Merge branch 'mercedes-benz:develop' into feature-345-summary-in-reports

zigfridus · Aug 16, 2023 · 07bf0ee · 07bf0ee
2 parents d57c6ee + 2f57762
commit 07bf0ee
Show file tree

Hide file tree

Showing 470 changed files with 26,613 additions and 3,483 deletions.
diff --git a/.github/workflows/github-action-scan.yml b/.github/workflows/github-action-scan.yml
@@ -0,0 +1,30 @@
+# SPDX-License-Identifier: MIT
+name: Build SecHub GitHub Action
+
+on: workflow_dispatch
+
+jobs:
+  build-scan:
+    runs-on: ubuntu-latest
+    # Let's set the scan action folder as the working directory for all "run" steps:
+    working-directory: ./github-actions/scan
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Use Node.js
+        # We do not define a dedicated node version here, we just use the default environment
+        # which should be the default environment for the github actions runtime as well
+        uses: actions/setup-node@v3 
+
+      - name: Clean install
+        run: npm ci 
+
+      - name: Build
+        run: npm run build --if-present
+
+      - name: Run tests
+        run: npm test
+
+
diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml
@@ -12,6 +12,8 @@ on:
       # We ignore everything where tag starts with v* - this is done by release build!
     tags-ignore:
       - v*
+  # enable manual triggering of workflow
+  workflow_dispatch:
 
 jobs:
   build:
@@ -47,19 +49,19 @@ jobs:
         run: ./gradlew :sechub-cli:buildGo :sechub-cli:testGo
 
       - name: Build Server, DAUI and generate OpenAPI file
-        run: ./gradlew ensureLocalhostCertificate build generateOpenapi buildDeveloperAdminUI buildPDSToolsCLI -x :sechub-integrationtest:test -x :sechub-cli:build
+        run: ./gradlew ensureLocalhostCertificate build generateOpenapi buildDeveloperAdminUI -x :sechub-cli:build
 
-      - name: Generate and build API Java
-        run: ./gradlew :sechub-api-java:buildAPIJava
+      - name: Generate and build Java projects related to SecHub Java API
+        run: ./gradlew :sechub-api-java:build :sechub-systemtest:build :sechub-pds-tools:buildPDSToolsCLI -Dsechub.build.stage=api-necessary
 
       # Integration test
       - name: Integration test
-        run: ./gradlew integrationtest
+        run: ./gradlew :sechub-integrationtest:startIntegrationTestInstances :sechub-systemtest:integrationtest :sechub-integrationtest:integrationtest :sechub-integrationtest:stopIntegrationTestInstances -Dsechub.build.stage=all --console=plain
 
       # We use 'if: always()' to run a step even if a previous step failed
       - name: Create combined test report
         if: always()
-        run: ./gradlew createCombinedTestReport
+        run: ./gradlew createCombinedTestReport -Dsechub.build.stage=all
 
       # -----------------------------------------
       # Upload Build Artifacts
@@ -117,7 +119,7 @@ jobs:
       # Build Documentation
       # -----------------------------------------
       - name: Create documentation
-        run: ./gradlew documentation
+        run: ./gradlew documentation -Dsechub.build.stage=all
 
       # -----------------------------------------
       # Upload documentation

diff --git a/.github/workflows/release-client-server-pds.yml b/.github/workflows/release-client-server-pds.yml
@@ -150,9 +150,6 @@ jobs:
           echo "Pull Request Number - ${{ steps.pr_spdx_headers.outputs.pull-request-number }}"
           echo "Pull Request URL - ${{ steps.pr_spdx_headers.outputs.pull-request-url }}"
 
-      - name: Switch back to master branch
-        run: git checkout master
-
       # ----------------------
       # Build SecHub Client
       # ----------------------
@@ -163,30 +160,33 @@ jobs:
       # Build SecHub Server + PDS
       # ----------------------
       - name: Build Server and PDS artifacts
-        run: ./gradlew ensureLocalhostCertificate build generateOpenapi buildDeveloperAdminUI -x :sechub-integrationtest:test -x :sechub-cli:build
+        run: ./gradlew ensureLocalhostCertificate build generateOpenapi buildDeveloperAdminUI -x :sechub-cli:build
 
