11 Commits

10 changed files with 367 additions and 31 deletions

View File

@ -18,7 +18,7 @@ pipeline {
agent {
node {
label "mse"
label "docker"
}
}
@ -45,10 +45,10 @@ pipeline {
}
}
junit "*.xml"
junit testResults: '*.xml', skipPublishingChecks: true
rocketSend (
channel: "#cnous-mse-dev",
channel: "#cnous-mse",
avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png',
message: """
Audit RGAA | ${testStatuses()}
@ -65,6 +65,14 @@ pipeline {
}
}
post {
always {
cleanWs()
}
}
}
@NonCPS
@ -79,4 +87,4 @@ def testStatuses() {
testStatus = "Passant(s): ${passed}, Échoué(s): ${failed} ${testResultAction.failureDiffString}, Désactivé(s): ${skipped}"
}
return testStatus
}
}

View File

@ -0,0 +1,153 @@
#!/bin/bash
set -eo pipefail
GITEA_RELEASE_PROJECT=${GITEA_RELEASE_PROJECT}
GITEA_RELEASE_ORG=${GITEA_RELEASE_ORG}
GITEA_RELEASE_BASE_URL=${GITEA_BASE_URL:-https://forge.cadoles.com}
GITEA_RELEASE_USERNAME=${GITEA_RELEASE_USERNAME}
GITEA_RELEASE_PASSWORD=${GITEA_RELEASE_PASSWORD}
GITEA_RELEASE_VERSION=${GITEA_RELEASE_VERSION}
GITEA_RELEASE_COMMITISH_TARGET=${GITEA_RELEASE_COMMITISH_TARGET}
GITEA_RELEASE_IS_DRAFT=${GITEA_RELEASE_IS_DRAFT:-false}
GITEA_RELEASE_IS_PRERELEASE=${GITEA_RELEASE_IS_PRERELEASE:-true}
GITEA_RELEASE_BODY=${GITEA_RELEASE_BODY}
GITEA_RELEASE_ATTACHMENTS=${GITEA_RELEASE_ATTACHMENTS}
function check_dependencies {
assert_command_available 'curl'
assert_command_available 'jq'
}
function assert_command_available {
local command=$1
local command_path=$(which $command)
if [ -z "$command_path" ]; then
echo "The '$command' command could not be found. Please install it before using this script." 1>&2
exit 1
fi
}
function check_environment {
assert_environment GITEA_RELEASE_PROJECT
assert_environment GITEA_RELEASE_ORG
assert_environment GITEA_RELEASE_BASE_URL
}
function source_env_file {
if [ ! -f '.env' ]; then
return 0
fi
set -o allexport
source .env
set +o allexport
}
function assert_environment {
local name=$1
local value=${!name}
if [ -z "$value" ]; then
echo "The $"$name" environment variable is empty." 1>&2
exit 1
fi
}
function ask_credentials {
if [ -z "$GITEA_RELEASE_USERNAME" ]; then
echo -n "Username: "
read GITEA_RELEASE_USERNAME
fi
if [ -z "$GITEA_RELEASE_PASSWORD" ]; then
echo -n "Password: "
stty -echo
read GITEA_RELEASE_PASSWORD
stty echo
echo
fi
}
function retrieve_version {
if [ ! -z "$GITEA_RELEASE_VERSION" ]; then
return
fi
set +e
GITEA_RELEASE_VERSION=$(git describe --abbrev=0 --tags 2>/dev/null)
GITEA_RELEASE_VERSION=${GITEA_RELEASE_VERSION}
set -e
}
function retrieve_commitish_target {
if [ ! -z "$GITEA_RELEASE_COMMITISH_TARGET" ]; then
return
fi
GITEA_RELEASE_COMMITISH_TARGET=$(git log -n 1 --pretty="format:%h")
}
function create_release {
local payload={}
payload=$(json_set "$payload" body "\"$GITEA_RELEASE_BODY\"")
payload=$(json_set "$payload" draft $GITEA_RELEASE_IS_DRAFT)
payload=$(json_set "$payload" name "\"$GITEA_RELEASE_VERSION\"")
payload=$(json_set "$payload" prerelease $GITEA_RELEASE_IS_PRERELEASE)
payload=$(json_set "$payload" tag_name "\"${GITEA_RELEASE_VERSION:-$GITEA_RELEASE_COMMITISH_TARGET}\"")
payload=$(json_set "$payload" target_commitish "\"$GITEA_RELEASE_COMMITISH_TARGET\"")
gitea_api "/repos/$GITEA_RELEASE_ORG/$GITEA_RELEASE_PROJECT/releases" \
-H "Content-Type:application/json" \
-d "$payload"
}
function json_set {
local data=$1
local key=$2
local value=$3
echo $data | jq -cr --argjson v "$value" --arg k "$key" '.[$k] = $v'
}
function upload_release_attachments {
local release="$1"
local release_id=$(echo "$release" | jq -r .id)
if [ -z "$GITEA_RELEASE_ATTACHMENTS" ]; then
set +e
GITEA_RELEASE_ATTACHMENTS="$(ls release/*.{tar.gz,zip} 2>/dev/null)"
set -e
fi
for file in $GITEA_RELEASE_ATTACHMENTS; do
local filename=$(basename "$file")
gitea_api "/repos/$GITEA_RELEASE_ORG/$GITEA_RELEASE_PROJECT/releases/$release_id/assets?name=$filename" \
-H "Content-Type:multipart/form-data" \
-F "attachment=@$file"
done
}
function gitea_api {
local path=$1
local args=${@:2}
curl -L \
--fail \
-u "$GITEA_RELEASE_USERNAME:$GITEA_RELEASE_PASSWORD" \
${args} \
"$GITEA_RELEASE_BASE_URL/api/v1$path"
}
function main {
check_dependencies
source_env_file
check_environment
ask_credentials
retrieve_commitish_target
retrieve_version
local release=$(create_release)
upload_release_attachments "$release"
}
main

