forked from SonarSource/sonar-scanner-python
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.cirrus.yml
More file actions
278 lines (257 loc) · 10 KB
/
.cirrus.yml
File metadata and controls
278 lines (257 loc) · 10 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
env:
ARTIFACTORY_URL: VAULT[development/kv/data/repox data.url]
ARTIFACTORY_PRIVATE_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-private-reader access_token]
ARTIFACTORY_DEPLOY_USERNAME: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer username]
ARTIFACTORY_DEPLOY_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-qa-deployer access_token]
ARTIFACTORY_DEPLOY_REPO: sonarsource-pypi-public-qa
GITHUB_TOKEN: VAULT[development/github/token/licenses-ro token]
SONAR_TOKEN: VAULT[development/kv/data/next data.token]
SONAR_HOST_URL: https://next.sonarqube.com/sonarqube
DEPLOY_PULL_REQUEST: 'true'
POETRY_VIRTUALENVS_PATH: "~/.cache/poetry/venvs"
POETRY_CACHE_DIR: "~/.cache/poetry/pypoetry"
SONARQUBE_VERSION: 25.3.0.104237
# Use bash (instead of sh on linux or cmd.exe on windows)
CIRRUS_SHELL: bash
only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_PR != "" || $CIRRUS_BRANCH == 'master' || $CIRRUS_BRANCH =~ "branch-.*")
linux_container_definition: &LINUX_CONTAINER_DEFINITION
dockerfile: .cirrus/poetry.Dockerfile
cluster_name: ${CIRRUS_CLUSTER_NAME}
region: eu-central-1
namespace: default
builder_role: cirrus-builder
builder_image: docker-builder-v*
builder_instance_type: t3.small
use_in_memory_disk: true
docker_arguments:
CIRRUS_AWS_ACCOUNT: ${CIRRUS_AWS_ACCOUNT}
cpu: 3
memory: 8G
win_vm_definition: &WINDOWS_VM_DEFINITION
ec2_instance:
experimental: true # see https://github.com/cirruslabs/cirrus-ci-docs/issues/1051
image: base-windows-jdk17-v*
platform: windows
region: eu-central-1
type: c6id.4xlarge
preemptible: false
use_ssd: true
win_ssd_and_clone:
&WIN_SSD_AND_CLONE # copy&paste from https://github.com/SonarSource/sonar-cpp/blob/a8c6f1e45a12393508682a013ac7ee35eb92bece/.cirrus.yml#L45
prepare_disk_script:
- ps: |
Get-Disk -Number 2 | Initialize-Disk -PassThru | New-Partition -UseMaximumSize -DriveLetter Z
Format-Volume -DriveLetter Z -FileSystem NTFS -Confirm:$false
- echo "CIRRUS_WORKING_DIR=Z:/cirrus-ci-build" >> $CIRRUS_ENV
# we don't clone submodules because they are not needed for the tests
clone_script: |
git config --system core.longpaths true
if [ -z "$CIRRUS_PR" ]; then
git clone --branch=$CIRRUS_BRANCH https://x-access-token:${CIRRUS_REPO_CLONE_TOKEN}@github.com/${CIRRUS_REPO_FULL_NAME}.git $CIRRUS_WORKING_DIR
git reset --hard $CIRRUS_CHANGE_IN_REPO
else
git clone https://x-access-token:${CIRRUS_REPO_CLONE_TOKEN}@github.com/${CIRRUS_REPO_FULL_NAME}.git $CIRRUS_WORKING_DIR
git fetch origin pull/$CIRRUS_PR/head:pull/$CIRRUS_PR
git reset --hard $CIRRUS_CHANGE_IN_REPO
fi
poetry_win_install: &POETRY_WIN_INSTALL
<<: *WINDOWS_VM_DEFINITION
<<: *WIN_SSD_AND_CLONE
env:
PYTHON_VERSION: 3.12.1
POETRY_VERSION: 2.0.1
jfrog_win_install_script:
- powershell "Start-Process -Wait -Verb RunAs powershell '-NoProfile iwr https://releases.jfrog.io/artifactory/jfrog-cli/v2-jf/[RELEASE]/jfrog-cli-windows-amd64/jf.exe -OutFile $env:SYSTEMROOT\system32\jf.exe'"
