Compare commits
73 Commits
pa11y-audi
...
pipeline/p
| Author | SHA1 | Date | |
|---|---|---|---|
| 6fa3cdf8c1 | |||
| ac4c65d930 | |||
| 69884d7384 | |||
| 63af3c7121 | |||
| a31b64b5b6 | |||
| 5112fc5d88 | |||
| c0bc85f860 | |||
| 60769e3c68 | |||
| 7d61382247 | |||
| d1757bc028 | |||
| 0314146633 | |||
| 71f5fbfe78 | |||
| 97abfb0ade | |||
| 44764866a8 | |||
| 1f6a71e0a9 | |||
| a819b3d9a1 | |||
| 4153859453 | |||
| fad3f5fdcc | |||
| 8268ac2a0d | |||
| b4bb6dd7d6 | |||
| 3897b60ef7 | |||
| 61b88898d8 | |||
| 493e9afd64 | |||
| fe3c728823 | |||
| 5db4a47b13 | |||
| 8b6228fe4a | |||
| 672531fc36 | |||
| 7be6603e81 | |||
| c1cffc4d6f | |||
| ad49ba869f | |||
| e16ccf8bf8 | |||
| 4dfdb53bad | |||
| 331ba5fd6b | |||
| b7c0f4e2ab | |||
| 2969fb2a7c | |||
| ab34e49bc1 | |||
| 5de4dfd4f8 | |||
| 1efbd7f5ee | |||
| 63c7b0b3a5 | |||
| f16e377911 | |||
| 4ce857ef7c | |||
| 471b11740e | |||
| ce2c30003e | |||
| f2602a8d27 | |||
| 15adc72606 | |||
| 62615af5e6 | |||
| c5684aafea | |||
| 2222c30054 | |||
| b39c380368 | |||
| 0dd899a291 | |||
| a7a820ac6f | |||
| ce5192d1d9 | |||
| 94abda3f1a | |||
| 8f0d37213b | |||
| d69ee2368a | |||
| 8c23bc688e | |||
| 81017f0b3c | |||
| 18bf648aa7 | |||
| a021d96ca6 | |||
| 499aaca632 | |||
| 61f5eb8d3d | |||
| bfbef60b9d | |||
| 1ef8151a51 | |||
| 279223b6f6 | |||
| 385a83d9ef | |||
| 7b0159c351 | |||
| f09f349189 | |||
| b52cac4f42 | |||
| 7c80e8c6cc | |||
| c653c09fbc | |||
| 14a7bef425 | |||
| cd8525c8b1 | |||
| 407fe87318 |
231
Jenkinsfile
vendored
Normal file
231
Jenkinsfile
vendored
Normal file
@ -0,0 +1,231 @@
|
|||||||
|
@Library("cadoles@pipeline/packaging_pulp") _
|
||||||
|
|
||||||
|
pipeline {
|
||||||
|
|
||||||
|
agent {
|
||||||
|
label 'docker'
|
||||||
|
}
|
||||||
|
|
||||||
|
environment {
|
||||||
|
projectDir = "${env.project_name}_${env.BUILD_ID}"
|
||||||
|
}
|
||||||
|
|
||||||
|
triggers {
|
||||||
|
// Execute pipeline every day at 7h30 to prepare docker images
|
||||||
|
cron('30 7 * * 1-5')
|
||||||
|
}
|
||||||
|
|
||||||
|
stages {
|
||||||
|
|
||||||
|
stage("Prepare build environment") {
|
||||||
|
when {
|
||||||
|
anyOf {
|
||||||
|
triggeredBy cause: "UserIdCause", detail: "wpetit"
|
||||||
|
triggeredBy 'TimerTrigger'
|
||||||
|
}
|
||||||
|
}
|
||||||
|
steps {
|
||||||
|
script {
|
||||||
|
tamarin.prepareEnvironment()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
stage("Package project") {
|
||||||
|
when {
|
||||||
|
not {
|
||||||
|
triggeredBy 'TimerTrigger'
|
||||||
|
}
|
||||||
|
}
|
||||||
|
steps {
|
||||||
|
script {
|
||||||
|
stage("Clone repository") {
|
||||||
|
checkout scm:
|
||||||
|
[
|
||||||
|
$class: 'GitSCM',
|
||||||
|
userRemoteConfigs: [[url: env.repository_url, credentialsId: 'jenkins-forge-ssh']],
|
||||||
|
branches: [[name: env.ref]],
|
||||||
|
extensions: [
|
||||||
|
[$class: 'RelativeTargetDirectory', relativeTargetDir: env.projectDir ],
|
||||||
|
[$class: 'CloneOption', noTags: false, shallow: false, depth: 0, reference: ''],
|
||||||
|
[$class: 'WipeWorkspace' ]
|
||||||
|
]
|
||||||
|
],
|
||||||
|
changelog: false,
|
||||||
|
poll: false
|
||||||
|
}
|
||||||
|
|
||||||
|
stage("Ensure packaging branch") {
|
||||||
|
dir(env.projectDir) {
|
||||||
|
sh 'git checkout "${packageBranch}"'
|
||||||
|
def commitOrRef = env.commit ? env.commit : env.ref
|
||||||
|
def branchesWithCommitOrRef = sh(script: "git branch --contains '${commitOrRef}'", returnStdout: true).split(' ')
|
||||||
|
if (branchesWithCommitOrRef.findAll{env.packageBranch.contains(it)}.any{true}) {
|
||||||
|
currentBuild.result = 'ABORTED'
|
||||||
|
error("La référence `${env.ref}` ne fait pas partie de la branche `${env.packageBranch}` !")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
stage("Check [ci skip] in tag message") {
|
||||||
|
dir(env.projectDir) {
|
||||||
|
sh 'git checkout "${packageBranch}"'
|
||||||
|
def commitTags = sh(script: 'git describe --exact-match --abbrev=0', returnStdout: true).split(' ')
|
||||||
|
for (tag in commitTags) {
|
||||||
|
tag = tag.trim()
|
||||||
|
def tagMessage = sh(script: "git tag --format='%(subject)' -l '${tag}'", returnStdout: true).trim()
|
||||||
|
println("Tag '${tag}' message is: '${tagMessage}'")
|
||||||
|
if (tagMessage.contains('[ci skip]')) {
|
||||||
|
currentBuild.result = 'ABORTED'
|
||||||
|
error("Le message du tag '${tag}' contient le marqueur '[ci-skip]' !")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
stage("Checkout ref") {
|
||||||
|
dir(env.projectDir) {
|
||||||
|
sh """
|
||||||
|
git checkout ${env.ref}
|
||||||
|
"""
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
stage("Build package") {
|
||||||
|
dir(env.projectDir) {
|
||||||
|
// On construit les paquets à partir des informations
|
||||||
|
// de contexte provenant de CPKG et du webhook
|
||||||
|
def result = tamarin.buildPackageWithCPKG(
|
||||||
|
env.packageProfile ? env.packageProfile : "debian",
|
||||||
|
env.packageArch ? env.packageArch : "",
|
||||||
|
env.packageBranch ? env.packageBranch : "",
|
||||||
|
env.baseImage ? env.baseImage : ""
|
||||||
|
)
|
||||||
|
|
||||||
|
// On publie chacun des paquets construits
|
||||||
|
def splittedTag = env.ref.split('/')
|
||||||
|
def repositoryName = "${splittedTag[2]} ${splittedTag[1]}"
|
||||||
|
def distributionName = repositoryName
|
||||||
|
def basePath = repositoryName.replace(' ', '-')
|
||||||
|
def product = splittedTag[2].split('-')[0]
|
||||||
|
def contentGuardMapping = ['mse': 'mse_contentguard']
|
||||||
|
def signingServiceMapping = ['mse': 'sign_deb_release']
|
||||||
|
def credentials = 'jenkins-pulp-api-client'
|
||||||
|
def repositoryHREF = pulp.getRepositoryHREF(credentials, repositoryName)
|
||||||
|
def exportTasks = pulp.exportPackages(credentials, result.packages)
|
||||||
|
def pulpPackages = []
|
||||||
|
