-
Notifications
You must be signed in to change notification settings - Fork 1
/
.cirrus.yml
161 lines (150 loc) · 5.63 KB
/
.cirrus.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
env:
ARTIFACTORY_URL: VAULT[development/kv/data/repox data.url]
ARTIFACTORY_PRIVATE_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
ARTIFACTORY_DEPLOY_USERNAME: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer username]
ARTIFACTORY_DEPLOY_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer access_token]
ARTIFACTORY_DEPLOY_REPO: sonarsource-pypi-public-qa
GITHUB_TOKEN: VAULT[development/github/token/licenses-ro token]
SONAR_TOKEN: VAULT[development/kv/data/sonarcloud data.token]
SONAR_HOST_URL: https://sonarcloud.io
DEPLOY_PULL_REQUEST: 'true'
POETRY_VIRTUALENVS_PATH: "~/.cache/poetry/venvs"
POETRY_CACHE_DIR: "~/.cache/poetry/pypoetry"
only_if: $CIRRUS_USER_COLLABORATOR == "true" && $CIRRUS_TAG == "" && ($CIRRUS_PR != "" || $CIRRUS_BRANCH == $CIRRUS_DEFAULT_BRANCH || $CIRRUS_BRANCH =~ "feature/*" || $CIRRUS_BRANCH =~ "dogfood-on-.*")
container_definition: &CONTAINER_DEFINITION
dockerfile: .cirrus/poetry.Dockerfile
cluster_name: ${CIRRUS_CLUSTER_NAME}
region: eu-central-1
namespace: default
builder_role: cirrus-builder
builder_image: docker-builder-v*
builder_instance_type: t3.small
use_in_memory_disk: true
docker_arguments:
CIRRUS_AWS_ACCOUNT: ${CIRRUS_AWS_ACCOUNT}
cpu: 3
memory: 8G
poetry_cache_template: &POETRY_CACHE
poetry_cache:
folder: ~/.cache/poetry/
fingerprint_script: cat poetry.lock its/poetry.lock
.poetry_template: &POETRY_TEMPLATE
eks_container:
<<: *CONTAINER_DEFINITION
<<: *POETRY_CACHE
poetry_install_script:
- source set_poetry_build_version "$CI_BUILD_NUMBER"
- echo "PROJECT_VERSION=$PROJECT_VERSION" >> $CIRRUS_ENV
- jfrog config add repox --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_PRIVATE_ACCESS_TOKEN"
- jfrog poetry-config --server-id-resolve repox --repo-resolve sonarsource-pypi
- jfrog poetry install --build-name="$CIRRUS_REPO_NAME" --build-number="$CI_BUILD_NUMBER"
mend_scan_task:
<<: *POETRY_TEMPLATE
depends_on:
- build
# run only on master and long-living branches
only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*")
eks_container:
image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j21-latest
region: eu-central-1
cluster_name: ${CIRRUS_CLUSTER_NAME}
namespace: default
cpu: 4
memory: 2G
env:
WS_APIKEY: VAULT[development/kv/data/mend data.apikey]
mend_script:
- source cirrus-env QA
- source ws_scan.sh
allow_failures: "true"
always:
ws_scan_artifacts:
path: "whitesource/**/*"
formatting_task:
<<: *POETRY_TEMPLATE
alias: formatting
name: "Formatting"
formatting_script:
- poetry run black src/ tests/ --check
- poetry run licenseheaders -t license_header.tmpl -o "SonarSource SA" -y 2011-2024 -n "Sonar Scanner Python" -E .py -d src/
- poetry run licenseheaders -t license_header.tmpl -o "SonarSource SA" -y 2011-2024 -n "Sonar Scanner Python" -E .py -d tests/
- poetry run licenseheaders -t license_header.tmpl -o "SonarSource SA" -y 2011-2024 -n "Sonar Scanner Python" -E .py -d its/ -x its/sources/**.py
- git diff --name-only --exit-code ./src ./tests ./its
analysis_task:
<<: *POETRY_TEMPLATE
alias: analysis
name: "SC Analysis"
analysis_script:
- poetry run pytest --cov-report=xml:coverage.xml --cov-config=pyproject.toml --cov=src --cov-branch tests
- python -m venv .venv
- source .venv/bin/activate
- pip install .
- pysonar-scanner -Dsonar.organization=sonarsource -DbuildNumber=${CI_BUILD_NUMBER}
always:
pytest_artifacts:
path: "coverage.xml"
format: junit
type: text/xml
qa_task:
alias: qa
matrix:
- name: "Test Python 3.8"
eks_container:
docker_arguments:
PYTHON_VERSION: 3.8.18
- name: "Test Python 3.9"
eks_container:
docker_arguments:
PYTHON_VERSION: 3.9.18
- name: "Test Python 3.10"
eks_container:
docker_arguments:
PYTHON_VERSION: 3.10.13
- name: "Test Python 3.11"
eks_container:
docker_arguments:
PYTHON_VERSION: 3.11.7
- name: "Test Python 3.12"
eks_container:
docker_arguments:
PYTHON_VERSION: 3.12.1
<<: *POETRY_TEMPLATE
qa_script:
- poetry run pytest tests/
build_task:
<<: *POETRY_TEMPLATE
alias: build
name: "Build"
build_script: regular_poetry_build_publish
its_task:
name: "Integration Tests"
alias: its
sonarqube_cache:
folder: sonarqube_cache/
populate_script: mkdir -p sonarqube_cache && wget -q https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-10.5.1.90531.zip -O sonarqube_cache/sonarqube.zip
fingerprint_key: sonarqube-10.5.1.90531
<<: *POETRY_TEMPLATE
its_script:
- unzip -q sonarqube_cache/sonarqube.zip -d sonarqube
- cd $(ls -d sonarqube/*/)
- ./bin/linux-x86-64/sonar.sh start
- cd -
- cd its/
- jfrog poetry-config --server-id-resolve repox --repo-resolve sonarsource-pypi
- jfrog poetry install
- unset SONAR_TOKEN
- unset SONARCLOUD_ANALYSIS
- unset SONAR_HOST_URL
- poetry run pytest
promote_task:
depends_on:
- formatting
- analysis
- qa
- build
- its
env:
ARTIFACTORY_PROMOTE_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promoter access_token]
GITHUB_TOKEN: VAULT[development/github/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promotion token]
<<: *POETRY_TEMPLATE
promote_script: cirrus_promote