View File

@ -35,7 +35,7 @@ RUN apk add --no-cache \
chromium \
bash
RUN PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=1 npm install -g pa11y pa11y-reporter-html@^1.0.0 pa11y-reporter-junit
RUN PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=1 npm install -g pa11y@^5.0.0 pa11y-reporter-html@^1.0.0 pa11y-reporter-junit
RUN adduser -D pa11y

View File

@ -9,6 +9,7 @@ cd reports
export PUPPETEER_EXECUTABLE_PATH=$(which chromium-browser)
export PA11Y_REPORTER="${PA11Y_REPORTER:-html}"
export PA11Y_STANDARD=${PA11Y_STANDARD:-WCAG2AA}
PA11Y_ARGS=""

View File

@ -1,7 +1,7 @@
ARG PHP_SECURITY_CHECKER_VERSION=1.0.0
ARG JQ_VERSION=1.6
RUN apt update && \
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y \
wget tar curl ca-certificates \
openssl bash git unzip \

View File

@ -44,7 +44,7 @@ def call(Map params = [:]) {
} else {
println("Skipping push. Set skipPush param to 'true' to enable remote repository update.")
}
// Retrieve last tag matching pattern pkg/${distRepo}/${dist}-${distVersion}/*
def lastTag = sh(
script: "git tag -l 'pkg/${distRepo}/${dist}-${distVersion}/*' --sort=v:refname | tail -n 1",
@ -61,7 +61,16 @@ def call(Map params = [:]) {
println("Last version number is '${lastVersionNumber}'")
def versionNumber = incrementVersionNumber(lastVersionNumber)
def versionNumber = sh(
script: "git describe --always ${currentRef}",
returnStdout: true,
).trim()
def isCommitRef = !versionNumber.matches(/^[0-9]+\.[0-9]+\.[0-9]+.*$/)
if (isCommitRef) {
versionNumber = "0.0.0-${versionNumber}"
}
println("New version number will be '${versionNumber}'")
result['newVersionNumber'] = versionNumber
@ -106,22 +115,4 @@ def call(Map params = [:]) {
}
return result
}
def incrementVersionNumber(String versionNumber) {
// Split versionNumber (typical pattern: <major>.<minor>.<patch>)
def versionNumberParts = versionNumber.split(/\./)
// Extract path number
def patchNumber = versionNumberParts.last()
// Split patch number (typical pattern: <patch>-<build>)
def patchNumberParts = patchNumber.split('-')
// If version number matches pattern <major>.<minor>.<patch>-<build>
if (patchNumberParts.size() > 1) {
return versionNumberParts[0..-2].join('.') + '.' + patchNumberParts[0..-2].join('-') + '-' + (patchNumberParts.last().toInteger() + 1)
} else { // Else version number matches pattern <major>.<minor>.<patch>
return versionNumberParts[0..-2].join('.') + '.' + (patchNumber.toInteger() + 1)
}
}

