Commit d4296394 authored by cazenave's avatar cazenave
Browse files

Initial commit

parents
registry="${env.SERVICE_NEXUS_URL}/repository/vitam-npm/"
email=assistance@programmevitam.fr
# Following should proxy http://cnpmjs.org/downloads/
# Cf. https://www.npmjs.com/package/phantomjs#downloading-from-a-custom-url
phantomjs_cdnurl="${env.SERVICE_NEXUS_URL}/repository/phantomjs-dist-mirror/"
# Following should proxy https://github.com/sass/node-sass/releases/download/
# Cf. https://github.com/sass/node-sass/commit/4d583856ebc64b564733b221bd25325be70a329c#diff-40fa1bcc04a39e465f1572b1178dfcfb
sass_binary_site="${env.SERVICE_NEXUS_URL}/repository/sass-dist-mirror/"
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
https://maven.apache.org/xsd/settings-1.0.0.xsd">
<!--
Note : Environment variables are used for the CI to configure platform-dependent options.
In particular, the names "*_USR" and "*_PSW" are named that way to ease the Jenkins configuration.
Cf. https://jenkins.io/doc/book/pipeline/syntax/#environment
-->
<servers>
<server>
<id>vitam</id>
<username>${env.CI_USR}</username>
<password>${env.CI_PSW}</password>
</server>
<server>
<id>vitam-interne</id>
<username>${env.CI_USR}</username>
<password>${env.CI_PSW}</password>
</server>
<server>
<id>snapshots</id>
<username>${env.CI_USR}</username>
<password>${env.CI_PSW}</password>
</server>
<server>
<id>releases</id>
<username>${env.CI_USR}</username>
<password>${env.CI_PSW}</password>
</server>
<server>
<id>vitam-gitlab</id>
<username>${env.CI_USR}</username>
<password>${env.CI_PSW}</password>
</server>
<server>
<id>npm-proxy</id>
<username>${env.CI_USR}</username>
<password>${env.CI_PSW}</password>
</server>
</servers>
<pluginGroups>
<pluginGroup>org.sonarsource.scanner.maven</pluginGroup>
</pluginGroups>
<profiles>
<profile>
<id>sonar</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<!-- Optional URL to server. Default value is http://localhost:9000 -->
<sonar.host.url>${env.SERVICE_SONAR_URL}</sonar.host.url>
<sonar.login>${env.CI_USR}</sonar.login>
<sonar.password>${env.CI_PSW}</sonar.password>
</properties>
</profile>
<profile>
<id>pic</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<nodeDownloadRoot>${env.SERVICE_NEXUS_URL}/repository/node-distrib/</nodeDownloadRoot>
</properties>
</profile>
<profile>
<id>user-vitam</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<properties>
<username>${env.CI_USR}</username>
<password>${env.CI_PSW}</password>
</properties>
</profile>
</profiles>
<mirrors>
<mirror>
<id>vitam-interne</id>
<name>vitam interne</name>
<url>${env.SERVICE_NEXUS_URL}/repository/maven-public/</url>
<mirrorOf>*,!node-dist-mirror</mirrorOf>
</mirror>
<mirror>
<id>node-interne</id>
<name>node installer interne</name>
<url>${env.SERVICE_NEXUS_URL}/repository/node-distrib/</url>
<mirrorOf>node-dist-mirror</mirrorOf>
</mirror>
</mirrors>
<!--
<proxies>
<proxy>
<id>platform-proxy</id>
<active>true</active>
<protocol>http</protocol>
<host>${env.PROXY_HOSTNAME}</host>
<port>${env.PROXY_PORT}</port>
</proxy>
</proxies>
-->
</settings>
# EditorConfig helps developers define and maintain consistent
# coding styles between different editors and IDEs
# editorconfig.org
root = true
[*]
# Change these settings to your own preference
indent_style = space
indent_size = 4
# We recommend you to keep these unchanged
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true
[*.md]
trim_trailing_whitespace = false
[{package,bower}.json]
indent_style = space
indent_size = 2
[*.{yml,yml.j2}]
indent_style = space
indent_size = 2
[*.json]
indent_style = space
indent_size = 2
[*.{js,ts}]
charset = utf-8
indent_style = space
indent_size = 2
insert_final_newline = true
