ceTaskId target/sonar/report-task.txt | cut -c10-)
curl -sS -k --user "$(sonar_http_auth_args)" "$SONAR_URL/api/ce/task?id=$taskId" -o analysis.json
analysisStatus=$(grep --only-matching --extended-regexp "\"status\":\"[A-Z_-]+\"" analysis.json | awk -F: '{print $2}' | tr -d '"')
while [ "$analysisStatus" == "IN_PROGRESS" ] || [ "$analysisStatus" == "PENDING" ]; do
sleep 5s
curl -sS -k --user "$(sonar_http_auth_args)" "$SONAR_URL/api/ce/task?id=$taskId" -o analysis.json
analysisStatus=$(grep --only-matching --extended-regexp "\"status\":\"[A-Z_-]+\"" analysis.json | awk -F: '{print $2}' | tr -d '"')
done
# Check quality gate
if [ "$analysisStatus" == "SUCCESS" ]; then
analysisId=$(grep --only-matching --extended-regexp "\"analysisId\":\"[a-zA-Z0-9_-]+\"" analysis.json | awk -F: '{print $2}' | tr -d '"')
qualityGateStatus=$(curl -sS -k --user "$(sonar_http_auth_args)" "$SONAR_URL/api/qualitygates/project_status?analysisId=$analysisId" | grep --only-matching --extended-regexp "{\"projectStatus\":{\"status\":\"[A-Z_]+\"" | awk -F: '{print $3}' | tr -d '"')
if [ "$qualityGateStatus" == "ERROR" ]; then
log_error "... quality gate FAILED"
exit 1
else
log_info "... quality gate SUCCEEDED"
exit 0
fi
else
log_error "... Sonar analysis FAILED"
exit 1
fi
}
function maybe_set_version_from_git() {
if [[ -n "$MAVEN_RELEASE_VERSION_FROM_GIT" ]]; then
# compute version as timestamp of latest commit
cur_version="$(date -d "$(git log -n 1 --pretty=format:%ci)" "+%Y.%m.%d.%H%M%S")"
log_info "--- setting project version from latest git commit: \\e[33;1m${cur_version}\\e[0m"
# change version in pom
# shellcheck disable=SC2086
mvn versions:set $MAVEN_CLI_OPTS $java_proxy_args -DgenerateBackupPoms=false -DnewVersion="$cur_version-SNAPSHOT"
# git commit change
git commit -am "[ci skip] Prepare release with $cur_version version"
fi
}
function configure_scm_auth() {
# shellcheck disable=SC2086
scm_url=$(mvn $MAVEN_CLI_OPTS $java_proxy_args org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate -Dexpression=project.scm.developerConnection -q -DforceStdout | tail -n 1)
if [[ $scm_url == "scm:git:https"* ]]; then
if [[ -n "${GIT_USERNAME}" ]] && [[ -n "${GIT_PASSWORD}" ]]; then
log_info "--- using SCM credentials from env (\$GIT_USERNAME and \$GIT_PASSWORD)..."
export scm_auth_args="-Dusername=${GIT_USERNAME} -Dpassword=${GIT_PASSWORD}"
else
log_error "--- project scm.developerConnection is using HTTPS protocol but no Git credentials are configured."
log_error "--- Please specify the \$GIT_USERNAME and \$GIT_PASSWORD variables or change to SSH protocol with a SSH key."
fi
else
# assume project is using SSH protocol
if [[ -n "${GIT_PRIVATE_KEY}" ]]; then
log_info "--- using Git SSH key from env (\$GIT_PRIVATE_KEY)..."
mkdir -m 700 "${HOME}/.ssh"
ssh-keyscan -H "${CI_SERVER_HOST}" >> ~/.ssh/known_hosts
eval "$(ssh-agent -s)"
# Handle file variable
if [[ -f "${GIT_PRIVATE_KEY}" ]]; then
tr -d '\r' < "${GIT_PRIVATE_KEY}" | ssh-add -
else
echo "${GIT_PRIVATE_KEY}" | tr -d '\r' | ssh-add -
fi
git config --global user.email "${GITLAB_USER_EMAIL}"
git config --global user.name "${GITLAB_USER_LOGIN}"
else
log_error "--- project scm.developerConnection is using SSH protocol but no SSH key configured."
log_error "--- Please either specify the \$GIT_PRIVATE_KEY variable or change to https protocol with username/password credentials."
