Le paramètre doit être de type string

This reverts commit fad3f5fdcc.

Jenkinsfile

@@ -0,0 +1,231 @@
+@Library("cadoles@pipeline/packaging_pulp") _
+
+pipeline {
+
+    agent {
+        label 'docker'
+    }
+    
+    environment {
+        projectDir = "${env.project_name}_${env.BUILD_ID}" 
+    }
+
+    triggers {
+        // Execute pipeline every day at 7h30 to prepare docker images
+        cron('30 7 * * 1-5')
+    }
+
+    stages {
+
+        stage("Prepare build environment") {
+            when {
+                anyOf {
+                    triggeredBy cause: "UserIdCause", detail: "wpetit"
+                    triggeredBy 'TimerTrigger'
+                }   
+            }
+            steps {
+                script {
+                    tamarin.prepareEnvironment()
+                }
+            }
+        }
+
+        stage("Package project") {
+            when {
+                not {
+                    triggeredBy 'TimerTrigger'
+                }
+            }
+            steps {
+                script {
+                    stage("Clone repository") {
+                        checkout scm: 
+                            [
+                                $class: 'GitSCM', 
+                                userRemoteConfigs: [[url: env.repository_url, credentialsId: 'jenkins-forge-ssh']], 
+                                branches: [[name: env.ref]],
+                                extensions: [
+                                    [$class: 'RelativeTargetDirectory', relativeTargetDir: env.projectDir ],
+                                    [$class: 'CloneOption', noTags: false, shallow: false, depth: 0, reference: ''],
+                                    [$class: 'WipeWorkspace' ]
+                                ]
+                            ], 
+                            changelog: false, 
+                            poll: false
+                    }
+                    
+                    stage("Ensure packaging branch") {
+                        dir(env.projectDir) {
+                            sh 'git checkout "${packageBranch}"'
+                            def commitOrRef = env.commit ? env.commit : env.ref
+                            def branchesWithCommitOrRef = sh(script: "git branch --contains '${commitOrRef}'", returnStdout: true).split(' ')
+                            if (branchesWithCommitOrRef.findAll{env.packageBranch.contains(it)}.any{true}) {
+                                currentBuild.result = 'ABORTED'
+                                error("La référence `${env.ref}` ne fait pas partie de la branche `${env.packageBranch}` !")
+                            }
+                        }
+                    }
+
+                    stage("Check [ci skip] in tag message") {
+                        dir(env.projectDir) {
+                            sh 'git checkout "${packageBranch}"'
+                            def commitTags = sh(script: 'git describe --exact-match --abbrev=0', returnStdout: true).split(' ')
+                            for (tag in commitTags) {
+                                tag = tag.trim()
+                                def tagMessage = sh(script: "git tag --format='%(subject)' -l '${tag}'", returnStdout: true).trim()
+                                println("Tag '${tag}' message is: '${tagMessage}'")
+                                if (tagMessage.contains('[ci skip]')) {
+                                    currentBuild.result = 'ABORTED'
+                                    error("Le message du tag '${tag}' contient le marqueur '[ci-skip]' !")
+                                }
+                            }
+                        }
+                    }
+                    
+                    stage("Checkout ref") {
+                        dir(env.projectDir) {
+                            sh """
+                            git checkout ${env.ref}
+                            """
+                        }
+                    }
+                
+                    stage("Build package") {
+                        dir(env.projectDir) {  
+                            // On construit les paquets à partir des informations
+                            // de contexte provenant de CPKG et du webhook
+                            def result = tamarin.buildPackageWithCPKG(
+                                env.packageProfile ? env.packageProfile : "debian",
+                                env.packageArch ? env.packageArch : "",
+                                env.packageBranch ? env.packageBranch : "",
+                                env.baseImage ? env.baseImage : ""
+                            )
+                            
+                            // On publie chacun des paquets construits
+			    def splittedTag = env.ref.split('/')
+			    def repositoryName = "${splittedTag[2]} ${splittedTag[1]}"
+			    def distributionName = repositoryName
+			    def basePath = repositoryName.replace(' ', '-')
+			    def product = splittedTag[2].split('-')[0]
+			    def contentGuardMapping = ['mse': 'mse_contentguard']
+			    def signingServiceMapping = ['mse': 'sign_deb_release']
+                            def credentials = 'jenkins-pulp-api-client'
+                            def repositoryHREF = pulp.getRepositoryHREF(credentials, repositoryName)
+                            def exportTasks = pulp.exportPackages(credentials, result.packages)
+                            def pulpPackages = []
+                            exportTasks.each {
+                            def created_resources = pulp.waitForTaskCompletion(credentials, it)
+                            for (created_resource in created_resources) {
+                                pulpPackages << created_resource
+                            }
+                            }
+                            pulp.addToRepository(credentials, pulpPackages, repositoryHREF)
+                           // def publicationHREF = pulp.publishRepository(credentials, repositoryHREF, signingServiceMapping.get(product))
+                            def publicationHREF = pulp.publishRepository(credentials, repositoryHREF, 'sign_deb_release')
+                            def distributionHREF = pulp.distributePublication(credentials, publicationHREF[0], distributionName, basePath, contentGuardMapping.get(product))
+                            def distributionURL = pulp.getDistributionURL(credentials, distributionHREF[0])
+
+                            // On liste l'ensemble des paquets construits
+                            def publishedPackages = result.packages.collect { p ->
+                                    def file = new File(p)
+                                    return "- Paquet `${file.getName()}`, Dépôt `${result.env}`, Distribution `${result.distrib}`, URL `${distributionURL}`"
+                            }
+                            
+                            // On notifie le canal Rocket.Chat de la publication des paquets
+                            rocketSend (
+                                avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png',
+                                message: """
+                                Les paquets suivants ont été publiés pour le projet ${env.project_name}:
+                                
+                                ${publishedPackages.join('\n')}
+                        
+                                [Visualiser le job](${env.RUN_DISPLAY_URL})
+                                
+                                @${env.sender_login}
+                                """.stripIndent(),
+                                rawMessage: true,
+                                attachments: lolops.getRandomDeliveryAttachment()
+                            )
+
+                            if (env.testPackageInstall != 'yes') {
+                                println "Test d'intallation des paquets désactivé."
+                                return
+                            }
+                            
+                            // On essaye de trouver un template de VM compatible
+                            // avec la distribution cible de la construction
+                            def vmTemplate = findMatchingVMTemplate(result.distrib)
+                            if (vmTemplate == null) {
+                                println "Aucun template de VM n'a été trouvé correspondant à la distribution `${result.distrib}`."
+                                return
+                            }
+
+                            // Pour chaque paquets construits...
+                            result.packages.each { p ->
+                                def packageFullName = new File(p).getName()
+                                def packageRepository = result.distrib.split('-')[1] + '-' + result.env
+                                def packageNameParts = packageFullName.split('_')
+                                def packageName = packageNameParts[0]
+                                def packageVersion = packageNameParts[1]
+
+                                stage("Test package '${packageName}' installation") {
+                                build job: 'Test de paquet Debian', wait: false, parameters: [
+                                    [$class: 'StringParameterValue', name: 'packageName', value: packageName], 
+                                    [$class: 'StringParameterValue', name: 'packageVersion', value: packageVersion],
+                                    [$class: 'StringParameterValue', name: 'packageRepository', value: packageRepository],
+                                    [$class: 'StringParameterValue', name: 'vmTemplate', value: vmTemplate]
+                                ]
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+            post {
+                always {
+                    sh "rm -rf '${env.projectDir}'"
+                }
+            }
+        }
+
+    }
+    
+   
+}
+
+// Cette fonction fait un simple "mapping"
+// entre les distributions cibles des paquets et
+// les templates de VM disponibles sur l'OpenNebula
+def findMatchingVMTemplate(String distrib) {
+    def vmTemplatesMap = [
+        'eole-2.7.0': 'eolebase-2.7.0-cadoles',
+        'eole-2.6.2': 'eolebase-2.6.2-cadoles'
+    ]
+    return vmTemplatesMap.get(distrib, null)
+}
+
+def waitForPackages(String tagRef, buildResults) {
+    def packageVersion = tagRef.split('/')[3];
+    def packageDistrib = env.packageBranch.split('/')[2];
+        
+    buildResults.each { r ->
+        def distrib = "${packageDistrib}-${r.env}"
+
+        r.packages.each { p ->
+            def file = new File(p)
+            def fileNameParts = file.getName().take(file.getName().lastIndexOf('.')).split('_')
+            def packageName = fileNameParts[0]
+            def packageArch = fileNameParts[2]
+            
+            debian.waitForRepoPackage(packageName, [
+                baseURL: 'https://vulcain.cadoles.com',
+                distrib: distrib,
+                component: 'main',
+                type: 'binary',
+                arch: packageArch,
+                expectedVersion: packageVersion
+            ])
+        }
+    }
+}