trim_trailing_whitespace = true
######################
# STS
######################
**/.apt_generated
**/.classpath
**/.factorypath
**/.project
**/.settings
**/.springBeans
######################
# IntelliJ IDEA
######################
.idea/
**/.idea
**/*.iws
**/*.iml
**/*.ipr
######################
# NetBeans
######################
**/nbproject/private/
**/build/
**/nbbuild/
**/dist/
**/nbdist/
**/.nb-gradle/
nb-configuration.xml
######################
# Node
######################
**/node/
**/node_tmp/
**/node_modules/
**/npm-debug.log.*
**/.awcache/*
######################
# SASS
######################
**/.sass-cache/
######################
# Eclipse
######################
**/*.pydevproject
**/.project
**/.metadata
**/tmp/
**/tmp/**/*
**/*.tmp
**/*.bak
**/*.swp
**/*~.nib
**/local.properties
**/.classpath
**/.settings/
**/.loadpath
**/.factorypath
**/src/main/resources/rebel.xml
**/*.pmd
**/*.pmd*
**/*.checkstyle
# External tool builders
**/.externalToolBuilders/**
# Locally stored "Eclipse launch configurations"
**/*.launch
# CDT-specific
**/.cproject
# PDT-specific
**/.buildpath
######################
# Visual Studio Code
######################
**/.vscode/
######################
# Maven
######################
**/target/
!**/.mvn/wrapper/maven-wrapper.jar
**/log/
**/target/
pom.xml.releaseBackup
pom.xml.versionsBackup
maven-eclipse.xml
######################
# Gradle
######################
**/.gradle/
**/build/
######################
# Package Files
######################
**/*.jar
**/*.war
**/*.ear
**/*.db
**/*.rpm
**/*.deb
######################
# Windows
######################
# Windows image file caches
**/Thumbs.db
# Folder config file
**/Desktop.ini
######################
# Mac OSX
######################
**/.DS_Store
**/.svn
# Thumbnails
._*
# Files that might appear on external disk
.Spotlight-V100
.Trashes
######################
# Directories
######################
**/bin/
/deploy/
######################
# Logs
######################
*.log*
######################
# Others
######################
*.class
*.*~
*~
.merge_file*
######################
# Gradle Wrapper
######################
!gradle/wrapper/gradle-wrapper.jar
######################
# ESLint
######################
.eslintcache
/common/nb-configuration.xml
######################
# Ansible
######################
*.retry
######################
# Editor files:
######################
.ideas/*
######################
# python compiled code :
######################
*.pyc
######################
# Dolphin explorateur file
######################
.directory
####################
# Vagrant
###################
deployment/.vagrant
.vagrant/
*.box
######
# CAS
######
**/overlays/
######
# Camel
**/tmp/
/deployment/playbooks/pki/tempcerts/
##################
# Angular Common #
##################
ui/angular-commons/*.tgz
##################
# Deloyment tmp #
##################
/deployment/tmp/
##########################################
# Deployment Local deployement keystores #
##########################################
# Created vitam client stores
deployment/playbooks/pki/vitam/client-external/*.p12
deployment/playbooks/pki/vitam/client-external/*.jks
# Created vitamui pki truststore
deployment/playbooks/pki/certs/*/*.jks
# Created vitamui pki vitam truststore
deployment/playbooks/pki/certs/*/*.p12
# Imported vitamui app truststore
deployment/playbooks/templates/vitamui/conf/*/*.jks
# Imported vitamui app vitam truststore
deployment/playbooks/templates/vitamui/conf/*/*.p12
##########################################
# Mongo workspace entry-point #
##########################################
tools/docker/mongo/mongo-entrypoint
# VitamUI contributors
* Franck BEBEL
