Merge branch 'prepare-release' into release

CONTRIBUTING.md

@@ -0,0 +1,4 @@
+## Developer Certificate of Origin (DCO)
+
+Due to legal reasons, contributors will be asked to accept a DCO before they submit the first pull request to this projects, this happens in an automated fashion during the submission process. SAP uses [the standard DCO text of the Linux Foundation](https://developercertificate.org/).
+

LICENSE

@@ -200,18 +200,3 @@
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.
-
-------------------------------------------------------------------------------
-APIs
-
-This project may include APIs to SAP or third party products or services. The 
-use of these APIs, products and services may be subject to additional 
-agreements. In no event shall the application of the Apache Software License,
-v.2 to this project grant any rights in or to these APIs, products or services
-that would alter, expand, be inconsistent with, or supersede any terms of
-these additional agreements. “API” means application programming interfaces,
-as well as their respective specifications and implementing code that allows
-other software products to communicate with or call on SAP or third party
-products or services (for example, SAP Enterprise Services, BAPIs, Idocs,
-RFCs and ABAP calls or other user exits) and may be made available through
-SAP or third party products, SDKs, documentation or other media. 

configuration.md

@@ -34,6 +34,7 @@
     * [checkFindbugs](#checkfindbugs)
     * [checkGatling](#checkgatling)
     * [checkJMeter](#checkjmeter)
+    * [detectExecuteScan](#detectexecutescan)
     * [executeFortifyScan](#executefortifyscan)
     * [mtaBuild](#mtabuild)
     * [createHdiContainer](#createhdicontainer)
@@ -774,6 +775,11 @@ checkJMeter:
   unstableThreshold: 70
 ```
 
+#### detectExecuteScan
+
+To activate a Synopsys Detect Scan, the step `detectExecuteScan` has to be configured in the steps section.
+Please visit the project "Piper" [documentation](https://sap.github.io/jenkins-library/steps/detectExecuteScan/) for the configuration options of this step.
+
 #### fortifyExecuteScan
 
 The configuration of the step fortifyExecuteScan is explained in the project "Piper" [documentation](https://sap.github.io/jenkins-library/steps/fortifyExecuteScan/).

release-notes-draft.md

@@ -2,51 +2,42 @@
 
 This document describes the changes which will be part of the next release and are already available in the latest version (master branch) of the pipeline.
 
-# v39
+# v40
 
-## :warning: Breaking changes
+## New Features
 
-In the process of aligning the pipeline configuration with the concepts of other project "Piper" pipelines to delivery a common user experience, the configuration of the SAP Cloud Platform Transport Management upload was moved from the stage `productionDeployment` to the `tmsUpload` step:
+### Synopsys Detect Scan (formerly BlackDuck) (Beta)
 
-```diff
-steps:
-+  tmsUpload:
-+    nodeName: 'TEST'
-+    credentialsId: 'TMS-UPLOAD'
-+    customDescription: 'A custom description for the node upload'
-stages:
--  productionDeployment:
--    tmsUpload:
--      nodeName: 'TEST'
--      credentialsId: 'TMS-UPLOAD'
--      customDescription: 'A custom description for the node upload'
-```
+A new 3rd party stage was introduced which allows to execute Detect scans using the project "Piper" step [detectExecuteScan](https://sap.github.io/jenkins-library/steps/detectExecuteScan/).
+Please note that the step is currently only available in an early version.
+It might not support all variants of projects out-of-the-box.
+Furthermore, you might have to configure a Docker image which provides the build tools, e.g. maven, that you want to use during the scan.
 
-### Stages endToEndTests and productionDeployment
-- The `appUrls` property of the stages `endToEndTests` and `productionDeployment` must not be a string anymore. 
-Instead, `appUrls` is required to be a list of maps, where for each `appUrl` the mandatory property `url` is defined. 
-Example:
+The scan can be activated by configuring the step `detectExecuteScan`, for example:
 
-```diff
-  endToEndTests:
--    appUrls: 'https://my-app-url.com'
-+    appUrls:
-+      - url: 'https://my-app-url.com'
+```yaml
+steps:
+  detectExecuteScan:
+    detectTokenCredentialsId: 'detect-token'
+    projectName: 'My Example'
+    projectVersion: '1'
+    serverUrl: 'https://xyz.blackducksoftware.com'
+    dockerImage: 'docker-image'
 ```
 
-- In addition, the optional property `parameters` which can be defined for each `appUrl`, must not be a string anymore.
-  Instead, it is required to be a list of strings, where each string corresponds to one element of the parameters. For Example:
-
-```diff
-  endToEndTests:
-    appUrls:
-      - url: 'https://my-app-url.com'
--       parameters: '--tag scenario1'
-+       parameters: ['--tag', 'scenario1']
-```
+## Fixes
 
-## New Features
+Some stages such as `backendIntegrationTests` can be configured to run with an optional sidecar image.
+This was broken for a number of releases, if the Download Cache was enabled and any steps within the stage made use of it (such as `mavenExecute`).
+For the time being, docker containers can be connected to one network only, which means the Download Cache has to be disabled for stages with a sidecar image defined.
 
-## Fixes
+In `scp-cf-spring` archetype maven-based MTA projects, the pipeline installed the wrong `application`-module artifact which broke the ability to run integration tests.
+This was fixed in the [library](https://github.com/SAP/jenkins-library/pull/1892).
 
 ## Improvements
+
+For a step which anticipates to run with an optional sidecar image, the image may now also be defined in that step's configuration only.
+This improves performance versus configuring the sidecar image in the stage, since it avoids running other steps within the stage also with that sidecar.
+
+:warning: **If the Download Cache is enabled**, sidecar images have to be configured in the stage as before. 
+The Download Cache is enabled by default on CX-Server-based Jenkins instances, unless when running Jenkins in a Kubernetes environment.   

s4sdk-pipeline.groovy

@@ -1,6 +1,6 @@
 #!/usr/bin/env groovy
 
-final def pipelineSdkVersion = 'v39'
+final def pipelineSdkVersion = 'v40'
 
 library "s4sdk-pipeline-library@${pipelineSdkVersion}"
 cloudSdkPipeline(script: this)