Replace Distribution Management

.azure/cd.yml

@@ -0,0 +1,18 @@
+trigger:
+  tags:
+    include:
+      - '*'
+
+variables:
+  - group: secure-vars
+
+pool:
+  name: 'Shared-EU-VM-Linux-Legacy-M-Prod'
+
+stages:
+  - template: /.azure/templates/build.yml
+    parameters:
+      checkmarxEnabled: true
+      deployEnabled: true
+      secretScannerEnabled: true
+      sonarqubeEnabled: true

.azure/ci.yml

@@ -1,3 +1,11 @@
+trigger:
+  branches:
+    include:
+      - '*'
+    exclude:
+      - main
+      - release/*
+
 pr:
   branches:
     include:
@@ -13,100 +21,9 @@ pool:
   name: 'Shared-EU-VM-Linux-Legacy-M-Prod'
 
 stages:
-  - stage: Build
-    jobs:
-      - job: BuildJob
-        steps:
-            - task: DownloadSecureFile@1
-              name: mvnsettings
-              inputs:
-                secureFile: mvn-settings.xml
-
-            - script: |
-                echo "Commenting out the Maven Central Release plugin"
-                awk 'BEGIN{p=0}/<plugin>/{p=1;buf=$0;next}/<\/plugin>/{buf=buf"\n"$0;if(p&&buf~/<groupId>org\.sonatype\.central<\/groupId>/&&buf~/<artifactId>central-publishing-maven-plugin<\/artifactId>/){print "<!--\n"buf"\n-->"}else{print buf};p=0;next}{if(p){buf=buf"\n"$0}else{print}}' pom.xml > pom.tmp && mv pom.tmp pom.xml
-              displayName: 'Comment Out Maven Central Release Plugin'
-
-            - script: |
-                echo "adding distribution management to POM"
-                awk '/<\/project>/ { print "  <distributionManagement>\n    <repository>\n      <id>Release</id>\n      <url>$(NEXUS_DIST_MANAGEMENT_RELEASES)</url>\n    </repository>\n    <snapshotRepository>\n      <id>Snapshot</id>\n      <url>$(NEXUS_DIST_MANAGEMENT_SNAPSHOTS)</url>\n    </snapshotRepository>\n  </distributionManagement>"; } 1' pom.xml > pom.tmp && mv pom.tmp pom.xml
-              displayName: 'Add Distribution Management'
-
-            - script: |
-                echo "ECHO POM"
-                cat pom.xml
-              displayName: 'Show updated POM'
-
-            - task: Maven@4
-              displayName: Maven Build
-              inputs:
-                mavenOptions: '-Xmx3072m'
-                mavenPomFile: 'pom.xml'
-                goals: 'clean verify'
-                jdkVersionOption: '1.17'
-
-            - task: RabobankCQSTask@1
-              inputs:
-                sqServiceConnection: 'Rabobank CQS Service Connection - TEST'
-                scannerMode: 'maven'
-                jdkVersion: '1.17'
-                sqGateName: 'Name of your Quality Gate'
-                debugMode: 'DEBUG'
-                qualityGateBreak: false
-                qualityGateTimeout: '600'
-                mavenPomFile: 'pom.xml'
-                extraProperties: |
-                  sonar.verbose=true
-                  sonar.exclusions=**/maven/**  
-
-            - task: Maven@4
-              inputs:
-                mavenPomFile: 'pom.xml'
-                goals: 'clean deploy'
-                options: '-B -gs $(mvnsettings.secureFilePath) -DrepositoryId=Snapshot'
-                publishJUnitResults: true
-                testResultsFiles: '**/surefire-reports/TEST-*.xml'
-                javaHomeOption: 'JDKVersion'
-                jdkVersionOption: '1.17'
-                mavenOptions: '-Xmx3072m -Daether.dependencyCollector.impl=bf -Daether.dependencyCollector.bf.threads=10 -Daether.dependencyCollector.pool.artifact=hard -Daether.dependencyCollector.pool.dependency=hard '
-                mavenAuthenticateFeed: false
-                effectivePomSkip: false
-                sonarQubeRunAnalysis: false
-
-      - job: Checkmarx
-        displayName: Rabobank Checkmarx Scan
-        pool: Shared-EU-Container-Linux-Compliancy-S-Prod
-        steps:
-          - task: Rabobank Checkmarx@2
-            inputs:
-              CheckmarxService: 'Checkmarx-MSC'
-
-      - job:
-        displayName: Rabobank Secret Scanner
-        pool: Shared-EU-Container-Linux-Compliancy-S-Prod
-        steps:
-          - task: secret-scanning-task@0
-
-      - job: NexusIQ
-        displayName: Nexus IQ Scan
-        steps:
-          - task: JavaToolInstaller@0
-            displayName: "Use Java 17"
-            inputs:
-              versionSpec: 17
-              jdkArchitectureOption: x64
-              jdkSourceOption: PreInstalled
-
-          - task: Maven@4
-            displayName: 'MavenNexusIQ'
-            inputs:
-              goals: 'com.sonatype.clm:clm-maven-plugin:index'
-              jdkVersion: '17'
-
-          - task: NexusIqPipelineTask@1
-            displayName: 'SonatypeEvaluate'
-            inputs:
-              nexusIqService: 'Rabobank SCA NexusIQ' # Name of default service connection
-              applicationId: 'CF-Metrics-Exporter' # REPLACE with applicationId Name of the application in NexusIQ, by default same name as pipeline
-              stage: 'Build'
-              scanTargets: "**/module.xml"
+  - template: /.azure/templates/build.yml
+    parameters:
+      checkmarxEnabled: true
+      deployEnabled: false
+      secretScannerEnabled: true
+      sonarqubeEnabled: true