* Ludovic BLANCHET
* Aurelien BONNAFONT
* Emmannuel CASTRO
* Julien CORNILLE
* Delphine COURSIER
* Emmanuel DEVILLER
* Makhtar DIAGNE
* Jamal EL AOUFI
* Romain GORDOLO
* Sarah GRALL
* Abdelmoez GUETAT
* Yahya KAMAZ
* Guillaume LAFARGUE
* Mathieu LEGUAY
* Jérôme LELEU
* Olivier MARSOL
* Pierre NOLE
* Noureddine OUAGHRIS
* Paul PEYREFITTE
* Alexis ROUSSET
* Mahmoud SAYAD
* Zakaria TIRDAD
\ No newline at end of file
pipeline {
agent {
label 'contrib'
}
environment {
SLACK_MESSAGE = "${env.JOB_NAME} ${env.BUILD_NUMBER} (<${env.RUN_DISPLAY_URL}|Open>)"
MVN_BASE = "/usr/local/maven/bin/mvn --settings ${pwd()}/.ci/settings.xml"
MVN_COMMAND = "${MVN_BASE} --show-version --batch-mode --errors --fail-at-end -DinstallAtEnd=true -DdeployAtEnd=true "
CI = credentials("app-jenkins")
SERVICE_CHECKMARX_URL = credentials("service-checkmarx-url")
SERVICE_SONAR_URL = credentials("service-sonar-url")
SERVICE_GIT_URL = credentials("service-gitlab-url")
SERVICE_INFRA_URL = credentials("service-gitinfra-url")
SERVICE_NEXUS_URL = credentials("service-nexus-url")
SERVICE_PROXY_HOST = credentials("http-proxy-host")
SERVICE_PROXY_PORT = credentials("http-proxy-port")
NOPROXY_HOST = credentials("http_nonProxyHosts")
SERVICE_REPO_SSHURL = credentials("repository-connection-string")
SERVICE_REPOSITORY_URL=credentials("service-repository-url")
JAVA_TOOL_OPTIONS = "-Dhttp.proxyHost=${env.SERVICE_PROXY_HOST} -Dhttp.proxyPort=${env.SERVICE_PROXY_PORT} -Dhttps.proxyHost=${env.SERVICE_PROXY_HOST} -Dhttps.proxyPort=${env.SERVICE_PROXY_PORT} -Dhttp.nonProxyHosts=${env.NOPROXY_HOST}"
}
options {
disableConcurrentBuilds()
buildDiscarder(
logRotator(
artifactDaysToKeepStr: '',
artifactNumToKeepStr: '',
numToKeepStr: '100'
)
)
}
triggers {
cron('45 2 * * *')
}
stages {
stage('Activate steps') {
agent none
steps {
script {
env.DO_TEST = 'true'
env.DO_BUILD = 'true'
env.DO_PUBLISH = 'true'
env.DO_CHECKMARX = 'true'
}
}
}
stage('Check vulnerabilities and tests.') {
when {
environment(name: 'DO_TEST', value: 'true')
}
environment {
PUPPETEER_DOWNLOAD_HOST="${env.SERVICE_NEXUS_URL}/repository/puppeteer-chrome/"
JAVA_TOOL_OPTIONS=""
}
steps {
sh 'npmrc default'
sh '''
$MVN_COMMAND clean verify org.owasp:dependency-check-maven:aggregate -Pvitam -pl '!cots/vitamui-nginx,!cots/vitamui-mongod,!cots/vitamui-logstash,!cots/vitamui-mongo-express' $JAVA_TOOL_OPTIONS
'''
}
post {
always {
junit '**/target/surefire-reports/*.xml'
}
success {
archiveArtifacts (
artifacts: '**/dependency-check-report.html',
fingerprint: true
)
}
}
}
stage('Build sources') {
environment {
PUPPETEER_DOWNLOAD_HOST="${env.SERVICE_NEXUS_URL}/repository/puppeteer-chrome/"
}
when {
environment(name: 'DO_BUILD', value: 'true')
}
steps {
sh 'npmrc default'
sh '''
$MVN_COMMAND deploy -Pvitam,rpm,webpack -DskipTests -DskipAllFrontend=true -Dlicense.skip=true -pl '!cots/vitamui-nginx,!cots/vitamui-mongod,!cots/vitamui-logstash,!cots/vitamui-mongo-express' $JAVA_TOOL_OPTIONS
'''
}
}
stage('Build COTS') {
environment {
http_proxy="http://${env.SERVICE_PROXY_HOST}:${env.SERVICE_PROXY_PORT}"
https_proxy="http://${env.SERVICE_PROXY_HOST}:${env.SERVICE_PROXY_PORT}"
}
when {
environment(name: 'DO_BUILD', value: 'true')
}
steps {
sh 'npmrc internet'
dir('cots/') {
sh '''
$MVN_COMMAND deploy -Pvitam,rpm -DskipTests -Dlicense.skip=true $JAVA_TOOL_OPTIONS
'''
}
}
}
stage("Get publishing scripts") {
when {
environment(name: 'DO_PUBLISH', value: 'true')
environment(name: 'DO_BUILD', value: 'true')
}
steps {
checkout([$class: 'GitSCM',
branches: [[name: 'oshimae']],
doGenerateSubmoduleConfigurations: false,
extensions: [[$class: 'RelativeTargetDirectory', relativeTargetDir: 'vitam-build.git']],
submoduleCfg: [],