pipelines/mse-rgaa.jenkinsfile

@@ -0,0 +1,82 @@
+import hudson.tasks.test.AbstractTestResultAction
+
+@Library("cadoles") _
+
+pipeline {
+    
+  parameters { 
+    text(name: 'URLS', defaultValue: 'https://msedev.crous-toulouse.fr\nhttps://msedev.crous-toulouse.fr/envole/enregistrement\nhttps://msedev.crous-toulouse.fr/envole/page/faq\nhttps://msedev.crous-toulouse.fr/envole/page/?t=liens_utiles\nhttps://msedev.crous-toulouse.fr/envole/page/?t=mentions_legales\nhttps://msedev.crous-toulouse.fr/envole/message/new\nhttps://msedev.crous-toulouse.fr/envole/recuperation/email\nhttps://msedev.crous-toulouse.fr/envole/courriel/raz', description: 'Liste des URLs à tester, une par ligne')
+    string(name: 'USERNAME', defaultValue: '', description: "Nom d'utilisateur pour l'authentification Basic Auth, si nécessaire")
+    password(name: 'PASSWORD', defaultValue: '', description: "Mot de passe pour l'authentification Basic Auth, si nécessaire")
+    booleanParam(name: 'INCLUDE_WARNINGS', defaultValue: false, description: 'Inclure les avertissements')
+    booleanParam(name: 'INCLUDE_NOTICES', defaultValue: false, description: 'Inclure les notifications')
+  }
+
+  options {
+    disableConcurrentBuilds()
+  }
+
+  agent {
+    node {
+      label "mse"
+    }
+  }
+
+  stages {
+    stage("Run RGAA audit") {
+        steps {
+            script {
+                def urls = params.URLS.split('\n')
+                
+                def count = 0
+                urls.each { u ->
+                    stage("Audit page '${u}'") {
+                        def report = pa11y.audit(u.trim(), [
+                            reporter: 'junit',
+                            username: params.USERNAME,
+                            password: params.PASSWORD,
+                            standard: 'WCAG2AA',
+                            includeNotices: params.INCLUDE_NOTICES,
+                            includeWarnings: params.INCLUDE_WARNINGS,
+                        ]);
+        
+                        writeFile file:"./report_${count}.xml", text:report
+                        count++
+                    }
+                }
+                
+                junit "*.xml"
+                
+                rocketSend (
+                    channel: "#cnous-mse-dev",
+                    avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png',
+                    message: """
+                    Audit RGAA | ${testStatuses()}
+        
+                    - [Voir les tests](${env.RUN_DISPLAY_URL})
+
+                    @here
+                    """.stripIndent(),
+                    rawMessage: true,
+                )
+                
+            }
+        }
+    }
+  }
+
+}
+
+@NonCPS
+def testStatuses() {
+    def testStatus = ""
+    AbstractTestResultAction testResultAction = currentBuild.rawBuild.getAction(AbstractTestResultAction.class)
+    if (testResultAction != null) {
+        def total = testResultAction.totalCount
+        def failed = testResultAction.failCount
+        def skipped = testResultAction.skipCount
+        def passed = total - failed - skipped
+        testStatus = "Passant(s): ${passed}, Échoué(s): ${failed} ${testResultAction.failureDiffString}, Désactivé(s): ${skipped}"
+    }
+    return testStatus
+}

