From 97e72b7153a9d16f93dd76706c711147744a8a27 Mon Sep 17 00:00:00 2001 From: Martin Visser Date: Thu, 5 Feb 2026 14:05:04 +0100 Subject: [PATCH 1/2] Update ci.yml for Azure Pipelines --- .azure/ci.yml | 123 +++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 116 insertions(+), 7 deletions(-) diff --git a/.azure/ci.yml b/.azure/ci.yml index b4e21ca..a57538a 100644 --- a/.azure/ci.yml +++ b/.azure/ci.yml @@ -5,14 +5,123 @@ trigger: exclude: - main +variables: + - group: secure-vars + pool: name: 'Shared-EU-VM-Linux-Legacy-M-Prod' -steps: -- script: echo Hello, world! - displayName: 'Run a one-line script' +resources: + repositories: + - repository: githubrepo + type: github + name: rabobank/shadow-tool + endpoint: github.com_martin + +stages: + - stage: Build + jobs: + - job: BuildJob + steps: + - task: DownloadSecureFile@1 + name: mvnsettings + inputs: + secureFile: mvn-settings.xml + + - checkout: githubrepo + fetchDepth: 1 + persistCredentials: true + + - script: | + echo "Commenting out the Maven Central Release plugin" + awk 'BEGIN{p=0}//{p=1;buf=$0;next}/<\/plugin>/{buf=buf"\n"$0;if(p&&buf~/org\.sonatype\.central<\/groupId>/&&buf~/central-publishing-maven-plugin<\/artifactId>/){print ""}else{print buf};p=0;next}{if(p){buf=buf"\n"$0}else{print}}' pom.xml > pom.tmp && mv pom.tmp pom.xml + displayName: 'Comment Out Maven Central Release Plugin' + + - script: | + echo "adding distribution management to POM" + awk '/<\/project>/ { print " \n \n Release\n $(NEXUS_DIST_MANAGEMENT_RELEASES)\n \n \n Snapshot\n $(NEXUS_DIST_MANAGEMENT_SNAPSHOTS)\n \n "; } 1' pom.xml > pom.tmp && mv pom.tmp pom.xml + displayName: 'Add Distribution Mangagement' + + - script: | + echo "ECHO POM" + cat pom.xml + displayName: 'Show updated POM' + + - task: Maven@4 + displayName: Maven Build + inputs: + mavenOptions: '-Xmx3072m' + mavenPomFile: 'pom.xml' + goals: 'clean verify' + jdkVersionOption: '1.17' + + - task: RabobankCQSTask@1 + inputs: + sqServiceConnection: 'Rabobank CQS Service Connection - TEST' + scannerMode: 'maven' + jdkVersion: '1.17' + sqGateName: 'Name of your Quality Gate' + debugMode: 'DEBUG' + qualityGateBreak: false + qualityGateTimeout: '600' + mavenPomFile: 'pom.xml' + extraProperties: | + sonar.verbose=true + sonar.exclusions=**/maven/** + + - task: Maven@4 + inputs: + mavenPomFile: 'pom.xml' + goals: 'clean deploy' + options: '-B -gs $(mvnsettings.secureFilePath) -DrepositoryId=Snapshot' + publishJUnitResults: true + testResultsFiles: '**/surefire-reports/TEST-*.xml' + javaHomeOption: 'JDKVersion' + jdkVersionOption: '1.17' + mavenOptions: '-Xmx3072m -Daether.dependencyCollector.impl=bf -Daether.dependencyCollector.bf.threads=10 -Daether.dependencyCollector.pool.artifact=hard -Daether.dependencyCollector.pool.dependency=hard ' + mavenAuthenticateFeed: false + effectivePomSkip: false + sonarQubeRunAnalysis: false + + - job: Checkmarx + pool: Shared-EU-Container-Linux-Compliancy-S-Prod + steps: + - checkout: githubrepo + + - task: Rabobank Checkmarx@2 + inputs: + CheckmarxService: 'Checkmarx-MSC' + + - job: + displayName: Rabobank Secret Scanner + pool: Shared-EU-Container-Linux-Compliancy-S-Prod + steps: + - checkout: githubrepo + fetchDepth: 0 + - task: secret-scanning-task@0 + + - job: NexusIQ + steps: + - checkout: githubrepo + fetchDepth: 0 + + - task: JavaToolInstaller@0 + displayName: "Use Java 17" + inputs: + versionSpec: 17 + jdkArchitectureOption: x64 + jdkSourceOption: PreInstalled + + - task: Maven@4 + displayName: 'MavenNexusIQ' + inputs: + goals: 'com.sonatype.clm:clm-maven-plugin:index' + jdkVersion: '17' -- script: | - echo Add other tasks to build, test, and deploy your project. - echo See https://aka.ms/yaml - displayName: 'Run a multi-line script' + - task: NexusIqPipelineTask@1 + displayName: 'SonatypeEvaluate' + inputs: + nexusIqService: 'Rabobank SCA NexusIQ' # Name of default service connection + applicationId: 'CF-Metrics-Exporter' # REPLACE with applicationId Name of the application in NexusIQ, by default same name as pipeline + stage: 'Build' + scanTargets: "**/module.xml" \ No newline at end of file From d042ec4205f07109fb05441b212a5a2bc2365719 Mon Sep 17 00:00:00 2001 From: "Visser, M (Martin)" Date: Thu, 5 Feb 2026 14:30:20 +0100 Subject: [PATCH 2/2] Drop repo, add trigger for pr --- .azure/ci.yml | 27 ++++++--------------------- 1 file changed, 6 insertions(+), 21 deletions(-) diff --git a/.azure/ci.yml b/.azure/ci.yml index a57538a..06b85a8 100644 --- a/.azure/ci.yml +++ b/.azure/ci.yml @@ -1,9 +1,10 @@ -trigger: +pr: branches: include: - '*' exclude: - main + - release/* variables: - group: secure-vars @@ -11,13 +12,6 @@ variables: pool: name: 'Shared-EU-VM-Linux-Legacy-M-Prod' -resources: - repositories: - - repository: githubrepo - type: github - name: rabobank/shadow-tool - endpoint: github.com_martin - stages: - stage: Build jobs: @@ -28,10 +22,6 @@ stages: inputs: secureFile: mvn-settings.xml - - checkout: githubrepo - fetchDepth: 1 - persistCredentials: true - - script: | echo "Commenting out the Maven Central Release plugin" awk 'BEGIN{p=0}//{p=1;buf=$0;next}/<\/plugin>/{buf=buf"\n"$0;if(p&&buf~/org\.sonatype\.central<\/groupId>/&&buf~/central-publishing-maven-plugin<\/artifactId>/){print ""}else{print buf};p=0;next}{if(p){buf=buf"\n"$0}else{print}}' pom.xml > pom.tmp && mv pom.tmp pom.xml @@ -40,7 +30,7 @@ stages: - script: | echo "adding distribution management to POM" awk '/<\/project>/ { print " \n \n Release\n $(NEXUS_DIST_MANAGEMENT_RELEASES)\n \n \n Snapshot\n $(NEXUS_DIST_MANAGEMENT_SNAPSHOTS)\n \n "; } 1' pom.xml > pom.tmp && mv pom.tmp pom.xml - displayName: 'Add Distribution Mangagement' + displayName: 'Add Distribution Management' - script: | echo "ECHO POM" @@ -84,10 +74,9 @@ stages: sonarQubeRunAnalysis: false - job: Checkmarx + displayName: Rabobank Checkmarx Scan pool: Shared-EU-Container-Linux-Compliancy-S-Prod steps: - - checkout: githubrepo - - task: Rabobank Checkmarx@2 inputs: CheckmarxService: 'Checkmarx-MSC' @@ -96,15 +85,11 @@ stages: displayName: Rabobank Secret Scanner pool: Shared-EU-Container-Linux-Compliancy-S-Prod steps: - - checkout: githubrepo - fetchDepth: 0 - task: secret-scanning-task@0 - job: NexusIQ + displayName: Nexus IQ Scan steps: - - checkout: githubrepo - fetchDepth: 0 - - task: JavaToolInstaller@0 displayName: "Use Java 17" inputs: @@ -124,4 +109,4 @@ stages: nexusIqService: 'Rabobank SCA NexusIQ' # Name of default service connection applicationId: 'CF-Metrics-Exporter' # REPLACE with applicationId Name of the application in NexusIQ, by default same name as pipeline stage: 'Build' - scanTargets: "**/module.xml" \ No newline at end of file + scanTargets: "**/module.xml"