.azure/templates/build.yml

@@ -0,0 +1,132 @@
+parameters:
+  - name: checkmarxEnabled
+    type: boolean
+    default: true
+  - name: deployEnabled
+    type: boolean
+    default: false
+  - name: nexusIQEnabled
+    type: boolean
+    default: true
+  - name: secretScannerEnabled
+    type: boolean
+    default: true
+  - name: sonarqubeEnabled
+    type: boolean
+    default: true
+
+stages:
+  - stage: Build
+    jobs:
+      - job: BuildJob
+        displayName: 'Build'
+        steps:
+          - task: DownloadSecureFile@1
+            displayName: 'Download Maven Settings'
+            name: mvnsettings
+            inputs:
+              secureFile: mvn-settings.xml
+
+          - script: |
+              echo "Commenting out the Maven Central Related plugins"
+              awk 'BEGIN{p=0}/<plugin>/{p=1;buf=$0;next}/<\/plugin>/{buf=buf"\n"$0;if(p&&buf~/<groupId>org\.sonatype\.central<\/groupId>/&&buf~/<artifactId>central-publishing-maven-plugin<\/artifactId>/){print "<!--\n"buf"\n-->"}else{print buf};p=0;next}{if(p){buf=buf"\n"$0}else{print}}' pom.xml > pom.tmp && mv pom.tmp pom.xml
+              awk 'BEGIN{p=0}/<plugin>/{p=1;buf=$0;next}/<\/plugin>/{buf=buf"\n"$0;if(p&&buf~/<groupId>org\.apache\.maven\.plugins<\/groupId>/&&buf~/<artifactId>maven-gpg-plugin<\/artifactId>/){print "<!--\n"buf"\n-->"}else{print buf};p=0;next}{if(p){buf=buf"\n"$0}else{print}}' pom.xml > pom.tmp && mv pom.tmp pom.xml
+            displayName: 'Comment Out Maven Central Related plugins'
+
+          - script: |
+              echo "Replacing distributionManagement block"
+              awk '
+                BEGIN {inblock=0}
+                /<distributionManagement>/ {inblock=1; print "  <distributionManagement>\n    <repository>\n      <id>releases</id>\n      <name>IP Releases</name>\n      <url>$(NEXUS_DIST_MANAGEMENT_RELEASES)</url>\n    </repository>\n    <snapshotRepository>\n      <id>snapshot</id>\n      <name>IP Snapshots</name>\n      <url>$(NEXUS_DIST_MANAGEMENT_SNAPSHOTS)</url>\n    </snapshotRepository>\n  </distributionManagement>"; next}
+                /<\/distributionManagement>/ {inblock=0; next}
+                {if(!inblock) print}
+              ' pom.xml > pom.tmp && mv pom.tmp pom.xml
+            displayName: 'Replace Distribution Management'
+
+          - task: Maven@4
+            displayName: Maven Build
+            inputs:
+              mavenPomFile: 'pom.xml'
+              goals: 'clean verify'
+              publishJUnitResults: true
+              testResultsFiles: '**/surefire-reports/TEST-*.xml'
+              javaHomeOption: 'JDKVersion'
+              jdkVersionOption: '1.17'
+              mavenVersionOption: 'Default'
+              mavenOptions: '-Xmx3072m'
+              mavenAuthenticateFeed: false
+              effectivePomSkip: false
+              sonarQubeRunAnalysis: false
+
+          - ${{ if parameters.sonarqubeEnabled }}:
+            - task: RabobankCQSTask@1
+              displayName: SonarQube Analysis
+              inputs:
+                sqServiceConnection: 'Rabobank CQS Service Connection - TEST'
+                scannerMode: 'maven'
+                qualityGateBreak: false
+
+          - ${{ if parameters.deployEnabled }}:
+            - task: Maven@4
+              displayName: Deploy
+              inputs:
+                mavenPomFile: 'pom.xml'
+                goals: 'clean deploy'
+                options: '-B -s $(mvnsettings.secureFilePath) -ntp'
+                publishJUnitResults: false
+                javaHomeOption: 'JDKVersion'
+                jdkVersionOption: '1.17'
+                mavenVersionOption: 'Default'
+                mavenOptions: '-Xmx3072m -Daether.dependencyCollector.impl=bf -Daether.dependencyCollector.bf.threads=10 -Daether.dependencyCollector.pool.artifact=hard -Daether.dependencyCollector.pool.dependency=hard'
+                mavenAuthenticateFeed: false
+                effectivePomSkip: false
+                sonarQubeRunAnalysis: false
+
+      - job: Checkmarx
+        condition: and(succeeded(), eq('${{ parameters.checkmarxEnabled }}', true))
+        displayName: Rabobank Checkmarx Scan
+        pool: Shared-EU-Container-Linux-Compliancy-S-Prod
+        steps:
+          - task: Rabobank Checkmarx@2
+            inputs:
+              CheckmarxService: 'Checkmarx-MSC'
+              mainCheckmarxProject: 'rabobank.shadow-tool-92651-rw'
+
+      - job:
+        condition: and(succeeded(), eq('${{ parameters.secretScannerEnabled }}', true))
+        displayName: Rabobank Secret Scanner
+        pool: Shared-EU-Container-Linux-Compliancy-S-Prod
+        steps:
+          - task: secret-scanning-task@0
+
+      - job: NexusIQ
+        condition: and(succeeded(), eq('${{ parameters.nexusIQEnabled }}', true))
+        displayName: Nexus IQ Scan
+        steps:
+          - task: JavaToolInstaller@0
+            displayName: "Use Java 17"
+            inputs:
+              versionSpec: 17
+              jdkArchitectureOption: x64
+              jdkSourceOption: PreInstalled
+
+          - task: Maven@4
+            displayName: 'MavenNexusIQ'
+            inputs:
+              mavenPomFile: 'pom.xml'
+              goals: 'com.sonatype.clm:clm-maven-plugin:index'
+              publishJUnitResults: false
+              javaHomeOption: 'JDKVersion'
+              jdkVersionOption: '17'
+              mavenVersionOption: 'Default'
+              mavenAuthenticateFeed: false
+              effectivePomSkip: false
+              sonarQubeRunAnalysis: false
+
+          - task: NexusIqPipelineTask@1
+            displayName: 'SonatypeEvaluate'
+            inputs:
+              nexusIqService: 'Rabobank SCA NexusIQ'
+              applicationId: 'shadow-tool'
+              stage: 'Build'
+              scanTargets: "**/module.xml"