summaryrefslogtreecommitdiffstats
path: root/ansible_collections/netapp_eseries/santricity/vars
diff options
context:
space:
mode:
Diffstat (limited to 'ansible_collections/netapp_eseries/santricity/vars')
-rw-r--r--ansible_collections/netapp_eseries/santricity/vars/hubPreCheck.groovy8
-rw-r--r--ansible_collections/netapp_eseries/santricity/vars/hubScan.groovy13
-rw-r--r--ansible_collections/netapp_eseries/santricity/vars/hubScanDocker.groovy76
-rw-r--r--ansible_collections/netapp_eseries/santricity/vars/hubScanProject.groovy123
-rw-r--r--ansible_collections/netapp_eseries/santricity/vars/setupBlackduckBuildParameters.groovy16
-rw-r--r--ansible_collections/netapp_eseries/santricity/vars/setupBuildParameters.groovy3
-rw-r--r--ansible_collections/netapp_eseries/santricity/vars/setupSynopsysDetect.groovy15
7 files changed, 254 insertions, 0 deletions
diff --git a/ansible_collections/netapp_eseries/santricity/vars/hubPreCheck.groovy b/ansible_collections/netapp_eseries/santricity/vars/hubPreCheck.groovy
new file mode 100644
index 00000000..43f0efef
--- /dev/null
+++ b/ansible_collections/netapp_eseries/santricity/vars/hubPreCheck.groovy
@@ -0,0 +1,8 @@
+def call(Map optional) {
+ if (optional.docker) {
+ echo "Ensuring that Docker is available on the system."
+ sh """
+ docker --version
+ """
+ }
+}
diff --git a/ansible_collections/netapp_eseries/santricity/vars/hubScan.groovy b/ansible_collections/netapp_eseries/santricity/vars/hubScan.groovy
new file mode 100644
index 00000000..ca99cee4
--- /dev/null
+++ b/ansible_collections/netapp_eseries/santricity/vars/hubScan.groovy
@@ -0,0 +1,13 @@
+def call(Map optional = [:], String projectName, String projectVersion) {
+ optional.projectName = projectName
+ optional.projectVersion = projectVersion
+ call(optional)
+}
+
+def call(Map optional) {
+ // Correctly set if the scan is intended for production.
+ // hubScan uses the variable 'staging' (defaulting to true), and hubScanProject uses 'productionScan' (defaulting to false).
+ optional.productionScan = !((boolean) optional.staging)
+
+ hubScanProject(optional)
+}
diff --git a/ansible_collections/netapp_eseries/santricity/vars/hubScanDocker.groovy b/ansible_collections/netapp_eseries/santricity/vars/hubScanDocker.groovy
new file mode 100644
index 00000000..10ced62f
--- /dev/null
+++ b/ansible_collections/netapp_eseries/santricity/vars/hubScanDocker.groovy
@@ -0,0 +1,76 @@
+def call(Map optional, String projectName, String projectVersion, String imageDirectory) {
+ optional.projectName = projectName
+ optional.projectVersion = projectVersion
+ optional.imageDirectory = imageDirectory
+ call(optional)
+}
+
+
+def call(Map optional) {
+
+ String projectVersion = optional.projectVersion
+ String projectName = optional.projectName
+ String imageDirectory = optional.imageDirectory
+ String url = "https://blackduck.eng.netapp.com"
+ String credId = 'hubProductionToken'
+
+ if((boolean) optional.staging){
+ url = "https://blackduck-staging.eng.netapp.com"
+ credId = 'hubStagingToken'
+ }
+
+ BLACKDUCK_SKIP_PHONE_HOME = true
+ withCredentials([string(credentialsId: credId, variable: 'TOKEN')]) {
+ String memory = optional.scannerMemoryMb ?: '8192'
+ String logLevel = optional.logLevel ?: 'INFO'
+ String coreCount = optional.coreCount ?: 1
+ String timeoutMinutes = optional.timeout ?: 60
+
+ sh''' wget -qN http://esgweb.eng.netapp.com/~lorenp/synopsys-detect-6.0.0-air-gap.zip -O /tmp/synopsys-detect.zip
+ unzip -u -d /tmp/tools /tmp/synopsys-detect.zip
+ rm -f /tmp/synopsys-detect.zip
+ '''
+
+ // Create the temporary directory for the scan logs
+ def scanTempDir = sh(returnStdout: true, script: "mktemp --directory \"/tmp/synopsys-detect-${projectName}-${projectVersion}-XXXXXXXXXX\"").trim()
+
+ echo "Initiating Hub Scanning Process on every image in ${imageDirectory}"
+ echo "Sending results to ${url}"
+ echo "Using a logLevel of ${logLevel}"
+ echo "Additional parameters: ${optional}"
+ echo "Running with a timeout value of ${timeoutMinutes} minutes"
+
+ // We need to locate all of the images to scan.