       # ----------------------
       # Build API Java publish
       # ----------------------
-      - name: Generate, build (and publish on server release) Java API
-        run: ./gradlew :sechub-api-java:buildAPIJava
+      - name: Generate and build Java projects related to SecHub Java API
+        run: ./gradlew :sechub-api-java:build :sechub-systemtest:build :sechub-pds-tools:buildPDSToolsCLI -Dsechub.build.stage=api-necessary
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
 
       # ----------------------
       # Integration test
       # ----------------------
       - name: Integration test
-        run: ./gradlew integrationtest
+        run: ./gradlew :sechub-integrationtest:startIntegrationTestInstances :sechub-systemtest:integrationtest :sechub-integrationtest:integrationtest :sechub-integrationtest:stopIntegrationTestInstances -Dsechub.build.stage=all
 
       - name: Create combined test report
         if: always()
-        run: ./gradlew createCombinedTestReport
+        run: ./gradlew createCombinedTestReport -Dsechub.build.stage=all
 
       # To identifiy parts not in git history and leading to "-dirty-$commitId" markern in documentation
-      - name: Inspect GIT status
+      - name: Collect GIT status
         if: always()
-        run: git status > build/reports/git-status.txt
+        run: |
+          # restore reduced-openapi3.json
+          git restore sechub-api-java/src/main/resources/reduced-openapi3.json
+          git status > build/reports/git-status.txt
 
       # -----------------------------------------
       # Upload Build Artifacts
@@ -304,16 +304,14 @@ jobs:
           echo "Pull Request Number - ${{ steps.pr_release_documentation.outputs.pull-request-number }}"
           echo "Pull Request URL - ${{ steps.pr_release_documentation.outputs.pull-request-url }}"
 
-      - name: Switch back to master branch
-        run: git checkout master
-
       # -----------------------------------------
       # Assert releaseable, so no dirty flags on releases
       # even when all artifact creation parts are done!
       # -----------------------------------------
       - name: Assert releasable
-        run: ./gradlew assertReleaseable
-
+        run: |
+          git status
+          ./gradlew assertReleaseable
 
       # ******************************************
       # S E R V E R  release

diff --git a/.github/workflows/release-pds-tools.yml b/.github/workflows/release-pds-tools.yml
@@ -15,19 +15,23 @@ jobs:
     name: Create PDS-Tools release
     runs-on: ubuntu-latest
     steps:
+
       - name: "Show Inputs"
         run: |
           echo "PDS-Tools '${{ inputs.pds-tools-version }}' - Milestone '${{ inputs.pds-tools-milestone-number }}'"
       # Check inputs if a milestone number is provided for each version to be released:
+
       - name: "Verify Input: PDS-Tools"
         if: (inputs.pds-tools-version != '') && (inputs.pds-tools-milestone-number == '')
         run: |
           echo "For PDS-Tools release, pds-tools-milestone-number must be provided!"
           exit 1
+
       - name: Checkout master
         uses: actions/checkout@v3
         with:
           ref: master
+
       # Create temporary local tags, so we build documentation for this tag...
       # The final tag on git server side will be done by the release when the draft is saved as "real" release
       # automatically.
@@ -78,20 +82,22 @@ jobs:
           echo "Pull Request Number - ${{ steps.pr_spdx_headers.outputs.pull-request-number }}"
           echo "Pull Request URL - ${{ steps.pr_spdx_headers.outputs.pull-request-url }}"
 
-      - name: Switch back to master branch
-        run: git checkout master
-
       # ----------------------
       # SecHub PDS-Tools
       # ----------------------
-      - name: Build PDS-Tools
-        run: ./gradlew buildPDSToolsCLI
+      - name: Build Server, DAUI and generate OpenAPI file
+        run: ./gradlew ensureLocalhostCertificate build generateOpenapi buildDeveloperAdminUI -x :sechub-integrationtest:test -x :sechub-cli:build
+
+      - name: Generate and build Java projects related to SecHub Java API
+        run: ./gradlew :sechub-api-java:build :sechub-systemtest:build :sechub-pds-tools:buildPDSToolsCLI -Dsechub.build.stage=api-necessary
 
       # To identifiy parts not in git history and leading to "-dirty-$commitId" markern in documentation
-      - name: Inspect GIT status
+      - name: Collect GIT status
         if: always()
         run: |
-          mkdir build/reports -p
+          # restore reduced-openapi3.json
+          git restore sechub-api-java/src/main/resources/reduced-openapi3.json
+          mkdir -p build/reports
           git status > build/reports/git-status.txt
 