pipelines/sentry.jenkinsfile

@@ -0,0 +1,76 @@
+pipeline {
+    agent {
+        docker {
+            image "getsentry/sentry-cli"
+            args "--entrypoint="
+        }
+    }
+
+    environment {
+        projectDir = "${env.project_name}_${env.BUILD_ID}" 
+    }
+
+    stages {
+
+        stage("Clone repository") {
+            steps {
+                checkout scm: 
+                    [
+                        $class: 'GitSCM', 
+                        userRemoteConfigs: [[url: env.repository_url, credentialsId: 'jenkins-forge-ssh']], 
+                        branches: [[name: env.ref]],
+                        extensions: [
+                            [$class: 'RelativeTargetDirectory', relativeTargetDir: env.projectDir ],
+                            [$class: 'CloneOption', noTags: false, shallow: false, depth: 0, reference: ''],
+                            [$class: 'WipeWorkspace' ]
+                        ]
+                    ], 
+                    changelog: false, 
+                    poll: false
+            }
+        }
+
+
+        stage('Create sentry release') {
+            steps {
+                dir(env.projectDir) {
+                    withCredentials([
+                        string(credentialsId: 'sentry-url', variable: 'SENTRY_URL'),
+                        string(credentialsId: 'sentry-release-auth-token', variable: 'SENTRY_AUTH_TOKEN')
+                    ]) {
+                        sh '''
+                        SENTRY_CMD="sentry-cli --auth-token \"${SENTRY_AUTH_TOKEN}\" --url \"${SENTRY_URL}\""
+                        PROJECT_VERSION=$(sentry-cli releases propose-version)
+                        
+                        $SENTRY_CMD \
+                            releases \
+                            --org "${sentry_org}" \
+                            new \
+                            -p "${sentry_project}" ${PROJECT_VERSION}
+
+                        ( 
+                            $SENTRY_CMD \
+                                releases \
+                                --org "${sentry_org}" \
+                                set-commits --local \
+                                ${PROJECT_VERSION} || exit 0
+                        )
+
+                         $SENTRY_CMD \
+                            releases \
+                            --org "${sentry_org}" \
+                            finalize \
+                            ${PROJECT_VERSION}
+                        '''
+                    }
+                }
+            }
+        }
+    }
+
+    post {
+        always {
+            cleanWs()
+        }
+    }
+}

resources/com/cadoles/common/add-letsencrypt-ca.sh

@@ -0,0 +1,26 @@
+#!/bin/sh
+
+set -eo pipefail
+
+DESTDIR=/usr/local/share/ca-certificates
+UPDATE_CERTS_CMD=update-ca-certificates
+CERTS="$(cat <<EOF
+https://letsencrypt.org/certs/isrgrootx1.pem
+https://letsencrypt.org/certs/isrg-root-x2.pem
+https://letsencrypt.org/certs/lets-encrypt-r3.pem
+https://letsencrypt.org/certs/lets-encrypt-e1.pem
+https://letsencrypt.org/certs/lets-encrypt-r4.pem
+https://letsencrypt.org/certs/lets-encrypt-e2.pem
+EOF
+)"
+
+cd "$DESTDIR"
+
+for cert in $CERTS; do
+    echo "Downloading '$cert'..."
+    filename=$(basename "$cert")
+    wget --tries=10 --timeout=30 -O "$filename" "$cert"
+    openssl x509 -in "$filename" -inform PEM -out "$filename.crt"
+done
+
+$UPDATE_CERTS_CMD

resources/com/cadoles/lighthouse/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.13 as envtpl
+FROM golang:1.15 as envtpl
 
 ARG HTTP_PROXY=
 ARG HTTPS_PROXY=
@@ -14,7 +14,7 @@ RUN git clone https://github.com/subfuzion/envtpl /src \
     -ldflags "-X main.AppVersionMetadata=$(date -u +%s)" \
     -a -installsuffix cgo -o ./bin/envtpl ./cmd/envtpl/.
 