exportTasks.each {
|
||||||
|
def created_resources = pulp.waitForTaskCompletion(credentials, it)
|
||||||
|
for (created_resource in created_resources) {
|
||||||
|
pulpPackages << created_resource
|
||||||
|
}
|
||||||
|
}
|
||||||
|
pulp.addToRepository(credentials, pulpPackages, repositoryHREF)
|
||||||
|
// def publicationHREF = pulp.publishRepository(credentials, repositoryHREF, signingServiceMapping.get(product))
|
||||||
|
def publicationHREF = pulp.publishRepository(credentials, repositoryHREF, 'sign_deb_release')
|
||||||
|
def distributionHREF = pulp.distributePublication(credentials, publicationHREF[0], distributionName, basePath, contentGuardMapping.get(product))
|
||||||
|
def distributionURL = pulp.getDistributionURL(credentials, distributionHREF[0])
|
||||||
|
|
||||||
|
// On liste l'ensemble des paquets construits
|
||||||
|
def publishedPackages = result.packages.collect { p ->
|
||||||
|
def file = new File(p)
|
||||||
|
return "- Paquet `${file.getName()}`, Dépôt `${result.env}`, Distribution `${result.distrib}`, URL `${distributionURL}`"
|
||||||
|
}
|
||||||
|
|
||||||
|
// On notifie le canal Rocket.Chat de la publication des paquets
|
||||||
|
rocketSend (
|
||||||
|
avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png',
|
||||||
|
message: """
|
||||||
|
Les paquets suivants ont été publiés pour le projet ${env.project_name}:
|
||||||
|
|
||||||
|
${publishedPackages.join('\n')}
|
||||||
|
|
||||||
|
[Visualiser le job](${env.RUN_DISPLAY_URL})
|
||||||
|
|
||||||
|
@${env.sender_login}
|
||||||
|
""".stripIndent(),
|
||||||
|
rawMessage: true,
|
||||||
|
attachments: lolops.getRandomDeliveryAttachment()
|
||||||
|
)
|
||||||
|
|
||||||
|
if (env.testPackageInstall != 'yes') {
|
||||||
|
println "Test d'intallation des paquets désactivé."
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// On essaye de trouver un template de VM compatible
|
||||||
|
// avec la distribution cible de la construction
|
||||||
|
def vmTemplate = findMatchingVMTemplate(result.distrib)
|
||||||
|
if (vmTemplate == null) {
|
||||||
|
println "Aucun template de VM n'a été trouvé correspondant à la distribution `${result.distrib}`."
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
// Pour chaque paquets construits...
|
||||||
|
result.packages.each { p ->
|
||||||
|
def packageFullName = new File(p).getName()
|
||||||
|
def packageRepository = result.distrib.split('-')[1] + '-' + result.env
|
||||||
|
def packageNameParts = packageFullName.split('_')
|
||||||
|
def packageName = packageNameParts[0]
|
||||||
|
def packageVersion = packageNameParts[1]
|
||||||
|
|
||||||
|
stage("Test package '${packageName}' installation") {
|
||||||
|
build job: 'Test de paquet Debian', wait: false, parameters: [
|
||||||
|
[$class: 'StringParameterValue', name: 'packageName', value: packageName],
|
||||||
|
[$class: 'StringParameterValue', name: 'packageVersion', value: packageVersion],
|
||||||
|
[$class: 'StringParameterValue', name: 'packageRepository', value: packageRepository],
|
||||||
|
[$class: 'StringParameterValue', name: 'vmTemplate', value: vmTemplate]
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
post {
|
||||||
|
always {
|
||||||
|
sh "rm -rf '${env.projectDir}'"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
// Cette fonction fait un simple "mapping"
|
||||||
|
// entre les distributions cibles des paquets et
|
||||||
|
// les templates de VM disponibles sur l'OpenNebula
|
||||||
|
def findMatchingVMTemplate(String distrib) {
|
||||||
|
def vmTemplatesMap = [
|
||||||
|
'eole-2.7.0': 'eolebase-2.7.0-cadoles',
|
||||||
|
'eole-2.6.2': 'eolebase-2.6.2-cadoles'
|
||||||
|
]
|
||||||
|
return vmTemplatesMap.get(distrib, null)
|
||||||
|
}
|
||||||
|
|
||||||
|
def waitForPackages(String tagRef, buildResults) {
|
||||||
|
def packageVersion = tagRef.split('/')[3];
|
||||||
|
def packageDistrib = env.packageBranch.split('/')[2];
|
||||||
|
|
||||||
|
buildResults.each { r ->
|
||||||
|
def distrib = "${packageDistrib}-${r.env}"
|
||||||
|
|
||||||
|
r.packages.each { p ->
|
||||||
|
def file = new File(p)
|
||||||
|
def fileNameParts = file.getName().take(file.getName().lastIndexOf('.')).split('_')
|
||||||
|
def packageName = fileNameParts[0]
|
||||||
|
def packageArch = fileNameParts[2]
|
||||||
|
|
||||||
|
debian.waitForRepoPackage(packageName, [
|
||||||
|
baseURL: 'https://vulcain.cadoles.com',
|
||||||
|
distrib: distrib,
|
||||||
|
component: 'main',
|
||||||
|
type: 'binary',
|
||||||
|
arch: packageArch,
|
||||||
|
expectedVersion: packageVersion
|
||||||
|
])
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
82
pipelines/mse-rgaa.jenkinsfile
Normal file
82
pipelines/mse-rgaa.jenkinsfile
Normal file
@ -0,0 +1,82 @@
|
|||||||
|
import hudson.tasks.test.AbstractTestResultAction
|
||||||
|
|
||||||
|
@Library("cadoles") _
|
||||||
|
|
||||||
|
pipeline {
|
||||||
|
|
||||||
|
parameters {
|
||||||
|
text(name: 'URLS', defaultValue: 'https://msedev.crous-toulouse.fr\nhttps://msedev.crous-toulouse.fr/envole/enregistrement\nhttps://msedev.crous-toulouse.fr/envole/page/faq\nhttps://msedev.crous-toulouse.fr/envole/page/?t=liens_utiles\nhttps://msedev.crous-toulouse.fr/envole/page/?t=mentions_legales\nhttps://msedev.crous-toulouse.fr/envole/message/new\nhttps://msedev.crous-toulouse.fr/envole/recuperation/email\nhttps://msedev.crous-toulouse.fr/envole/courriel/raz', description: 'Liste des URLs à tester, une par ligne')
|
||||||
|
string(name: 'USERNAME', defaultValue: '', description: "Nom d'utilisateur pour l'authentification Basic Auth, si nécessaire")
|
||||||
|
password(name: 'PASSWORD', defaultValue: '', description: "Mot de passe pour l'authentification Basic Auth, si nécessaire")
|
||||||
|
booleanParam(name: 'INCLUDE_WARNINGS', defaultValue: false, description: 'Inclure les avertissements')