- jf intro
poetry_win_install_script:
- source cirrus-env QA
- pip install poetry=="$POETRY_VERSION"
- source set_poetry_build_version "$CI_BUILD_NUMBER"
- jf config add repox --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_PRIVATE_ACCESS_TOKEN"
- jf poetry-config --server-id-resolve repox --repo-resolve sonarsource-pypi
- jf poetry install --build-name="$CIRRUS_REPO_NAME" --build-number="$CI_BUILD_NUMBER"
poetry_cache_template: &POETRY_CACHE
poetry_cache:
folder: ~/.cache/poetry/
fingerprint_script: cat poetry.lock
.poetry_template: &POETRY_TEMPLATE
<<: *POETRY_CACHE
poetry_install_script:
- source set_poetry_build_version "$CI_BUILD_NUMBER"
- echo "PROJECT_VERSION=$PROJECT_VERSION" >> $CIRRUS_ENV
- jfrog config add repox --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_PRIVATE_ACCESS_TOKEN"
- jfrog poetry-config --server-id-resolve repox --repo-resolve sonarsource-pypi
- jfrog poetry install --build-name="$CIRRUS_REPO_NAME" --build-number="$CI_BUILD_NUMBER"
.poetry_linux_template: &POETRY_LINUX_TEMPLATE
<<: *POETRY_TEMPLATE
eks_container:
<<: *LINUX_CONTAINER_DEFINITION
.poetry_macos_template: &POETRY_MACOS_TEMPLATE
<<: *POETRY_CACHE
jfrog_install_script:
- brew install jfrog-cli
- jf intro
poetry_install_script:
- brew install poetry
- poetry config keyring.enabled false # Keyring is locked in macOS VM and not needed for downloading dependencies
- jfrog config add repox --artifactory-url "$ARTIFACTORY_URL" --access-token "$ARTIFACTORY_PRIVATE_ACCESS_TOKEN"
- jfrog poetry-config --server-id-resolve repox --repo-resolve sonarsource-pypi
- jfrog poetry install --build-name="$CIRRUS_REPO_NAME" --build-number="$CI_BUILD_NUMBER"
macos_worker_template: &MACOS_WORKER_DEFINITION
persistent_worker:
isolation:
tart:
image: ghcr.io/cirruslabs/macos-sonoma-xcode:latest
cpu: 3
memory: 6G
resources:
tart-vms: 1
labels:
envname: prod
mend_scan_task:
<<: *POETRY_LINUX_TEMPLATE
depends_on:
- build
# run only on master and long-living branches
only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*")
eks_container:
image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j21-latest
region: eu-central-1
cluster_name: ${CIRRUS_CLUSTER_NAME}
namespace: default
cpu: 4
memory: 2G
env:
WS_APIKEY: VAULT[development/kv/data/mend data.apikey]
mend_script:
- source cirrus-env QA
- source ws_scan.sh
allow_failures: "true"
always:
ws_scan_artifacts:
path: "whitesource/**/*"
formatting_task:
<<: *POETRY_LINUX_TEMPLATE
alias: formatting
name: "Formatting"
formatting_script:
- poetry run black src/ tests/ --check
- poetry run licenseheaders -t license_header.tmpl -o "SonarSource SA" -y 2011-2024 -n "Sonar Scanner Python" -E .py -d src/
- poetry run licenseheaders -t license_header.tmpl -o "SonarSource SA" -y 2011-2024 -n "Sonar Scanner Python" -E .py -d tests/
- git diff --name-only --exit-code ./src ./tests
documentation_task:
<<: *POETRY_LINUX_TEMPLATE
alias: documentation
name: "CLI Documentation"
cli_docs_script:
- poetry run python tools/generate_cli_documentation.py
- git diff --exit-code CLI_ARGS.md
analysis_linux_task:
<<: *POETRY_LINUX_TEMPLATE
alias: analysis