+ sh "find ${imageDirectory} -type f -iname '*.tar'> listFiles"
+ def files = readFile( "listFiles" ).split('\n');
+ try {
+ files.each {
+ def fileName = it.split('/')[-1];
+ timeout(time: "${timeoutMinutes}", unit: 'MINUTES') {
+ // Run a single scan for each image we find, using the filename as a scan identifier
+ sh """
+ java -Xms4096m -Xmx8192m -Xss1024m -jar /tmp/tools/synopsys-detect-6.0.0.jar \
+ --blackduck.url=${url} \
+ --detect.blackduck.signature.scanner.memory="${memory}" \
+ --detect.blackduck.signature.scanner.individual.file.matching="ALL" \
+ --blackduck.api.token=${TOKEN} \
+ --detect.docker.tar=${it} \
+ --detect.parallel.processors=${coreCount} \
+ --detect.code.location.name=${projectName}-${projectVersion}-${fileName} \
+ --detect.project.name=${projectName} \
+ --detect.project.version.name=${projectVersion} \
+ --detect.cleanup=false \
+ --blackduck.trust.cert=true \
+ --detect.output.path=${scanTempDir} \
+ --logging.level.com.synopsys.integration="${logLevel}"
+
+ """
+ }
+ }
+ } finally {
+ dir("${scanTempDir}") {
+ deleteDir()
+ }
+ }
+ }
+}
diff --git a/ansible_collections/netapp_eseries/santricity/vars/hubScanProject.groovy b/ansible_collections/netapp_eseries/santricity/vars/hubScanProject.groovy
new file mode 100644
index 00000000..b980d7da
--- /dev/null
+++ b/ansible_collections/netapp_eseries/santricity/vars/hubScanProject.groovy
@@ -0,0 +1,123 @@
+/**
+ * Initiate a scan of Synopsys Detect. By default the working directory ('./') is scanned and all detectors are enabled.
+ * Java MUST be installed for this to be successful, and it is suggested to scan in a docker container due to the
+ * detector possibly building the project automatically.
+ *
+ * The 'optional' map supports these fields:
+ * - clearPriorScans: false. Clear previous scans (but doesn't delete them) for the associated project and version on the server.
+ * - coreCount: -1. Scanner parallel processors where -1 uses the number of cores on the system.
+ * - disableDetector: false. Disable the synopsys detector; the detector SHOULD be run but it can result in build issues
+ * and can be disabled.
+ * - logLevel: info. Logging level of synopsys.
+ * - productionScan: false. Set this to true to send scan results to the production blackduck server; staging is used by default.
+ * - scanOpts: [:]. A map of additional hub command-line arguments, or overrides, depending on project needs. for example,
+ * users can control the detector search depth with optional.scanOpts["--detect.detector.search.depth"] = "0".
+ * - scannerMemoryMB: 1024.
+ * - timeout: 60. Maximum scan timeout, in minutes, before failing the build.
+ *
+ * Important implementation notes:
+ * - Java must be installed and in the path.
+ * - A temporary directory, scanTempDir, is created at '/tmp/synopsys-detect-<projectName>-<projectVersion>-XXXXXXXX'.
+ * This temporary is DELETED after the scan to avoid excessive storage usage.
+ * - Synopsys Detect Air Gap (600MB+ zip, 1.5GB+ extracted) is generated at '$scanTempDir/synopsys-detect-air-gap/<synopVersion>'.
