icecheng/freeleaps-ops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(pipeline): implement SAST and linting executors with configuration handling

Browse Source 
Signed-off-by: 孙振宇 <>
This commit is contained in:
孙振宇 2025-02-05 16:29:52 +08:00
parent 425b7014fa
commit 69eaed1c6a
13 changed files with 1078 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
first-class-pipeline/resources/com/freeleaps/devops/builtins/lint/eslint/eslintrc.js Normal file
View File

@ -0,0 +1,69 @@
// @ts-check
const { defineConfig } = require("eslint-define-config");
module.exports = defineConfig({
root: true,
env: {
browser: true,
node: true,
es6: true,
},
parser: "vue-eslint-parser",
parserOptions: {
parser: "@typescript-eslint/parser",
ecmaVersion: 2020,
sourceType: "module",
jsxPragma: "React",
ecmaFeatures: {
jsx: true,
},
},
extends: [
"plugin:vue/vue3-recommended",
"plugin:@typescript-eslint/recommended",
"prettier",
"plugin:prettier/recommended",
"./.eslintrc-auto-import.json",
],
rules: {
"vue/script-setup-uses-vars": "error",
"vue/no-reserved-component-names": "off",
"@typescript-eslint/ban-ts-ignore": "off",
"@typescript-eslint/explicit-function-return-type": "off",
"@typescript-eslint/no-explicit-any": "off",
"@typescript-eslint/no-var-requires": "off",
"@typescript-eslint/no-empty-function": "off",
"vue/custom-event-name-casing": "off",
"no-use-before-define": "off",
"@typescript-eslint/no-use-before-define": "off",
"@typescript-eslint/ban-ts-comment": "off",
"@typescript-eslint/ban-types": "off",
"@typescript-eslint/no-non-null-assertion": "off",
"@typescript-eslint/explicit-module-boundary-types": "off",
"@typescript-eslint/no-unused-vars": "error",
"no-unused-vars": "error",
"space-before-function-paren": "off",
"vue/attributes-order": "off",
"vue/one-component-per-file": "off",
"vue/html-closing-bracket-newline": "off",
"vue/max-attributes-per-line": "off",
"vue/multiline-html-element-content-newline": "off",
"vue/singleline-html-element-content-newline": "off",
"vue/attribute-hyphenation": "off",
"vue/require-default-prop": "off",
"vue/require-explicit-emits": "off",
"vue/html-self-closing": [
"error",
{
html: {
void: "always",
normal: "never",
component: "always",
},
svg: "always",
math: "always",
},
],
"vue/multi-word-component-names": "off",
},
});

647
first-class-pipeline/resources/com/freeleaps/devops/builtins/lint/pylint/pylintrc Normal file
View File