View File

@ -2,6 +2,7 @@ def waitForRepoPackage(String packageName, Map params = [:]) {
def expectedVersion = params.expectedVersion ? params.expectedVersion : null
def delay = params.delay ? params.delay : 30
def waitTimeout = params.timeout ? params.timeout : 2400
def asPattern = params.containsKey("asPattern") ? params.asPattern : true
def message = "Waiting for package '${packageName}'"
if (expectedVersion != null) {
@ -26,9 +27,11 @@ def waitForRepoPackage(String packageName, Map params = [:]) {
println("Package found !")
break
}
def versionFound = packages.find {
return it['version'] =~ expectedVersion
def matches = asPattern ? it['version'] =~ expectedVersion : it['version'] == expectedVersion
println("Comparing expected version '${expectedVersion}' to '${it['version']}': ${matches}")
return matches
}
if (versionFound) {
@ -76,5 +79,10 @@ def listRepoPackages(Map params = [:]) {
}
}
println "Found packages:"
packages.each{
println " - Package: ${it.key}, Version: ${it.value['version']}"
}
return packages
}

View File

@ -3,7 +3,7 @@ def commentPullRequest(String repo, String issueId, String comment, Integer comm
withCredentials([
string(credentialsId: 'GITEA_JENKINS_PERSONAL_TOKEN', variable: 'GITEA_TOKEN'),
]) {
writeFile(file: ".prComment", text: comment)
writeFile(file: '.prComment', text: comment)
sh """#!/bin/bash
set -xeo pipefail
@ -37,4 +37,62 @@ def commentPullRequest(String repo, String issueId, String comment, Integer comm
fi
"""
}
}
}
// Effectue une "release" sur Gitea pour le <ORG>/<PROJET> donné.
def release(String credentialsId, String org, String project, Map options = [:]) {
def isDraft = options.get('isDraft', false)
def baseUrl = options.get('baseUrl', 'https://forge.cadoles.com')
def defaultVersion = sh(returnStdout: true, script: 'git describe --always').trim()
def releaseVersion = options.get('releaseVersion', defaultVersion)
def commitishTarget = options.get('commitishTarget', env.GIT_COMMIT)
def defaultIsPrerelease = true
try {
sh(script: "git describe --exact-match ${GIT_COMMIT}")
defaultIsPrerelease = false
} catch (err) {
println "Could not find tag associated with commit '${GIT_COMMIT}' ! Using 'prerelease' as default."
}
def isPrerelease = options.get('isPrerelease', defaultIsPrerelease)
def body = options.get('body', '')
def attachments = options.get('attachments', [])
def scriptTempDir = ".gitea-release-script-${System.currentTimeMillis()}"
sh("mkdir -p '${scriptTempDir}'")
def giteaReleaseScript = "${scriptTempDir}/gitea-release.sh"
def giteaReleaseScriptContent = libraryResource 'com/cadoles/gitea/gitea-release.sh'
writeFile file: giteaReleaseScript, text:giteaReleaseScriptContent
sh("chmod +x '${giteaReleaseScript}'")
try {
withCredentials([
usernamePassword(
credentialsId: credentialsId,
usernameVariable: 'GITEA_RELEASE_USERNAME',
passwordVariable: 'GITEA_RELEASE_PASSWORD'
)
]) {
sh """
export GITEA_RELEASE_PROJECT="${project}"
export GITEA_RELEASE_ORG="${org}"
export GITEA_RELEASE_BASE_URL="${baseUrl}"
export GITEA_RELEASE_VERSION="${releaseVersion}"
export GITEA_RELEASE_COMMITISH_TARGET="${commitishTarget}"
export GITEA_RELEASE_IS_DRAFT="${isDraft}"
export GITEA_RELEASE_IS_PRERELEASE="${isPrerelease}"
export GITEA_RELEASE_BODY="${body}"
export GITEA_RELEASE_ATTACHMENTS="${attachments.join(' ')}"
${giteaReleaseScript}
"""
}
} finally {
dir(scriptTempDir) {
deleteDir()
}
}
}