+ * This path is deleted along with the temp dir after the scan.
+ * - The files in $scanTempDir/runs/** are archived.
+ * - URLs
+ * - https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/622673/Synopsys+Detect+Properties
+ * - https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/62423113/Synopsys+Detect
+ *
+ * @param optional map of optional arguments
+ * @param projectName the name of the project
+ * @param projectVersion the version of the project
+ */
+def call(Map optional = [:], String projectName, String projectVersion) {
+ optional.projectName = projectName
+ optional.projectVersion = projectVersion
+ optional.scanOpts = (Map) optional.scanOpts ?: [:]
+ call(optional)
+}
+
+def call(Map optional) {
+ String projectVersion = optional.projectVersion
+ String projectName = optional.projectName
+ String synopsysDetectVersion = optional.synopsysDetectVersion ?: "6.3.0"
+ BLACKDUCK_SKIP_PHONE_HOME = true
+
+ String url = "https://blackduck-staging.eng.netapp.com"
+ String credId = 'hubStagingToken'
+
+ // Use the production server if productionScan is explicitly set to true
+ if (new Boolean(optional.productionScan)) {
+ url = "https://blackduck.eng.netapp.com"
+ credId = 'hubProductionToken'
+ }
+
+ withCredentials([string(credentialsId: credId, variable: 'TOKEN')]) {
+ String timeoutMinutes = optional.timeout ?: 60
+
+ // Create the temporary directory for the scan logs and the extracted hub-detect zip
+ def scanTempDir = sh(returnStdout: true, script: "mktemp --directory \"/tmp/synopsys-detect-${projectName}-${projectVersion}-XXXXXXXXXX\"").trim()
+ def synopsysDir = "${scanTempDir}/synopsys-detect-air-gap/${synopsysDetectVersion}"
+ setupSynopsysDetect(synopsysDetectVersion, synopsysDir: synopsysDir)
+
+ echo "Using temporary directory ${scanTempDir}"
+ echo "Sending results to ${url}"
+ echo "Additional parameters: ${optional}"
+ echo "Using timeout of ${timeoutMinutes} minutes"
+
+ Map m = [:]
+ m["--blackduck.trust.cert"] = "true"
+ m["--blackduck.url"] = url
+ m["--blackduck.api.token"] = TOKEN
+ m["--detect.project.name"] = projectName
+ m["--detect.project.version.name"] = projectVersion
+ m["--detect.code.location.name"] = "${projectName}-${projectVersion}"
+ m["--detect.project.codelocation.unmap"] = optional.clearPriorScans ?: "false"
+ m["--detect.blackduck.signature.scanner.memory"] = optional.scannerMemoryMB ?: "1024"
+ m["--detect.parallel.processors"] = optional.coreCount ?: -1
+ m["--detect.cleanup"] = "false"
+ m["--detect.blackduck.signature.scanner.paths"] = optional.scanDir ?: './'
+ m["--detect.output.path"] = scanTempDir
+ m["--logging.level.com.synopsys.integration"] = optional.logLevel ?: "INFO"
+ m["--detect.detector.search.depth"] = "3"
+ m["--detect.sbt.report.depth"] = "3"
+ m["--detect.blackduck.signature.scanner.exclusion.name.patterns"] = "node_modules,.git,.gradle"
+ m["--detect.blackduck.signature.scanner.exclusion.pattern.search.depth"] = "30"
+ m["--detect.docker.inspector.air.gap.path"] = "${synopsysDir}/packaged-inspectors/docker"
+ m["--detect.nuget.inspector.air.gap.path"] = "${synopsysDir}/packaged-inspectors/nuget"
+ m["--detect.gradle.inspector.air.gap.path"] = "${synopsysDir}/packaged-inspectors/gradle"
+ m["--detect.blackduck.signature.scanner.individual.file.matching"] = "ALL"
+
+ if (optional.cloneVersion) {
+ m["--detect.clone.project.version.name"] = optional.cloneVersion
+ }
+ if ((boolean) optional.disableDetector) {
+ m["--detect.tools.excluded"] = "DETECTOR"
+ }
+
+ m.putAll((Map) optional.scanOpts)
+
+ synopsysArgs = m.collectEntries { k, v -> ["$k=$v"] }.keySet().join(" \\\n ")
+ synopsysExec = "java -Xms1024m -Xmx2048m -jar ${synopsysDir}/synopsys-detect-${synopsysDetectVersion}.jar ${synopsysArgs}"
+ echo "The blackduck scan execute command: \n'${synopsysExec}'"
+
+ try {
+ timeout(time: "${timeoutMinutes}", unit: 'MINUTES') {
+ sh """
+ ${synopsysExec}
+ # Delete any existing docker extractions from this scan to avoid excessive storage use.