@ -0,0 +1,647 @@
[MAIN]
# Analyse import fallback blocks. This can be used to support both Python 2 and
# 3 compatible code, which means that the block might have code that exists
# only in one or another interpreter, leading to false positives when analysed.
analyse-fallback-blocks=no
# Clear in-memory caches upon conclusion of linting. Useful if running pylint
# in a server-like mode.
clear-cache-post-run=no
# Load and enable all available extensions. Use --list-extensions to see a list
# all available extensions.
#enable-all-extensions=
# In error mode, messages with a category besides ERROR or FATAL are
# suppressed, and no reports are done by default. Error mode is compatible with
# disabling specific errors.
#errors-only=
# Always return a 0 (non-error) status code, even if lint errors are found.
# This is primarily useful in continuous integration scripts.
#exit-zero=
# A comma-separated list of package or module names from where C extensions may
# be loaded. Extensions are loading into the active Python interpreter and may
# run arbitrary code.
extension-pkg-allow-list=
# A comma-separated list of package or module names from where C extensions may
# be loaded. Extensions are loading into the active Python interpreter and may
# run arbitrary code. (This is an alternative name to extension-pkg-allow-list
# for backward compatibility.)
extension-pkg-whitelist=
# Return non-zero exit code if any of these messages/categories are detected,
# even if score is above --fail-under value. Syntax same as enable. Messages
# specified are enabled, while categories only check already-enabled messages.
fail-on=
# Specify a score threshold under which the program will exit with error.
fail-under=10
# Interpret the stdin as a python script, whose filename needs to be passed as
# the module_or_package argument.
#from-stdin=
# Files or directories to be skipped. They should be base names, not paths.
ignore=CVS
# Add files or directories matching the regular expressions patterns to the
# ignore-list. The regex matches against paths and can be in Posix or Windows
# format. Because '\\' represents the directory delimiter on Windows systems,
# it can't be used as an escape character.
ignore-paths=
# Files or directories matching the regular expression patterns are skipped.
# The regex matches against base names, not paths. The default value ignores
# Emacs file locks
ignore-patterns=^\.#
# List of module names for which member attributes should not be checked and
# will not be imported (useful for modules/projects where namespaces are
# manipulated during runtime and thus existing member attributes cannot be
# deduced by static analysis). It supports qualified module names, as well as
# Unix pattern matching.
ignored-modules=
# Python code to execute, usually for sys.path manipulation such as
# pygtk.require().
#init-hook=
# Use multiple processes to speed up Pylint. Specifying 0 will auto-detect the
# number of processors available to use, and will cap the count on Windows to
# avoid hangs.
jobs=1
# Control the amount of potential inferred values when inferring a single
# object. This can help the performance when dealing with large functions or
# complex, nested conditions.
limit-inference-results=100
# List of plugins (as comma separated values of python module names) to load,
# usually to register additional checkers.
load-plugins=
# Pickle collected data for later comparisons.
persistent=yes
# Resolve imports to .pyi stubs if available. May reduce no-member messages and
# increase not-an-iterable messages.
prefer-stubs=no
# Minimum Python version to use for version dependent checks. Will default to
# the version used to run pylint.
py-version=3.13
# Discover python modules and packages in the file system subtree.
recursive=no
# Add paths to the list of the source roots. Supports globbing patterns. The
# source root is an absolute path or a path relative to the current working
# directory used to determine a package namespace for modules located under the
# source root.
source-roots=
# When enabled, pylint would attempt to guess common misconfiguration and emit
# user-friendly hints instead of false-positive error messages.
suggestion-mode=yes
# Allow loading of arbitrary C extensions. Extensions are imported into the
# active Python interpreter and may run arbitrary code.
unsafe-load-any-extension=no
# In verbose mode, extra non-checker-related info will be displayed.
#verbose=
[BASIC]
# Naming style matching correct argument names.
argument-naming-style=snake_case
# Regular expression matching correct argument names. Overrides argument-
# naming-style. If left empty, argument names will be checked with the set
# naming style.
#argument-rgx=
# Naming style matching correct attribute names.
attr-naming-style=snake_case
# Regular expression matching correct attribute names. Overrides attr-naming-
# style. If left empty, attribute names will be checked with the set naming
# style.
#attr-rgx=
# Bad variable names which should always be refused, separated by a comma.
bad-names=foo,
bar,
baz,
toto,
tutu,
tata
# Bad variable names regexes, separated by a comma. If names match any regex,
# they will always be refused
bad-names-rgxs=
# Naming style matching correct class attribute names.
class-attribute-naming-style=any
# Regular expression matching correct class attribute names. Overrides class-
# attribute-naming-style. If left empty, class attribute names will be checked
# with the set naming style.
#class-attribute-rgx=
# Naming style matching correct class constant names.
class-const-naming-style=UPPER_CASE
# Regular expression matching correct class constant names. Overrides class-
# const-naming-style. If left empty, class constant names will be checked with
# the set naming style.
#class-const-rgx=
# Naming style matching correct class names.
class-naming-style=PascalCase
# Regular expression matching correct class names. Overrides class-naming-
# style. If left empty, class names will be checked with the set naming style.
#class-rgx=
# Naming style matching correct constant names.
const-naming-style=UPPER_CASE
# Regular expression matching correct constant names. Overrides const-naming-
# style. If left empty, constant names will be checked with the set naming
# style.
#const-rgx=
# Minimum line length for functions/classes that require docstrings, shorter
# ones are exempt.
docstring-min-length=-1
# Naming style matching correct function names.
function-naming-style=snake_case
# Regular expression matching correct function names. Overrides function-
# naming-style. If left empty, function names will be checked with the set
# naming style.
#function-rgx=
# Good variable names which should always be accepted, separated by a comma.
good-names=i,
j,
k,
ex,
Run,
_
# Good variable names regexes, separated by a comma. If names match any regex,
# they will always be accepted
good-names-rgxs=
# Include a hint for the correct naming format with invalid-name.
include-naming-hint=no
# Naming style matching correct inline iteration names.
inlinevar-naming-style=any
