From a1300e0f6f647c02340f4dd318e5e62e26827307 Mon Sep 17 00:00:00 2001
From: Andreas Penski <18-andreas.penski@users.noreply.projekte.kosit.org>
Date: Wed, 9 Nov 2022 12:59:14 +0000
Subject: [PATCH] Restructure build process
---
.gitlab-ci.yml | 149 +++++++++++++-------------------------
.idea/compiler.xml | 3 +
.mvn/createBuildImages.sh | 2 +-
owasp-suppressions.xml | 5 ++
pom.xml | 30 ++++++++
5 files changed, 88 insertions(+), 101 deletions(-)
create mode 100644 owasp-suppressions.xml
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 59ed706..19728ac 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -13,13 +13,27 @@ cache:
paths:
- .m2/repository
-
-java-11:
+.java:
stage: build
- image: $CI_REGISTRY_IMAGE/maven:3-jdk-11
+ needs:
+ - job: java-11
+ artifacts: false
script:
- mvn $MAVEN_CLI_OPTS $BUILD_PROPS $CI_JOB_TIMESTAMP verify
- retry: 2
+ artifacts:
+ name: artifacts
+ when: on_failure
+ paths:
+ - target/*.jar
+ reports:
+ junit:
+ - target/surefire-reports/*.xml
+ - target/failsafe-reports/*.xml
+
+java-11:
+ extends: .java
+ image: $CI_REGISTRY_IMAGE/maven:3-jdk-11
+ needs: [ ]
artifacts:
name: java-11
paths:
@@ -30,122 +44,43 @@ java-11:
- target/surefire-reports/*.xml
- target/failsafe-reports/*.xml
-java-11-openj9:
- stage: build
- image: $CI_REGISTRY_IMAGE/maven:3-jdk-11-openj9
- script:
- - mvn $MAVEN_CLI_OPTS $BUILD_PROPS $CI_JOB_TIMESTAMP verify
- retry: 2
- artifacts:
- name: java-11-openj9
- paths:
- - target/*.jar
- reports:
- junit:
- - target/surefire-reports/*.xml
- - target/failsafe-reports/*.xml
-
java8:
- stage: build
+ extends: .java
image: $CI_REGISTRY_IMAGE/maven:3-jdk-8
- script:
- - mvn $MAVEN_CLI_OPTS $BUILD_PROPS $CI_JOB_TIMESTAMP verify
- retry: 2
- artifacts:
- name: java-8
- paths:
- - target/*.jar
- reports:
- junit:
- - target/surefire-reports/*.xml
- - target/failsafe-reports/*.xml
+
+java-11-openj9:
+ extends: .java
+ image: $CI_REGISTRY_IMAGE/maven:3-jdk-11-openj9
java-8-openj9:
- stage: build
+ extends: .java
image: $CI_REGISTRY_IMAGE/maven:3-jdk-8-openj9
- script:
- - mvn $MAVEN_CLI_OPTS $BUILD_PROPS $CI_JOB_TIMESTAMP verify
- retry: 2
- artifacts:
- name: java-8-open-j9
- paths:
- - target/*.jar
- reports:
- junit:
- - target/surefire-reports/*.xml
- - target/failsafe-reports/*.xml
java-15:
- stage: build
+ extends: .java
image: $CI_REGISTRY_IMAGE/maven:3-openjdk-15
- script:
- - microdnf install libcgroup-tools
- - cgget -n --values-only --variable memory.limit_in_bytes /
- - mvn $MAVEN_CLI_OPTS $BUILD_PROPS $CI_JOB_TIMESTAMP verify
- retry: 2
- artifacts:
- when: on_failure
- name: java-15
- paths:
- - target/*
- reports:
- junit:
- - target/surefire-reports/*.xml
- - target/failsafe-reports/*.xml
+# script:
+# - microdnf install libcgroup-tools
+# - cgget -n --values-only --variable memory.limit_in_bytes /
+# - mvn $MAVEN_CLI_OPTS $BUILD_PROPS $CI_JOB_TIMESTAMP verify
java-16:
- stage: build
+ extends: .java
image: $CI_REGISTRY_IMAGE/maven:3-openjdk-16
- script:
- - mvn $MAVEN_CLI_OPTS $BUILD_PROPS $CI_JOB_TIMESTAMP verify
- retry: 2
- artifacts:
- when: on_failure