name: "NEXT Analysis"
analysis_script:
- poetry install
- poetry run pytest --cov-report=xml:coverage.xml --cov-config=pyproject.toml --cov=src --cov-branch tests
- poetry run mypy src/ > mypy-report.txt || true # mypy exits with 1 if there are errors
- uv venv
- source .venv/bin/activate
- uv pip install pysonar-scanner
- . .cirrus/analysis.sh
always:
pytest_artifacts:
path: "coverage.xml"
format: junit
type: text/xml
qa_task:
alias: qa
matrix:
- name: "Test Python 3.9"
eks_container:
docker_arguments:
PYTHON_VERSION: 3.9.18
- name: "Test Python 3.10"
eks_container:
docker_arguments:
PYTHON_VERSION: 3.10.13
- name: "Test Python 3.11"
eks_container:
docker_arguments:
PYTHON_VERSION: 3.11.7
- name: "Test Python 3.12"
eks_container:
docker_arguments:
PYTHON_VERSION: 3.12.1
- name: "Test Python 3.13"
eks_container:
docker_arguments:
PYTHON_VERSION: 3.13.2
<<: *POETRY_LINUX_TEMPLATE
qa_script:
- poetry run pytest tests/
qa_macos_task:
alias: qa_macos
only_if: $CIRRUS_CRON == "macos-its-cron"
name: "[macOS] Run tests"
<<: [*MACOS_WORKER_DEFINITION, *POETRY_MACOS_TEMPLATE]
env:
PATH: "/Users/admin/.local/bin:$PATH"
install_uv_script:
- brew install uv
test_39_script:
- .cirrus/run_macos_tests.sh "3.9.18"
test_310_script:
- .cirrus/run_macos_tests.sh "3.10.13"
test_311_script:
- .cirrus/run_macos_tests.sh "3.11.7"
test_312_script:
- .cirrus/run_macos_tests.sh "3.12.1"
test_313_script:
- .cirrus/run_macos_tests.sh "3.13.2"
qa_windows_task:
name: "Test Windows"
<<: *POETRY_WIN_INSTALL
alias: qa_windows
qa_script:
- poetry run pytest tests/
- exit $LASTEXITCODE
build_task:
<<: *POETRY_LINUX_TEMPLATE
alias: build
name: "Build"
build_script: regular_poetry_build_publish
its_task:
name: "Integration Tests"
alias: its
sonarqube_cache:
folder: sonarqube_cache/
populate_script: mkdir -p sonarqube_cache && wget -q https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-$SONARQUBE_VERSION.zip -O sonarqube_cache/sonarqube.zip
fingerprint_script: echo "sonarqube-$SONARQUBE_VERSION"
<<: *POETRY_LINUX_TEMPLATE
its_script:
- .cirrus/run_its.sh
its_macos_task:
name: "[macOS] Integration Tests"
alias: its_macos
only_if: $CIRRUS_CRON == "macos-its-cron"
# the macOS workers are only available from Monday 06:45 CEST to Friday 20:00 CEST (see https://xtranet-sonarsource.atlassian.net/wiki/spaces/Platform/pages/3447980037/MacOS+Persistent+Workers+User+Guide+-+Cirrus+CI)
<<: [*MACOS_WORKER_DEFINITION, *POETRY_MACOS_TEMPLATE]
sonarqube_cache:
folder: sonarqube_cache/
populate_script: mkdir -p sonarqube_cache && wget -q https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-$SONARQUBE_VERSION.zip -O sonarqube_cache/sonarqube.zip
fingerprint_script: echo "sonarqube-$SONARQUBE_VERSION"
its_script:
- .cirrus/run_its.sh
promote_task:
depends_on:
- formatting
- analysis
- qa
- qa_windows
- build
- its
env:
ARTIFACTORY_PROMOTE_ACCESS_TOKEN: VAULT[development/artifactory/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promoter access_token]
GITHUB_TOKEN: VAULT[development/github/token/${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}-promotion token]
<<: *POETRY_LINUX_TEMPLATE
promote_script: cirrus_promote