# Regular expression matching correct inline iteration names. Overrides
# inlinevar-naming-style. If left empty, inline iteration names will be checked
# with the set naming style.
#inlinevar-rgx=
# Naming style matching correct method names.
method-naming-style=snake_case
# Regular expression matching correct method names. Overrides method-naming-
# style. If left empty, method names will be checked with the set naming style.
#method-rgx=
# Naming style matching correct module names.
module-naming-style=snake_case
# Regular expression matching correct module names. Overrides module-naming-
# style. If left empty, module names will be checked with the set naming style.
#module-rgx=
# Colon-delimited sets of names that determine each other's naming style when
# the name regexes allow several styles.
name-group=
# Regular expression which should only match function or class names that do
# not require a docstring.
no-docstring-rgx=^_
# List of decorators that produce properties, such as abc.abstractproperty. Add
# to this list to register other decorators that produce valid properties.
# These decorators are taken in consideration only for invalid-name.
property-classes=abc.abstractproperty
# Regular expression matching correct type alias names. If left empty, type
# alias names will be checked with the set naming style.
#typealias-rgx=
# Regular expression matching correct type variable names. If left empty, type
# variable names will be checked with the set naming style.
#typevar-rgx=
# Naming style matching correct variable names.
variable-naming-style=snake_case
# Regular expression matching correct variable names. Overrides variable-
# naming-style. If left empty, variable names will be checked with the set
# naming style.
#variable-rgx=
[CLASSES]
# Warn about protected attribute access inside special methods
check-protected-access-in-special-methods=no
# List of method names used to declare (i.e. assign) instance attributes.
defining-attr-methods=__init__,
__new__,
setUp,
asyncSetUp,
__post_init__
# List of member names, which should be excluded from the protected access
# warning.
exclude-protected=_asdict,_fields,_replace,_source,_make,os._exit
# List of valid names for the first argument in a class method.
valid-classmethod-first-arg=cls
# List of valid names for the first argument in a metaclass class method.
valid-metaclass-classmethod-first-arg=mcs
[DESIGN]
# List of regular expressions of class ancestor names to ignore when counting
# public methods (see R0903)
exclude-too-few-public-methods=
# List of qualified class names to ignore when counting class parents (see
# R0901)
ignored-parents=
# Maximum number of arguments for function / method.
max-args=5
# Maximum number of attributes for a class (see R0902).
max-attributes=7
# Maximum number of boolean expressions in an if statement (see R0916).
max-bool-expr=5
# Maximum number of branch for function / method body.
max-branches=12
# Maximum number of locals for function / method body.
max-locals=15
# Maximum number of parents for a class (see R0901).
max-parents=7
# Maximum number of positional arguments for function / method.
max-positional-arguments=5
# Maximum number of public methods for a class (see R0904).
max-public-methods=20
# Maximum number of return / yield for function / method body.
max-returns=6
# Maximum number of statements in function / method body.
max-statements=50
# Minimum number of public methods for a class (see R0903).
min-public-methods=2
[EXCEPTIONS]
# Exceptions that will emit a warning when caught.
overgeneral-exceptions=builtins.BaseException,builtins.Exception
[FORMAT]
# Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
expected-line-ending-format=
# Regexp for a line that is allowed to be longer than the limit.
ignore-long-lines=^\s*(# )?<?https?://\S+>?$
# Number of spaces of indent required inside a hanging or continued line.
indent-after-paren=4
# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1
# tab).
indent-string=' '
# Maximum number of characters on a single line.
max-line-length=100
# Maximum number of lines in a module.
max-module-lines=1000
# Allow the body of a class to be on the same line as the declaration if body
# contains single statement.
single-line-class-stmt=no
# Allow the body of an if to be on the same line as the test if there is no
# else.
single-line-if-stmt=no
[IMPORTS]
# List of modules that can be imported at any level, not just the top level
# one.
allow-any-import-level=
# Allow explicit reexports by alias from a package __init__.
allow-reexport-from-package=no
# Allow wildcard imports from modules that define __all__.
allow-wildcard-with-all=no
# Deprecated modules which should not be used, separated by a comma.
deprecated-modules=
# Output a graph (.gv or any supported image format) of external dependencies
# to the given file (report RP0402 must not be disabled).
ext-import-graph=
# Output a graph (.gv or any supported image format) of all (i.e. internal and
# external) dependencies to the given file (report RP0402 must not be
# disabled).
import-graph=
# Output a graph (.gv or any supported image format) of internal dependencies
# to the given file (report RP0402 must not be disabled).
int-import-graph=
# Force import order to recognize a module as part of the standard
# compatibility libraries.
known-standard-library=
# Force import order to recognize a module as part of a third party library.
known-third-party=enchant
# Couples of modules and preferred modules, separated by a comma.
preferred-modules=
[LOGGING]
# The type of string formatting that logging methods do. `old` means using %
# formatting, `new` is for `{}` formatting.
logging-format-style=old
# Logging modules to check that the string format arguments are in logging
# function parameter format.
logging-modules=logging
[MESSAGES CONTROL]
# Only show warnings with the listed confidence levels. Leave empty to show
# all. Valid levels: HIGH, CONTROL_FLOW, INFERENCE, INFERENCE_FAILURE,
# UNDEFINED.
confidence=HIGH,
CONTROL_FLOW,
INFERENCE,
INFERENCE_FAILURE,
UNDEFINED
# Disable the message, report, category or checker with the given id(s). You
# can either give multiple identifiers separated by comma (,) or put this
# option multiple times (only on the command line, not in the configuration
# file where it should appear only once). You can also use "--disable=all" to
# disable everything first and then re-enable specific checks. For example, if
# you want to run only the similarities checker, you can use "--disable=all
# --enable=similarities". If you want to run only the classes checker, but have
# no Warning level messages displayed, use "--disable=all --enable=classes
# --disable=W".
disable=raw-checker-failed,
bad-inline-option,
locally-disabled,
file-ignored,
suppressed-message,
useless-suppression,
deprecated-pragma,
use-implicit-booleaness-not-comparison-to-string,
use-implicit-booleaness-not-comparison-to-zero,
use-symbolic-message-instead
