SONARJAVA-5526 Change sonar-java cirrus configuration for this repo

Author: alban-auzeill

.cirrus.yml

@@ -1,330 +1,57 @@
 env:
-  CIRRUS_VAULT_URL: https://vault.sonar.build:8200
-  CIRRUS_VAULT_AUTH_PATH: jwt-cirrusci
-  CIRRUS_VAULT_ROLE: cirrusci-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}
+  CIRRUS_CLONE_DEPTH: 20
   ARTIFACTORY_URL: VAULT[development/kv/data/repox data.url]
-  ARTIFACTORY_PRIVATE_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader
+  ARTIFACTORY_PRIVATE_USERNAME: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader username]
   ARTIFACTORY_PRIVATE_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
   ARTIFACTORY_DEPLOY_USERNAME: vault-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer
   ARTIFACTORY_DEPLOY_PASSWORD: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer access_token]
   #Possible values for ARTIFACTORY_DEPLOY_REPO: sonarsource-private-qa, sonarsource-public-qa
   ARTIFACTORY_DEPLOY_REPO: sonarsource-public-qa
   ARTIFACTORY_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
-  GITHUB_TOKEN: VAULT[development/github/token/licenses-ro token]
-  DEVELOCITY_TOKEN: VAULT[development/kv/data/develocity data.token]
-  DEVELOCITY_ACCESS_KEY: develocity.sonar.build=${DEVELOCITY_TOKEN}
   # Use bash (instead of sh on linux or cmd.exe on windows)
   CIRRUS_SHELL: bash
-  # Allows to run builds for the 50 last commits in a branch:
-  CIRRUS_CLONE_DEPTH: 50
 
 container_definition: &CONTAINER_DEFINITION
+  image: "${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j17-latest"
   cluster_name: ${CIRRUS_CLUSTER_NAME}
   region: eu-central-1
   namespace: default
-  nodeSelectorTerms:
-      - matchExpressions:
-        - key: node.kubernetes.io/instance-type
-          operator: In
-          values:
-            - m6a.8xlarge # 3.6 GHz 3rd generation AMD EPYC processors (AMD EPYC 7R13), 18 vCPU, 64 GiB Memory
-
-container_with_docker_definition: &CONTAINER_WITH_DOCKER_DEFINITION
-  <<: *CONTAINER_DEFINITION
-  dockerfile: .cirrus/Dockerfile.jdk17AndLatest
-  builder_role: cirrus-builder
-  builder_image: docker-builder-v*
-  builder_instance_type: t3.small
-
-win_vm_definition: &WINDOWS_VM_DEFINITION
-  experimental: true # see https://github.com/cirruslabs/cirrus-ci-docs/issues/1051
-  platform: windows
-  region: eu-central-1
-  type: c5.4xlarge # 3.6 GHz (3.9GHz single core) Intel Xeon Scalable Processor, 16 vCPU, 32 GiB Memory
 
 only_sonarsource_qa: &ONLY_SONARSOURCE_QA
-  only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_PR != "" || $CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BRANCH =~ "dogfood-on-.*")
+  only_if: ${CIRRUS_USER_COLLABORATOR} == 'true' && ${CIRRUS_TAG} == "" && (${CIRRUS_PR} != "" || ${CIRRUS_BRANCH} == "master" || ${CIRRUS_BRANCH} =~ "branch-.*" || ${CIRRUS_BRANCH} =~ "dogfood-on-.*")
 