-FROM alpine:3.10
+FROM alpine:3.13
 
 ARG HTTP_PROXY=
 ARG HTTPS_PROXY=

resources/com/cadoles/lighthouse/run-audit.sh

@@ -10,10 +10,9 @@ rm -f reports/*
 cd reports
 
 lighthouse \
+    "$LIGHTHOUSE_URL" \
     --no-enable-error-reporting \
     --chrome-flags="--headless --disable-dev-shm-usage --no-sandbox --disable-gpu" \
     --config=../config.js \
     --output json --output html \
-    --output-path=lighthouse \
-    -- \
-    "$LIGHTHOUSE_URL"
+    --output-path=lighthouse

resources/com/cadoles/tamarin/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.8
+FROM alpine:3.12
 
 ARG HTTP_PROXY=
 ARG HTTPS_PROXY=
@@ -7,7 +7,9 @@ ARG https_proxy=
 
 ARG TAMARIN_VERSION=develop
 
-RUN apk add --no-cache git docker python3 bash
+RUN apk add --no-cache git docker python3 bash openssl curl
+
+RUN curl -k https://forge.cadoles.com/Cadoles/Jenkins/raw/branch/master/resources/com/cadoles/common/add-letsencrypt-ca.sh | bash
 
 RUN git clone http://forge.cadoles.com/Cadoles/Tamarin /tamarin\
   && cd /tamarin\

resources/com/cadoles/w3af/Dockerfile

@@ -37,55 +37,10 @@ RUN apk --no-cache add \
     python-dev \
     sqlite-dev \
     yaml-dev \
+    sudo \
     nodejs \
     npm
 
-RUN pip install --upgrade pip \
-  && pip install \
-    pyClamd==0.4.0 \
-    GitPython==2.1.3 \
-    chardet==3.0.4 \
-    futures==3.2.0 \
-    pyOpenSSL==18.0.0 \
-    ndg-httpsclient==0.4.0 \
-    pyasn1==0.4.2 \
-    scapy==2.4.0 \
-    msgpack==0.5.6 \
-    Jinja2==2.10 \
-    vulndb==0.1.1 \
-    psutil==5.4.8 \
-    ds-store==1.1.2 \
-    pebble==4.3.8 \
-    acora==2.1 \
-    diff-match-patch==20121119 \
-    lz4==1.1.0 \
-    vulners==1.3.0 \
-    ipaddresses==0.0.2 \
-    PyGithub==1.21.0 \
-    pybloomfiltermmap==0.3.14 \
-    phply==0.9.1 nltk==3.0.1 \
-    tblib==0.2.0 \
-    pdfminer==20140328 \
-    lxml==3.4.4 \
-    guess-language==0.2 \
-    cluster==1.1.1b3 \
-    python-ntlm==1.0.1 \
-    halberd==0.2.4 \
-    darts.util.lru==0.5 \
-    markdown==2.6.1 \
-    termcolor==1.1.0 \
-    mitmproxy==0.13 \
-    ruamel.ordereddict==0.4.8 \
-    Flask==0.10.1 \
-    PyYAML==3.12 \
-    tldextract==1.7.2 \
-    esmre==0.3.1 \
-    bravado-core==5.12.1 \
-    subprocess32==3.5.4 \
-  && npm install -g retire \
-  && rm -rf /root/.cache/pip \
-  && apk del build-base linux-headers
-
 RUN adduser -D w3af
 
 RUN git clone --depth=1 \
@@ -94,6 +49,9 @@ RUN git clone --depth=1 \
   && rm -rf /home/w3af/w3af/.git \
   && chown -R w3af /home/w3af/w3af
 
+RUN cd /home/w3af/w3af \
+  && ( ./w3af_console || . /tmp/w3af_dependency_install.sh )
+
 COPY run-audit.sh /usr/local/bin/run-audit
 RUN chmod +x /usr/local/bin/run-audit
 

vars/cpkg.groovy

@@ -8,6 +8,7 @@ def call(Map params = [:]) {
     def distVersion = params.distVersion ? params.distVersion : '2.7.0'
     def distBranchName = params.distBranchName ? params.distBranchName : env.GIT_BRANCH
     def gitCredentials = params.gitCredentials ? params.gitCredentials : null
+    def gitCredentialsType = params.gitCredentialsType ? params.gitCredentialsType : 'http'
     def gitEmail = params.gitEmail ? params.gitEmail : 'jenkins@cadoles.com'
     def gitUsername = params.gitUsername ? params.gitUsername : 'Jenkins'
     def skipCi = params.containsKey('skipCi') ? params.skipCi : false
@@ -89,8 +90,16 @@ def call(Map params = [:]) {
     }
 
     if (gitCredentials != null) {
-        git.withHTTPCredentials(gitCredentials) {
-            proc.call()
+        if (gitCredentialsType == 'http') {
+            git.withHTTPCredentials(gitCredentials) {
+                proc.call()
+            }
+        } else if (gitCredentialsType == 'ssh') {
+            git.withSSHCredentials(gitCredentials) {
+                proc.call()
+            }
+        } else {
+            throw new Exception("Unknown git credentials type '${gitCredentialsType}' ! Expected 'ssh' or 'http' (default).")
         }
     } else {
         proc.call()