# Enable the message, report, category or checker with the given id(s). You can
# either give multiple identifier separated by comma (,) or put this option
# multiple time (only on the command line, not in the configuration file where
# it should appear only once). See also the "--disable" option for examples.
enable=
[METHOD_ARGS]
# List of qualified names (i.e., library.method) which require a timeout
# parameter e.g. 'requests.api.get,requests.api.post'
timeout-methods=requests.api.delete,requests.api.get,requests.api.head,requests.api.options,requests.api.patch,requests.api.post,requests.api.put,requests.api.request
[MISCELLANEOUS]
# List of note tags to take in consideration, separated by a comma.
notes=FIXME,
XXX,
TODO
# Regular expression of note tags to take in consideration.
notes-rgx=
[REFACTORING]
# Maximum number of nested blocks for function / method body
max-nested-blocks=5
# Complete name of functions that never returns. When checking for
# inconsistent-return-statements if a never returning function is called then
# it will be considered as an explicit return statement and no message will be
# printed.
never-returning-functions=sys.exit,argparse.parse_error
# Let 'consider-using-join' be raised when the separator to join on would be
# non-empty (resulting in expected fixes of the type: ``"- " + " -
# ".join(items)``)
suggest-join-with-non-empty-separator=yes
[REPORTS]
# Python expression which should return a score less than or equal to 10. You
# have access to the variables 'fatal', 'error', 'warning', 'refactor',
# 'convention', and 'info' which contain the number of messages in each
# category, as well as 'statement' which is the total number of statements
# analyzed. This score is used by the global evaluation report (RP0004).
evaluation=max(0, 0 if fatal else 10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10))
# Template used to display messages. This is a python new-style format string
# used to format the message information. See doc for all details.
msg-template=
# Set the output format. Available formats are: text, parseable, colorized,
# json2 (improved json format), json (old json format) and msvs (visual
# studio). You can also give a reporter class, e.g.
# mypackage.mymodule.MyReporterClass.
#output-format=
# Tells whether to display a full report or only the messages.
reports=no
# Activate the evaluation score.
score=yes
[SIMILARITIES]
# Comments are removed from the similarity computation
ignore-comments=yes
# Docstrings are removed from the similarity computation
ignore-docstrings=yes
# Imports are removed from the similarity computation
ignore-imports=yes
# Signatures are removed from the similarity computation
ignore-signatures=yes
# Minimum lines number of a similarity.
min-similarity-lines=4
[SPELLING]
# Limits count of emitted suggestions for spelling mistakes.
max-spelling-suggestions=4
# Spelling dictionary name. Available dictionaries: en (aspell), en_AU
# (aspell), en_CA (aspell), en_GB (aspell), en_US (aspell).
spelling-dict=
# List of comma separated words that should be considered directives if they
# appear at the beginning of a comment and should not be checked.
spelling-ignore-comment-directives=fmt: on,fmt: off,noqa:,noqa,nosec,isort:skip,mypy:
# List of comma separated words that should not be checked.
spelling-ignore-words=
# A path to a file that contains the private dictionary; one word per line.
spelling-private-dict-file=
# Tells whether to store unknown words to the private dictionary (see the
# --spelling-private-dict-file option) instead of raising a message.
spelling-store-unknown-words=no
[STRING]
# This flag controls whether inconsistent-quotes generates a warning when the
# character used as a quote delimiter is used inconsistently within a module.
check-quote-consistency=no
# This flag controls whether the implicit-str-concat should generate a warning
# on implicit string concatenation in sequences defined over several lines.
check-str-concat-over-line-jumps=no
[TYPECHECK]
# List of decorators that produce context managers, such as
# contextlib.contextmanager. Add to this list to register other decorators that
# produce valid context managers.
contextmanager-decorators=contextlib.contextmanager
# List of members which are set dynamically and missed by pylint inference
# system, and so shouldn't trigger E1101 when accessed. Python regular
# expressions are accepted.
generated-members=
# Tells whether to warn about missing members when the owner of the attribute
# is inferred to be None.
ignore-none=yes
# This flag controls whether pylint should warn about no-member and similar
# checks whenever an opaque object is returned when inferring. The inference
# can return multiple potential results while evaluating a Python object, but
# some branches might not be evaluated, which results in partial inference. In
# that case, it might be useful to still emit no-member and other checks for
# the rest of the inferred objects.
ignore-on-opaque-inference=yes
# List of symbolic message names to ignore for Mixin members.
ignored-checks-for-mixins=no-member,
not-async-context-manager,
not-context-manager,
attribute-defined-outside-init
# List of class names for which member attributes should not be checked (useful
# for classes with dynamically set attributes). This supports the use of
# qualified names.
ignored-classes=optparse.Values,thread._local,_thread._local,argparse.Namespace
# Show a hint with possible names when a member name was not found. The aspect
# of finding the hint is based on edit distance.
missing-member-hint=yes
# The minimum edit distance a name should have in order to be considered a
# similar match for a missing member name.
missing-member-hint-distance=1
# The total number of similar names that should be taken in consideration when
# showing a hint for a missing member.
missing-member-max-choices=1
# Regex pattern to define which classes are considered mixins.
mixin-class-rgx=.*[Mm]ixin
# List of decorators that change the signature of a decorated function.
signature-mutators=
[VARIABLES]
# List of additional names supposed to be defined in builtins. Remember that
# you should avoid defining new builtins when possible.
additional-builtins=
# Tells whether unused global variables should be treated as a violation.
allow-global-unused-variables=yes
# List of names allowed to shadow builtins
allowed-redefined-builtins=
# List of strings which can identify a callback function by name. A callback
# name must start or end with one of those strings.
callbacks=cb_,
_cb
# A regular expression matching the name of dummy variables (i.e. expected to
# not be used).
dummy-variables-rgx=_+$|(_[a-zA-Z0-9_]*[a-zA-Z0-9]+?$)|dummy|^ignored_|^unused_
# Argument names that match this expression will be ignored.
ignored-argument-names=_.*|^ignored_|^unused_
# Tells whether we should check for unused import in __init__ files.
init-import=no
# List of qualified module names which can have objects that can redefine
# builtins.
redefining-builtins-modules=six.moves,past.builtins,future.builtins,builtins,io