       - name: Archive GIT status
@@ -110,15 +116,14 @@ jobs:
           path: sechub-pds-tools/build/libs
           retention-days: 14
 
-      - name: Switch back to master branch
-        run: git checkout master
-
       # -----------------------------------------
       # Assert releaseable, so no dirty flags on releases
       # even when all artifact creation parts are done!
       # -----------------------------------------
       - name: Assert releasable
-        run: ./gradlew assertReleaseable
+        run: |
+          git status
+          ./gradlew assertReleaseable
 
       - name: Create PDS-Tools release
         id: create_pds_tools_release
@@ -137,11 +142,13 @@ jobs:
             For more details please look at [Milestone ${{inputs.pds-tools-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.pds-tools-milestone-number}}?closed=1)
           draft: true
           prerelease: false
+
       - name: Create sha256 checksum file for PDS-Tools cli jar
         if: inputs.pds-tools-version != ''
         run: |
           cd sechub-pds-tools/build/libs
           sha256sum sechub-pds-tools-cli-${{ inputs.pds-tools-version }}.jar > sechub-pds-tools-cli-${{ inputs.pds-tools-version }}.jar.sha256sum
+
       - name: Upload PDS-Tools release asset sechub-pds-tools-cli-${{ inputs.pds-tools-version }}.jar
         if: inputs.pds-tools-version != ''
         uses: actions/upload-release-asset@v1
@@ -152,6 +159,7 @@ jobs:
           asset_path: sechub-pds-tools/build/libs/sechub-pds-tools-cli-${{ inputs.pds-tools-version }}.jar
           asset_name: sechub-pds-tools-cli-${{ inputs.pds-tools-version }}.jar
           asset_content_type: application/zip
+
       - name: Upload PDS-Tools release asset sechub-pds-tools-cli-${{ inputs.pds-tools-version }}.jar.sha256sum
         if: inputs.pds-tools-version != ''
         uses: actions/upload-release-asset@v1

diff --git a/build.gradle b/build.gradle
@@ -1,6 +1,5 @@
 // SPDX-License-Identifier: MIT
 buildscript{
-
 	apply from: "${rootProject.projectDir}/gradle/libraries.gradle"
 	apply from: "${rootProject.projectDir}/gradle/projects.gradle"
 