userRemoteConfigs: [[credentialsId: 'app-jenkins', url: "$SERVICE_GIT_URL"]]
])
}
}
stage("Publish rpm") {
when {
environment(name: 'DO_PUBLISH', value: 'true')
environment(name: 'DO_BUILD', value: 'true')
}
steps {
sshagent (credentials: ['jenkins_sftp_to_repository']) {
sh 'vitam-build.git/push_vitamui_repo.sh contrib $SERVICE_REPO_SSHURL'
}
}
}
stage("Update symlink") {
when {
anyOf {
branch "develop*"
branch "master_*"
tag pattern: "^[1-9]+\\.[0-9]+\\.[0-9]*+-?[0-9]*\$", comparator: "REGEXP"
}
environment(name: 'DO_PUBLISH', value: 'true')
environment(name: 'DO_BUILD', value: 'true')
}
steps {
sshagent (credentials: ['jenkins_sftp_to_repository']) {
sh 'vitam-build.git/push_symlink_repo.sh contrib $SERVICE_REPO_SSHURL'
}
}
}
stage("Checkmarx analysis") {
when {
anyOf {
branch "develop*"
branch "master_*"
branch "master"
tag pattern: "^[1-9]+\\.[0-9]+\\.[0-9]+-?[0-9]*\$", comparator: "REGEXP"
}
environment(name: 'DO_CHECKMARX', value: 'true')
}
environment {
JAVA_TOOL_OPTIONS = ""
}
steps {
dir('vitam-build.git') {
deleteDir()
}
sh 'mkdir -p target'
sh 'mkdir -p logs'
// KWA : Visibly, backslash escape hell. \\ => \ in groovy string.
sh '/opt/CxConsole/runCxConsole.sh scan --verbose -Log "${PWD}/logs/cxconsole.log" -CxServer "$SERVICE_CHECKMARX_URL" -CxUser "VITAM openLDAP\\\\$CI_USR" -CxPassword \\"$CI_PSW\\" -ProjectName "CxServer\\SP\\Vitam\\Users\\vitam-ui $GIT_BRANCH" -LocationType folder -locationPath "${PWD}/" -Preset "Default 2014" -LocationPathExclude "cots,deployment,deploymentByVitam,docs,integration-tests,tools,node,node_modules,dist,target" -LocationFilesExclude "*.rpm,*.pdf" -ForceScan -ReportPDF "${PWD}/target/checkmarx-report.pdf"'
}
post {
success {
archiveArtifacts (
artifacts: 'target/checkmarx-report.pdf',
fingerprint: true
)
}
failure {
archiveArtifacts (
artifacts: 'logs/cxconsole.log',
fingerprint: true
)
}
}
}
}
}
Copyright French Prime minister Office/SGMAP/DINSIC/Vitam Program (2019-2020)
and the signatories of the "VITAM - Accord du Contributeur" agreement.
contact@programmevitam.fr
This software is a computer program whose purpose is to implement
implement a digital archiving front-office system for the secure and
efficient high volumetry VITAM solution.
This software is governed by the CeCILL-C license under French law and
abiding by the rules of distribution of free software. You can use,
modify and/ or redistribute the software under the terms of the CeCILL-C
license as circulated by CEA, CNRS and INRIA at the following URL
"http://www.cecill.info".
As a counterpart to the access to the source code and rights to copy,
modify and redistribute granted by the license, users are provided only
with a limited warranty and the software's author, the holder of the
economic rights, and the successive licensors have only limited
liability.
In this respect, the user's attention is drawn to the risks associated
with loading, using, modifying and/or developing or reproducing the
software by the user in light of its specific status of free software,
that may mean that it is complicated to manipulate, and that also
therefore means that it is reserved for developers and experienced
professionals having in-depth computer knowledge. Users are therefore
encouraged to load and test the software's suitability as regards their
requirements in conditions enabling the security of their systems and/or
data to be ensured and, more generally, to use and operate it in the
same conditions as regards security.
The fact that you are presently reading this means that you have had
knowledge of the CeCILL-C license and that you accept its terms.
# VitamUI
VitamUI project.
# Prerequisites
- Install Java at least version 8