fi
fi
}
function install_ca_certs() {
certs=$1
if [[ -z "$certs" ]]
then
return
fi
# import in system
if echo "$certs" >> /etc/ssl/certs/ca-certificates.crt
then
log_info "CA certificates imported in \\e[33;1m/etc/ssl/certs/ca-certificates.crt\\e[0m"
fi
if echo "$certs" >> /etc/ssl/cert.pem
then
log_info "CA certificates imported in \\e[33;1m/etc/ssl/cert.pem\\e[0m"
fi
# import in Java keystore (if keytool command found)
if command -v keytool > /dev/null
then
# shellcheck disable=SC2046
javahome=${JAVA_HOME:-$(dirname $(readlink -f $(command -v java)))/..}
# shellcheck disable=SC2086
keystore=${JAVA_KEYSTORE_PATH:-$(ls -1 $javahome/jre/lib/security/cacerts 2>/dev/null || ls -1 $javahome/lib/security/cacerts 2>/dev/null || echo "")}
if [[ -f "$keystore" ]]
then
storepass=${JAVA_KEYSTORE_PASSWORD:-changeit}
nb_certs=$(echo "$certs" | grep -c 'END CERTIFICATE')
log_info "importing $nb_certs certificates in Java keystore \\e[33;1m$keystore\\e[0m..."
for idx in $(seq 0 $((nb_certs - 1)))
do
# TODO: use keytool option -trustcacerts ?
if echo "$certs" | awk "n==$idx { print }; /END CERTIFICATE/ { n++ }" | keytool -noprompt -import -alias "imported CA Cert $idx" -keystore "$keystore" -storepass "$storepass"
then
log_info "... CA certificate [$idx] successfully imported"
else
log_warn "... Failed importing CA certificate [$idx]: abort"
return
fi
done
else
log_warn "Java keystore \\e[33;1m$keystore\\e[0m not found: could not import CA certificates"
fi
fi
}
# builds the Java proxy options from Linux env (http_proxy, https_proxy, ftp_proxy and no_proxy)
function eval_java_proxy_args() {
# transform no_proxy into Java stype nonProxyHosts
nph=$(echo "${no_proxy:-$NO_PROXY}" | sed -e 's/\s*//g' -e 's/^\./*./' -e 's/,\./,*./g' -e 's/,/|/g')
java_proxy_args="$(java_proto_proxy_args http "${http_proxy:-$HTTP_PROXY}" "$nph") $(java_proto_proxy_args https "${https_proxy:-$HTTPS_PROXY}" "$nph") $(java_proto_proxy_args ftp "${ftp_proxy:-$FTP_PROXY}" "$nph")"
export java_proxy_args
if [[ "$java_proxy_args" ]]
then
log_info "Using Java proxy options (from env): \\e[33;1m$java_proxy_args\\e[0m"
fi
}
function java_proto_proxy_args() {
proto=$1
proxy=$2
non_proxy_hosts=$3
if [[ "$proxy" ]]
then
host_port=$(echo "$proxy" | cut -d'/' -f3)
host=$(echo "$host_port" | cut -d':' -f1)
port=$(echo "$host_port" | cut -s -d':' -f2)
proto_proxy_args="-D$proto.proxyHost=$host -D$proto.proxyPort=${port:-80}"
if [[ "$non_proxy_hosts" ]]; then proto_proxy_args="$proto_proxy_args -D$proto.nonProxyHosts=\"$non_proxy_hosts\""; fi
echo "$proto_proxy_args"
fi
}
function get_latest_template_version() {
tag_json=$(wget -T 5 -q -O - "$CI_API_V4_URL/projects/Orange-OpenSource%2Ftbc%2F$1/repository/tags?per_page=1" || echo "")
echo "$tag_json" | sed -rn 's/^.*"name":"([^"]*)".*$/\1/p'
}
function check_for_update() {
template="$1"
actual="$2"
latest=$(get_latest_template_version "$template")
if [[ -n "$latest" ]] && [[ "$latest" != "$actual" ]]
then
log_warn "\\e[1;93m=======================================================================================================\\e[0m"
log_warn "\\e[93mThe template \\e[32m$template\\e[93m:\\e[33m$actual\\e[93m you're using is not up-to-date: consider upgrading to version \\e[32m$latest\\e[0m"
log_warn "\\e[93m(set \$TEMPLATE_CHECK_UPDATE_DISABLED to disable this message)\\e[0m"
log_warn "\\e[1;93m=======================================================================================================\\e[0m"
fi
}
function perform_snapshot() {
# shellcheck disable=SC2086
pom_version=$(mvn $MAVEN_CLI_OPTS $java_proxy_args org.apache.maven.plugins:maven-help-plugin:3.2.0:evaluate -Dexpression=project.version -q -DforceStdout | tail -n 1)
case $pom_version in
*-SNAPSHOT)
log_info "Snapshot version for pom (\\e[33;1m${pom_version}\\e[0m): deploy"
# shellcheck disable=SC2086
mvn $MAVEN_CLI_OPTS $java_proxy_args $MAVEN_DEPLOY_ARGS
;;
*)
log_info "Not snapshot version for pom (\\e[33;1m${pom_version}\\e[0m): skip"
;;
esac
}
if [[ -z "$TEMPLATE_CHECK_UPDATE_DISABLED" ]]; then check_for_update maven "1.0.0"; fi
# ENDSCRIPT
# Generic maven job
.mvn-base:
image: $MAVEN_IMAGE
services:
- name: "$CI_REGISTRY/orange-opensource/tbc/tools/tracking:master"
command: ["--service", "maven", "1.0.0" ]
before_script:
- *mvn-scripts
- install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"