|
||||||
|
booleanParam(name: 'INCLUDE_NOTICES', defaultValue: false, description: 'Inclure les notifications')
|
||||||
|
}
|
||||||
|
|
||||||
|
options {
|
||||||
|
disableConcurrentBuilds()
|
||||||
|
}
|
||||||
|
|
||||||
|
agent {
|
||||||
|
node {
|
||||||
|
label "mse"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
stages {
|
||||||
|
stage("Run RGAA audit") {
|
||||||
|
steps {
|
||||||
|
script {
|
||||||
|
def urls = params.URLS.split('\n')
|
||||||
|
|
||||||
|
def count = 0
|
||||||
|
urls.each { u ->
|
||||||
|
stage("Audit page '${u}'") {
|
||||||
|
def report = pa11y.audit(u.trim(), [
|
||||||
|
reporter: 'junit',
|
||||||
|
username: params.USERNAME,
|
||||||
|
password: params.PASSWORD,
|
||||||
|
standard: 'WCAG2AA',
|
||||||
|
includeNotices: params.INCLUDE_NOTICES,
|
||||||
|
includeWarnings: params.INCLUDE_WARNINGS,
|
||||||
|
]);
|
||||||
|
|
||||||
|
writeFile file:"./report_${count}.xml", text:report
|
||||||
|
count++
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
junit "*.xml"
|
||||||
|
|
||||||
|
rocketSend (
|
||||||
|
channel: "#cnous-mse-dev",
|
||||||
|
avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png',
|
||||||
|
message: """
|
||||||
|
Audit RGAA | ${testStatuses()}
|
||||||
|
|
||||||
|
- [Voir les tests](${env.RUN_DISPLAY_URL})
|
||||||
|
|
||||||
|
@here
|
||||||
|
""".stripIndent(),
|
||||||
|
rawMessage: true,
|
||||||
|
)
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@NonCPS
|
||||||
|
def testStatuses() {
|
||||||
|
def testStatus = ""
|
||||||
|
AbstractTestResultAction testResultAction = currentBuild.rawBuild.getAction(AbstractTestResultAction.class)
|
||||||
|
if (testResultAction != null) {
|
||||||
|
def total = testResultAction.totalCount
|
||||||
|
def failed = testResultAction.failCount
|
||||||
|
def skipped = testResultAction.skipCount
|
||||||
|
def passed = total - failed - skipped
|
||||||
|
testStatus = "Passant(s): ${passed}, Échoué(s): ${failed} ${testResultAction.failureDiffString}, Désactivé(s): ${skipped}"
|
||||||
|
}
|
||||||
|
return testStatus
|
||||||
|
}
|
||||||
76
pipelines/sentry.jenkinsfile
Normal file
76
pipelines/sentry.jenkinsfile
Normal file
@ -0,0 +1,76 @@
|
|||||||
|
pipeline {
|
||||||
|
agent {
|
||||||
|
docker {
|
||||||
|
image "getsentry/sentry-cli"
|
||||||
|
args "--entrypoint="
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
environment {
|
||||||
|
projectDir = "${env.project_name}_${env.BUILD_ID}"
|
||||||
|
}
|
||||||
|
|
||||||
|
stages {
|
||||||
|
|
||||||
|
stage("Clone repository") {
|
||||||
|
steps {
|
||||||
|
checkout scm:
|
||||||
|
[
|
||||||
|
$class: 'GitSCM',
|
||||||
|
userRemoteConfigs: [[url: env.repository_url, credentialsId: 'jenkins-forge-ssh']],
|
||||||
|
branches: [[name: env.ref]],
|
||||||
|
extensions: [
|
||||||
|
[$class: 'RelativeTargetDirectory', relativeTargetDir: env.projectDir ],
|
||||||
|
[$class: 'CloneOption', noTags: false, shallow: false, depth: 0, reference: ''],
|
||||||
|
[$class: 'WipeWorkspace' ]
|
||||||
|
]
|
||||||
|
],
|
||||||
|
changelog: false,
|
||||||
|
poll: false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
stage('Create sentry release') {
|
||||||
|
steps {
|
||||||
|
dir(env.projectDir) {
|
||||||
|
withCredentials([
|
||||||
|
string(credentialsId: 'sentry-url', variable: 'SENTRY_URL'),
|
||||||
|
string(credentialsId: 'sentry-release-auth-token', variable: 'SENTRY_AUTH_TOKEN')
|
||||||
|
]) {
|
||||||
|
sh '''
|
||||||
|
SENTRY_CMD="sentry-cli --auth-token \"${SENTRY_AUTH_TOKEN}\" --url \"${SENTRY_URL}\""
|
||||||
|
PROJECT_VERSION=$(sentry-cli releases propose-version)
|
||||||
|
|
||||||
|
$SENTRY_CMD \
|
||||||
|
releases \
|
||||||
|
--org "${sentry_org}" \
|
||||||
|
new \
|
||||||
|
-p "${sentry_project}" ${PROJECT_VERSION}
|
||||||
|
|
||||||
|
(
|
||||||
|
$SENTRY_CMD \
|
||||||
|
releases \
|
||||||
|
--org "${sentry_org}" \
|
||||||
|
set-commits --local \
|
||||||
|
${PROJECT_VERSION} || exit 0
|
||||||
|
)
|
||||||
|
|
||||||
|
$SENTRY_CMD \
|
||||||
|
releases \
|
||||||
|
--org "${sentry_org}" \
|
||||||
|
finalize \
|
||||||
|
${PROJECT_VERSION}
|
||||||
|
'''
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
post {
|
||||||
|
always {
|
||||||
|
cleanWs()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
26
resources/com/cadoles/common/add-letsencrypt-ca.sh
Normal file
26
resources/com/cadoles/common/add-letsencrypt-ca.sh
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -eo pipefail
|
||||||
|
|
||||||
|
DESTDIR=/usr/local/share/ca-certificates
|
||||||
|
UPDATE_CERTS_CMD=update-ca-certificates
|
||||||
|
CERTS="$(cat <<EOF
|
||||||
|
https://letsencrypt.org/certs/isrgrootx1.pem
|
||||||
|
https://letsencrypt.org/certs/isrg-root-x2.pem
|
||||||
|
https://letsencrypt.org/certs/lets-encrypt-r3.pem
|
||||||
|
https://letsencrypt.org/certs/lets-encrypt-e1.pem
|
||||||
|
https://letsencrypt.org/certs/lets-encrypt-r4.pem
|
||||||
|
https://letsencrypt.org/certs/lets-encrypt-e2.pem
|
||||||
|
EOF
|
||||||
|
)"
|
||||||
|
|
||||||
|
cd "$DESTDIR"
|
||||||
|
|
||||||
|
for cert in $CERTS; do
|
||||||
|
echo "Downloading '$cert'..."
|
||||||
|
filename=$(basename "$cert")
|
||||||
|
wget --tries=10 --timeout=30 -O "$filename" "$cert"
|
||||||
|
openssl x509 -in "$filename" -inform PEM -out "$filename.crt"
|
||||||
|
done
|
||||||
|
|
||||||
|
$UPDATE_CERTS_CMD
|
||||||
@ -1,4 +1,4 @@
|
|||||||
FROM golang:1.13 as envtpl
|
FROM golang:1.15 as envtpl
|
||||||
|
|
||||||
ARG HTTP_PROXY=
|
ARG HTTP_PROXY=
|
||||||
ARG HTTPS_PROXY=
|
ARG HTTPS_PROXY=
|
||||||
@ -14,7 +14,7 @@ RUN git clone https://github.com/subfuzion/envtpl /src \
|
|||||||
-ldflags "-X main.AppVersionMetadata=$(date -u +%s)" \
|
-ldflags "-X main.AppVersionMetadata=$(date -u +%s)" \
|
||||||
-a -installsuffix cgo -o ./bin/envtpl ./cmd/envtpl/.
