Merge branch 'release/5.3' into merge-release/5.2-release/5.3-2024-05…

…-08-85
corda · May 8, 2024 · d263d5c · d263d5c
2 parents 4f7bdbd + 180e599
commit d263d5c
Show file tree

Hide file tree

Showing 9 changed files with 104 additions and 10 deletions.
diff --git a/.ci/JenkinsfileMergeAutomation b/.ci/JenkinsfileMergeAutomation
@@ -1,5 +1,5 @@
 #! groovy
-@Library('corda-shared-build-pipeline-steps@5.2') _
+@Library('corda-shared-build-pipeline-steps@5.3') _
 
 /**
  * Forward merge any changes in current branch to the branch with following version.
@@ -14,13 +14,13 @@
  * the branch name of origin branch, it should match the current branch
  * and it acts as a fail-safe inside {@code forwardMerger} pipeline
  */
-String originBranch = 'release/5.2'
+String originBranch = 'release/5.3'
 
 /**
  * the branch name of target branch, it should be the branch with the next version
  * after the one in current branch.
  */
-String targetBranch = 'release/5.3'
+String targetBranch = 'release/5.4'
 
 /**
  * Forward merge any changes between {@code originBranch} and {@code targetBranch}

diff --git a/.ci/JenkinsfileSonarCloud b/.ci/JenkinsfileSonarCloud
@@ -0,0 +1,74 @@
+@Library('[email protected]') _
+
+import com.r3.build.agents.KubernetesAgent
+import com.r3.build.enums.BuildEnvironment
+import com.r3.build.enums.KubernetesCluster
+import com.r3.build.BuildConstants
+import com.r3.build.utils.GitUtils
+import com.r3.build.utils.SnykUtils
+
+KubernetesAgent k8s = new KubernetesAgent(
+        BuildEnvironment.AMD64_LINUX_JAVA17,
+        KubernetesCluster.JenkinsAgents,
+        1
+)
+
+GitUtils gitUtils = new GitUtils(this)
+SnykUtils snykUtils = new SnykUtils(this)
+
+pipeline {
+    agent {
+        kubernetes {
+            cloud k8s.buildCluster.cloudName
+            yaml k8s.JSON
+            yamlMergeStrategy merge() // important to keep tolerations from the inherited template
+            idleMinutes 15
+            podRetention always()
+            nodeSelector k8s.nodeSelector
+            label k8s.jenkinsLabel
+            showRawYaml true
+            defaultContainer k8s.defaultContainer.name
+        }
+    }
+
+    environment {
+        ARTIFACTORY_CREDENTIALS = credentials('artifactory-credentials')
+        CORDA_ARTIFACTORY_PASSWORD = "${env.ARTIFACTORY_CREDENTIALS_PSW}"
+        CORDA_ARTIFACTORY_USERNAME = "${env.ARTIFACTORY_CREDENTIALS_USR}"
+        BUILD_CACHE_CREDENTIALS = credentials('gradle-ent-cache-credentials')
+        BUILD_CACHE_PASSWORD = "${env.BUILD_CACHE_CREDENTIALS_PSW}"
+        BUILD_CACHE_USERNAME = "${env.BUILD_CACHE_CREDENTIALS_USR}"
+        CORDA_GRADLE_SCAN_KEY = credentials('gradle-build-scans-key')
+        GRADLE_USER_HOME = "/host_tmp/gradle"
+        SNYK_TOKEN = credentials("r3-snyk-corda5")
+        SNYK_ORG_ID = credentials("corda5-snyk-org-id")
+    }
+
+    options {
+        timestamps()
+    }
+
+    triggers {
+        cron (gitUtils.isReleaseBranch() ? '@midnight' : '')
+    }
+
+    stages {
+        stage('SonarQube analysis') {
+            when {
+                expression { return env.BRANCH_NAME == gitUtils.getDefaultBranch(gitUtils.getRepoName())}
+            }
+            steps {
+                withSonarQubeEnv('SonarCloud') {
+                    sh './gradlew sonar -Si'
+                }
+            }
+        }
+        stage('Snyk Code analysis') {
+            steps {
+                script {
+                    snykUtils.runSnykCode()
+                }
+            }
+        }
+    }
+}
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1,2 +1,9 @@
-# Code freeze reviewers
-* @driessamyn @jasonbyrner3 @ronanbrowne @rick-r3 @simon-johnson-r3 @blsemo @Omar-awad @aditisdesai @vinir3 @vkolomeyko @thiagoviana @Sakpal @dickon
+* @corda/rest
+# Build scripts should be audited by Infrastructure & Release team
+*.gradle            @corda/infrastructure-release
+gradle.properties   @corda/corda5-team-leads
+Jenkinsfile         @corda/infrastructure-release
+/.ci/               @corda/infrastructure-release
+/.github/           @corda/infrastructure-release
+/.github/CODEOWNERS @corda/rest # keep CODEOWNERS owned by the Rest team
+/gradle/            @corda/infrastructure-release
diff --git a/.github/workflows/check-pr-title.yml b/.github/workflows/check-pr-title.yml
@@ -7,7 +7,7 @@ jobs:
   check-pr-title:
     runs-on: ubuntu-latest
     steps:
-      - uses: morrisoncole/pr-lint-action@v1.6.1
+      - uses: morrisoncole/pr-lint-action@v1.7.1
         with:
           title-regex: '^((CORDA|EG|ENT|INFRA|CORE|DOC|ES)-\d+)(.*)'
           on-failed-regex-comment: "PR title failed to match regex -> `%regex%`"