-log_develocity_url_script: &log_develocity_url_script |
-  echo "Develocity URL: https://develocity.sonar.build/scans?search.publicHostnames=cirrus-ci-task-${CIRRUS_TASK_ID}"
-
-
-common_build_definition: &COMMON_BUILD_DEFINITION
+build_task:
   eks_container:
     <<: *CONTAINER_DEFINITION
-    image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j23-latest
     cpu: 4
     memory: 4G
   env:
-    SIGN_KEY: VAULT[development/kv/data/sign data.key]
-    PGP_PASSPHRASE: VAULT[development/kv/data/sign data.passphrase]
     # analysis on next
     SONAR_TOKEN: VAULT[development/kv/data/next data.token]
     SONAR_HOST_URL: https://next.sonarqube.com/sonarqube
     #allow deployment of pull request artifacts to repox
     DEPLOY_PULL_REQUEST: true
+    # signing artifacts
+    SIGN_KEY: VAULT[development/kv/data/sign data.key]
+    PGP_PASSPHRASE: VAULT[development/kv/data/sign data.passphrase]
   maven_cache:
     folder: ${CIRRUS_WORKING_DIR}/.m2/repository
-
-orchestrator_cache_preparation_definition: &ORCHESTRATOR_CACHE_PREPARATION_DEFINITION
-  set_orchestrator_home_script: |
-    export TODAY=$(date '+%Y-%m-%d')
-    echo "TODAY=${TODAY}" >> $CIRRUS_ENV
-    echo "ORCHESTRATOR_HOME=${CIRRUS_WORKING_DIR}/orchestrator/${TODAY}" >> $CIRRUS_ENV
-  mkdir_orchestrator_home_script: |
-    echo "Create dir ${ORCHESTRATOR_HOME} if needed"
-    mkdir -p ${ORCHESTRATOR_HOME}
-
-orchestrator_cache_elements_definition: &ORCHESTRATOR_CACHE_ELEMENTS_DEFINITION
-  folder: ${ORCHESTRATOR_HOME}
-  fingerprint_script: echo ${TODAY}
-  reupload_on_changes: "true"
-
-# Only compile without "test and sonar:sonar". Note: Do not rename "build", it is used by "Check Releasability"
-build_task:
-  <<: *COMMON_BUILD_DEFINITION
-  build_script:
-    - *log_develocity_url_script
-    - source cirrus-env BUILD
-    - regular_mvn_build_deploy_analyze -Dmaven.test.skip=true -Dsonar.skip=true -pl '!java-checks-test-sources/default,!java-checks-test-sources/aws,!java-checks-test-sources/spring-web-4.0'
-  cleanup_before_cache_script: cleanup_maven_repository
-
-test_analyze_task:
-  <<: *COMMON_BUILD_DEFINITION
   build_script:
-    - *log_develocity_url_script
     - source cirrus-env BUILD
-    # ignore duplications in the SE engine plugin, as it will be moved away from sonar-java at some point
-    - PULL_REQUEST_SHA=$GIT_SHA1 regular_mvn_build_deploy_analyze -P-deploy-sonarsource,-release,-sign -Dmaven.deploy.skip=true -Dsonar.analysisCache.enabled=true -Dsonar.cpd.exclusions=java-symbolic-execution/** -Dsonar.sca.exclusions="**/test/files/**, **/test/resources/**, its/plugin/projects/**, java-checks-test-sources/**, its/sources/**,"
-    - cd docs/java-custom-rules-example
-    - mvn clean package -f pom_SQ_10_6_LATEST.xml --batch-mode
-    - cd "${CIRRUS_WORKING_DIR}"
-    - ./check-license-compliance.sh
-  cleanup_before_cache_script: cleanup_maven_repository
-
-ws_scan_task:
-  <<: *ONLY_SONARSOURCE_QA
-  eks_container:
-    <<: *CONTAINER_DEFINITION
-    image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j17-latest
-    cpu: 4
-    memory: 4G
-  # run only on master and long-term branches
-  only_if: $CIRRUS_USER_COLLABORATOR == 'true' && ($CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BRANCH =~ "mend-.*")
-  env:
-    WS_APIKEY: VAULT[development/kv/data/mend data.apikey]
-  maven_cache:
-    folder: ${CIRRUS_WORKING_DIR}/.m2/repository
-  whitesource_script:
-    - source cirrus-env QA
-    - source set_maven_build_version $BUILD_NUMBER
-    - mvn clean install --batch-mode -Dmaven.test.skip=true -pl '!java-checks-test-sources,!java-checks-test-sources/default,!java-checks-test-sources/aws,!java-checks-test-sources/spring-3.2,!java-checks-test-sources/spring-web-4.0'
-    - source ws_scan.sh
-  allow_failures: "true"
-  always:
-    ws_artifacts:
-      path: "whitesource/**/*"
-
-qa_os_win_task:
-  ec2_instance:
-    image: base-windows-jdk21-v*
-    <<: *WINDOWS_VM_DEFINITION
-  maven_cache:
-    folder: ${CIRRUS_WORKING_DIR}/.m2/repository
-  java_download_cache:
-    folder: ${CIRRUS_WORKING_DIR}/.java_download_cache
-  build_script:
-    - *log_develocity_url_script
-    - source cirrus-env CI
-    - ps: .cirrus/install-latest-java-on-windows.ps1 ; if ($?) { & mvn.cmd --batch-mode clean verify }
-  cleanup_before_cache_script: cleanup_maven_repository
-
-plugin_qa_task:
-  depends_on:
-    - build
-  <<: *ONLY_SONARSOURCE_QA
-  eks_container:
-    <<: *CONTAINER_DEFINITION
-    image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j17-latest
-    cpu: 14
-    memory: 8G
-  <<: *ORCHESTRATOR_CACHE_PREPARATION_DEFINITION
-  matrix:
-    - env:
-        SQ_VERSION: LATEST_RELEASE
-      orchestrator_LATEST_RELEASE_cache:
-        <<: *ORCHESTRATOR_CACHE_ELEMENTS_DEFINITION
-    - env:
-        SQ_VERSION: DEV
-      orchestrator_DEV_cache:
-        <<: *ORCHESTRATOR_CACHE_ELEMENTS_DEFINITION
-
-  maven_cache:
-    folder: ${CIRRUS_WORKING_DIR}/.m2/repository
-  submodules_script:
-    - git submodule update --init --recursive
-  qa_script:
-    - *log_develocity_url_script
-    - source cirrus-env QA
-    - source set_maven_build_version $BUILD_NUMBER
-    - cd its/plugin
-    - mvn package --batch-mode -Pit-plugin -Dsonar.runtimeVersion=${SQ_VERSION} -Dmaven.test.redirectTestOutputToFile=false -B -e -V -Dparallel=classes -DuseUnlimitedThreads=true
+    - regular_mvn_build_deploy_analyze
   cleanup_before_cache_script: cleanup_maven_repository
 