|
-a -installsuffix cgo -o ./bin/envtpl ./cmd/envtpl/.
|
||||||
|
|
||||||
FROM alpine:3.10
|
FROM alpine:3.13
|
||||||
|
|
||||||
ARG HTTP_PROXY=
|
ARG HTTP_PROXY=
|
||||||
ARG HTTPS_PROXY=
|
ARG HTTPS_PROXY=
|
||||||
|
|||||||
@ -10,10 +10,9 @@ rm -f reports/*
|
|||||||
cd reports
|
cd reports
|
||||||
|
|
||||||
lighthouse \
|
lighthouse \
|
||||||
|
"$LIGHTHOUSE_URL" \
|
||||||
--no-enable-error-reporting \
|
--no-enable-error-reporting \
|
||||||
--chrome-flags="--headless --disable-dev-shm-usage --no-sandbox --disable-gpu" \
|
--chrome-flags="--headless --disable-dev-shm-usage --no-sandbox --disable-gpu" \
|
||||||
--config=../config.js \
|
--config=../config.js \
|
||||||
--output json --output html \
|
--output json --output html \
|
||||||
--output-path=lighthouse \
|
--output-path=lighthouse
|
||||||
-- \
|
|
||||||
"$LIGHTHOUSE_URL"
|
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
FROM alpine:3.8
|
FROM alpine:3.12
|
||||||
|
|
||||||
ARG HTTP_PROXY=
|
ARG HTTP_PROXY=
|
||||||
ARG HTTPS_PROXY=
|
ARG HTTPS_PROXY=
|
||||||
@ -7,7 +7,9 @@ ARG https_proxy=
|
|||||||
|
|
||||||
ARG TAMARIN_VERSION=develop
|
ARG TAMARIN_VERSION=develop
|
||||||
|
|
||||||
RUN apk add --no-cache git docker python3 bash
|
RUN apk add --no-cache git docker python3 bash openssl curl
|
||||||
|
|
||||||
|
RUN curl -k https://forge.cadoles.com/Cadoles/Jenkins/raw/branch/master/resources/com/cadoles/common/add-letsencrypt-ca.sh | bash
|
||||||
|
|
||||||
RUN git clone http://forge.cadoles.com/Cadoles/Tamarin /tamarin\
|
RUN git clone http://forge.cadoles.com/Cadoles/Tamarin /tamarin\
|
||||||
&& cd /tamarin\
|
&& cd /tamarin\
|
||||||
|
|||||||
@ -37,55 +37,10 @@ RUN apk --no-cache add \
|
|||||||
python-dev \
|
python-dev \
|
||||||
sqlite-dev \
|
sqlite-dev \
|
||||||
yaml-dev \
|
yaml-dev \
|
||||||
|
sudo \
|
||||||
nodejs \
|
nodejs \
|
||||||
npm
|
npm
|
||||||
|
|
||||||
RUN pip install --upgrade pip \
|
|
||||||
&& pip install \
|
|
||||||
pyClamd==0.4.0 \
|
|
||||||
GitPython==2.1.3 \
|
|
||||||
chardet==3.0.4 \
|
|
||||||
futures==3.2.0 \
|
|
||||||
pyOpenSSL==18.0.0 \
|
|
||||||
ndg-httpsclient==0.4.0 \
|
|
||||||
pyasn1==0.4.2 \
|
|
||||||
scapy==2.4.0 \
|
|
||||||
msgpack==0.5.6 \
|
|
||||||
Jinja2==2.10 \
|
|
||||||
vulndb==0.1.1 \
|
|
||||||
psutil==5.4.8 \
|
|
||||||
ds-store==1.1.2 \
|
|
||||||
pebble==4.3.8 \
|
|
||||||
acora==2.1 \
|
|
||||||
diff-match-patch==20121119 \
|
|
||||||
lz4==1.1.0 \
|
|
||||||
vulners==1.3.0 \
|
|
||||||
ipaddresses==0.0.2 \
|
|
||||||
PyGithub==1.21.0 \
|
|
||||||
pybloomfiltermmap==0.3.14 \
|
|
||||||
phply==0.9.1 nltk==3.0.1 \
|
|
||||||
tblib==0.2.0 \
|
|
||||||
pdfminer==20140328 \
|
|
||||||
lxml==3.4.4 \
|
|
||||||
guess-language==0.2 \
|
|
||||||
cluster==1.1.1b3 \
|
|
||||||
python-ntlm==1.0.1 \
|
|
||||||
halberd==0.2.4 \
|
|
||||||
darts.util.lru==0.5 \
|
|
||||||
markdown==2.6.1 \
|
|
||||||
termcolor==1.1.0 \
|
|
||||||
mitmproxy==0.13 \
|
|
||||||
ruamel.ordereddict==0.4.8 \
|
|
||||||
Flask==0.10.1 \
|
|
||||||
PyYAML==3.12 \
|
|
||||||
tldextract==1.7.2 \
|
|
||||||
esmre==0.3.1 \
|
|
||||||
bravado-core==5.12.1 \
|
|
||||||
subprocess32==3.5.4 \
|
|
||||||
&& npm install -g retire \
|
|
||||||
&& rm -rf /root/.cache/pip \
|
|
||||||
&& apk del build-base linux-headers
|
|
||||||
|
|
||||||
RUN adduser -D w3af
|
RUN adduser -D w3af
|
||||||
|
|
||||||
RUN git clone --depth=1 \
|
RUN git clone --depth=1 \
|
||||||
@ -94,6 +49,9 @@ RUN git clone --depth=1 \
|
|||||||
&& rm -rf /home/w3af/w3af/.git \
|
&& rm -rf /home/w3af/w3af/.git \
|
||||||
&& chown -R w3af /home/w3af/w3af
|
&& chown -R w3af /home/w3af/w3af
|
||||||
|
|
||||||
|
RUN cd /home/w3af/w3af \
|
||||||
|
&& ( ./w3af_console || . /tmp/w3af_dependency_install.sh )
|
||||||
|
|
||||||
COPY run-audit.sh /usr/local/bin/run-audit
|
COPY run-audit.sh /usr/local/bin/run-audit
|
||||||
RUN chmod +x /usr/local/bin/run-audit
|
RUN chmod +x /usr/local/bin/run-audit
|
||||||
|
|
||||||
|
|||||||
@ -8,6 +8,7 @@ def call(Map params = [:]) {
|
|||||||
def distVersion = params.distVersion ? params.distVersion : '2.7.0'
|
def distVersion = params.distVersion ? params.distVersion : '2.7.0'
|
||||||
def distBranchName = params.distBranchName ? params.distBranchName : env.GIT_BRANCH
|
def distBranchName = params.distBranchName ? params.distBranchName : env.GIT_BRANCH
|
||||||
def gitCredentials = params.gitCredentials ? params.gitCredentials : null
|
def gitCredentials = params.gitCredentials ? params.gitCredentials : null
|
||||||
|
def gitCredentialsType = params.gitCredentialsType ? params.gitCredentialsType : 'http'
|
||||||
def gitEmail = params.gitEmail ? params.gitEmail : 'jenkins@cadoles.com'
|
def gitEmail = params.gitEmail ? params.gitEmail : 'jenkins@cadoles.com'
|
||||||
def gitUsername = params.gitUsername ? params.gitUsername : 'Jenkins'
|
def gitUsername = params.gitUsername ? params.gitUsername : 'Jenkins'
|
||||||
def skipCi = params.containsKey('skipCi') ? params.skipCi : false
|
def skipCi = params.containsKey('skipCi') ? params.skipCi : false
|
||||||
@ -89,8 +90,16 @@ def call(Map params = [:]) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (gitCredentials != null) {
|
if (gitCredentials != null) {
|
||||||
git.withHTTPCredentials(gitCredentials) {
|
if (gitCredentialsType == 'http') {
|
||||||
proc.call()
|
git.withHTTPCredentials(gitCredentials) {
|
||||||
|
proc.call()
|
||||||
|
}
|
||||||
|
} else if (gitCredentialsType == 'ssh') {
|
||||||
|
git.withSSHCredentials(gitCredentials) {
|
||||||
|
proc.call()
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
throw new Exception("Unknown git credentials type '${gitCredentialsType}' ! Expected 'ssh' or 'http' (default).")
