From f158b181bb0c03e167dc52cf6cab6d1cfa84a4a5 Mon Sep 17 00:00:00 2001 From: seanbrereton Date: Tue, 9 Apr 2024 11:55:13 +0100 Subject: [PATCH 01/19] Test sonar cloud --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 6a293c445..9b1d4b149 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,4 +1,4 @@ -@Library('corda-shared-build-pipeline-steps@5.3') _ +@Library('corda-shared-build-pipeline-steps@ES-1657/enable-sonarCloud') _ cordaPipelineKubernetesAgent( runIntegrationTests: false, From a2f2db514df96f7c4d4152a03accd114a908fd33 Mon Sep 17 00:00:00 2001 From: seanbrereton Date: Tue, 9 Apr 2024 12:10:18 +0100 Subject: [PATCH 02/19] add sonar to build --- build.gradle | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/build.gradle b/build.gradle index 729514e45..c0d856c35 100644 --- a/build.gradle +++ b/build.gradle @@ -25,6 +25,7 @@ plugins { alias libs.plugins.dokka alias libs.plugins.dependency.check.versions // discover possible dependency version upgrades alias libs.plugins.cyclonedx.bom apply false + id "org.sonarqube" version "4.4.1.3373" } snyk { @@ -35,6 +36,14 @@ snyk { autoUpdate = true } +sonar { + properties { + property "sonar.projectKey", "corda" + property "sonar.organization", "corda" + property "sonar.host.url", "https://sonarcloud.io" + } +} + def revision = { if (System.getenv("CORDA_REVISION")) { return System.getenv("CORDA_REVISION") From 7dc6b2b23a51a138e4c627940c67bddfb98a1c93 Mon Sep 17 00:00:00 2001 From: seanbrereton Date: Tue, 9 Apr 2024 12:31:41 +0100 Subject: [PATCH 03/19] test --- build.gradle | 2 ++ 1 file changed, 2 insertions(+) diff --git a/build.gradle b/build.gradle index c0d856c35..e4a4c8991 100644 --- a/build.gradle +++ b/build.gradle @@ -44,6 +44,8 @@ sonar { } } +invalid gradle + def revision = { if (System.getenv("CORDA_REVISION")) { return System.getenv("CORDA_REVISION") From 7a65583971287e3046b25fb2ad42d0c3ec912cc9 Mon Sep 17 00:00:00 2001 From: seanbrereton Date: Tue, 9 Apr 2024 12:33:29 +0100 Subject: [PATCH 04/19] undo test --- build.gradle | 2 -- 1 file changed, 2 deletions(-) diff --git a/build.gradle b/build.gradle index e4a4c8991..c0d856c35 100644 --- a/build.gradle +++ b/build.gradle @@ -44,8 +44,6 @@ sonar { } } -invalid gradle - def revision = { if (System.getenv("CORDA_REVISION")) { return System.getenv("CORDA_REVISION") From c527a058afb54c960291ad1dfca6e883a9b35095 Mon Sep 17 00:00:00 2001 From: seanbrereton Date: Tue, 9 Apr 2024 15:54:44 +0100 Subject: [PATCH 05/19] add new jenkinsfile for sonarcloud --- .ci/JenkinsfileSonarCloud | 41 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 .ci/JenkinsfileSonarCloud diff --git a/.ci/JenkinsfileSonarCloud b/.ci/JenkinsfileSonarCloud new file mode 100644 index 000000000..99e253c8c --- /dev/null +++ b/.ci/JenkinsfileSonarCloud @@ -0,0 +1,41 @@ +@Library('corda-shared-build-pipeline-steps@5.3') _ + +import com.r3.build.agents.KubernetesAgent +import com.r3.build.enums.BuildEnvironment +import com.r3.build.enums.KubernetesCluster +import com.r3.build.BuildConstants + +KubernetesAgent k8s = new KubernetesAgent( + BuildEnvironment.AMD64_LINUX_JAVA17, + KubernetesCluster.JenkinsAgents, + 1 +) + +pipeline { + agent { + kubernetes { + cloud k8s.buildCluster.cloudName + yaml k8s.JSON + yamlMergeStrategy merge() // important to keep tolerations from the inherited template + idleMinutes 15 + podRetention always() + nodeSelector