-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathJenkinsfile
108 lines (89 loc) · 3.7 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
#!groovy
@Library('github.com/cloudogu/ces-build-lib@2.4.0')
import com.cloudogu.ces.cesbuildlib.*
goVersion = "1.23"
// Configuration of branches
productionReleaseBranch = "master"
developmentBranch = "develop"
currentBranch = "${env.BRANCH_NAME}"
node('docker') {
repositoryOwner = 'cloudogu'
repositoryName = 'nexus-claim'
project = "github.com/${repositoryOwner}/${repositoryName}"
githubCredentialsId = 'sonarqube-gh'
stage('Checkout') {
checkout scm
}
new Docker(this)
.image("golang:${goVersion}")
.mountJenkinsUser()
.inside("--volume ${WORKSPACE}:/go/src/${project} -w /go/src/${project}") {
stage('Build') {
make 'clean'
make ''
archiveArtifacts 'target/**/*.tar.gz'
}
stage('Unit Test') {
make 'unit-test'
junit allowEmptyResults: true, testResults: 'target/*-tests.xml'
}
stage("Review dog analysis") {
stageStaticAnalysisReviewDog()
}
}
stage('SonarQube') {
stageStaticAnalysisSonarQube()
}
}
String repositoryOwner
String repositoryName
String project
String githubCredentialsId
void make(goal) {
sh "cd /go/src/${project} && make ${goal}"
}
void gitWithCredentials(String command) {
withCredentials([usernamePassword(credentialsId: 'cesmarvin', usernameVariable: 'GIT_AUTH_USR', passwordVariable: 'GIT_AUTH_PSW')]) {
sh(
script: "git -c credential.helper=\"!f() { echo username='\$GIT_AUTH_USR'; echo password='\$GIT_AUTH_PSW'; }; f\" " + command,
returnStdout: true
)
}
}
void stageStaticAnalysisReviewDog() {
def commitSha = sh(returnStdout: true, script: 'git rev-parse HEAD').trim()
withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: 'sonarqube-gh', usernameVariable: 'USERNAME', passwordVariable: 'REVIEWDOG_GITHUB_API_TOKEN']]) {
withEnv(["CI_PULL_REQUEST=${env.CHANGE_ID}", "CI_COMMIT=${commitSha}", "CI_REPO_OWNER=${repositoryOwner}", "CI_REPO_NAME=${repositoryName}"]) {
make 'static-analysis-ci'
}
}
}
void stageStaticAnalysisSonarQube() {
def scannerHome = tool name: 'sonar-scanner', type: 'hudson.plugins.sonar.SonarRunnerInstallation'
withSonarQubeEnv {
sh "git config 'remote.origin.fetch' '+refs/heads/*:refs/remotes/origin/*'"
gitWithCredentials("fetch --all")
if (currentBranch == productionReleaseBranch) {
echo "This branch has been detected as the production branch."
sh "${scannerHome}/bin/sonar-scanner -Dsonar.branch.name=${env.BRANCH_NAME}"
} else if (currentBranch == developmentBranch) {
echo "This branch has been detected as the development branch."
sh "${scannerHome}/bin/sonar-scanner -Dsonar.branch.name=${env.BRANCH_NAME}"
} else if (env.CHANGE_TARGET) {
echo "This branch has been detected as a pull request."
sh "${scannerHome}/bin/sonar-scanner -Dsonar.pullrequest.key=${env.CHANGE_ID} -Dsonar.pullrequest.branch=${env.CHANGE_BRANCH} -Dsonar.pullrequest.base=${developmentBranch}"
} else if (currentBranch.startsWith("feature/")) {
echo "This branch has been detected as a feature branch."
sh "${scannerHome}/bin/sonar-scanner -Dsonar.branch.name=${env.BRANCH_NAME}"
} else {
echo "This branch has been detected as a miscellaneous branch."
sh "${scannerHome}/bin/sonar-scanner -Dsonar.branch.name=${env.BRANCH_NAME} "
}
}
timeout(time: 2, unit: 'MINUTES') { // Needed when there is no webhook for example
def qGate = waitForQualityGate()
if (qGate.status != 'OK') {
unstable("Pipeline unstable due to SonarQube quality gate failure")
}
}
}