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
proc.call()
|
proc.call()
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
def waitForRepoPackage(String packageName, Map params = [:]) {
|
def waitForRepoPackage(String packageName, Map params = [:]) {
|
||||||
def expectedVersion = params.expectedVersion ? params.expectedVersion : null
|
def expectedVersion = params.expectedVersion ? params.expectedVersion : null
|
||||||
def delay = params.delay ? params.delay : 30
|
def delay = params.delay ? params.delay : 30
|
||||||
def waitTimeout = params.timeout ? params.timeout : 1200
|
def waitTimeout = params.timeout ? params.timeout : 2400
|
||||||
|
|
||||||
def message = "Waiting for package '${packageName}'"
|
def message = "Waiting for package '${packageName}'"
|
||||||
if (expectedVersion != null) {
|
if (expectedVersion != null) {
|
||||||
|
|||||||
@ -28,3 +28,17 @@ def withHTTPCredentials(String credentialsId, Closure fn) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
def withSSHCredentials(String credentialsId, Closure fn) {
|
||||||
|
def randomUUID = UUID.randomUUID().toString()
|
||||||
|
withCredentials([
|
||||||
|
sshUserPrivateKey(
|
||||||
|
credentialsId: credentialsId,
|
||||||
|
keyFileVariable: 'GIT_SSH_IDENTITY_FILE',
|
||||||
|
)
|
||||||
|
]) {
|
||||||
|
withEnv(['GIT_SSH_VARIANT=ssh', 'GIT_SSH_COMMAND=ssh -i $GIT_SSH_IDENTITY_FILE -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null']) {
|
||||||
|
fn.call()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -30,7 +30,7 @@ def call() {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
stage("Run Lighthouse and pa11y audits") {
|
stage("Run Lighthouse audit") {
|
||||||
steps {
|
steps {
|
||||||
script {
|
script {
|
||||||
def lighthouseImage = buildDockerImage()
|
def lighthouseImage = buildDockerImage()
|
||||||
@ -66,10 +66,9 @@ def call() {
|
|||||||
rocketSend (
|
rocketSend (
|
||||||
avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png',
|
avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png',
|
||||||
message: """
|
message: """
|
||||||
Les audits pour `${params.url}` sont terminés:
|
L'audit Lighthouse pour `${params.url}` est terminé:
|
||||||
|
|
||||||
- [Voir le rapport Lighthouse (bonnes pratiques)](${env.BUILD_URL}Rapports_20d_27audit/lighthouse.report.html)
|
- [Voir le rapport](${env.BUILD_URL}Rapports_20d_27audit/lighthouse.report.html)
|
||||||
- [Voir le rapport pa11y (accessibilité)](${env.BUILD_URL}Rapports_20d_27audit/pa11y.report.html)
|
|
||||||
|
|
||||||
[Lancer un nouvel audit](${env.BUILD_URL}../build)
|
[Lancer un nouvel audit](${env.BUILD_URL}../build)
|
||||||
|
|
||||||
|
|||||||
@ -13,6 +13,15 @@ def getRandomDeliveryAttachment(Integer probability = 25) {
|
|||||||
'https://media.giphy.com/media/QBRlXHKV5mpbLJ4prc/giphy.gif',
|
'https://media.giphy.com/media/QBRlXHKV5mpbLJ4prc/giphy.gif',
|
||||||
'https://media.giphy.com/media/NOsfNQGivMFry/giphy.gif',
|
'https://media.giphy.com/media/NOsfNQGivMFry/giphy.gif',
|
||||||
'https://media.giphy.com/media/M1vu1FJnW6gms/giphy.gif',
|
'https://media.giphy.com/media/M1vu1FJnW6gms/giphy.gif',
|
||||||
|
'https://media.giphy.com/media/555x0gFF89OhVWPkvb/giphy.gif',
|
||||||
|
'https://media.giphy.com/media/9RZu6ahd8LIYHQlGUD/giphy.gif',
|
||||||
|
'https://media.giphy.com/media/9RZu6ahd8LIYHQlGUD/giphy.gif',
|
||||||
|
'https://media.giphy.com/media/W1fFHj6LvyTgfBNdiz/giphy.gif',
|
||||||
|
'https://media.giphy.com/media/1g2JyW7p6mtZc6bOEY/giphy.gif',
|
||||||
|
'https://media.giphy.com/media/ORiFE3ijpNaIWDoOqP/giphy.gif',
|
||||||
|
'https://media.giphy.com/media/r16Zmuvt1hSTK/giphy.gif',
|
||||||
|
'https://media.giphy.com/media/bF8Tvy2Ta0mqxXgaPV/giphy.gif',
|
||||||
|
'https://media.giphy.com/media/C0XT6BmLC3nGg/giphy.gif'
|
||||||
]
|
]
|
||||||
Random rnd = new Random()
|
Random rnd = new Random()
|
||||||
if (rnd.nextInt(100) > probability) {
|
if (rnd.nextInt(100) > probability) {
|
||||||
|
|||||||
154
vars/pulp.groovy
Normal file
154
vars/pulp.groovy
Normal file
@ -0,0 +1,154 @@
|
|||||||
|
import groovy.json.JsonOutput
|
||||||
|
|
||||||
|
def getResourceHREF(
|
||||||
|
String credentials,
|
||||||
|
String resourceEndpoint,
|
||||||
|
String resourceName,
|
||||||
|
String pulpHost = 'pulp.cadoles.com'
|
||||||
|
) {
|
||||||
|
def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/${resourceEndpoint}", httpMode: 'GET', ignoreSslErrors: true, validResponseCodes: "200"
|
||||||
|
def jsonResponse = readJSON text: response.content
|
||||||
|
def resource = jsonResponse.results.find { it -> it.name == resourceName}
|
||||||
|
if (resource) {
|
||||||
|
return resource.pulp_href
|
||||||
|
}
|
||||||
|
return null
|
||||||
|
}
|
||||||
|
|
||||||
|
def waitForTaskCompletion(
|
||||||
|
String credentials,
|
||||||
|
String taskHREF,
|
||||||
|
String pulpHost = 'pulp.cadoles.com'
|
||||||
|
) {
|
||||||
|
def status = ''
|
||||||
|
def created_resources = []
|
||||||
|
while (status != 'completed') {
|
||||||
|
def response = httpRequest authentication: credentials, url: "https://${pulpHost}${taskHREF}", httpMode: 'GET', ignoreSslErrors: true, validResponseCodes: "200"
|
||||||
|
def jsonResponse = readJSON text: response.content
|
||||||
|
status = jsonResponse.state
|
||||||
|
if (status == 'completed') {
|
||||||
|
return jsonResponse.created_resources
|
||||||
|
} else if (!(status in ['running','waiting'])) {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
sleep(10)
|
||||||
|
}
|
||||||
|
throw new Exception("Task failed:" + jsonResponse.error.description)
|
||||||
|
}
|
||||||
|
|
||||||
|
def exportPackages(
|
||||||
|
String credentials,
|
||||||
|
List packages = [],
|
||||||
|
String pulpHost = 'pulp.cadoles.com'
|
||||||
|
) {
|
||||||
|
def exportTasks = []
|
||||||
|
packages.each {
|
||||||
|
def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/content/deb/packages/", httpMode: 'POST', ignoreSslErrors: true, multipartName: "file", timeout: 900, uploadFile: "${it}", validResponseCodes: "202"
|
||||||
|
def jsonResponse = readJSON text: response.content
|
||||||
|
exportTasks << jsonResponse['task']
|
||||||
|
}
|
||||||
|
return exportTasks
|
||||||
|
}
|
||||||
|
|
||||||
|
def createRepository(
|
||||||
|
String credentials,
|
||||||
|
String name,
|
||||||
|
String pulpHost = 'pulp.cadoles.com'
|
||||||
|
) {
|
||||||
|
def repositoryName = ["name": name]
|
||||||
|
def postBody = JsonOutput.toJson(repositoryName)
|
||||||
|
def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/repositories/deb/apt/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "201"
|
||||||
|
def jsonResponse = readJSON text: response.content
