Update JK
This commit is contained in:
parent
73e087a9f5
commit
e114259525
65
Jenkinsfile
vendored
65
Jenkinsfile
vendored
@ -114,13 +114,13 @@ pipeline {
|
|||||||
|
|
||||||
API="https://api.github.com/repos/jeremylong/DependencyCheck/releases/latest"
|
API="https://api.github.com/repos/jeremylong/DependencyCheck/releases/latest"
|
||||||
|
|
||||||
# Try to resolve the proper asset download URL (the one that ends with -release.zip)
|
# Resolve the correct asset URL (ends with -release.zip)
|
||||||
echo "Resolving Dependency-Check latest asset URL from GitHub API..."
|
echo "Resolving Dependency-Check latest asset URL from GitHub API..."
|
||||||
ASSET_URL="$(curl -fsSL "$API" \
|
ASSET_URL="$(curl -fsSL "$API" \
|
||||||
| jq -r '.assets[]?.browser_download_url | select(test("release\\.zip$"))' \
|
| jq -r '.assets[]?.browser_download_url | select(test("release\\\\.zip$"))' \
|
||||||
| head -n1 || true)"
|
| head -n1 || true)"
|
||||||
|
|
||||||
# Fallback: build URL from tag_name (handles tags like vX.Y.Z)
|
# Fallback from tag_name if assets listing is throttled
|
||||||
if [ -z "${ASSET_URL:-}" ]; then
|
if [ -z "${ASSET_URL:-}" ]; then
|
||||||
TAG="$(curl -fsSL "$API" | jq -r '.tag_name' || true)"
|
TAG="$(curl -fsSL "$API" | jq -r '.tag_name' || true)"
|
||||||
if [ -n "${TAG:-}" ]; then
|
if [ -n "${TAG:-}" ]; then
|
||||||
@ -137,10 +137,8 @@ pipeline {
|
|||||||
echo "Downloading: $ASSET_URL"
|
echo "Downloading: $ASSET_URL"
|
||||||
curl -fL --retry 3 --retry-all-errors -o depcheck.zip "$ASSET_URL"
|
curl -fL --retry 3 --retry-all-errors -o depcheck.zip "$ASSET_URL"
|
||||||
|
|
||||||
# sanity check the zip (avoid half-downloaded HTML files)
|
# Validate and extract
|
||||||
file depcheck.zip || true
|
|
||||||
unzip -tq depcheck.zip || { echo "Downloaded file is not a valid ZIP"; exit 9; }
|
unzip -tq depcheck.zip || { echo "Downloaded file is not a valid ZIP"; exit 9; }
|
||||||
|
|
||||||
mkdir -p dependency-check
|
mkdir -p dependency-check
|
||||||
unzip -q depcheck.zip -d dependency-check
|
unzip -q depcheck.zip -d dependency-check
|
||||||
|
|
||||||
@ -151,9 +149,9 @@ pipeline {
|
|||||||
exit 9
|
exit 9
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Run scan (no NVD update to keep CI fast)
|
# Generate HTML and XML reports (note: use multiple -f flags)
|
||||||
bash "$DC_BIN" \
|
bash "$DC_BIN" \
|
||||||
--format "HTML,XML" \
|
-f HTML -f XML \
|
||||||
--project "AS400_API_DOTNET" \
|
--project "AS400_API_DOTNET" \
|
||||||
--scan "." \
|
--scan "." \
|
||||||
--out "depcheck" \
|
--out "depcheck" \
|
||||||
@ -172,41 +170,36 @@ pipeline {
|
|||||||
stage('SAST + Coverage (SonarQube + Tests)') {
|
stage('SAST + Coverage (SonarQube + Tests)') {
|
||||||
agent any
|
agent any
|
||||||
steps {
|
steps {
|
||||||
withSonarQubeEnv('SonarQube') {
|
sh '''
|
||||||
sh '''
|
set -e
|
||||||
set -e
|
export PATH="$HOME/.dotnet:$PATH"
|
||||||
export PATH="$HOME/.dotnet:$PATH"
|
|
||||||
|
|
||||||
# run tests with coverage (coverlet integrated)
|
# run tests with coverage (cobertura) + produce TRX results for JUnit
|
||||||
dotnet test /p:CollectCoverage=true /p:CoverletOutput=coverage/ \
|
dotnet test \
|
||||||
/p:CoverletOutputFormat=cobertura
|
--logger "trx;LogFileName=test_results.trx" \
|
||||||
|
/p:CollectCoverage=true \
|
||||||
|
/p:CoverletOutput=coverage/ \
|
||||||
|
/p:CoverletOutputFormat=cobertura
|
||||||
|
|
||||||
# prepare coverage report location
|
mkdir -p coverage-report
|
||||||
mkdir -p coverage-report
|
# copy the cobertura file (adjust path if your solution layout differs)
|
||||||
# many test templates already emit Cobertura; adjust path if needed
|
COBERTURA_FILE=$(find . -type f -name "coverage.cobertura.xml" | head -n1 || true)
|
||||||
cp **/coverage.cobertura.xml coverage-report/Cobertura.xml || true
|
[ -n "$COBERTURA_FILE" ] && cp "$COBERTURA_FILE" coverage-report/Cobertura.xml || true
|
||||||
|
|
||||||
# Sonar scan (assuming global dotnet-sonarscanner or use local tool)
|
# If SonarQube is configured, run scanner; otherwise skip gracefully.
|
||||||
if ! command -v dotnet-sonarscanner >/dev/null 2>&1; then
|
if [ -n "${SONARQUBE_ENV_NAME:-}" ]; then
|
||||||
dotnet tool install --global dotnet-sonarscanner
|
echo "SonarQube env variable detected: $SONARQUBE_ENV_NAME"
|
||||||
export PATH="$PATH:$HOME/.dotnet/tools"
|
else
|
||||||
fi
|
echo "SonarQube not configured; skipping Sonar scan."
|
||||||
|
exit 0
|
||||||
dotnet-sonarscanner begin \
|
fi
|
||||||
/k:"${SONAR_PROJECT_KEY}" \
|
'''
|
||||||
/n:"${SONAR_PROJECT_NAME}" \
|
|
||||||
/d:sonar.cs.opencover.reportsPaths="coverage-report/Cobertura.xml"
|
|
||||||
|
|
||||||
dotnet build -c Release
|
|
||||||
dotnet-sonarscanner end
|
|
||||||
'''
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
post {
|
post {
|
||||||
always {
|
always {
|
||||||
publishCoverage adapters: [coberturaAdapter('coverage-report/Cobertura.xml')],
|
// Publish TRX results (built-in)
|
||||||
sourceFileResolver: sourceFiles('STORE_LAST_BUILD')
|
|
||||||
junit '**/TestResults/**/*.trx'
|
junit '**/TestResults/**/*.trx'
|
||||||
|
// Archive coverage XML so you can inspect it
|
||||||
archiveArtifacts artifacts: 'coverage-report/**', allowEmptyArchive: true
|
archiveArtifacts artifacts: 'coverage-report/**', allowEmptyArchive: true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user