k8s.nodeSelector + label k8s.jenkinsLabel + showRawYaml true + defaultContainer k8s.defaultContainer.name + } + } + options { + timestamps() + } + + stages { + stage('SonarQube analysis') { + steps { + withSonarQubeEnv('SonarCloud') { + sh './gradlew sonar' + } + } + } + } +} \ No newline at end of file From 52161949995dc0c1a6feb419bce0f3cbbc12b796 Mon Sep 17 00:00:00 2001 From: Ronan Browne Date: Tue, 16 Apr 2024 09:30:39 +0100 Subject: [PATCH 06/19] apply to submodules --- build.gradle | 1 + 1 file changed, 1 insertion(+) diff --git a/build.gradle b/build.gradle index c0d856c35..f008fd4ae 100644 --- a/build.gradle +++ b/build.gradle @@ -122,6 +122,7 @@ subprojects { group 'net.corda' pluginManager.withPlugin('java') { + apply plugin: 'org.sonarqube' java { toolchain { languageVersion = of(javaVersion.majorVersion.toInteger()) From fe8ff9e235b18da8795676dd2d27be17785939ad Mon Sep 17 00:00:00 2001 From: seanbrereton Date: Tue, 16 Apr 2024 11:09:37 +0100 Subject: [PATCH 07/19] move sonar to subProjects --- build.gradle | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/build.gradle b/build.gradle index f008fd4ae..db7073125 100644 --- a/build.gradle +++ b/build.gradle @@ -36,14 +36,6 @@ snyk { autoUpdate = true } -sonar { - properties { - property "sonar.projectKey", "corda" - property "sonar.organization", "corda" - property "sonar.host.url", "https://sonarcloud.io" - } -} - def revision = { if (System.getenv("CORDA_REVISION")) { return System.getenv("CORDA_REVISION") @@ -123,6 +115,14 @@ subprojects { pluginManager.withPlugin('java') { apply plugin: 'org.sonarqube' + sonar { + properties { + property "sonar.projectKey", "corda" + property "sonar.organization", "corda" + property "sonar.host.url", "https://sonarcloud.io" + } + } + java { toolchain { languageVersion = of(javaVersion.majorVersion.toInteger()) From 912bd0bc8869c2da2b41206feed903fa8133224f Mon Sep 17 00:00:00 2001 From: seanbrereton Date: Tue, 16 Apr 2024 11:33:18 +0100 Subject: [PATCH 08/19] dummy code for test --- .../java/net/corda/v5/application/flows/ClientRequestBody.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/application/src/main/java/net/corda/v5/application/flows/ClientRequestBody.java b/application/src/main/java/net/corda/v5/application/flows/ClientRequestBody.java index 0354c5b17..8fa7b7c4e 100644 --- a/application/src/main/java/net/corda/v5/application/flows/ClientRequestBody.java +++ b/application/src/main/java/net/corda/v5/application/flows/ClientRequestBody.java @@ -2,6 +2,7 @@ import net.corda.v5.application.marshalling.MarshallingService; import org.jetbrains.annotations.NotNull; +import java.util.Random; import java.util.List; import java.util.Map; @@ -14,7 +15,7 @@ * @see ClientStartableFlow */ public interface ClientRequestBody { - + Random rand = new Random(); /** * Gets the request body for the {@link ClientStartableFlow}. * From e6b022a3fd2927fa883ad5152fd0511d28d667e1 Mon Sep 17 00:00:00 2001 From: seanbrereton Date: Tue, 16 Apr 2024 11:39:36 +0100 Subject: [PATCH 09/19] test to see if sonar picks up untested code --- .../corda/v5/application/flows/HelloWorldSonarTest.java | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 application/src/main/java/net/corda/v5/application/flows/HelloWorldSonarTest.java diff --git a/application/src/main/java/net/corda/v5/application/flows/HelloWorldSonarTest.java b/application/src/main/java/net/corda/v5/application/flows/HelloWorldSonarTest.java new file mode 100644 index 000000000..cd8315b51 --- /dev/null +++ b/application/src/main/java/net/corda/v5/application/flows/HelloWorldSonarTest.java @@ -0,0 +1,7 @@ +package net.corda.v5.application.flows; + +public class HelloWorldSonarTest { + public static void main(String[] args) { + System.out.println("Hello, World!"); + } +} From 8f075d14b352f77c1ae722dc29d8935aa972e8e6 Mon Sep 17 00:00:00 2001 From: seanbrereton Date: Tue, 16 Apr 2024 11:44:02 +0100 Subject: [PATCH 10/19] undo test changes --- .../net/corda/v5/application/flows/ClientRequestBody.java | 3 +-- .../corda/v5/application/flows/HelloWorldSonarTest.java | 7 ------- 2 files changed, 1 insertion(+), 9 deletions(-) delete mode 100644 application/src/main/java/net/corda/v5/application/flows/HelloWorldSonarTest.java diff --git a/application/src/main/java/net/corda/v5/application/flows/ClientRequestBody.java b/application/src/main/java/net/corda/v5/application/flows/ClientRequestBody.java index 8fa7b7c4e..0354c5b17 100644 --- a/application/src/main/java/net/corda/v5/application/flows/ClientRequestBody.java +++ b/application/src/main/java/net/corda/v5/application/flows/ClientRequestBody.java @@ -2,7 +2,6 @@ import net.corda.v5.application.marshalling.MarshallingService; import org.jetbrains.annotations.NotNull; -import java.util.Random; import java.util.List; import java.util.Map; @@ -15,7 +14,7 @@ * @see ClientStartableFlow */ public interface ClientRequestBody { - Random rand = new Random(); + /** * Gets the request body for the {@link ClientStartableFlow}. * diff --git a/application/src/main/java/net/corda/v5/application/flows/HelloWorldSonarTest.java b/application/src/main/java/net/corda/v5/application/flows/HelloWorldSonarTest.java deleted file mode 100644 index cd8315b51..000000000 --- a/application/src/main/java/net/corda/v5/application/flows/HelloWorldSonarTest.java +++ /dev/null @@ -1,7 +0,0 @@ -package net.corda.v5.application.flows; - -public class HelloWorldSonarTest { - public static void main(String[] args) { - System.out.println("Hello, World!"); - } -} From 4abe42f50a8f8415414055ad2556efe110e5cef9 Mon Sep 17 00:00:00 2001 From: seanbrereton Date: Tue, 16 Apr 2024 15:00:52 +0100 Subject: [PATCH 11/19] Ad snyk code analysis stage --- .ci/JenkinsfileSonarCloud | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/.ci/JenkinsfileSonarCloud b/.ci/JenkinsfileSonarCloud index 99e253c8c..1e2538c1e 100644 --- a/.ci/JenkinsfileSonarCloud +++ b/.ci/JenkinsfileSonarCloud @@ -4,6 +4,7 @@ import com.r3.build.agents.KubernetesAgent import com.r3.build.enums.BuildEnvironment import com.r3.build.enums.KubernetesCluster import com.r3.build.BuildConstants +import com.r3.build.utils.GitUtils KubernetesAgent k8s = new KubernetesAgent( BuildEnvironment.AMD64_LINUX_JAVA17, @@ -11,6 +12,8 @@ KubernetesAgent k8s = new KubernetesAgent( 1 ) +GitUtils gitUtils = new GitUtils(this) + pipeline { agent { kubernetes { @@ -25,10 +28,28 @@ pipeline { defaultContainer k8s.defaultContainer.name } } + + environment { + ARTIFACTORY_CREDENTIALS = credentials('artifactory-credentials') + CORDA_ARTIFACTORY_PASSWORD = "${env.ARTIFACTORY_CREDENTIALS_PSW}" + CORDA_ARTIFACTORY_USERNAME = "${env.ARTIFACTORY_CREDENTIALS_USR}" + BUILD_CACHE_CREDENTIALS = credentials('gradle-ent-cache-credentials') + BUILD_CACHE_PASSWORD = "${env.BUILD_CACHE_CREDENTIALS_PSW}" + BUILD_CACHE_USERNAME = "${env.BUILD_CACHE_CREDENTIALS_USR}" + CORDA_GRADLE_SCAN_KEY = credentials('gradle-build-scans-key') + GRADLE_USER_HOME = "/host_tmp/gradle" + SNYK_TOKEN = credentials("r3-snyk-corda5") + SNYK_ORG_ID = credentials("corda5-snyk-org-id") + } + options { timestamps() } + triggers { + cron (gitUtils.isReleaseBranch() ? '@midnight' : '') + } + stages { stage('SonarQube analysis') { steps { @@ -37,5 +58,11 @@ pipeline { } } } + stage('Snyk Code analysis') { + steps { + sh "snyk code test --json | snyk-to-html -o snyk-code-results-${env.JOB_NAME}.html" + archiveArtifacts artifacts: "snyk-code-results-${env.JOB_NAME}", allowEmptyArchive: true + } + } } -} \ No newline at end of file +} From 74e93f40d6704f8cbb5d792b45a6dc2f86ca0325 Mon Sep 17 00:00:00 2001 From: seanbrereton Date: Tue, 16 Apr 2024 15:05:55 +0100 Subject: [PATCH 12/19] Add branch name --- build.gradle | 1 + 1 file changed, 1 insertion(+) diff --git a/build.gradle b/build.gradle index db7073125..1a262311a 100644 --- a/build.gradle +++ b/build.gradle @@ -120,6 +120,7 @@ subprojects { property "sonar.projectKey", "corda" property "sonar.organization", "corda" property "sonar.host.url", "https://sonarcloud.io" + property "sonar.branch.name", System.getenv("BRANCH_NAME") ?: grgit.branch.current.name } } From 5116ead167913a3048ebc28b4ade748c436509e8 Mon Sep 17 00:00:00 2001 From: seanbrereton Date: Tue, 16 Apr 2024 15:20:06 +0100 Subject: [PATCH 13/19] move sonar to root --- build.gradle | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/build.gradle b/build.gradle index 1a262311a..a63faa345 100644 --- a/build.gradle +++ b/build.gradle @@ -36,6 +36,15 @@ snyk { autoUpdate = true } +sonar { + properties { + property "sonar.projectKey", "corda" + property "sonar.organization", "corda" + property "sonar.host.url", "https://sonarcloud.io" + property "sonar.branch.name", System.getenv("BRANCH_NAME") ?: grgit.branch.current.name + } +} + def revision = { if (System.getenv("CORDA_REVISION")) { return System.getenv("CORDA_REVISION") @@ -114,16 +123,6 @@ subprojects { group 'net.corda' pluginManager.withPlugin('java') { - apply plugin: 'org.sonarqube' - sonar { - properties { - property "sonar.projectKey", "corda" - property "sonar.organization", "corda" - property "sonar.host.url", "https://sonarcloud.io" - property "sonar.branch.name", System.getenv("BRANCH_NAME") ?: grgit.branch.current.name - } - } - java { toolchain { languageVersion = of(javaVersion.majorVersion.toInteger()) From 7c295075d164c57f15863772fb0079333b7afb7c Mon Sep 17 00:00:00 2001 From: seanbrereton Date: Tue, 16 Apr 2024 15:20:57 +0100 Subject: [PATCH 14/19] revert to 5.3 --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 9b1d4b149..6a293c445 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,4 +1,4 @@ -@Library('corda-shared-build-pipeline-steps@ES-1657/enable-sonarCloud') _ +@Library('corda-shared-build-pipeline-steps@5.3') _ cordaPipelineKubernetesAgent( runIntegrationTests: false, From 8b49d9467e3253e85c13f1c0f215e49303ce8ea6 Mon Sep 17 00:00:00 2001 From: seanbrereton Date: Tue, 16 Apr 2024 15:28:47 +0100 Subject: [PATCH 15/19] use snykCode method --- .ci/JenkinsfileSonarCloud | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.ci/JenkinsfileSonarCloud b/.ci/JenkinsfileSonarCloud index 1e2538c1e..b5e712a25 100644 --- a/.ci/JenkinsfileSonarCloud +++ b/.ci/JenkinsfileSonarCloud @@ -5,6 +5,7 @@ import com.r3.build.enums.BuildEnvironment import com.r3.build.enums.KubernetesCluster import com.r3.build.BuildConstants import com.r3.build.utils.GitUtils +import com.r3.build.utils.SnykUtils KubernetesAgent k8s = new KubernetesAgent( BuildEnvironment.AMD64_LINUX_JAVA17, @@ -13,6 +14,7 @@ KubernetesAgent k8s = new KubernetesAgent( ) GitUtils gitUtils = new GitUtils(this) +SnykUtils snykUtils = new SnykUtils(this) pipeline { agent { @@ -60,8 +62,7 @@ pipeline { } stage('Snyk Code analysis') { steps { - sh "snyk code test --json | snyk-to-html -o snyk-code-results-${env.JOB_NAME}.html" - archiveArtifacts artifacts: "snyk-code-results-${env.JOB_NAME}", allowEmptyArchive: true + snykUtils.runSnykCode() } } } From 5b78159b7ee0bd93377f1adff40f08f74e540087 Mon Sep 17 00:00:00 2001 From: seanbrereton Date: Tue, 16 Apr 2024 15:38:31 +0100 Subject: [PATCH 16/19] test --- .ci/JenkinsfileSonarCloud | 4 +++- build.gradle | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.ci/JenkinsfileSonarCloud b/.ci/JenkinsfileSonarCloud index b5e712a25..233946510 100644 --- a/.ci/JenkinsfileSonarCloud +++ b/.ci/JenkinsfileSonarCloud @@ -62,7 +62,9 @@ pipeline { } stage('Snyk Code analysis') { steps { - snykUtils.runSnykCode() + script { + snykUtils.runSnykCode() + } } } } diff --git a/build.gradle b/build.gradle index a63faa345..165139771 100644 --- a/build.gradle +++ b/build.gradle @@ -123,6 +123,7 @@ subprojects { group 'net.corda' pluginManager.withPlugin('java') { + apply plugin: 'org.sonarqube' java { toolchain { languageVersion = of(javaVersion.majorVersion.toInteger()) From 2cc3eedf766d42d968a68a0b4928074c708a81cc Mon Sep 17 00:00:00 2001 From: seanbrereton Date: Tue, 16 Apr 2024 15:45:58 +0100 Subject: [PATCH 17/19] remove branch setting --- build.gradle | 1 - 1 file changed, 1 deletion(-) diff --git a/build.gradle b/build.gradle index 165139771..a1fed6651 100644 --- a/build.gradle +++ b/build.gradle @@ -41,7 +41,6 @@ sonar { property "sonar.projectKey", "corda" property "sonar.organization", "corda" property "sonar.host.url", "https://sonarcloud.io" - property "sonar.branch.name", System.getenv("BRANCH_NAME") ?: grgit.branch.current.name } } From cb6f08fec08ddfc3d1b43d3e959fc7ecde9505b7 Mon Sep 17 00:00:00 2001 From: seanbrereton Date: Tue, 16 Apr 2024 15:57:29 +0100 Subject: [PATCH 18/19] pass branch --- .ci/JenkinsfileSonarCloud | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/JenkinsfileSonarCloud b/.ci/JenkinsfileSonarCloud index 233946510..67b42facf 100644 --- a/.ci/JenkinsfileSonarCloud +++ b/.ci/JenkinsfileSonarCloud @@ -56,7 +56,7 @@ pipeline { stage('SonarQube analysis') { steps { withSonarQubeEnv('SonarCloud') { - sh './gradlew sonar' + sh './gradlew sonar -Dsonar.branch.name=${BRANCH_NAME}' } } } From e45ffae3dcc745049bb07663b61202103aaa4b0c Mon Sep 17 00:00:00 2001 From: seanbrereton Date: Tue, 16 Apr 2024 16:00:57 +0100 Subject: [PATCH 19/19] Undo, doesnt do full scan on branch build --- .ci/JenkinsfileSonarCloud | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/JenkinsfileSonarCloud b/.ci/JenkinsfileSonarCloud index 67b42facf..64ea81e42 100644 --- a/.ci/JenkinsfileSonarCloud +++ b/.ci/JenkinsfileSonarCloud @@ -56,7 +56,7 @@ pipeline { stage('SonarQube analysis') { steps { withSonarQubeEnv('SonarCloud') { - sh './gradlew sonar -Dsonar.branch.name=${BRANCH_NAME}' + sh './gradlew sonar -Si' } } }