forked from SonarSource/docker-sonarqube
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.cirrus.yml
120 lines (111 loc) · 4.51 KB
/
.cirrus.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
env:
# see https://github.com/SonarSource/re-terraform-aws-vault/blob/master/orders/bubble-cfamily.yaml
CIRRUS_VAULT_URL: https://vault.sonar.build:8200
CIRRUS_VAULT_AUTH_PATH: jwt-cirrusci
CIRRUS_VAULT_ROLE: cirrusci-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}
DOCKER_USERNAME: VAULT[development/kv/data/docker/sonardockerrw data.username]
DOCKER_PASSWORD: VAULT[development/kv/data/docker/sonardockerrw data.access_token_rwd]
WS_PRODUCTNAME: SonarSource/docker-sonarqube
STAGING_IMAGE_NAME: sonarsource/sonarqube
PUBLIC_IMAGE_NAME: sonarqube
vm_instance_template: &VM_TEMPLATE
experimental: true # see https://github.com/cirruslabs/cirrus-ci-docs/issues/1051
image: docker-builder-v*
type: t2.small
region: eu-central-1
subnet_id: ${CIRRUS_AWS_SUBNET}
disk: 10
cpu: 4
memory: 16G
multi_arch_build_task:
env:
matrix:
- version: 9/community
tag: 9-community
- version: 9/developer
tag: 9-developer
- version: 9/enterprise
tag: 9-enterprise
- version: 9/datacenter/app
tag: 9-datacenter-app
- version: 9/datacenter/search
tag: 9-datacenter-search
ec2_instance:
<<: *VM_TEMPLATE
login_script:
- docker login --username $DOCKER_USERNAME --password $DOCKER_PASSWORD
setup_script:
- docker run -t --rm --privileged tonistiigi/binfmt --install all
- docker buildx create --name multibuilder
- docker buildx use multibuilder
- docker buildx inspect --bootstrap
build_script:
- echo "Build the ${STAGING_IMAGE_NAME}:${tag} image supporting two architectures, linux/amd64 and linux/arm64"
- docker buildx build --platform linux/amd64,linux/arm64 --tag "${STAGING_IMAGE_NAME}:${tag}" --push ${version}
multi_arch_scan_task:
matrix:
- env:
platform: arm64
- env:
platform: amd64
env:
MEND_API_KEY: VAULT[development/kv/data/mend data.apikey]
WS_WSS_URL: https://saas-eu.whitesourcesoftware.com/agent
matrix:
- tag: 9-enterprise
- tag: 9-datacenter-app
ec2_instance:
<<: *VM_TEMPLATE
login_script:
- docker login --username $DOCKER_USERNAME --password $DOCKER_PASSWORD
setup_script:
- apt-get update && apt-get install -y --no-install-recommends openjdk-17-jre-headless
- curl -sSL https://unified-agent.s3.amazonaws.com/wss-unified-agent.jar -o wss-unified-agent.jar
- echo "docker.includes=${tag}-${platform}" >> .cirrus/wss-unified-agent.config
scan_script:
- echo "Scan the ${STAGING_IMAGE_NAME}:${tag} image supporting linux/${platform}"
- docker pull --platform linux/${platform} "${STAGING_IMAGE_NAME}:${tag}"
- docker tag "${STAGING_IMAGE_NAME}:${tag}" "${STAGING_IMAGE_NAME}:${tag}-${platform}"
- java -jar wss-unified-agent.jar -c .cirrus/wss-unified-agent.config -apiKey $MEND_API_KEY -product ${WS_PRODUCTNAME} -project ${STAGING_IMAGE_NAME}:${tag}-${platform} -wss.url ${WS_WSS_URL} -docker.scanImages true
depends_on: multi_arch_build
public_scan_task:
only_if: $CIRRUS_CRON == 'nightly-mend-scan'
env:
MEND_API_KEY: VAULT[development/kv/data/mend data.apikey]
WS_WSS_URL: https://saas-eu.whitesourcesoftware.com/agent
matrix:
- tag: 9-enterprise
- tag: 9-datacenter-app
ec2_instance:
<<: *VM_TEMPLATE
setup_script:
- apt-get update && apt-get install -y --no-install-recommends openjdk-17-jre-headless
- curl -sSL https://unified-agent.s3.amazonaws.com/wss-unified-agent.jar -o wss-unified-agent.jar
- echo "docker.includes=${tag}" >> .cirrus/wss-unified-agent.config
scan_script:
- echo "Scan the ${PUBLIC_IMAGE_NAME}:${tag} image"
- docker pull "${PUBLIC_IMAGE_NAME}:${tag}"
- java -jar wss-unified-agent.jar -c .cirrus/wss-unified-agent.config -apiKey $MEND_API_KEY -product ${WS_PRODUCTNAME} -project ${PUBLIC_IMAGE_NAME}:${tag} -wss.url ${WS_WSS_URL} -docker.scanImages true
multi_arch_test_docker_builder:
matrix:
- env:
CIRRUS_ARCH: arm64
- env:
CIRRUS_ARCH: amd64
env:
matrix:
- test_name: docker
tag: 9-community
- test_name: docker
tag: 9-developer
- test_name: docker
tag: 9-enterprise
- test_name: docker-compose
tag: 9-datacenter
login_script:
- docker login --username $DOCKER_USERNAME --password $DOCKER_PASSWORD
test_script:
- echo "Test the ${STAGING_IMAGE_NAME}:${tag} image supporting linux/${CIRRUS_ARCH}"
- sysctl -w vm.max_map_count=524288 # set the recommended memory for ES
- ./run-tests.sh "${STAGING_IMAGE_NAME}:${tag}" "${test_name}"
depends_on: multi_arch_build