-sanity_task:
-  depends_on:
-    - build
-  <<: *ONLY_SONARSOURCE_QA
-  eks_container:
-    <<: *CONTAINER_DEFINITION
-    image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j23-latest
-    cpu: 4
-    memory: 4G
-  maven_cache:
-    folder: ${CIRRUS_WORKING_DIR}/.m2/repository
-  sanity_script:
-    - *log_develocity_url_script
-    - source cirrus-env QA
-    - source set_maven_build_version $BUILD_NUMBER
-    - cd java-checks-test-sources
-    - mvn clean compile --batch-mode
-    - cd ../
-    - mvn verify --batch-mode -f sonar-java-plugin/pom.xml -Psanity -Dtest=SanityTest
-  cleanup_before_cache_script: cleanup_maven_repository
-
-ruling_task:
-  depends_on:
-    - build
-  <<: *ONLY_SONARSOURCE_QA
-  eks_container:
-    <<: *CONTAINER_DEFINITION
-    image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j17-latest
-    cpu: 14
-    memory: 8G
-  maven_cache:
-    folder: ${CIRRUS_WORKING_DIR}/.m2/repository
-  <<: *ORCHESTRATOR_CACHE_PREPARATION_DEFINITION
-  orchestrator_LATEST_RELEASE_cache:
-    <<: *ORCHESTRATOR_CACHE_ELEMENTS_DEFINITION
-  submodules_script:
-    - git submodule update --init --recursive
-  env:
-    MAVEN_OPTS: "-Xmx3g"
-    matrix:
-      - PROFILE: without-sonarqube-project
-      - PROFILE: only-sonarqube-project
-  ruling_script:
-    - *log_develocity_url_script
-    - source cirrus-env QA
-    - source set_maven_build_version $BUILD_NUMBER
-    - cd its/ruling
-    - mvn package --batch-mode "-Pit-ruling,$PROFILE" -Dsonar.runtimeVersion=LATEST_RELEASE -Dmaven.test.redirectTestOutputToFile=false -B -e -V -Dparallel=methods -DuseUnlimitedThreads=true
-  cleanup_before_cache_script: cleanup_maven_repository
-  on_failure:
-    actual_artifacts:
-      path: "${CIRRUS_WORKING_DIR}/its/ruling/target/actual/**/*"
-
-ruling_win_task:
-  depends_on:
-    - build
-  <<: *ONLY_SONARSOURCE_QA
-  ec2_instance:
-    image: base-windows-jdk17-v*
-    <<: *WINDOWS_VM_DEFINITION
-  maven_cache:
-    folder: ${CIRRUS_WORKING_DIR}/.m2/repository
-  <<: *ORCHESTRATOR_CACHE_PREPARATION_DEFINITION
-  orchestrator_LATEST_RELEASE_cache:
-    <<: *ORCHESTRATOR_CACHE_ELEMENTS_DEFINITION
-  env:
-    MAVEN_OPTS: "-Xmx3g"
-    matrix:
-      - PROFILE: without-sonarqube-project
-      - PROFILE: only-sonarqube-project
-  ruling_script:
-    - *log_develocity_url_script
-    - source cirrus-env QA
-    - source set_maven_build_version $BUILD_NUMBER
-    - init_git_submodules its/sources
-    - git submodule update --init --recursive
-    - cd its/ruling
-    - mvn package --batch-mode "-Pit-ruling,$PROFILE" -Dsonar.runtimeVersion=LATEST_RELEASE -Dmaven.test.redirectTestOutputToFile=false -B -e -V -Dparallel=methods -DuseUnlimitedThreads=true
-  cleanup_before_cache_script: cleanup_maven_repository
-
-autoscan_task:
-  depends_on:
-    - build
-  <<: *ONLY_SONARSOURCE_QA
-  eks_container:
-    <<: *CONTAINER_WITH_DOCKER_DEFINITION
-    # For now, this autoscan_task need to execute two mvn commands:
-    # * The build of java-checks-test-sources module which requires Java 23.