- eval_java_proxy_args
# Cache downloaded dependencies and plugins between builds.
# To keep cache across branches add 'key: "$CI_JOB_NAME"'
cache:
key: "$CI_COMMIT_REF_SLUG-maven"
paths:
- ${MAVEN_CFG_DIR}/repository
mvn-build:
extends: .mvn-base
stage: build
script:
- mvn ${TRACE+-X} $MAVEN_CLI_OPTS $java_proxy_args $MAVEN_BUILD_ARGS
- output_coverage
# code coverage RegEx
coverage: '/^(\d+\.?\d*\%) covered$/'
# keep build artifacts and JUnit reports
artifacts:
name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
expire_in: 1 day
reports:
junit:
- "**/target/*-reports/TEST-*.xml"
paths:
- "**/target"
rules:
# exclude merge requests
- if: '$CI_MERGE_REQUEST_ID == null'
# Sonar job
mvn-sonar:
stage: test
extends: .mvn-base
script:
- if [[ "$SONAR_GITLAB_TOKEN" ]]; then sonar_extra_args=$SONAR_GITLAB_ARGS; fi
- mvn ${TRACE+-Dsonar.verbose=true} $MAVEN_CLI_OPTS $java_proxy_args ${SONAR_AUTH_TOKEN+-Dsonar.login=$SONAR_AUTH_TOKEN} ${SONAR_LOGIN+-Dsonar.login=$SONAR_LOGIN} ${SONAR_PASSWORD+-Dsonar.password=$SONAR_PASSWORD} $SONAR_BASE_ARGS $sonar_extra_args
- if [[ "$SONAR_QUALITY_GATE_ENABLED" ]]; then sonar_quality_gate_check; fi
rules:
# exclude merge requests
- if: $CI_MERGE_REQUEST_ID
when: never
# exclude if $SONAR_URL not set
- if: '$SONAR_URL == null || $SONAR_URL == ""'
when: never
# on tags: auto
- if: $CI_COMMIT_TAG
# on production or integration: auto
- if: '$CI_COMMIT_REF_NAME =~ $PROD_REF || $CI_COMMIT_REF_NAME =~ $INTEG_REF'
# else (non-production, non-integration branches): manual if $SONAR_AUTO_ON_DEV_DISABLED
- if: $SONAR_AUTO_ON_DEV_DISABLED
when: manual
allow_failure: true
# else: auto & allow failure
- allow_failure: true
mvn-dependency-check:
extends: .mvn-base
stage: test
# force no dependency
dependencies: []
script:
- mvn ${TRACE+-X} $MAVEN_CLI_OPTS $java_proxy_args $MAVEN_DEPENDENCY_CHECK_ARGS
rules:
# exclude merge requests
- if: $CI_MERGE_REQUEST_ID
when: never
# on schedule: auto
- if: '$CI_PIPELINE_SOURCE == "schedule"'
allow_failure: true
when: always
# all other cases: manual & non-blocking
- when: manual
allow_failure: true
artifacts:
name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
expire_in: 1 day
when: always
paths:
- "**/target/dependency-check-report.*"
mvn-snapshot:
extends: .mvn-base
stage: publish
script:
- perform_snapshot
rules:
# exclude merge requests
- if: $CI_MERGE_REQUEST_ID
when: never
# on tags: never
- if: $CI_COMMIT_TAG
when: never
# exclude unprotected ref if specified
- if: '$MAVEN_DEPLOY_FROM_UNPROTECTED_DISABLED && $CI_COMMIT_REF_PROTECTED != "true"'
when: never
# else: if $MAVEN_DEPLOY_ENABLED is set
- if: $MAVEN_DEPLOY_ENABLED
mvn-release:
extends: .mvn-base
stage: publish
before_script:
- *mvn-scripts
- install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"
- eval_java_proxy_args
- log_info "Preparing Git repository for release..."
- git config --global user.name $GITLAB_USER_ID
- git config --global user.email $GITLAB_USER_EMAIL
- git checkout -B "$CI_BUILD_REF_NAME"
script:
- configure_scm_auth
- maybe_set_version_from_git
- mvn ${TRACE+-X} $MAVEN_CLI_OPTS $java_proxy_args $scm_auth_args $MAVEN_RELEASE_ARGS -DscmCommentPrefix="$MAVEN_RELEASE_SCM_COMMENT_PREFIX"
rules:
# exclude merge requests
- if: $CI_MERGE_REQUEST_ID
when: never
# on production branch(es): manual & non-blocking if $MAVEN_DEPLOY_ENABLED is set
- if: '$MAVEN_DEPLOY_ENABLED && $CI_COMMIT_REF_NAME =~ $PROD_REF'
when: manual
allow_failure: true
# on integration branch(es): manual & non-blocking if $MAVEN_DEPLOY_ENABLED is set
- if: '$MAVEN_DEPLOY_ENABLED && $CI_COMMIT_REF_NAME =~ $INTEG_REF'
when: manual
allow_failure: true
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment