-
Notifications
You must be signed in to change notification settings - Fork 76
/
Copy pathJenkinsfile
114 lines (99 loc) · 3.42 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
@Library('corda-shared-build-pipeline-steps')
import static com.r3.build.BuildControl.killAllExistingBuildsForJob
import groovy.transform.Field
killAllExistingBuildsForJob(env.JOB_NAME, env.BUILD_NUMBER.toInteger())
pipeline {
agent {
dockerfile {
filename '.ci/Dockerfile'
additionalBuildArgs "--build-arg USER=stresstester"
args '-v /var/run/docker.sock:/var/run/docker.sock --group-add 999'
}
}
options { timestamps() }
triggers {
cron (isReleaseBranch() ? 'H 0 * * 1,4' : '')
}
environment {
ARTIFACTORY_CREDENTIALS = credentials('artifactory-credentials')
CORDA_ARTIFACTORY_USERNAME = "${env.ARTIFACTORY_CREDENTIALS_USR}"
CORDA_ARTIFACTORY_PASSWORD = "${env.ARTIFACTORY_CREDENTIALS_PSW}"
EXECUTOR_NUMBER = "${env.EXECUTOR_NUMBER}"
LOOPBACK_ADDRESS = "172.17.0.1"
DOCKER_CREDENTIALS = credentials('docker-for-oracle-login')
SNYK_TOKEN = credentials('c4-ent-snyk-api-token-secret')
}
parameters {
booleanParam name: 'RUN_FREIGHTER_TESTS', defaultValue: false, description: 'Publish Kotlin version to artifactory'
}
stages {
stage("Prep") {
steps {
sh '''
docker login --username ${DOCKER_CREDENTIALS_USR} --password ${DOCKER_CREDENTIALS_PSW}
'''
}
}
stage('Build') {
steps {
sh './gradlew assemble --parallel'
}
}
stage('Snyk Security') {
when {
expression { isReleaseTag() || isReleaseBranch() }
}
steps {
script {
// Invoke Snyk for each Gradle sub project we wish to scan
def modulesToScan = ['contracts', 'workflows']
modulesToScan.each { module ->
snykSecurityScan(env.SNYK_TOKEN, "--sub-project=$module --configuration-matching='^runtimeClasspath\$' --prune-repeated-subdependencies --debug --remote-repo-url='${env.GIT_URL}' --target-reference='${env.BRANCH_NAME}' --project-tags=Branch='${env.BRANCH_NAME.replaceAll("[^0-9|a-z|A-Z]+","_")}'", false, true)
}
}
}
}
stage('Unit / Integration Tests') {
steps {
timeout(30) {
sh "./gradlew test integrationTest -Si --no-daemon --parallel"
}
}
}
stage('Freighter Tests') {
when {
expression { params.RUN_FREIGHTER_TESTS}
}
steps {
timeout(60) {
sh './gradlew freighterTest -Si --no-daemon'
}
}
}
stage('Publish to Artifactory') {
when {
expression { isReleaseTag() }
}
steps {
sh './gradlew artifactoryPublish -Si'
}
}
}
post {
always {
junit '**/build/test-results/**/*.xml'
}
cleanup {
deleteDir() /* clean up our workspace */
}
}
}
def isReleaseTag() {
return (env.TAG_NAME =~ /^release-.*$/)
}
def isReleaseCandidate() {
return (isReleaseTag()) && (env.TAG_NAME =~ /.*-(RC|HC)\d+(-.*)?/)
}
def isReleaseBranch() {
return (env.BRANCH_NAME =~ /^release\/.*$/) || (env.BRANCH_NAME =~ /^1.2$/)
}