117
vars/pulp.groovy Normal file
View File

@ -0,0 +1,117 @@
import groovy.json.JsonOutput
def exportPackages(
String credentials,
List packages = [],
String pulpHost = 'pulp.bbohard.lan'
) {
def exportTasks = []
packages.each {
def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/content/deb/packages/", httpMode: 'POST', ignoreSslErrors: true, multipartName: "file", timeout: 900, responseHandle: 'NONE', uploadFile: "${it}"
jsonResponse = readJSON text: response.content
println(jsonResponse)
exportTasks << jsonResponse['task']
}
return exportTasks
}
def getRepositoryHREF(
String credentials,
String repositoryLevel = 'dev',
String pulpHost = 'pulp.bbohard.lan'
) {
def repositoriesMapping = ['dev': 'Cadoles4MSE']
def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/repositories/deb/apt/", httpMode: 'GET', ignoreSslErrors: true
def jsonResponse = readJSON text: response.content
println(jsonResponse)
def repositories = jsonResponse.results
def repositoryHREF = repositories.find { it -> it['name'] == repositoriesMapping[repositoryLevel] }
return repositoryHREF.pulp_href
}
def addToRepository(
String credentials,
List packagesHREF,
String repositoryHREF,
String pulpHost = 'pulp.bbohard.lan'
) {
def packagesHREFURL = ["add_content_units": packagesHREF.collect { "https://$pulpHost$it" }]
def postBody = JsonOutput.toJson(packagesHREFURL)
def response = httpRequest authentication: credentials, url: "https://${pulpHost}${repositoryHREF}modify/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "100:599"
def jsonResponse = readJSON text: response.content
return waitForTaskCompletion(credentials, jsonResponse.task)
}
def publishRepository(
String credentials,
String repositoryHREF,
String pulpHost = 'pulp.bbohard.lan'
) {
def postBody = JsonOutput.toJson(["repository": repositoryHREF, "simple": true])
def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/publications/deb/apt/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true
def jsonResponse = readJSON text: response.content
println(jsonResponse)
return waitForTaskCompletion(credentials, jsonResponse.task)
}
def distributePublication(
String credentials,
String publicationHREF,
String distributionName,
String basePath,
String pulpHost = 'pulp.bbohard.lan',
String contentGuard = null
) {
def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/distributions/deb/apt/", httpMode: 'GET', ignoreSslErrors: true
def jsonResponse = readJSON text: response.content
def httpMode = ''
def url = ''
def distribution = jsonResponse.results.find { it -> it.name == distributionName}
if (distribution) {
httpMode = 'PUT'
url = distribution.pulp_href
} else {
httpMode = 'POST'
url = '/pulp/api/v3/distributions/deb/apt/'
}
def postBody = JsonOutput.toJson(["publication": publicationHREF, "name": distributionName, "base_path": basePath, "content_guard": contentGuard])
response = httpRequest authentication: credentials, url: "https://${pulpHost}${url}", httpMode: httpMode, requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "100:599"
jsonResponse = readJSON text: response.content
if (distribution) {
waitForTaskCompletion(credentials, jsonResponse.task)
return [url]
} else {
return waitForTaskCompletion(credentials, jsonResponse.task)
}
}
def waitForTaskCompletion(
String credentials,
String taskHREF,
String pulpHost = 'pulp.bbohard.lan'
) {
def status = ''
def created_resources = []
while (status != 'completed') {
def response = httpRequest authentication: credentials, url: "https://${pulpHost}${taskHREF}", httpMode: 'GET', ignoreSslErrors: true
def jsonResponse = readJSON text: response.content
status = jsonResponse.state
if (status == 'completed') {
created_resources = jsonResponse.created_resources
}
sleep(10)
}
return created_resources
}
def getDistributionURL(
String credentials,
String resourceHREF,
String pulpHost = 'pulp.bbohard.lan'
) {
def response = httpRequest authentication: credentials, url: "https://${pulpHost}${resourceHREF}", httpMode: 'GET', ignoreSslErrors: true
def jsonResponse = readJSON text: response.content
println(jsonResponse)
return jsonResponse.base_url
}

View File

@ -49,7 +49,7 @@ def call(String baseImage = "ubuntu:22.04") {
sh '''
CHANGED_FILES=$(git diff --name-only --diff-filter=ACMRTUXB "HEAD~..HEAD" | fgrep ".php" | tr "\n" " ")
if ! echo "${CHANGED_FILES}" | grep -qE "^(\\.php-cs-fixer(\\.dist)\\.php?|composer\\.lock)$"; then EXTRA_ARGS=$(printf -- '--path-mode=intersection -- %s' "${CHANGED_FILES}"); else EXTRA_ARGS=''; fi
php-cs-fixer fix -v --dry-run --using-cache=no --format junit > php-cs-fixer.xml ${EXTRA_ARGS}
php-cs-fixer fix --config=.php-cs-fixer.dist.php -v --dry-run --using-cache=no --format junit ${EXTRA_ARGS} > php-cs-fixer.xml || true
'''
def report = sh(script: "junit2md php-cs-fixer.xml", returnStdout: true)
if (env.CHANGE_ID) {