SONAR-23970 Add conditions to CI

.cirrus.star

@@ -1,5 +1,8 @@
 load("github.com/SonarSource/cirrus-modules@v3", "load_features")
 load("cirrus", "env", "fs", "yaml")
+load(".cirrus/tasks.star", "build_tasks")
+
 
 def main(ctx):
-    return yaml.dumps(load_features(ctx)) + fs.read(".cirrus/tasks.yml")
+    tasks = build_tasks(ctx)
+    return yaml.dumps(load_features(ctx)) + tasks

.cirrus/package.sh

@@ -6,17 +6,33 @@ set -xeuo pipefail
 : "${BUILD_NUMBER:?}"
 : "${CIRRUS_BASE_BRANCH:=}"
 
-[[ -n "${CIRRUS_BASE_BRANCH}" ]] && TARGET_BRANCH="${CIRRUS_BASE_BRANCH}" || TARGET_BRANCH="${CIRRUS_BRANCH}"
+if [[ -n "${CIRRUS_BASE_BRANCH}" ]]; then
+    TARGET_BRANCH="${CIRRUS_BASE_BRANCH}"
+else
+    TARGET_BRANCH="${CIRRUS_BRANCH}"
+fi
 
 PREVIOUS_RELEASE=$(gh api "/repos/{owner}/{repo}/releases" --jq "[.[] | select(.target_commitish==\"${TARGET_BRANCH}\")][1].tag_name")
 
-[[ -z "${PREVIOUS_RELEASE}" ]] && CHARTS=("charts/sonarqube-dce" "charts/sonarqube") || CHARTS=$(ct list-changed --since "${PREVIOUS_RELEASE}" --target-branch "${TARGET_BRANCH}")
+if [[ -z "${PREVIOUS_RELEASE}" ]]; then
+    CHARTS=("charts/sonarqube-dce" "charts/sonarqube")
+else
+    # shellcheck disable=SC2178  # This will output a string, we will use it only in the for-loop, which will split it
+    CHARTS=$(ct list-changed --since "${PREVIOUS_RELEASE}" --target-branch "${TARGET_BRANCH}")
+fi
+
+# If there is a $1 argument, and it is contained in the CHARTS array, then we will only package that chart
+ARG_CHART_NAME=${1:+charts/$1}
+if [[ -n "${ARG_CHART_NAME}" ]] && [[ "${CHARTS[*]}" =~ ${ARG_CHART_NAME} ]]; then
+    CHARTS=("${ARG_CHART_NAME}")
+fi
 
 BUILD_METADATA="-${BUILD_NUMBER}"
 [[ ${CIRRUS_RELEASE:-} != "" ]] && BUILD_METADATA=""
 
 echo "${CHARTS[@]}"
 
+# shellcheck disable=SC2068  # Because ct list-changed will return a string, we want the potential split here
 for chart in ${CHARTS[@]}; do
     _original_version=$(yq '.version' "${chart}"/Chart.yaml)
     _new_version="${_original_version}${BUILD_METADATA}"

.cirrus/sign_chart.sh

@@ -1,13 +1,36 @@
-#!/bin/sh
+#!/bin/bash
 
 set -euo pipefail
 
-echo $SONARSOURCE_SIGN_KEY_PASSPHRASE | gpg --batch --yes --passphrase-fd 0 --import /tmp/key
+: "${SONARSOURCE_SIGN_KEY_PASSPHRASE:?}"
+: "${CIRRUS_WORKING_DIR:?}"
 
-CURRENT_DIR=$(pwd)
+# If there is a $1 argument, treat it as the chart to sign by looking for $1*.tgz* files
+# Otherwise, look for all *.tgz* files in the working directory
+CHART_TO_SIGN=${1:-}
+NAME_GLOB="*.tgz*"
+if [[ -n "${CHART_TO_SIGN}" ]]; then
+    NAME_GLOB="${CHART_TO_SIGN}-[0-9]*.tgz*"
+fi
 
-for chart in $(find $CIRRUS_WORKING_DIR -maxdepth 1 -name "*.tgz*" -type f -exec basename "{}" ";"); do
-    cd $CIRRUS_WORKING_DIR
-    echo $SONARSOURCE_SIGN_KEY_PASSPHRASE | gpg --batch --yes --pinentry-mode loopback --passphrase-fd 0 --output $chart.asc --detach-sig $chart
-    cd $CURRENT_DIR
-done
+find_charts=$(find "${CIRRUS_WORKING_DIR}" -maxdepth 1 -name "${NAME_GLOB}" -type f -exec basename "{}" ";" || exit 1)
+
+CHART_TO_SIGN=()
+while IFS= read -r chart; do
+    CHART_TO_SIGN+=("${chart}")
+done <<< "${find_charts}"
+
+if [[ ${#CHART_TO_SIGN[@]} -eq 0 ]]; then
+    echo "No charts found to sign."
+    exit 1
+fi
+
+# Debugging: Print the charts to be signed
+echo "Charts to sign: ${CHART_TO_SIGN[*]}"
+
+echo "${SONARSOURCE_SIGN_KEY_PASSPHRASE}" | gpg --batch --yes --passphrase-fd 0 --import /tmp/key
+
+for chart in "${CHART_TO_SIGN[@]}"; do
+    echo "Signing ${chart}"
+    echo "${SONARSOURCE_SIGN_KEY_PASSPHRASE}" | gpg --batch --yes --pinentry-mode loopback --passphrase-fd 0 --output "${chart}.asc" --detach-sig "${chart}"
+done

.cirrus/tasks.star

@@ -0,0 +1,16 @@
+load("cirrus", "fs")
+
+
+def build_tasks(ctx):
+    tasks_env = fs.read(".cirrus/tasks_env.yml")
+    tasks_templates = fs.read(".cirrus/tasks_templates.yml")
+    tasks = fs.read(".cirrus/tasks.yml")
+    tasks += fs.read(".cirrus/tasks_sonarqube.yml")
+    tasks += fs.read(".cirrus/tasks_sonarqube_dce.yml")
+    tasks += fs.read(".cirrus/tasks_gcp_marketplace.yml")
+
+    # The release task depends on some sonarqube and sonarqube_dce tasks,
+    # therefore it MUST be loaded AFTER tasks_sonarqube.yml and tasks_sonarqube_dce.yml
+    tasks += fs.read(".cirrus/tasks_release.yml")
+
+    return tasks_env + tasks_templates + tasks