diff --git a/.azure/ci.yml b/.azure/ci.yml index b4e21ca..06b85a8 100644 --- a/.azure/ci.yml +++ b/.azure/ci.yml @@ -1,18 +1,112 @@ -trigger: +pr: branches: include: - '*' exclude: - main + - release/* + +variables: + - group: secure-vars pool: name: 'Shared-EU-VM-Linux-Legacy-M-Prod' -steps: -- script: echo Hello, world! - displayName: 'Run a one-line script' +stages: + - stage: Build + jobs: + - job: BuildJob + steps: + - task: DownloadSecureFile@1 + name: mvnsettings + inputs: + secureFile: mvn-settings.xml + + - script: | + echo "Commenting out the Maven Central Release plugin" + awk 'BEGIN{p=0}//{p=1;buf=$0;next}/<\/plugin>/{buf=buf"\n"$0;if(p&&buf~/org\.sonatype\.central<\/groupId>/&&buf~/central-publishing-maven-plugin<\/artifactId>/){print ""}else{print buf};p=0;next}{if(p){buf=buf"\n"$0}else{print}}' pom.xml > pom.tmp && mv pom.tmp pom.xml + displayName: 'Comment Out Maven Central Release Plugin' + + - script: | + echo "adding distribution management to POM" + awk '/<\/project>/ { print " \n \n Release\n $(NEXUS_DIST_MANAGEMENT_RELEASES)\n \n \n Snapshot\n $(NEXUS_DIST_MANAGEMENT_SNAPSHOTS)\n \n "; } 1' pom.xml > pom.tmp && mv pom.tmp pom.xml + displayName: 'Add Distribution Management' + + - script: | + echo "ECHO POM" + cat pom.xml + displayName: 'Show updated POM' + + - task: Maven@4 + displayName: Maven Build + inputs: + mavenOptions: '-Xmx3072m' + mavenPomFile: 'pom.xml' + goals: 'clean verify' + jdkVersionOption: '1.17' + + - task: RabobankCQSTask@1 + inputs: + sqServiceConnection: 'Rabobank CQS Service Connection - TEST' + scannerMode: 'maven' + jdkVersion: '1.17' + sqGateName: 'Name of your Quality Gate' + debugMode: 'DEBUG' + qualityGateBreak: false + qualityGateTimeout: '600' + mavenPomFile: 'pom.xml' + extraProperties: | + sonar.verbose=true + sonar.exclusions=**/maven/** + + - task: Maven@4 + inputs: + mavenPomFile: 'pom.xml' + goals: 'clean deploy' + options: '-B -gs $(mvnsettings.secureFilePath) -DrepositoryId=Snapshot' + publishJUnitResults: true + testResultsFiles: '**/surefire-reports/TEST-*.xml' + javaHomeOption: 'JDKVersion' + jdkVersionOption: '1.17' + mavenOptions: '-Xmx3072m -Daether.dependencyCollector.impl=bf -Daether.dependencyCollector.bf.threads=10 -Daether.dependencyCollector.pool.artifact=hard -Daether.dependencyCollector.pool.dependency=hard ' + mavenAuthenticateFeed: false + effectivePomSkip: false + sonarQubeRunAnalysis: false + + - job: Checkmarx + displayName: Rabobank Checkmarx Scan + pool: Shared-EU-Container-Linux-Compliancy-S-Prod + steps: + - task: Rabobank Checkmarx@2 + inputs: + CheckmarxService: 'Checkmarx-MSC' + + - job: + displayName: Rabobank Secret Scanner + pool: Shared-EU-Container-Linux-Compliancy-S-Prod + steps: + - task: secret-scanning-task@0 + + - job: NexusIQ + displayName: Nexus IQ Scan + steps: + - task: JavaToolInstaller@0 + displayName: "Use Java 17" + inputs: + versionSpec: 17 + jdkArchitectureOption: x64 + jdkSourceOption: PreInstalled + + - task: Maven@4 + displayName: 'MavenNexusIQ' + inputs: + goals: 'com.sonatype.clm:clm-maven-plugin:index' + jdkVersion: '17' -- script: | - echo Add other tasks to build, test, and deploy your project. - echo See https://aka.ms/yaml - displayName: 'Run a multi-line script' + - task: NexusIqPipelineTask@1 + displayName: 'SonatypeEvaluate' + inputs: + nexusIqService: 'Rabobank SCA NexusIQ' # Name of default service connection + applicationId: 'CF-Metrics-Exporter' # REPLACE with applicationId Name of the application in NexusIQ, by default same name as pipeline + stage: 'Build' + scanTargets: "**/module.xml"