gosnowflake/Jenkinsfile at master · snowflakedb/gosnowflake · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
@Library('pipeline-utils')
import com.snowflake.DevEnvUtils
import groovy.json.JsonOutput


timestamps {
  node('high-memory-node-snowos') {
    stage('checkout') {
      scmInfo = checkout scm
      println("${scmInfo}")
      env.GIT_BRANCH = scmInfo.GIT_BRANCH
      env.GIT_COMMIT = scmInfo.GIT_COMMIT
    }
    params = [
      string(name: 'branch', value: 'main'),
      string(name: 'client_git_commit', value: scmInfo.GIT_COMMIT),
      string(name: 'client_git_branch', value: scmInfo.GIT_BRANCH),
      string(name: 'TARGET_DOCKER_TEST_IMAGE', value: 'go-chainguard-go1_24'),
      string(name: 'parent_job', value: env.JOB_NAME),
      string(name: 'parent_build_number', value: env.BUILD_NUMBER)
    ]

    stage('Authenticate Artifactory') {
      script {
        new DevEnvUtils().withSfCli {
          sh "sf artifact oci auth"
        }
      }
    }

    parallel(
      'Test': {
        stage('Test') {
          build job: 'RT-LanguageGo-PC', parameters: params
        }
      },
      'Test Authentication': {
        stage('Test Authentication') {
          withCredentials([
            string(credentialsId: 'sfctest0-parameters-secret', variable: 'PARAMETERS_SECRET')
          ]) {
            sh '''\
            |#!/bin/bash -e
            |$WORKSPACE/ci/test_authentication.sh
            '''.stripMargin()
          }
        }
      },
      'Test WIF Auth': {
        stage('Test WIF Auth') {
          withCredentials([
            string(credentialsId: 'sfctest0-parameters-secret', variable: 'PARAMETERS_SECRET'),
          ]) {
            sh '''\
            |#!/bin/bash -e
            |$WORKSPACE/ci/test_wif.sh
            '''.stripMargin()
          }
        }
      },
      'Test Revocation Validation': {
        stage('Test Revocation Validation') {
          withCredentials([
            usernamePassword(credentialsId: 'jenkins-snowflakedb-github-app',
              usernameVariable: 'GITHUB_USER',
              passwordVariable: 'GITHUB_TOKEN')
          ]) {
            try {
              sh '''\
              |#!/bin/bash -e
              |chmod +x $WORKSPACE/ci/test_revocation.sh
              |$WORKSPACE/ci/test_revocation.sh
              '''.stripMargin()
            } finally {
              archiveArtifacts artifacts: 'revocation-results.json,revocation-report.html', allowEmptyArchive: true
              publishHTML(target: [
                allowMissing: true,
                alwaysLinkToLastBuild: true,
                keepAll: true,
                reportDir: '.',
                reportFiles: 'revocation-report.html',
                reportName: 'Revocation Validation Report'
              ])
            }
          }
        }
      }
    )
  }
}


pipeline {
  agent { label 'high-memory-node-snowos' }
  options { timestamps() }
  environment {
    COMMIT_SHA_LONG = sh(returnStdout: true, script: "echo \$(git rev-parse " + "HEAD)").trim()

    // environment variables for semgrep_agent (for findings / analytics page)
    // remove .git at the end
    // remove SCM URL + .git at the end

    BASELINE_BRANCH = "${env.CHANGE_TARGET}"
  }
  stages {
    stage('Checkout') {
      steps {
        checkout scm
      }
    }
  }
}

def wgetUpdateGithub(String state, String folder, String targetUrl, String seconds) {
    def ghURL = "https://api.github.com/repos/snowflakedb/gosnowflake/statuses/$COMMIT_SHA_LONG"
    def data = JsonOutput.toJson([state: "${state}", context: "jenkins/${folder}",target_url: "${targetUrl}"])
    sh "wget ${ghURL} --spider -q --header='Authorization: token $GIT_PASSWORD' --post-data='${data}'"
}