54
first-class-pipeline/src/com/freeleaps/devops/CodeLintExecutor.groovy Normal file
View File

@ -0,0 +1,54 @@
package com.freeleaps.devops
import com.freeleaps.devops.enums.CodeLinterTypes
import com.freeleaps.devops.lint.Linter
import com.freeleaps.devops.lint.PyLint
import com.freeleaps.devops.lint.ESLint
class CodeLintExecutor {
def steps
def workspace
def configs
def linterType
CodeLintExecutor(steps, workspace, configs, linterType) {
this.steps = steps
this.workspace = workspace
this.configs = configs
this.linterType = linterType
}
def execute() {
if (configs == null || configs.isEmpty()) {
steps.log.warn("CodeLintExecutor", "Not set configurations file, using default configurations as fallback")
def configFilePath
switch (linterType) {
case CodeLinterTypes.PYLINT:
configFilePath = "com/freeleaps/devops/builtins/lint/pylint/pylintrc"
break
case CodeLinterTypes.ESLINT:
configFilePath = "com/freeleaps/devops/builtins/lint/eslint/eslintrc.js"
break
default:
steps.log.error("CodeLintExecutor", "Unknown linter type")
return
}
steps.writeFile file: "${workspace}/.lintconfig", text: steps.libraryResource(configFilePath)
configs = "${workspace}/.lintconfig"
}
Linter linter
switch (linterType) {
case CodeLinterTypes.PYLINT:
linter = new PyLint(steps, workspace, configs)
break
case CodeLinterTypes.ESLINT:
linter = new ESLint(steps, workspace, configs)
break
default:
steps.log.error("CodeLintExecutor", "Unknown linter type")
return
}
linter.lint()
}
}