+ rm -rf ${scanTempDir}/runs/*/extractions || true
+ mv ${scanTempDir}/runs synopsysRuns
+ """
+
+ // NOTE: Archiving works **ONLY** in the build workspace. All artifacts must be copied to the workspace.
+ // Ignore gz to avoid archiving docker images.
+ archiveArtifacts artifacts: "synopsysRuns/**", excludes: "**/*.gz"
+ }
+ } finally {
+ dir("${scanTempDir}") {
+ deleteDir()
+ }
+ }
+ }
+}
diff --git a/ansible_collections/netapp_eseries/santricity/vars/setupBlackduckBuildParameters.groovy b/ansible_collections/netapp_eseries/santricity/vars/setupBlackduckBuildParameters.groovy
new file mode 100644
index 00000000..c2e15a08
--- /dev/null
+++ b/ansible_collections/netapp_eseries/santricity/vars/setupBlackduckBuildParameters.groovy
@@ -0,0 +1,16 @@
+def call(Map options = [:]) {
+ String buildArtifactKeepNum = options.buildArtifactKeepNum ?: '15'
+ String buildKeepNum = options.buildKeepNum ?: '30'
+ // The default cron schedule is one build between 1:xx pm - 4:xx pm on Monday
+ String buildCronSchedule = options.buildCronSchedule ?: 'H H(13-16) * * 1'
+
+ properties([
+ parameters([
+ choice(name: 'logLevel', choices: ['WARN', 'INFO', 'DEBUG', 'TRACE'], description: 'Set the logging level. WARN is the default.')
+ ]),
+ buildDiscarder(
+ logRotator(artifactNumToKeepStr: buildArtifactKeepNum, numToKeepStr: buildKeepNum)
+ ),
+ pipelineTriggers([cron(buildCronSchedule)])
+ ])
+}
diff --git a/ansible_collections/netapp_eseries/santricity/vars/setupBuildParameters.groovy b/ansible_collections/netapp_eseries/santricity/vars/setupBuildParameters.groovy
new file mode 100644
index 00000000..8e049575
--- /dev/null
+++ b/ansible_collections/netapp_eseries/santricity/vars/setupBuildParameters.groovy
@@ -0,0 +1,3 @@
+def call(Map options = [:]) {
+ setupBlackduckBuildParameters(options)
+}
diff --git a/ansible_collections/netapp_eseries/santricity/vars/setupSynopsysDetect.groovy b/ansible_collections/netapp_eseries/santricity/vars/setupSynopsysDetect.groovy
new file mode 100644
index 00000000..f5eed5c4
--- /dev/null
+++ b/ansible_collections/netapp_eseries/santricity/vars/setupSynopsysDetect.groovy
@@ -0,0 +1,15 @@
+
+def call(Map options = [:], String synopsysDetectVersion) {
+ options.synopsysDir = options.synopsysDir ?: "/tmp/synopsys-detect-air-gap/${synopsysDetectVersion}"
+ if (new File(options.synopsysDir).exists()) {
+ echo "No need to fetch synopsys-${synopsysDetectVersion}, directory exists ${options.synopsysDir}"
+ return
+ }
+
+ sh """
+ wget -qN http://esgweb.eng.netapp.com/~blucas/packages/synopsys-detect-${synopsysDetectVersion}-air-gap.zip -O synopsys-detect.zip
+ mkdir -p ${options.synopsysDir}
+ unzip -q -d ${options.synopsysDir} -u synopsys-detect.zip
+ rm -f synopsys-detect.zip
+ """
+}