SONARSCALA-66 Unify Platform Dogfooding of sonar-scala

.cirrus.yml

@@ -67,6 +67,36 @@
     heap_dump_artifacts:
       path: "*.hprof"
 
+sonar_shadow_scan_and_issue_replication_task:
+  depends_on:
+    - build
+  # Only run when triggered by the cirrus-ci cron job named "nightly"
+  only_if: $CIRRUS_CRON == "nightly"
+  eks_container:
+    <<: *CONTAINER_DEFINITION
+    cpu: 8
+    memory: 4G
+  env:
+    SONAR_PROJECT_KEY: "SonarSource_sonar-scala"
+    SHADOW_ORGANIZATION: "sonarsource"
+    SHADOW_PROJECT_KEY: "SonarSource_sonar-scala"
+    # to replicate issue states from next
+    SONAR_TOKEN: VAULT[development/kv/data/next data.token]
+    SONAR_HOST_URL: https://next.sonarqube.com/sonarqube
+    matrix:
+      - name: "sonarcloud.io"
+        SHADOW_SONAR_TOKEN: VAULT[development/kv/data/sonarcloud data.token]
+        SHADOW_SONAR_HOST_URL: "https://sonarcloud.io"
+      - name: "sonarqube.us"
+        SHADOW_SONAR_TOKEN: VAULT[development/kv/data/sonarqube-us data.token]
+        SHADOW_SONAR_HOST_URL: "https://sonarqube.us"
+  <<: *SETUP_GRADLE_CACHE
+  build_script:
+    - *log_develocity_url_script
+    - source cirrus-env BUILD
+    - source set_gradle_build_version
+    - ./shadow-scan-and-issue-replication.sh
+
 mend_task:
   depends_on:
     - build
@@ -89,7 +119,7 @@
     ws_artifacts:
       path: "whitesource/**/*"
 
 qa_plugin_task:
   <<: *QA_TASK_FILTER
   eks_container:
     <<: *CONTAINER_DEFINITION
@@ -111,7 +141,7 @@
       -I "${GRADLE_HOME}/init.d/repoxAuth.init.gradle.kts"
       --info --stacktrace --console plain --no-daemon --build-cache
 
 qa_ruling_task:
   <<: *QA_TASK_FILTER
   eks_container:
     <<: *CONTAINER_DEFINITION
@@ -131,9 +161,10 @@
       -I "${GRADLE_HOME}/init.d/repoxAuth.init.gradle.kts"
       --info --stacktrace --console plain --no-daemon --build-cache
 
 promote_task:
   depends_on:
     - build
+    - sonar_shadow_scan_and_issue_replication
     - qa_plugin
     - qa_ruling
   eks_container:

shadow-scan-and-issue-replication.sh

@@ -0,0 +1,73 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+# IRIS: Issue Replication for Sonarqube
+IRIS_JAR_URL="${ARTIFACTORY_URL}/sonarsource-private-releases/com/sonarsource/iris/iris/\[RELEASE\]/iris-\[RELEASE\]-jar-with-dependencies.jar"
+IRIS_JAR_PATH="target/libs/iris.jar"
+
+function build_and_analyze_the_project() {
+  echo
+  echo "===== Build and analyze the project targeting a shadow SonarQube instance"
+  local BUILD_CMD
+  if [[ -e "gradlew" ]]; then
+    BUILD_CMD="./gradlew --info --stacktrace --console plain build sonar"
+  else
+    source set_maven_build_version "$BUILD_NUMBER"
+    BUILD_CMD="mvn -Pcoverage -Dmaven.test.redirectTestOutputToFile=false --batch-mode --errors --show-version verify sonar:sonar"
+  fi
+  ${BUILD_CMD} \
+    -DbuildNumber="${BUILD_NUMBER}" \
+    -Dsonar.host.url="${SHADOW_SONAR_HOST_URL}" \
+    -Dsonar.token="${SHADOW_SONAR_TOKEN}" \
+    -Dsonar.organization="${SHADOW_ORGANIZATION}" \
+    -Dsonar.projectKey="${SHADOW_PROJECT_KEY}" \
+    -Dsonar.analysis.buildNumber="${BUILD_NUMBER}" \
+    -Dsonar.analysis.repository="${GITHUB_REPO}" \
+    "$@"
+}
+
+function download_iris() {
+  echo
+  echo "===== Download ${IRIS_JAR_URL}"
+  mkdir -p target/libs
+  curl --silent --fail-with-body --location --header "Authorization: Bearer ${ARTIFACTORY_PRIVATE_PASSWORD}" \
+      --output "${IRIS_JAR_PATH}" "${IRIS_JAR_URL}"
+}
+
+function run_iris() {
+  local DRY_RUN="$1"
+  java \
+    -Diris.source.projectKey="${SONAR_PROJECT_KEY}" \
+    -Diris.source.url="${SONAR_HOST_URL}" \
+    -Diris.source.token="${SONAR_TOKEN}" \
+    -Diris.destination.projectKey="${SHADOW_PROJECT_KEY}" \
+    -Diris.destination.organization="${SHADOW_ORGANIZATION}" \
+    -Diris.destination.url="${SHADOW_SONAR_HOST_URL}" \
+    -Diris.destination.token="${SHADOW_SONAR_TOKEN}" \
+    -Diris.dryrun="${DRY_RUN}" \
+    -jar "${IRIS_JAR_PATH}"
+}
+
+function run_iris_with_and_without_dry_run() {
+  echo
+  echo "===== Execute IRIS as dry-run"
+  if run_iris true; then
+    echo "===== Successful IRIS execution as dry-run"
+    echo "===== Execute IRIS for real"
+    if run_iris false; then
+      echo "===== Successful IRIS execution for real"
+      return 0
+    else
+      echo "===== Failed IRIS execution for real"
+      return 1
+    fi
+  else
+    echo "===== Failed IRIS execution as dry-run"
+    return 1
+  fi
+}
+
+build_and_analyze_the_project "$@"
+download_iris
+run_iris_with_and_without_dry_run