|
||||||
|
return jsonResponse.pulp_href
|
||||||
|
|
||||||
|
}
|
||||||
|
def getRepositoryHREF(
|
||||||
|
String credentials,
|
||||||
|
String repository = 'Cadoles4MSE unstable'
|
||||||
|
) {
|
||||||
|
def repositoryHREF = getResourceHREF(credentials, 'repositories/deb/apt/', repository)
|
||||||
|
if (repositoryHREF) {
|
||||||
|
return repositoryHREF
|
||||||
|
} else {
|
||||||
|
return createRepository(credentials, repository)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
def addToRepository(
|
||||||
|
String credentials,
|
||||||
|
List packagesHREF,
|
||||||
|
String repositoryHREF,
|
||||||
|
String pulpHost = 'pulp.cadoles.com'
|
||||||
|
) {
|
||||||
|
def packagesHREFURL = ["add_content_units": packagesHREF.collect { "https://$pulpHost$it" }]
|
||||||
|
def postBody = JsonOutput.toJson(packagesHREFURL)
|
||||||
|
def response = httpRequest authentication: credentials, url: "https://${pulpHost}${repositoryHREF}modify/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "202"
|
||||||
|
def jsonResponse = readJSON text: response.content
|
||||||
|
return waitForTaskCompletion(credentials, jsonResponse.task)
|
||||||
|
}
|
||||||
|
|
||||||
|
def publishRepository(
|
||||||
|
String credentials,
|
||||||
|
String repositoryHREF,
|
||||||
|
String signing_service = null,
|
||||||
|
String pulpHost = 'pulp.cadoles.com'
|
||||||
|
) {
|
||||||
|
def postContent = ["repository": repositoryHREF, "simple": true]
|
||||||
|
if (signing_service) {
|
||||||
|
def signingServiceHREF = getResourceHREF(credentials, 'signing-services/', signing_service)
|
||||||
|
if (signingServiceHREF) {
|
||||||
|
postContent.put("signing_service", "https://${pulpHost}${signingServiceHREF}")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
def postBody = JsonOutput.toJson(postContent)
|
||||||
|
def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/publications/deb/apt/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "202"
|
||||||
|
def jsonResponse = readJSON text: response.content
|
||||||
|
return waitForTaskCompletion(credentials, jsonResponse.task)
|
||||||
|
}
|
||||||
|
|
||||||
|
def distributePublication(
|
||||||
|
String credentials,
|
||||||
|
String publicationHREF,
|
||||||
|
String distributionName,
|
||||||
|
String basePath,
|
||||||
|
String contentGuard = null,
|
||||||
|
String pulpHost = 'pulp.cadoles.com'
|
||||||
|
) {
|
||||||
|
def httpMode = ''
|
||||||
|
def url = ''
|
||||||
|
def distributionHREF = getResourceHREF(credentials, 'distributions/deb/apt/', distributionName)
|
||||||
|
if (distributionHREF) {
|
||||||
|
httpMode = 'PUT'
|
||||||
|
url = distributionHREF
|
||||||
|
} else {
|
||||||
|
httpMode = 'POST'
|
||||||
|
url = '/pulp/api/v3/distributions/deb/apt/'
|
||||||
|
}
|
||||||
|
def bodyContent = ["publication": publicationHREF, "name": distributionName, "base_path": basePath]
|
||||||
|
if (contentGuard) {
|
||||||
|
def contentGuardHREF = getResourceHREF(credentials, 'contentguards/core/rbac/', contentGuard)
|
||||||
|
if (contentGuardHREF) {
|
||||||
|
bodyContent.put('content_guard', "https://${pulpHost}${contentGuardHREF}")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
def postBody = JsonOutput.toJson(bodyContent)
|
||||||
|
response = httpRequest authentication: credentials, url: "https://${pulpHost}${url}", httpMode: httpMode, requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "202"
|
||||||
|
jsonResponse = readJSON text: response.content
|
||||||
|
if (distributionHREF) {
|
||||||
|
waitForTaskCompletion(credentials, jsonResponse.task)
|
||||||
|
return [url]
|
||||||
|
} else {
|
||||||
|
return waitForTaskCompletion(credentials, jsonResponse.task)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
def getDistributionURL(
|
||||||
|
String credentials,
|
||||||
|
String resourceHREF,
|
||||||
|
String pulpHost = 'pulp.cadoles.com'
|
||||||
|
) {
|
||||||
|
def response = httpRequest authentication: credentials, url: "https://${pulpHost}${resourceHREF}", httpMode: 'GET', ignoreSslErrors: true, validResponseCodes: "200"
|
||||||
|
def jsonResponse = readJSON text: response.content
|
||||||
|
println(jsonResponse)
|
||||||
|
return jsonResponse.base_url
|
||||||
|
}
|
||||||
154
vars/pulp.groovy.bak
Normal file
154
vars/pulp.groovy.bak
Normal file
@ -0,0 +1,154 @@
|
|||||||
|
import groovy.json.JsonOutput
|
||||||
|
|
||||||
|
def getResourceHREF(
|
||||||
|
String credentials,
|
||||||
|
String resourceEndpoint,
|
||||||
|
String resourceName,
|
||||||
|
String pulpHost = 'pulp.cadoles.com'
|
||||||
|
) {
|
||||||
|
def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/${resourceEndpoint}", httpMode: 'GET', ignoreSslErrors: true, validResponseCodes: "200"
|
||||||
|
def jsonResponse = readJSON text: response.content
|
||||||
|
def resource = jsonResponse.results.find { it -> it.name == resourceName}
|
||||||
|
if (resource) {
|
||||||
|
return resource.pulp_href
|
||||||
|
}
|
||||||
|
return null
|
||||||
|
}
|
||||||
|
|
||||||
|
def waitForTaskCompletion(
|
||||||
|
String credentials,
|
||||||
|
String taskHREF,
|
||||||
|
String pulpHost = 'pulp.cadoles.com'
|
||||||
|
) {
|
||||||
|
def status = ''
|
||||||
|
def created_resources = []
|
||||||
|
while (status != 'completed') {
|
||||||
|
def response = httpRequest authentication: credentials, url: "https://${pulpHost}${taskHREF}", httpMode: 'GET', ignoreSslErrors: true, validResponseCodes: "200"
|
||||||
|
def jsonResponse = readJSON text: response.content
|
||||||
|
status = jsonResponse.state
|
||||||
|
if (status == 'completed') {
|
||||||
|
return jsonResponse.created_resources
|
||||||
|
} else if (!(status in ['running','waiting'])) {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
sleep(10)
|
||||||
|
}
|
||||||
|
throw new Exception("Task failed:" + jsonResponse.error.description)
|
||||||
|
}
|
||||||
|
|
||||||
|
def exportPackages(
|
||||||
|
String credentials,
|
||||||
|
List packages = [],
|
||||||
|
String pulpHost = 'pulp.cadoles.com'
|
||||||
|
) {
|
||||||
|
def exportTasks = []
|
||||||
|
packages.each {
|
||||||
|
def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/content/deb/packages/", httpMode: 'POST', ignoreSslErrors: true, multipartName: "file", timeout: 900, uploadFile: "${it}", validResponseCodes: "202"
|
||||||
|
def jsonResponse = readJSON text: response.content
|
||||||
|
exportTasks << jsonResponse['task']
|
||||||
|
}
|
||||||
|
return exportTasks
|
||||||
|
}
|
||||||
|
|
||||||
|
def createRepository(
|
||||||
|
String credentials,
|
||||||
|
String name,
|
||||||
|
String pulpHost = 'pulp.cadoles.com'
|
||||||
|
) {
|