vars/debian.groovy

@@ -1,7 +1,7 @@
 def waitForRepoPackage(String packageName, Map params = [:]) {
   def expectedVersion = params.expectedVersion ? params.expectedVersion : null
   def delay = params.delay ? params.delay : 30
-  def waitTimeout = params.timeout ? params.timeout : 1200
+  def waitTimeout = params.timeout ? params.timeout : 2400
   
   def message = "Waiting for package '${packageName}'"
   if (expectedVersion != null) {

vars/git.groovy

@@ -28,3 +28,17 @@ def withHTTPCredentials(String credentialsId, Closure fn) {
         }
     }
 }
+
+def withSSHCredentials(String credentialsId, Closure fn) {
+    def randomUUID = UUID.randomUUID().toString()
+    withCredentials([
+        sshUserPrivateKey(
+            credentialsId: credentialsId,
+            keyFileVariable: 'GIT_SSH_IDENTITY_FILE',
+        )
+    ]) {
+        withEnv(['GIT_SSH_VARIANT=ssh', 'GIT_SSH_COMMAND=ssh -i $GIT_SSH_IDENTITY_FILE -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null']) {
+            fn.call()
+        }
+    }
+}

vars/lighthouse.groovy

@@ -30,7 +30,7 @@ def call() {
                 }
             }
 
-            stage("Run Lighthouse and pa11y audits") {
+            stage("Run Lighthouse audit") {
                 steps {
                     script {
                         def lighthouseImage = buildDockerImage()
@@ -66,10 +66,9 @@ def call() {
                     rocketSend (
                         avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png',
                         message: """
-                        Les audits pour `${params.url}` sont terminés:
+                        L'audit Lighthouse pour `${params.url}` est terminé:
                         
-                        - [Voir le rapport Lighthouse (bonnes pratiques)](${env.BUILD_URL}Rapports_20d_27audit/lighthouse.report.html)
-                        - [Voir le rapport pa11y (accessibilité)](${env.BUILD_URL}Rapports_20d_27audit/pa11y.report.html)
+                        - [Voir le rapport](${env.BUILD_URL}Rapports_20d_27audit/lighthouse.report.html)
                         
                         [Lancer un nouvel audit](${env.BUILD_URL}../build)
 

vars/lolops.groovy

@@ -13,6 +13,15 @@ def getRandomDeliveryAttachment(Integer probability = 25) {
         'https://media.giphy.com/media/QBRlXHKV5mpbLJ4prc/giphy.gif',
         'https://media.giphy.com/media/NOsfNQGivMFry/giphy.gif',
         'https://media.giphy.com/media/M1vu1FJnW6gms/giphy.gif',
+        'https://media.giphy.com/media/555x0gFF89OhVWPkvb/giphy.gif',
+        'https://media.giphy.com/media/9RZu6ahd8LIYHQlGUD/giphy.gif',
+        'https://media.giphy.com/media/9RZu6ahd8LIYHQlGUD/giphy.gif',
+        'https://media.giphy.com/media/W1fFHj6LvyTgfBNdiz/giphy.gif',
+        'https://media.giphy.com/media/1g2JyW7p6mtZc6bOEY/giphy.gif',
+        'https://media.giphy.com/media/ORiFE3ijpNaIWDoOqP/giphy.gif',
+        'https://media.giphy.com/media/r16Zmuvt1hSTK/giphy.gif',
+        'https://media.giphy.com/media/bF8Tvy2Ta0mqxXgaPV/giphy.gif',
+        'https://media.giphy.com/media/C0XT6BmLC3nGg/giphy.gif'
     ]
     Random rnd = new Random()
     if (rnd.nextInt(100) > probability) {