@@ -139,3 +138,4 @@ apply from: "${rootProject.projectDir}/gradle/build-spring.gradle"
 apply from: "${rootProject.projectDir}/gradle/build-maven.gradle"
 apply from: "${rootProject.projectDir}/gradle/build-eclipse.gradle"
 apply from: "${rootProject.projectDir}/gradle/build-report.gradle"
+apply from: "${rootProject.projectDir}/gradle/build-integrationtest.gradle"
diff --git a/buildSrc/src/main/groovy/BuildStage.groovy b/buildSrc/src/main/groovy/BuildStage.groovy
@@ -0,0 +1,49 @@
+// SPDX-License-Identifier: MIT
+/**
+ * Special build stage class. Because we need compiled java code to generate our open api file,
+ * the java api generation - which needs the open api file + a java compile - cannot happen 
+ * on same "stage".
+ * To provide this, we have introduced the term sechub build stage - when stage "api-necessary" is
+ * used (or no stage is set), the parts which need a generated open api file will be included
+ * as well. 
+ */
+class BuildStage{
+
+    private static final String STAGE_ALL = "all"; 
+    private static final String STAGE_WITHOUT_API = "without-api"; 
+    private static final String STAGE_API_NECESSARY = "api-necessary"; 
+
+    private String stage;
+    private boolean openApiFileMustExist;
+    private boolean acceptAll;
+
+    BuildStage(){
+        stage = System.getProperty("sechub.build.stage");
+        if(stage==null|| stage.isEmpty()){
+            // Per default we do not support API parts to avoid build life cycle problems
+            stage = STAGE_WITHOUT_API;
+        }
+
+        switch(stage){
+            case STAGE_ALL:
+                // We just do not define any constraints here
+                // Meaning: this stage can be imported by IDEs
+                acceptAll=true;
+                break;
+             case STAGE_WITHOUT_API:
+                openApiFileMustExist=false;
+                break;
+             case STAGE_API_NECESSARY:
+                openApiFileMustExist=true;
+                break;
+            default: 
+                throw new IllegalArgumentException("Unknown build stage: '"+ stage+"'");
+        }
+
+    }
+
+    public boolean providesGeneratedOpenApiFile(){
+        return acceptAll || openApiFileMustExist;                  
+    }
+
+}
diff --git a/buildSrc/src/main/groovy/IOUtil.java b/buildSrc/src/main/groovy/IOUtil.java
@@ -0,0 +1,63 @@
+// SPDX-License-Identifier: MIT
+
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.nio.file.Path;
+import java.nio.file.StandardCopyOption;
+import java.io.IOException;
+
+public class IOUtil {
+
+    /**
+     * Creates a backup copy for the given file (if the file does exist) which
+     * can be restored by IOUtil. The location of the backup is handled by IOUtil internally.
+     * 
+     * @param filePath the path for the file to backup
+     * @param backupPostFix a special post fix for the backup file, the backup file has
+     *        the same name as the origin one, but with the post fix.
+     */
+    public static final void createBackupFile(String filePath, String backupPostFix) throws IOException{
+        Path sourcePath = Paths.get(filePath);
+        Path targetPath = Paths.get(filePath + "_" + backupPostFix);
+
+        if (!Files.exists(sourcePath)) {
+            return;
+        }
+        System.out.println("Create backup file: "+targetPath + "\nfrom: "+sourcePath);
+
+        Files.copy(sourcePath, targetPath, StandardCopyOption.REPLACE_EXISTING);
+    }
+
+    /**
+     * Restores a previously created backup to the wanted file path (if a backup exists).
+     * The location of the backup is handled by IOUtil internally.
+     * 
+     * @param filePath the path for the file to restore (not the backup file!)
+     * @backupPostFix a special post fix for the backup file
+     */
+    public static final void restoreBackupFile(String filePath, String backupPostFix) throws IOException{
+        Path targetPath = Paths.get(filePath);
+        Path sourcePath = Paths.get(filePath + "_" + backupPostFix);
+        if (!Files.exists(sourcePath)) {
+            return;
+        }
+        System.out.println("Restore: "+targetPath + "\nfrom backup file: "+sourcePath);
+        Files.copy(sourcePath, targetPath, StandardCopyOption.REPLACE_EXISTING);
+    }
+
+    /**
+     * Copy a file to another location
+     * @sourcePath source path as string
+     * @targetPath target path as string
+     */
+    public static final void copyFile(String sourcePath, String targetPath) throws IOException{
+
+        Path source = Paths.get(sourcePath);
+        Path target = Paths.get(targetPath);
+
+        target.toFile().getParentFile().mkdirs();
+
+        System.out.println("Copy: "+source + "\nto  : "+target);
+        Files.copy(source, target, StandardCopyOption.REPLACE_EXISTING);
+    }
+}
diff --git a/continous-integration-multibranch-pipeline.jenkins b/continous-integration-multibranch-pipeline.jenkins
@@ -58,7 +58,7 @@ pipeline {
                             // Reason: because we do NOT want to have the integration tests executed, otherwise gradle will not execute them
                             // on integration phase again (because nothing has changed, so gradle will cache the results which are ignored ...
                             callGradleWrapper("ensureLocalhostCertificate build generateOpenapi buildDeveloperAdminUI -x :sechub-integrationtest:test -x :sechub-cli:build -Psechub.test.wiremock.https_port=${env.SECHUB_TEST_WIREMOCK_HTTPS_PORT} -Psechub.test.wiremock.http_port=${env.SECHUB_TEST_WIREMOCK_HTTP_PORT}")
-                            callGradleWrapper(":sechub-api-java:buildAPIJava")
+                            callGradleWrapper(":sechub-api-java:build :sechub-systemtest:build :sechub-pds-tools:buildPDSToolsCLI -Dsechub.build.stage=api-necessary")
                         }
                     }
                 }
@@ -131,7 +131,7 @@ pipeline {
         stage('Build Documentation') {
             steps {
                 script{
-                    callGradleWrapper('documentation')
+                    callGradleWrapper('documentation -Dsechub.build.stage=all')
                 }
             }
         }