Merge branch 'master' into fix/EDPC-763

opendevstack · Jul 29, 2021 · 1223230 · 1223230
2 parents c6e9e96 + 8dcfee8
commit 1223230
Show file tree

Hide file tree

Showing 95 changed files with 5,604 additions and 363 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,8 @@
 # Changelog
 
 ## Unreleased
+- Throw controlled exception when testIssue has no component assigned  ([#693](https://github.com/opendevstack/ods-jenkins-shared-library/pull/693))
+- Fix sort tests steps in TCP and TCR documentsn ([#652](https://github.com/opendevstack/ods-jenkins-shared-library/pull/652))
 - Fixed environment value of SonarQube edition ([#618](https://github.com/opendevstack/ods-jenkins-shared-library/issues/618))
 - Early stop on opened Jira issues before deploy to dev environment ([#626](https://github.com/opendevstack/ods-jenkins-shared-library/pull/626))
 - Fixed the Document History of the IVP & IVR is not being generated ([#627](https://github.com/opendevstack/ods-jenkins-shared-library/pull/627))
@@ -13,6 +15,22 @@
 - Added builder (agent and master) labels into image building process  ([#644](https://github.com/opendevstack/ods-jenkins-shared-library/pull/644))
 - Added regexp compatibility with new Bitbucket merge commit messages ([#655](https://github.com/opendevstack/ods-jenkins-shared-library/pull/656))
 - Remove the workaround for NPE resolving issues ([#660](https://github.com/opendevstack/ods-jenkins-shared-library/pull/660))
+- Set jenkins job to unstable in case of open issues ([#664](https://github.com/opendevstack/ods-jenkins-shared-library/pull/664))
+- Fixed regression on project dump in release manager ([#666](https://github.com/opendevstack/ods-jenkins-shared-library/issues/666))
+- Fixed use of full image in the creation of the documents ([682](https://github.com/opendevstack/ods-jenkins-shared-library/pull/682))
+- Fix epic Issues not correctly ordered on the CSD ([#671](https://github.com/opendevstack/ods-jenkins-shared-library/pull/671))
+- Fix Reference Documents not displaying the correct version on the SLC Documents ([#672](https://github.com/opendevstack/ods-jenkins-shared-library/pull/672))
+- Jenkins nonCPS prevents project.dump from work ([#673](https://github.com/opendevstack/ods-jenkins-shared-library/issues/673))
+- Regression from NonCPS refactoring leads to method not found ([#675](https://github.com/opendevstack/ods-jenkins-shared-library/issues/675), ([#678](https://github.com/opendevstack/ods-jenkins-shared-library/issues/678))
+- Fix reference Document Version for the DTR and TIR are not correct ([#681](https://github.com/opendevstack/ods-jenkins-shared-library/pull/681))
+- Fix the referenced documents are not displaying the correct version if they are generated after the SLC Document ([#685](https://github.com/opendevstack/ods-jenkins-shared-library/pull/685))
+- Add recommended labels to pods ([#686](https://github.com/opendevstack/ods-jenkins-shared-library/pull/686))
+- Added data for Risk Assesment document ([687](https://github.com/opendevstack/ods-jenkins-shared-library/pull/687))
+- Modified SSDS document to use Pull Request info not SonarQube ([#614](https://github.com/opendevstack/ods-jenkins-shared-library/pull/614))
+- Added Aqua Stage ([#661](https://github.com/opendevstack/ods-jenkins-shared-library/pull/661), [#617](https://github.com/opendevstack/ods-jenkins-shared-library/pull/617))
+- Add Technical Specifications and risks related to technical specifications to the TRC document ([#690](https://github.com/opendevstack/ods-jenkins-shared-library/pull/690))
+- Enable the co-existence of multiple E2E test components ([#377](https://github.com/opendevstack/ods-jenkins-shared-library/issues/377))
+- Fix Document History in TIR and IVR is not correct after de deploy to P ([#695](https://github.com/opendevstack/ods-jenkins-shared-library/pull/695))
 
 ## [3.0] - 2020-08-11
 

diff --git a/build.gradle b/build.gradle
@@ -76,15 +76,20 @@ dependencies {
     implementation "org.apache.poi:poi:4.0.1"
     implementation "org.yaml:snakeyaml:1.24"
     implementation 'com.vladsch.flexmark:flexmark-all:0.60.2' // for markdown to pdf conversion (sonarqube reports)
+    implementation 'com.xlson.groovycsv:groovycsv:1.3'
 
     testImplementation "org.spockframework:spock-core:1.3-groovy-2.4"
+    testImplementation ("com.athaydes:spock-reports:1.6.0") { transitive = false }
+    testImplementation group: 'org.assertj', name: 'assertj-core', version: '3.19.0'
+    testImplementation group: 'commons-io', name: 'commons-io', version: '2.8.0'
     testImplementation "com.lesfurets:jenkins-pipeline-unit:1.3"
     testImplementation "net.bytebuddy:byte-buddy:1.10.8"
     testImplementation "org.objenesis:objenesis:3.1"
     testImplementation "cglib:cglib-nodep:3.3.0"                      // for mocking classes
     testImplementation "com.github.stefanbirkner:system-rules:1.19.0" // for managing environment variables
-    testImplementation "com.github.tomakehurst:wiremock:2.26.0"       // for mocking HTTP server reponses
+    testImplementation "com.github.tomakehurst:wiremock:2.27.0"       // for mocking HTTP server reponses
     testImplementation "org.hamcrest:hamcrest:2.1"
+    testImplementation "org.skyscreamer:jsonassert:1.5.0"             // JSON Asserts
 }
 
 sourceSets {
@@ -112,17 +117,26 @@ test {
     testLogging {
         showStandardStreams = true
     }
+    systemProperty 'com.athaydes.spockframework.report.projectName', 'ods-jenkins-shared-library'
+    systemProperty 'com.athaydes.spockframework.report.projectVersion', version
 }
 
 codenarc {
     toolVersion = '1.5'
     configFile = file('codenarc.groovy')
     maxPriority1Violations = 0
     maxPriority2Violations = 0
-    maxPriority3Violations = 321
+    maxPriority3Violations = 324
     reportFormat = 'html'
 }
 
+/**
+ The CodeNarc plugin adds the following tasks to the project:
+ - codenarcMain — Runs CodeNarc against the production Groovy source files.
+ - codenarcTest — Runs CodeNarc against the test Groovy source files.
+ - codenarcSourceSet — Runs CodeNarc against the given source set’s Groovy source files.
+ Run locally by executing e.g. 'gradle codenarcMain', the report can be found in ./build/reports/codenarc.
+ */
 codenarcTest {
     ignoreFailures = true
 }

diff --git a/docs/modules/jenkins-shared-library/partials/odsComponentStageScanWithAqua.adoc b/docs/modules/jenkins-shared-library/partials/odsComponentStageScanWithAqua.adoc
@@ -0,0 +1,62 @@
+// Document generated by render-adoc.go from odsComponentStageScanWithAqua.adoc.tmpl; DO NOT EDIT.
+
+The "Aqua Security Scan" stage scans an image that was previously built in that same pipeline run.
+
+As a result, a Bitbucket Code Insight entry is added to the git commit (in Bitbucket) that basically
+contains a link to the scan result on the Aqua platform. The Bitbucket Code Insight entry can be seen in a pull request.
+The pull request in Bitbucket shows the Code Insight of the latest commit of the PR.
+
+To get started, make sure you have a `ConfigMap` in your project-cd namespace in OpenShift that has these fields:
+----
+...
+metadata:
+  name: aqua
+...
+data:
+  registry: <registry-name-in-aqua-platform>
+  secretName: <secret-name-of-aqua-user-credentials>
+  url: <aqua-platform-url>
+----
+
+. `registry`: Refers to a name for the image registry given in the Aqua platform by an Aqua platform admin.
+. `secretName`: Name of a `Secret` that contains the credentials of the Aqua platform user that is used for executing the scan. That user needs to have scanner rights.
+. `url`: Base URL of the Aqua platform (including scheme).
+
+Now, to use the stage, add it in your `Jenkinsfile`, e.g. like this:
+----
+) { context ->
+    ...
+    odsComponentStageScanWithAqua(context)
+    ...
+}
+----
+
+== Options
+
+[cols="1,2"]
+|===
+| Option | Description
+
+
+| *branch* +
+_String_
+|Branch to run stage for.
+ Example: `'master'`.
+ Next to exact matches, it also supports prefixes (e.g. `feature/`) and all branches (`*`).
+
+
+| *branches* +
+_List<String>_
+|Branches to run stage for.
+ Example: `['master', 'develop']`.
+ Next to exact matches, it also supports prefixes (e.g. `feature/`) and all branches (`*`).
+
+
+| *resourceName* +
+_String_
+|Name of `BuildConfig`/`ImageStream` of the image that we want to scan (defaults to `context.componentId`).
+ BuildOpenShiftImageStage puts the imageRef into a map with the `resourceName` as key.
+ In order to be able to receive the imageRef for scanning, the `resourceName` needs
+ to be the same as in BuildOpenShiftImageStage.
+
+|===
diff --git a/docs/modules/jenkins-shared-library/partials/odsComponentStageScanWithAqua.adoc.tmpl b/docs/modules/jenkins-shared-library/partials/odsComponentStageScanWithAqua.adoc.tmpl
@@ -0,0 +1,43 @@
+The "Aqua Security Scan" stage scans an image that was previously built in that same pipeline run.
+
+As a result, a Bitbucket Code Insight entry is added to the git commit (in Bitbucket) that basically
+contains a link to the scan result on the Aqua platform. The Bitbucket Code Insight entry can be seen in a pull request.
+The pull request in Bitbucket shows the Code Insight of the latest commit of the PR.
+
+To get started, make sure you have a `ConfigMap` in your project-cd namespace in OpenShift that has these fields:
+----
+...
+metadata:
+  name: aqua
+...
+data:
+  registry: <registry-name-in-aqua-platform>
+  secretName: <secret-name-of-aqua-user-credentials>
+  url: <aqua-platform-url>
+----
+
+. `registry`: Refers to a name for the image registry given in the Aqua platform by an Aqua platform admin.
+. `secretName`: Name of a `Secret` that contains the credentials of the Aqua platform user that is used for executing the scan. That user needs to have scanner rights.
+. `url`: Base URL of the Aqua platform (including scheme).
+
+Now, to use the stage, add it in your `Jenkinsfile`, e.g. like this:
+----
+) { context ->
+    ...
+    odsComponentStageScanWithAqua(context)
+    ...
+}
+----
+
+== Options
+
+[cols="1,2"]
+|===
+| Option | Description
+{{range .Options}}
+
+| *{{.Name}}* +
+_{{.Type}}_
+|{{.Description}}
+{{end}}
+|===
diff --git a/src/org/ods/component/RolloutOpenShiftDeploymentStage.groovy b/src/org/ods/component/RolloutOpenShiftDeploymentStage.groovy
@@ -115,30 +115,48 @@ class RolloutOpenShiftDeploymentStage extends Stage {
         }
         def originalDeploymentVersions = fetchOriginalVersions(deploymentResources)
 