vars/pulp.groovy

@@ -0,0 +1,154 @@
+import groovy.json.JsonOutput
+
+def getResourceHREF(
+    String credentials,
+    String resourceEndpoint,
+    String resourceName,
+    String pulpHost = 'pulp.cadoles.com'
+) {
+    def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/${resourceEndpoint}", httpMode: 'GET', ignoreSslErrors: true, validResponseCodes: "200"
+    def jsonResponse = readJSON text: response.content
+    def resource = jsonResponse.results.find { it -> it.name == resourceName}
+    if (resource) {
+        return resource.pulp_href
+    }
+    return null
+}
+
+def waitForTaskCompletion(
+    String credentials,
+    String taskHREF,
+    String pulpHost = 'pulp.cadoles.com'
+) {
+    def status = ''
+    def created_resources = []
+    while (status != 'completed') {
+        def response = httpRequest authentication: credentials, url: "https://${pulpHost}${taskHREF}", httpMode: 'GET', ignoreSslErrors: true, validResponseCodes: "200"
+        def jsonResponse = readJSON text: response.content
+        status = jsonResponse.state
+        if (status == 'completed') {
+            return jsonResponse.created_resources
+        } else if (!(status in ['running','waiting'])) {
+            break
+        }
+        sleep(10)
+    }
+    throw new Exception("Task failed:" + jsonResponse.error.description)
+}
+
+def exportPackages(
+    String credentials,
+    List packages = [],
+    String pulpHost = 'pulp.cadoles.com'
+) {
+    def exportTasks = []
+   packages.each {
+        def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/content/deb/packages/", httpMode: 'POST', ignoreSslErrors: true, multipartName: "file", timeout: 900, uploadFile: "${it}", validResponseCodes: "202"
+        def jsonResponse = readJSON text: response.content
+        exportTasks << jsonResponse['task']
+    }
+    return exportTasks
+}
+
+def createRepository(
+	String credentials,
+    String name,
+    String pulpHost = 'pulp.cadoles.com'
+    ) {
+    def repositoryName = ["name": name]
+    def postBody = JsonOutput.toJson(repositoryName)
+    def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/repositories/deb/apt/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "201"
+    def jsonResponse = readJSON text: response.content
+    return jsonResponse.pulp_href
+
+}
+def getRepositoryHREF(
+    String credentials,
+    String repository = 'Cadoles4MSE unstable'
+    ) {
+    def repositoryHREF = getResourceHREF(credentials, 'repositories/deb/apt/', repository)
+    if (repositoryHREF) {
+        return repositoryHREF
+    } else {
+        return createRepository(credentials, repository)
+    }
+}
+
+def addToRepository(
+    String credentials,
+    List packagesHREF,
+    String repositoryHREF,
+    String pulpHost = 'pulp.cadoles.com'
+) {
+    def packagesHREFURL = ["add_content_units": packagesHREF.collect { "https://$pulpHost$it" }]
+    def postBody = JsonOutput.toJson(packagesHREFURL)
+    def response = httpRequest authentication: credentials, url: "https://${pulpHost}${repositoryHREF}modify/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "202"
+    def jsonResponse = readJSON text: response.content
+    return waitForTaskCompletion(credentials, jsonResponse.task)
+}
+
+def publishRepository(
+    String credentials,
+    String repositoryHREF,
+    String signing_service = null,
+    String pulpHost = 'pulp.cadoles.com'
+) {
+    def postContent = ["repository": repositoryHREF, "simple": true]
+    if (signing_service) {
+        def signingServiceHREF = getResourceHREF(credentials, 'signing-services/', signing_service)
+        if (signingServiceHREF) {
+            postContent.put("signing_service", "https://${pulpHost}${signingServiceHREF}")
+        }
+    }
+    def postBody = JsonOutput.toJson(postContent)
+    def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/publications/deb/apt/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "202"
+    def jsonResponse = readJSON text: response.content
+    return waitForTaskCompletion(credentials, jsonResponse.task)
+}
+
+def distributePublication(
+    String credentials,
+    String publicationHREF,
+    String distributionName,
+    String basePath,
+    String contentGuard = null,
+    String pulpHost = 'pulp.cadoles.com'
+) {
+    def httpMode = ''
+    def url = ''
+    def distributionHREF = getResourceHREF(credentials, 'distributions/deb/apt/', distributionName)
+    if (distributionHREF) {
+        httpMode = 'PUT'
+        url = distributionHREF
+    } else {
+        httpMode = 'POST'
+        url = '/pulp/api/v3/distributions/deb/apt/'
+    }
+    def bodyContent = ["publication": publicationHREF, "name": distributionName, "base_path": basePath]
+    if (contentGuard) {
+        def contentGuardHREF = getResourceHREF(credentials, 'contentguards/core/rbac/', contentGuard)
+        if (contentGuardHREF) {
+            bodyContent.put('content_guard', "https://${pulpHost}${contentGuardHREF}")
+        }
+    }
+    def postBody = JsonOutput.toJson(bodyContent)
+    response = httpRequest authentication: credentials, url: "https://${pulpHost}${url}", httpMode: httpMode, requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "202"
+    jsonResponse = readJSON text: response.content
+    if (distributionHREF) {
+        waitForTaskCompletion(credentials, jsonResponse.task)
+        return [url]
+    } else {
+        return waitForTaskCompletion(credentials, jsonResponse.task)
+    }
+}
+
+def getDistributionURL(
+    String credentials,
+    String resourceHREF,
+    String pulpHost = 'pulp.cadoles.com'
+) {
+    def response = httpRequest authentication: credentials, url: "https://${pulpHost}${resourceHREF}", httpMode: 'GET', ignoreSslErrors: true, validResponseCodes: "200"
+    def jsonResponse = readJSON text: response.content
+    println(jsonResponse)
+    return jsonResponse.base_url
+}