1
first-class-pipeline/src/com/freeleaps/devops/DependenciesResolver.groovy
View File

@ -39,7 +39,6 @@ class DependenciesResolver {
if (mgr == null) {
steps.error("Dependencies manager is not set")
}
steps.sh "env"
steps.log.info("Dependencies Resolver","Ready to resolve dependencies for ${language}...")

10
first-class-pipeline/src/com/freeleaps/devops/SASTExecutor.groovy Normal file
View File

@ -0,0 +1,10 @@
package com.freeleaps.devops
import com.freeleaps.devops.enums.SASTScannerTypes
class SASTExecutor {
def steps
def workspace
def configs
def scannerType
}

29
first-class-pipeline/src/com/freeleaps/devops/enums/CodeLinterTypes.groovy Normal file
View File

@ -0,0 +1,29 @@
package com.freeleaps.devops.enums
import com.freeleaps.devops.enums.ServiceLanguage
enum CodeLinterTypes {
PYLINT(ServiceLanguage.PYTHON, "pylint", "docker.io/pipelinecomponents/pylint:latest"),
ESLINT(ServiceLanguage.JS, "eslint", "docker.io/pipelinecomponents/eslint:latest")
final ServiceLanguage language
final String linter
final String containerImage
CodeLinterTypes(ServiceLanguage language, String linter, String containerImage) {
this.language = language
this.linter = linter
this.containerImage = containerImage
}
static CodeLinterTypes parse(String linter) {
switch (linter) {
case 'pylint':
return CodeLinterTypes.PYLINT
case 'eslint':
return CodeLinterTypes.ESLINT
default:
return null
}
}
}

26
first-class-pipeline/src/com/freeleaps/devops/enums/SASTScannerTypes.groovy Normal file
View File

@ -0,0 +1,26 @@
package com.freeleaps.devops.enums
import com.freeleaps.devops.enums.ServiceLanguage
enum SASTScannerTypes {
BANDIT(ServiceLanguage.PYTHON, "bandit", "ghcr.io/pycqa/bandit/bandit:latest"),
final ServiceLanguage language
final String scanner
final String containerImage
SASTScannerTypes(ServiceLanguage language, String scanner, String containerImage) {
this.language = language
this.scanner = scanner
this.containerImage = containerImage
}
static SASTScannerTypes parse(String scanner) {
switch (scanner) {
case 'bandit':
return SASTScannerTypes.BANDIT
default:
return null
}
}
}

14
first-class-pipeline/src/com/freeleaps/devops/lint/ESLint.groovy Normal file
View File

@ -0,0 +1,14 @@
package com.freeleaps.devops.lint
import com.freeleaps.devops.enums.CodeLinterTypes
import com.freeleaps.devops.lint.LinterBase
class ESLint extends LinterBase {
ESLint(steps, workspace, configs) {
super(steps, workspace, configs, CodeLinterTypes.ESLINT)
}
def doLint() {
steps.sh("eslint --config ${configs} ${workspace}")
}
}

34
first-class-pipeline/src/com/freeleaps/devops/lint/Linter.groovy Normal file
View File

@ -0,0 +1,34 @@
package com.freeleaps.devops.lint
interface Linter {
def lint()
}
abstract class LinterBase implements Linter {
def steps
def workspace
def configs
def linterType
LinterBase(steps, workspace, configs, linterType) {
this.steps = steps
this.workspace = workspace
this.configs = configs
this.linterType = linterType
}
def lint() {
steps.log.info("${linterType.linter}", "Linting ${linterType.language.language} code")
steps.log.info("${linterType.linter}", "Workspace sets to: ${workspace}")
if (configs == null || configs.isEmpty()) {
steps.log.error("${linterType.linter}", "Not set configurations file, linter configuration file is required")
}
steps.log.info("${linterType.linter}", "Using ${configs} as configurations file")
doLint()
steps.log.info("${linterType.linter}", "Code linting has been completed")
}
abstract def doLint()
}

14
first-class-pipeline/src/com/freeleaps/devops/lint/PyLint.groovy Normal file
View File

@ -0,0 +1,14 @@
package com.freeleaps.devops.lint
import com.freeleaps.devops.enums.CodeLinterTypes
import com.freeleaps.devops.lint.LinterBase
class PyLint extends LinterBase {
PyLint(steps, workspace, configs) {
super(steps, workspace, configs, CodeLinterTypes.PYLINT)
}
def doLint() {
steps.sh("pylint --rcfile=${configs} ${workspace}")
}
}