- name: java-16
- paths:
- - target/*
- reports:
- junit:
- - target/surefire-reports/*.xml
- - target/failsafe-reports/*.xml
java-17:
- stage: build
+ extends: .java
image: $CI_REGISTRY_IMAGE/maven:3-openjdk-17
- script:
- - mvn $MAVEN_CLI_OPTS $BUILD_PROPS $CI_JOB_TIMESTAMP verify
- retry: 2
- artifacts:
- when: on_failure
- name: java-17
- paths:
- - target/*
- reports:
- junit:
- - target/surefire-reports/*.xml
- - target/failsafe-reports/*.xml
java-18:
- stage: build
+ extends: .java
image: $CI_REGISTRY_IMAGE/maven:3-openjdk-18
- script:
- - mvn $MAVEN_CLI_OPTS $BUILD_PROPS $CI_JOB_TIMESTAMP verify
- retry: 2
- artifacts:
- when: on_failure
- name: java-18
- paths:
- - target/*
- reports:
- junit:
- - target/surefire-reports/*.xml
- - target/failsafe-reports/*.xml
deploy:
stage: deploy
image: $CI_REGISTRY_IMAGE/maven:3-jdk-11
- dependencies:
- - java-11
+ needs:
+ - job: java-11
script:
- export PROJECT_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
- mvn $MAVEN_CLI_OPTS deploy:deploy-file -Dfile=target/validationtool-${PROJECT_VERSION}.zip -DgroupId=kosit -DartifactId=validator -Dclassifier="distribution" -Dversion=${PROJECT_VERSION} -Dpackaging=zip -DrepositoryId="gitlab-maven" -Durl=https://projekte.kosit.org/api/v4/projects/7/packages/maven
@@ -165,6 +100,20 @@ create-build-image:
script:
- apk add bash
- bash .mvn/createBuildImages.sh
- when: manual
+ rules:
+ - if: $CI_PIPELINE_SOURCE == "schedule"
+ - changes:
+ - .mvn/createBuildImages.sh
+owasp-check:
+ extends: .java
+ image: $CI_REGISTRY_IMAGE/maven:3-jdk-11
+ needs: [ ]
+ script:
+ - mvn $MAVEN_CLI_OPTS $BUILD_PROPS $CI_JOB_TIMESTAMP validate -Powasp-check
+ rules:
+ - if: $CI_PIPELINE_SOURCE == "schedule"
+ - changes:
+ - pom.xml
+ - owasp-suppressions.xml
diff --git a/.idea/compiler.xml b/.idea/compiler.xml
index 7a00605..c09264f 100644
--- a/.idea/compiler.xml
+++ b/.idea/compiler.xml
@@ -11,5 +11,8 @@
+
+
+
\ No newline at end of file
diff --git a/.mvn/createBuildImages.sh b/.mvn/createBuildImages.sh
index b393ea9..0d555a7 100644
--- a/.mvn/createBuildImages.sh
+++ b/.mvn/createBuildImages.sh
@@ -16,7 +16,7 @@
# limitations under the License.
#
-TAGS=("3-openjdk-16" "3-jdk-11" "3-jdk-11-openj9" "3-jdk-8" "3-jdk-8-openj9" "3-openjdk-15" "3-openjdk-17", "3-openjdk-18")
+TAGS=("3-openjdk-16" "3-jdk-11" "3-jdk-11-openj9" "3-jdk-8" "3-jdk-8-openj9" "3-openjdk-15" "3-openjdk-17", "3-openjdk-18", "3-eclipse-temurin-19")
docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
for i in "${TAGS[@]}"
diff --git a/owasp-suppressions.xml b/owasp-suppressions.xml
new file mode 100644
index 0000000..deafc02
--- /dev/null
+++ b/owasp-suppressions.xml
@@ -0,0 +1,5 @@
+
+
+
+
+
diff --git a/pom.xml b/pom.xml
index a0ac618..f42856f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -61,6 +61,7 @@
2.3.7
1.18.24
4.8.1
+ 7.2.0
5.2.0
11.4
1.7.25
@@ -591,6 +592,35 @@
+
+ owasp-check
+
+
+
+ org.owasp
+ dependency-check-maven
+ ${version.owasp-dependency-check}
+
+ 0
+
+ ${project.basedir}/owasp-suppressions.xml
+
+
+
+
+
+
+ validate
+
+
+ check
+
+
+
+
+
+
+
format
false