vars/pulp.groovy.bak

@@ -0,0 +1,154 @@
+import groovy.json.JsonOutput
+
+def getResourceHREF(
+    String credentials,
+    String resourceEndpoint,
+    String resourceName,
+    String pulpHost = 'pulp.cadoles.com'
+) {
+    def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/${resourceEndpoint}", httpMode: 'GET', ignoreSslErrors: true, validResponseCodes: "200"
+    def jsonResponse = readJSON text: response.content
+    def resource = jsonResponse.results.find { it -> it.name == resourceName}
+    if (resource) {
+        return resource.pulp_href
+    }
+    return null
+}
+
+def waitForTaskCompletion(
+    String credentials,
+    String taskHREF,
+    String pulpHost = 'pulp.cadoles.com'
+) {
+    def status = ''
+    def created_resources = []
+    while (status != 'completed') {
+        def response = httpRequest authentication: credentials, url: "https://${pulpHost}${taskHREF}", httpMode: 'GET', ignoreSslErrors: true, validResponseCodes: "200"
+        def jsonResponse = readJSON text: response.content
+        status = jsonResponse.state
+        if (status == 'completed') {
+            return jsonResponse.created_resources
+        } else if (!(status in ['running','waiting'])) {
+            break
+        }
+        sleep(10)
+    }
+    throw new Exception("Task failed:" + jsonResponse.error.description)
+}
+
+def exportPackages(
+    String credentials,
+    List packages = [],
+    String pulpHost = 'pulp.cadoles.com'
+) {
+    def exportTasks = []
+   packages.each {
+        def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/content/deb/packages/", httpMode: 'POST', ignoreSslErrors: true, multipartName: "file", timeout: 900, uploadFile: "${it}", validResponseCodes: "202"
+        def jsonResponse = readJSON text: response.content
+        exportTasks << jsonResponse['task']
+    }
+    return exportTasks
+}
+
+def createRepository(
+	String credentials,
+    String name,
+    String pulpHost = 'pulp.cadoles.com'
+    ) {
+    def repositoryName = ["name": name]
+    def postBody = JsonOutput.toJson(repositoryName)
+    def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/repositories/deb/apt/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "201"
+    def jsonResponse = readJSON text: response.content
+    return jsonResponse.pulp_href
+
+}
+def getRepositoryHREF(
+    String credentials,
+    String repository = 'Cadoles4MSE unstable'
+    ) {
+    def repositoryHREF = getResourceHREF(credentials, 'repositories/deb/apt/', repository)
+    if (repositoryHREF) {
+        return repositoryHREF
+    } else {
+        return createRepository(credentials, repository)
+    }
+}
+
+def addToRepository(
+    String credentials,
+    List packagesHREF,
+    String repositoryHREF,
+    String pulpHost = 'pulp.cadoles.com'
+) {
+    def packagesHREFURL = ["add_content_units": packagesHREF.collect { "https://$pulpHost$it" }]
+    def postBody = JsonOutput.toJson(packagesHREFURL)
+    def response = httpRequest authentication: credentials, url: "https://${pulpHost}${repositoryHREF}modify/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "202"
+    def jsonResponse = readJSON text: response.content
+    return waitForTaskCompletion(credentials, jsonResponse.task)
+}
+
+def publishRepository(
+    String credentials,
+    String repositoryHREF,
+    String signing_service = null,
+    String pulpHost = 'pulp.cadoles.com'
+) {
+    def postContent = ["repository": repositoryHREF, "simple": true]
+    if (signing_service) {
+        def signingServiceHREF = getResourceHREF(credentials, 'signing-services/', signing_service)
+        if (signingServiceHREF) {
+            postContent.put("signing_service", "https://${pulpHost}${signingServiceHREF}")
+        }
+    }
+    def postBody = JsonOutput.toJson(postContent)
+    def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/publications/deb/apt/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "202"
+    def jsonResponse = readJSON text: response.content
+    return waitForTaskCompletion(credentials, jsonResponse.task)
+}
+
+def distributePublication(
+    String credentials,
+    String publicationHREF,
+    String distributionName,
+    String basePath,
+    String contentGuard = null,
+    String pulpHost = 'pulp.cadoles.com'
+) {
+    def httpMode = ''
+    def url = ''
+    def distributionHREF = getResourceHREF(credentials, 'distributions/deb/apt/', distributionName)
+    if (distributionHREF) {
+        httpMode = 'PUT'
+        url = distributionHREF
+    } else {
+        httpMode = 'POST'
+        url = '/pulp/api/v3/distributions/deb/apt/'
+    }
+    def bodyContent = ["publication": publicationHREF, "name": distributionName, "base_path": basePath]
+    if (contentGuard) {
+        def contentGuardHREF = getResourceHREF(credentials, 'contentguards/core/rbac/', contentGuard)
+        if (contentGuardHREF) {
+            bodyContent.put('content_guard', "https://${pulpHost}${contentGuardHREF}")
+        }
+    }
+    def postBody = JsonOutput.toJson(bodyContent)
+    response = httpRequest authentication: credentials, url: "https://${pulpHost}${url}", httpMode: httpMode, requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "202"
+    jsonResponse = readJSON text: response.content
+    if (distributionHREF) {
+        waitForTaskCompletion(credentials, jsonResponse.task)
+        return [url]
+    } else {
+        return waitForTaskCompletion(credentials, jsonResponse.task)
+    }
+}
+
+def getDistributionURL(
+    String credentials,
+    String resourceHREF,
+    String pulpHost = 'pulp.cadoles.com'
+) {
+    def response = httpRequest authentication: credentials, url: "https://${pulpHost}${resourceHREF}", httpMode: 'GET', ignoreSslErrors: true, validResponseCodes: "200"
+    def jsonResponse = readJSON text: response.content
+    println(jsonResponse)
+    return jsonResponse.base_url
+}