-        // Tag images which have been built in this pipeline from cd project into target project
-        retagImages(context.targetProject, getBuiltImages())
-
         def refreshResources = false
-        if (steps.fileExists("${options.chartDir}/Chart.yaml")) {
-            if (context.triggeredByOrchestrationPipeline) {
-                steps.error "Helm cannot be used in the orchestration pipeline yet."
-                return
+        def paused = true
+        try {
+            openShift.bulkPause(context.targetProject, deploymentResources)
+
+            // Tag images which have been built in this pipeline from cd project into target project
+            retagImages(context.targetProject, getBuiltImages())
+
+            if (steps.fileExists("${options.chartDir}/Chart.yaml")) {
+                if (context.triggeredByOrchestrationPipeline) {
+                    steps.error "Helm cannot be used in the orchestration pipeline yet."
+                    return
+                }
+                refreshResources = true
+                helmUpgrade(context.targetProject)
+            } else if (steps.fileExists(options.openshiftDir)) {
+                refreshResources = true
+                tailorApply(context.targetProject)
+            }
+            if (refreshResources) {
+                deploymentResources = openShift.getResourcesForComponent(
+                    context.targetProject, DEPLOYMENT_KINDS, options.selector
+                )
             }
-            helmUpgrade(context.targetProject)
-            refreshResources = true
-        } else if (steps.fileExists(options.openshiftDir)) {
-            tailorApply(context.targetProject)
-            refreshResources = true
-        }
-        def metadata = new OpenShiftResourceMetadata(steps, context.properties, options.properties, logger, openShift)
-        metadata.updateMetadata()
 
-        if (refreshResources) {
-            deploymentResources = openShift.getResourcesForComponent(
-                context.targetProject, DEPLOYMENT_KINDS, options.selector
+            def metadata = new OpenShiftResourceMetadata(
+                steps,
+                context.properties,
+                options.properties,
+                logger,
+                openShift
             )
+            metadata.updateMetadata(true, deploymentResources)
+
+            def rolloutData = rollout(deploymentResources, originalDeploymentVersions)
+            paused = false
+            return rolloutData
+        } finally {
+            if (paused) {
+                openShift.bulkResume(context.targetProject, DEPLOYMENT_KINDS, options.selector)
+            }
         }
-        return rollout(deploymentResources, originalDeploymentVersions)
     }
 
     protected String stageLabel() {
@@ -248,6 +266,10 @@ class RolloutOpenShiftDeploymentStage extends Stage {
 
         setImageTagLatest(ownedImageStreams)
 
+        // May be paused in order to prevent multiple rollouts.
+        // If a rollout is triggered when resuming, the rollout method should detect it.
+        openShift.resume("${resourceKind}/${resourceName}", context.targetProject)
+
         String podManager
         try {
             podManager = openShift.rollout(

diff --git a/src/org/ods/component/ScanWithAquaOptions.groovy b/src/org/ods/component/ScanWithAquaOptions.groovy
@@ -0,0 +1,15 @@
+package org.ods.component
+
+import groovy.transform.TypeChecked
+
+@TypeChecked
+class ScanWithAquaOptions extends Options {
+
+    /**
+     * Name of `BuildConfig`/`ImageStream` of the image that we want to scan (defaults to `context.componentId`).
+     * BuildOpenShiftImageStage puts the imageRef into a map with the `resourceName` as key.
+     * In order to be able to receive the imageRef for scanning, the `resourceName` needs
+     * to be the same as in BuildOpenShiftImageStage. */
+    String resourceName
+
+}