||||||
|
def repositoryName = ["name": name]
|
||||||
|
def postBody = JsonOutput.toJson(repositoryName)
|
||||||
|
def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/repositories/deb/apt/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "201"
|
||||||
|
def jsonResponse = readJSON text: response.content
|
||||||
|
return jsonResponse.pulp_href
|
||||||
|
|
||||||
|
}
|
||||||
|
def getRepositoryHREF(
|
||||||
|
String credentials,
|
||||||
|
String repository = 'Cadoles4MSE unstable'
|
||||||
|
) {
|
||||||
|
def repositoryHREF = getResourceHREF(credentials, 'repositories/deb/apt/', repository)
|
||||||
|
if (repositoryHREF) {
|
||||||
|
return repositoryHREF
|
||||||
|
} else {
|
||||||
|
return createRepository(credentials, repository)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
def addToRepository(
|
||||||
|
String credentials,
|
||||||
|
List packagesHREF,
|
||||||
|
String repositoryHREF,
|
||||||
|
String pulpHost = 'pulp.cadoles.com'
|
||||||
|
) {
|
||||||
|
def packagesHREFURL = ["add_content_units": packagesHREF.collect { "https://$pulpHost$it" }]
|
||||||
|
def postBody = JsonOutput.toJson(packagesHREFURL)
|
||||||
|
def response = httpRequest authentication: credentials, url: "https://${pulpHost}${repositoryHREF}modify/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "202"
|
||||||
|
def jsonResponse = readJSON text: response.content
|
||||||
|
return waitForTaskCompletion(credentials, jsonResponse.task)
|
||||||
|
}
|
||||||
|
|
||||||
|
def publishRepository(
|
||||||
|
String credentials,
|
||||||
|
String repositoryHREF,
|
||||||
|
String signing_service = null,
|
||||||
|
String pulpHost = 'pulp.cadoles.com'
|
||||||
|
) {
|
||||||
|
def postContent = ["repository": repositoryHREF, "simple": true]
|
||||||
|
if (signing_service) {
|
||||||
|
def signingServiceHREF = getResourceHREF(credentials, 'signing-services/', signing_service)
|
||||||
|
if (signingServiceHREF) {
|
||||||
|
postContent.put("signing_service", "https://${pulpHost}${signingServiceHREF}")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
def postBody = JsonOutput.toJson(postContent)
|
||||||
|
def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/publications/deb/apt/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "202"
|
||||||
|
def jsonResponse = readJSON text: response.content
|
||||||
|
return waitForTaskCompletion(credentials, jsonResponse.task)
|
||||||
|
}
|
||||||
|
|
||||||
|
def distributePublication(
|
||||||
|
String credentials,
|
||||||
|
String publicationHREF,
|
||||||
|
String distributionName,
|
||||||
|
String basePath,
|
||||||
|
String contentGuard = null,
|
||||||
|
String pulpHost = 'pulp.cadoles.com'
|
||||||
|
) {
|
||||||
|
def httpMode = ''
|
||||||
|
def url = ''
|
||||||
|
def distributionHREF = getResourceHREF(credentials, 'distributions/deb/apt/', distributionName)
|
||||||
|
if (distributionHREF) {
|
||||||
|
httpMode = 'PUT'
|
||||||
|
url = distributionHREF
|
||||||
|
} else {
|
||||||
|
httpMode = 'POST'
|
||||||
|
url = '/pulp/api/v3/distributions/deb/apt/'
|
||||||
|
}
|
||||||
|
def bodyContent = ["publication": publicationHREF, "name": distributionName, "base_path": basePath]
|
||||||
|
if (contentGuard) {
|
||||||
|
def contentGuardHREF = getResourceHREF(credentials, 'contentguards/core/rbac/', contentGuard)
|
||||||
|
if (contentGuardHREF) {
|
||||||
|
bodyContent.put('content_guard', "https://${pulpHost}${contentGuardHREF}")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
def postBody = JsonOutput.toJson(bodyContent)
|
||||||
|
response = httpRequest authentication: credentials, url: "https://${pulpHost}${url}", httpMode: httpMode, requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "202"
|
||||||
|
jsonResponse = readJSON text: response.content
|
||||||
|
if (distributionHREF) {
|
||||||
|
waitForTaskCompletion(credentials, jsonResponse.task)
|
||||||
|
return [url]
|
||||||
|
} else {
|
||||||
|
return waitForTaskCompletion(credentials, jsonResponse.task)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
def getDistributionURL(
|
||||||
|
String credentials,
|
||||||
|
String resourceHREF,
|
||||||
|
String pulpHost = 'pulp.cadoles.com'
|
||||||
|
) {
|
||||||
|
def response = httpRequest authentication: credentials, url: "https://${pulpHost}${resourceHREF}", httpMode: 'GET', ignoreSslErrors: true, validResponseCodes: "200"
|
||||||
|
def jsonResponse = readJSON text: response.content
|
||||||
|
println(jsonResponse)
|
||||||
|
return jsonResponse.base_url
|
||||||
|
}
|
||||||
80
vars/sonarqube.groovy
Normal file
80
vars/sonarqube.groovy
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
// Pipeline de scan de projet avec SonarQube
|
||||||
|
def call() {
|
||||||
|
pipeline {
|
||||||
|
agent {
|
||||||
|
label 'docker'
|
||||||
|
}
|
||||||
|
|
||||||
|
environment {
|
||||||
|
projectDir = "${env.project_name}_${env.BUILD_ID}"
|
||||||
|
}
|
||||||
|
|
||||||
|
stages {
|
||||||
|
stage("Package project") {
|
||||||
|
when {
|
||||||
|
not {
|
||||||
|
triggeredBy 'TimerTrigger'
|
||||||
|
}
|
||||||
|
}
|
||||||
|
steps {
|
||||||
|
script {
|
||||||
|
stage("Clone repository") {
|
||||||
|
checkout scm:
|
||||||
|
[
|
||||||
|
$class: 'GitSCM',
|
||||||
|
userRemoteConfigs: [[url: env.repository_url, credentialsId: 'jenkins-forge-ssh']],
|
||||||
|
branches: [[name: env.ref]],
|
||||||
|
extensions: [
|
||||||
|
[$class: 'RelativeTargetDirectory', relativeTargetDir: env.projectDir ],
|
||||||
|
[$class: 'CloneOption', noTags: false, shallow: false, depth: 0, reference: ''],
|
||||||
|
[$class: 'WipeWorkspace' ]
|
||||||
|
]
|
||||||
|
],
|
||||||
|
changelog: false,
|
||||||
|
poll: false
|
||||||
|
}
|
||||||
|
|
||||||
|
stage("Scan project") {
|
||||||
|
dir(env.projectDir) {
|
||||||
|
withCredentials([
|
||||||
|
string(credentialsId: 'SONARQUBE_URL', variable: 'SONARQUBE_URL'),
|
||||||
|
string(credentialsId: 'SONARQUBE_TOKEN', variable: 'SONARQUBE_TOKEN'),
|
||||||
|
]) {
|
||||||
|
sh """
|
||||||
|
docker run \
|
||||||
|
--rm \
|
||||||
|
-e SONAR_HOST_URL="${env.SONARQUBE_URL}" \
|
||||||
|
-e SONAR_LOGIN="${env.SONARQUBE_TOKEN}" \
|
||||||
|
-v "${env.WORKSPACE}/${env.projectDir}/:/usr/src" \
|
||||||
|
sonarsource/sonar-scanner-cli \
|
||||||
|
-Dsonar.projectKey=${env.sonarqubeProjectKey} \
|
||||||
|
-Dsonar.projectVersion=${env.ref}
|
||||||
|
"""
|
||||||
|
}
|
||||||
|
|
||||||
|
// On notifie le canal Rocket.Chat du scan
|
||||||
|
// rocketSend (
|
||||||
|
// avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png',
|
||||||
|
// message: """
|
||||||
|
// Le projet ${env.project_name} a été scanné par SonarQube.