vars/sonarqube.groovy

@@ -0,0 +1,80 @@
+// Pipeline de scan de projet avec SonarQube
+def call() {
+    pipeline {
+        agent {
+            label 'docker'
+        }
+        
+        environment {
+            projectDir = "${env.project_name}_${env.BUILD_ID}" 
+        }
+
+        stages {
+            stage("Package project") {
+                when {
+                    not {
+                        triggeredBy 'TimerTrigger'
+                    }
+                }
+                steps {
+                    script {
+                        stage("Clone repository") {
+                            checkout scm: 
+                                [
+                                    $class: 'GitSCM', 
+                                    userRemoteConfigs: [[url: env.repository_url, credentialsId: 'jenkins-forge-ssh']], 
+                                    branches: [[name: env.ref]],
+                                    extensions: [
+                                        [$class: 'RelativeTargetDirectory', relativeTargetDir: env.projectDir ],
+                                        [$class: 'CloneOption', noTags: false, shallow: false, depth: 0, reference: ''],
+                                        [$class: 'WipeWorkspace' ]
+                                    ]
+                                ], 
+                                changelog: false, 
+                                poll: false
+                        }
+                    
+                        stage("Scan project") {
+                            dir(env.projectDir) {
+                                withCredentials([
+                                    string(credentialsId: 'SONARQUBE_URL', variable: 'SONARQUBE_URL'),
+                                    string(credentialsId: 'SONARQUBE_TOKEN', variable: 'SONARQUBE_TOKEN'),
+                                ]) {
+                                    sh """
+                                    docker run \
+                                        --rm \
+                                        -e SONAR_HOST_URL="${env.SONARQUBE_URL}" \
+                                        -e SONAR_LOGIN="${env.SONARQUBE_TOKEN}" \
+                                        -v "${env.WORKSPACE}/${env.projectDir}/:/usr/src" \
+                                        sonarsource/sonar-scanner-cli \
+                                        -Dsonar.projectKey=${env.sonarqubeProjectKey} \
+                                        -Dsonar.projectVersion=${env.ref}
+                                    """
+                                }
+
+                                // On notifie le canal Rocket.Chat du scan
+                                // rocketSend (
+                                //     avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png',
+                                //     message: """
+                                //     Le projet ${env.project_name} a été scanné par SonarQube.
+                                    
+                                //     - [Voir les résultats](${env.SONARQUBE_URL}/dashboard?id=${env.sonarqubeProjectKey})
+                                //     - [Visualiser le job](${env.RUN_DISPLAY_URL})
+                                    
+                                //     @${env.sender_login}
+                                //     """.stripIndent(),
+                                //     rawMessage: true,
+                                // )                          
+                            }
+                        }
+                    }
+                }
+                post {
+                    always {
+                        sh "rm -rf '${env.projectDir}'"
+                    }
+                }
+            }
+        }
+    }
+}

vars/tamarin.groovy

@@ -7,46 +7,38 @@ def buildPackageWithCPKG(
     Boolean forceRebuild = false
 ) {
 
-    def builds = []
+    def result = [:]
 
     // Retrieve commit tags
-    def commitTags = sh(script: 'git describe --exact-match --abbrev=0', returnStdout: true).split(' ')
-    if (commitTags.length == 0) {
+    def commitTag = sh(script: 'git describe --exact-match --abbrev=0', returnStdout: true)
+    if (commitTag == '') {
         error 'No build build tags on last commit'
     }
 
-    // For each tags
-    for (tag in commitTags) {
+    // Split tag to retrieve context informations
+    def tagParts = commitTag.split('/')
+    def packageEnv = tagParts[1]
+    def packageDistrib = tagParts[2]
+    def packageVersion = tagParts[3]
 
-        // Split tag to retrieve context informations
-        def tagParts = tag.split('/')
-        def packageEnv = tagParts[1]
-        def packageDistrib = tagParts[2]
-        def packageVersion = tagParts[3]
+    // Create .tamarinrc file
+    def tamarinrc = """
+    project_version=${packageVersion}
+    no_version_suffix=${ packageEnv == 'stable' || packageEnv == 'staging' ? 'yes' : 'no' }
+    """.stripIndent()
+    writeFile file: '.tamarinrc', text: tamarinrc
 
-        // Create .tamarinrc file
-        def tamarinrc = """
-        project_version=${packageVersion}
-        no_version_suffix=${ packageEnv == 'stable' || packageEnv == 'staging' ? 'yes' : 'no' }
-        """.stripIndent()
-        writeFile file: '.tamarinrc', text: tamarinrc
-        
-        sh "rm -rf ${destDir}/*"
-
-        stage("Build ${packageEnv} package (version ${packageVersion}) for ${packageDistrib}") {
-            def result = [:]
-            result.put('tag', tag)
-            result.put('env', packageEnv)
-            result.put('version', packageVersion)
-            result.put('distrib', packageDistrib)
-            def packages = buildPackage(packageProfile, packageArch, baseImage, destDir, forceRebuild)
-            result.put('packages', packages)
-            builds << result
-        }
+    sh "rm -rf ${destDir}/*"
 
+    stage("Build ${packageEnv} package (version ${packageVersion}) for ${packageDistrib}") {
+        result.put('tag', commitTag)
+        result.put('env', packageEnv)
+        result.put('version', packageVersion)
+        result.put('distrib', packageDistrib)
+        def packages = buildPackage(packageProfile, packageArch, baseImage, destDir, forceRebuild)
+        result.put('packages', packages)
     }
-
-    return builds
+    return result
 
 }
 
@@ -122,6 +114,9 @@ def buildDockerImage() {
         def runTamarinScript = libraryResource 'com/cadoles/tamarin/run-tamarin.sh'
         writeFile file:'run-tamarin.sh', text:runTamarinScript
 
+        def addLetsEncryptCA = libraryResource 'com/cadoles/common/add-letsencrypt-ca.sh'
+        writeFile file:'add-letsencrypt-ca.sh', text:addLetsEncryptCA
+        
         def safeJobName = URLDecoder.decode(env.JOB_NAME).toLowerCase().replace('/', '-').replace(' ', '-')
         def imageTag = "${safeJobName}-${env.BUILD_ID}"
         return docker.build("tamarin:${imageTag}", ".")