-    # * The tests using Orchestrator and SonarQube that, for now, fail to work using Java 23
-    # This is why we have a local Dockerfile that provide the 2 versions of Java, 17 and 23.
-    cpu: 14
-    memory: 8G
-  maven_cache:
-    folder: ${CIRRUS_WORKING_DIR}/.m2/repository
-  <<: *ORCHESTRATOR_CACHE_PREPARATION_DEFINITION
-  orchestrator_LATEST_RELEASE_cache:
-    <<: *ORCHESTRATOR_CACHE_ELEMENTS_DEFINITION
-  autoscan_script:
-    - *log_develocity_url_script
-    - source cirrus-env QA
-    - source set_maven_build_version $BUILD_NUMBER
-    - cd java-checks-test-sources
-    - JAVA_HOME="${JAVA_LATEST_HOME}" mvn clean compile test-compile --batch-mode
-    - cd ../its/autoscan
-    - mvn clean package --batch-mode --errors --show-version --activate-profiles it-autoscan -Dsonar.runtimeVersion=LATEST_RELEASE -Dmaven.test.redirectTestOutputToFile=false -Dparallel=methods -DuseUnlimitedThreads=true
-  cleanup_before_cache_script: cleanup_maven_repository
-  on_failure:
-    actual_artifacts:
-      path: "${CIRRUS_WORKING_DIR}/its/autoscan/target/actual/**/*"
-
 promote_task:
   depends_on:
     - build
-    - test_analyze
-    - qa_os_win
-    - sanity
-    - ruling
-    - ruling_win
-    - plugin_qa
-    - ws_scan
-    - autoscan
   <<: *ONLY_SONARSOURCE_QA
   eks_container:
     <<: *CONTAINER_DEFINITION
-    image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j17-latest
     cpu: 2
     memory: 1G
   env:
-    #promotion cloud function
     ARTIFACTORY_PROMOTE_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promoter access_token]
-    GITHUB_TOKEN: VAULT[development/github/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promotion token]
   maven_cache:
     folder: ${CIRRUS_WORKING_DIR}/.m2/repository
-  script: cirrus_promote_maven
-  cleanup_before_cache_script: cleanup_maven_repository
-
-# This task can be used to debug the cache content
-inspect_orchestrator_cache_task:
-  <<: *ONLY_SONARSOURCE_QA
-  depends_on: ruling # To improve cache usage we should introduce a task to warm the cache.
-  trigger_type: manual
-  eks_container:
-    <<: *CONTAINER_WITH_DOCKER_DEFINITION
-    cpu: 1
-    memory: 1G
-  <<: *ORCHESTRATOR_CACHE_PREPARATION_DEFINITION
-  matrix:
-    - orchestrator_LATEST_RELEASE_cache:
-        <<: *ORCHESTRATOR_CACHE_ELEMENTS_DEFINITION
-    - orchestrator_DEV_cache:
-        <<: *ORCHESTRATOR_CACHE_ELEMENTS_DEFINITION
-  inspect_cache_script: |
-    echo "Inspecting cache ${ORCHESTRATOR_HOME}..."
-    cd "${ORCHESTRATOR_HOME}"
-    ls -l
-    find . -ls
-    echo "Inspecting cache done."
+  main_script:  cirrus_promote_maven
+  cleanup_before_cache_script:  cleanup_maven_repository

.gitignore

@@ -4,9 +4,7 @@ dependency-reduced-pom.xml
 *.versionsBackup
 
 # ---- IntelliJ IDEA
-*.iws
 *.iml
-*.ipr
 .idea/
 
 # ---- Eclipse
@@ -24,18 +22,11 @@ dependency-reduced-pom.xml
 
 # ---- Mac OS X
 .DS_Store
-Icon?
-# Thumbnails
-._*
-# Files that might appear on external disk
-.Spotlight-V100
-.Trashes
 
 # ---- Windows
 # Windows image file caches
 Thumbs.db
 # Folder config file
 Desktop.ini
 
-.java-version
 .mvn/.develocity/