70
first-class-pipeline/tests/Jenkinsfile vendored
View File

@ -1,56 +1,118 @@
library 'first-class-pipeline'
executeFreeleapsPipeline {
// serviceName is the name of the service, which is used to identify the service
serviceName = 'magicleaps'
// serviceSlug used to identify the service environment
environmentSlug = 'alpha'
// serviceGitBranch used to specify the git repo branch of the service codes
serviceGitBranch = 'master'
// serviceGitRepo used to specify the git repo of the service codes
serviceGitRepo = "https://freeleaps@dev.azure.com/freeleaps/magicleaps/_git/magicleaps"
// serviceGitRepoType used to specify the git repo type of the service codes
// monorepo: all services codes are in the same repo and using sub-folders to separate them
// separated: each service has its own repo
serviceGitRepoType = 'monorepo' // monorepo, separated
// executeMode used to specify the pipeline execution mode
// on-demand: the pipeline will be triggered with code changes, only changed components will be executed
// fully: the pipeline will be triggered without code changes, all components will be executed
executeMode = 'fully' // on-demand, fully
// commitMessageLintEnabled used to specify whether to enable commit message lint
commitMessageLintEnabled = false
// components used to specify the service components
components = [
[
// name is the name of the component, which is used to identify the component
name: 'frontend',
// root is the root folder of the component codes
root: 'frontend',
// language is the programming language of the component codes
language: 'javascript',
// dependenciesManager used to specify which dependencies manager to use
dependenciesManager: 'npm',
// npmPackageJsonFile used to specify the npm package.json file path when dependenciesManager set to npm
npmPackageJsonFile: 'package.json',
// buildCacheEnabled used to specify whether to enable build dependencies cache
buildCacheEnabled: true,
// buildCommand used to specify the build command of the component
buildCommand: 'npm run build',
// lintEnabled used to specify whether to enable code lint
lintEnabled: true,
// linter used to specify the code linter
linter: 'eslint',
sastEnabled: true,
sastProvider: 'NodeJsScan',
// linterConfig used to specify the code linter configuration file path, if not set, will use the default configuration
// linterConfig: '.eslintrc.js',
// sastEnabled used to specify whether to enable SAST scan
sastEnabled: false,
// sastScanner used to specify the SAST scanner
// FIXME: JS has no production-ready SAST scanner yet
// sastScanner: '',
// imageRegistry used to specify the which registry to push the image
imageRegistry: 'docker.io',
// imageRepository used to specify the image repository
imageRepository: 'sunzhenyucn',
// imageName used to specify the image name
imageName: 'magicleaps-frontend',
// imageBuilder used to specify the image builder
// dind: using docker-in-docker to build the image
// kaniko: using Kaniko to build the image
imageBuilder: 'dind',
// dockerfilePath used to specify the Dockerfile path
dockerfilePath: 'Dockerfile',
// imageBuildRoot used to specify the image build context root
imageBuildRoot: '.',
// imageReleaseArchitectures used to specify the released image architectures
imageReleaseArchitectures: ['amd64', 'arm64'],
// registryCredentialName used to specify the registry credential that stored in Freeleaps Kubernetes Cluster
registryCredentialName: 'first-class-pipeline-dev-secret',
// semanticReleaseEnabled used to specify whether to enable semantic release
semanticReleaseEnabled: true,
// semanticReleaseBranch used to specify the which branch to publish release notes
semanticReleaseBranch: 'master'
],
[
// name is the name of the component, which is used to identify the component
name: 'backend',
// root is the root folder of the component codes
root: 'backend',
// language is the programming language of the component codes
language: 'python',
// dependenciesManager used to specify which dependencies manager to use
dependenciesManager: 'pip',
// buildCacheEnabled used to specify whether to enable build dependencies cache
buildCacheEnabled: true,
// buildCommand used to specify the build command of the component
lintEnabled: true,
linter: 'PyLint',
// linter used to specify the code linter
linter: 'pylint',
// linterConfig used to specify the code linter configuration file path, if not set, will use the default configuration
// linterConfig: '.pylintrc',
// sastEnabled used to specify whether to enable SAST scan
sastEnabled: true,
sastProvider: 'Bandit',
// sastScanner used to specify the SAST scanner
// FIXME: Python has no production-ready SAST scanner yet
sastScanner: 'bandit',
// imageRegistry used to specify the which registry to push the image
imageRegistry: 'docker.io',
// imageRepository used to specify the image repository
imageRepository: 'sunzhenyucn',
// imageName used to specify the image name
imageName: 'magicleaps-backend',
// imageBuilder used to specify the image builder
// dind: using docker-in-docker to build the image
// kaniko: using Kaniko to build the image
imageBuilder: 'dind',
// dockerfilePath used to specify the Dockerfile path
dockerfilePath: 'Dockerfile',
// imageBuildRoot used to specify the image build context root
imageBuildRoot: '.',
// imageReleaseArchitectures used to specify the released image architectures
imageReleaseArchitectures: ['amd64', 'arm64'],
// registryCredentialName used to specify the registry credential that stored in Freeleaps Kubernetes Cluster
registryCredentialName: 'first-class-pipeline-dev-secret',
// semanticReleaseEnabled used to specify whether to enable semantic release
semanticReleaseEnabled: true,
// semanticReleaseBranch used to specify the which branch to publish release notes
semanticReleaseBranch: 'master'
]
]

120
first-class-pipeline/vars/executeFreeleapsPipeline.groovy
View File

@ -2,10 +2,13 @@
import com.freeleaps.devops.SourceFetcher
import com.freeleaps.devops.DependenciesResolver
import com.freeleaps.devops.enums.DependenciesManager
import com.freeleaps.devops.enums.ServiceLanguage
import com.freeleaps.devops.CommitMessageLinter
import com.freeleaps.devops.ChangedComponentsDetector
import com.freeleaps.devops.CodeLintExecutor
import com.freeleaps.devops.enums.DependenciesManager
import com.freeleaps.devops.enums.ServiceLanguage
import com.freeleaps.devops.enums.CodeLinterTypes
def generateComponentStages(component, configurations) {
return [
@ -73,6 +76,114 @@ def generateComponentStages(component, configurations) {
}
}
}
},
stage("${component.name} :: Code Linter Preparation") {
script {
if (env.executeMode == "fully" || env.changedComponents.contains(component.name)) {
if (component.lintEnabled != null && component.lintEnabled) {
log.info("Pipeline", "Code linting has enabled, preparing linter...")
if (linter == null || linter.isEmpty()) {
log.error("Pipeline", "Not set linter for ${component.name}, using default linter settings as fallback")
}
def linter = CodeLinterTypes.parse(component.linter)
if (linter == null) {
log.error("Pipeline", "Unknown linter for ${component.name}, skipping code linting")
}
if (linter.language != ServiceLanguage.parse(component.language)) {
log.error("Pipeline", "Linter ${linter.linter} is not supported for ${component.language}, skipping code linting")
}
log.info("Pipeline", "Using ${linter.linter} with image ${linter.containerImage} as linter for ${component.name}")
env.linterContainerImage = linter.containerImage
}
log.info("Pipeline", "Code linting is not enabled for ${component.name}, skipping...")
}
}
},
stage("${component.name} :: Code Linting If Enabled") {
podTemplate(
label: "code-linter-${component.name}",
containers: [
containerTemplate(
name: 'code-linter',
image: env.linterContainerImage,
ttyEnabled: true,
command: 'sleep',
args: 'infinity'
)
]
) {
node("code-linter-${component.name}") {
container('code-linter') {
script {
if (env.executeMode == "fully" || env.changedComponents.contains(component.name)) {
if (component.lintEnabled != null && component.lintEnabled) {
log.info("Pipeline", "Code linting has enabled, linting code...")
def sourceFetcher = new SourceFetcher(this)
sourceFetcher.fetch(configurations)
def linterType = CodeLinterTypes.parse(component.linter)
def codeLintExecutor = new CodeLintExecutor(this, env.workspace + "/" + component.root + "/", component.linterConfig, linterType)
codeLintExecutor.execute()
}
}
}
}
}
}
},
stage("${component.name} :: SAST Scanner Preparation") {
script {
if (env.executeMode == "fully" || env.changedComponents.contains(component.name)) {
if (component.sastEnabled != null && component.sastEnabled) {
log.info("Pipeline", "SAST scanning has enabled, preparing scanner...")
if (sastScanner == null || sastScanner.isEmpty()) {
log.error("Pipeline", "Not set sastScanner for ${component.name}")
}
log.info("Pipeline", "Using ${sastScanner} as SAST scanner for ${component.name}")
env.sastScanner = sastScanner
}
}
}
},
stage("${component.name} :: SAST Scanning If Enabled") {
},
stage("${component.name} :: Semantic Release Preparation") {
},
stage("${component.name} :: Semantic Releasing If Enabled") {
},
stage("${component.name} :: Compilation & Packaging") {
},
stage("${component.name} :: Image Builder Setup") {
},
stage("${component.name} :: Image Building & Publishing") {
},
stage("${component.name} :: Argo Application Version Updating (Deploying)") {
}
]
}
@ -182,10 +293,7 @@ spec:
steps {
script {
configurations.components.each { component ->
def generatedStages = generateComponentStages(component, configurations)
generatedStages.each { stage ->
stage(stage)
}
generateComponentStages(component, configurations)
}
}
}

1
first-class-pipeline/vars/log.groovy
View File

@ -18,4 +18,5 @@ def warn(plugin, message) {
def error(plugin, message) {
echo "[${getTimestamp()}] [ERROR] ${plugin} - ${message}"
error(message)
}