|
||||||
|
|
||||||
|
// - [Voir les résultats](${env.SONARQUBE_URL}/dashboard?id=${env.sonarqubeProjectKey})
|
||||||
|
// - [Visualiser le job](${env.RUN_DISPLAY_URL})
|
||||||
|
|
||||||
|
// @${env.sender_login}
|
||||||
|
// """.stripIndent(),
|
||||||
|
// rawMessage: true,
|
||||||
|
// )
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
post {
|
||||||
|
always {
|
||||||
|
sh "rm -rf '${env.projectDir}'"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -7,46 +7,38 @@ def buildPackageWithCPKG(
|
|||||||
Boolean forceRebuild = false
|
Boolean forceRebuild = false
|
||||||
) {
|
) {
|
||||||
|
|
||||||
def builds = []
|
def result = [:]
|
||||||
|
|
||||||
// Retrieve commit tags
|
// Retrieve commit tags
|
||||||
def commitTags = sh(script: 'git describe --exact-match --abbrev=0', returnStdout: true).split(' ')
|
def commitTag = sh(script: 'git describe --exact-match --abbrev=0', returnStdout: true)
|
||||||
if (commitTags.length == 0) {
|
if (commitTag == '') {
|
||||||
error 'No build build tags on last commit'
|
error 'No build build tags on last commit'
|
||||||
}
|
}
|
||||||
|
|
||||||
// For each tags
|
// Split tag to retrieve context informations
|
||||||
for (tag in commitTags) {
|
def tagParts = commitTag.split('/')
|
||||||
|
def packageEnv = tagParts[1]
|
||||||
|
def packageDistrib = tagParts[2]
|
||||||
|
def packageVersion = tagParts[3]
|
||||||
|
|
||||||
// Split tag to retrieve context informations
|
// Create .tamarinrc file
|
||||||
def tagParts = tag.split('/')
|
def tamarinrc = """
|
||||||
def packageEnv = tagParts[1]
|
project_version=${packageVersion}
|
||||||
def packageDistrib = tagParts[2]
|
no_version_suffix=${ packageEnv == 'stable' || packageEnv == 'staging' ? 'yes' : 'no' }
|
||||||
def packageVersion = tagParts[3]
|
""".stripIndent()
|
||||||
|
writeFile file: '.tamarinrc', text: tamarinrc
|
||||||
|
|
||||||
// Create .tamarinrc file
|
sh "rm -rf ${destDir}/*"
|
||||||
def tamarinrc = """
|
|
||||||
project_version=${packageVersion}
|
|
||||||
no_version_suffix=${ packageEnv == 'stable' || packageEnv == 'staging' ? 'yes' : 'no' }
|
|
||||||
""".stripIndent()
|
|
||||||
writeFile file: '.tamarinrc', text: tamarinrc
|
|
||||||
|
|
||||||
sh "rm -rf ${destDir}/*"
|
|
||||||
|
|
||||||
stage("Build ${packageEnv} package (version ${packageVersion}) for ${packageDistrib}") {
|
|
||||||
def result = [:]
|
|
||||||
result.put('tag', tag)
|
|
||||||
result.put('env', packageEnv)
|
|
||||||
result.put('version', packageVersion)
|
|
||||||
result.put('distrib', packageDistrib)
|
|
||||||
def packages = buildPackage(packageProfile, packageArch, baseImage, destDir, forceRebuild)
|
|
||||||
result.put('packages', packages)
|
|
||||||
builds << result
|
|
||||||
}
|
|
||||||
|
|
||||||
|
stage("Build ${packageEnv} package (version ${packageVersion}) for ${packageDistrib}") {
|
||||||
|
result.put('tag', commitTag)
|
||||||
|
result.put('env', packageEnv)
|
||||||
|
result.put('version', packageVersion)
|
||||||
|
result.put('distrib', packageDistrib)
|
||||||
|
def packages = buildPackage(packageProfile, packageArch, baseImage, destDir, forceRebuild)
|
||||||
|
result.put('packages', packages)
|
||||||
}
|
}
|
||||||
|
return result
|
||||||
return builds
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -122,6 +114,9 @@ def buildDockerImage() {
|
|||||||
def runTamarinScript = libraryResource 'com/cadoles/tamarin/run-tamarin.sh'
|
def runTamarinScript = libraryResource 'com/cadoles/tamarin/run-tamarin.sh'
|
||||||
writeFile file:'run-tamarin.sh', text:runTamarinScript
|
writeFile file:'run-tamarin.sh', text:runTamarinScript
|
||||||
|
|
||||||
|
def addLetsEncryptCA = libraryResource 'com/cadoles/common/add-letsencrypt-ca.sh'
|
||||||
|
writeFile file:'add-letsencrypt-ca.sh', text:addLetsEncryptCA
|
||||||
|
|
||||||
def safeJobName = URLDecoder.decode(env.JOB_NAME).toLowerCase().replace('/', '-').replace(' ', '-')
|
def safeJobName = URLDecoder.decode(env.JOB_NAME).toLowerCase().replace('/', '-').replace(' ', '-')
|
||||||
def imageTag = "${safeJobName}-${env.BUILD_ID}"
|
def imageTag = "${safeJobName}-${env.BUILD_ID}"
|
||||||
return docker.build("tamarin:${imageTag}", ".")
|
return docker.build("tamarin:${imageTag}", ".")
|
||||||
|
|||||||
Reference in New Issue
Block a user