diff --git a/.github/workflows/remove-stale-branches.yml b/.github/workflows/remove-stale-branches.yml
@@ -8,7 +8,7 @@ jobs:
     name: Remove stale branches
     runs-on: ubuntu-latest
     steps:
-      - uses: fpicalausa/remove-stale-branches@v1.5.8
+      - uses: fpicalausa/remove-stale-branches@v2.0.1
         with:
           dry-run: false
           ignore-unknown-authors: true

diff --git a/.github/workflows/remove-stale-prs.yml b/.github/workflows/remove-stale-prs.yml
@@ -8,7 +8,7 @@ jobs:
     name: Remove stale PRs
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v8.0.0
+      - uses: actions/stale@v9.0.0
         with:
           debug-only: false
           exempt-pr-labels: 'DO_NOT_CLOSE'

diff --git a/build.gradle b/build.gradle
@@ -12,6 +12,7 @@ plugins {
     id 'io.snyk.gradle.plugin.snykplugin'
     id 'com.github.ben-manes.versions' // discover possible dependency version upgrades
     id 'org.cyclonedx.bom' apply false
+    id "org.sonarqube"
 }
 
 snyk {
@@ -22,6 +23,14 @@ snyk {
     autoUpdate = true
 }
 
+sonar {
+    properties {
+        property "sonar.projectKey", "corda"
+        property "sonar.organization", "corda"
+        property "sonar.host.url", "https://sonarcloud.io"
+    }
+}
+
 ext.pluginsDir = "$buildDir/plugins"
 
 if (System.getenv("RELEASE_VERSION")?.trim()) {

diff --git a/gradle.properties b/gradle.properties
@@ -1,7 +1,7 @@
 kotlin.stdlib.default.dependency=false
 
 # The version of cli-host we will publish
-cliHostVersion=5.2.1
+cliHostVersion=5.3.0
 
 # PF4J
 pf4jVersion=3.10.0
@@ -17,7 +17,7 @@ picoCliVersion=4.7.3
 
 commonsLangVersion=3.12.0
 snakeyamlVersion=2.0
-jacksonVersion=2.15.0
+jacksonVersion=2.17.0
 
 junitJupiterVersion=5.10.0
 
@@ -47,3 +47,6 @@ licenseUrl = http://www.apache.org/licenses/LICENSE-2.0.txt
 
 # Cyclonedx Bom generation version
 cyclonedxVersion = 1.7.4
+
+# Sonar verison
+sonarVersion = 5.0.0.4638
diff --git a/settings.gradle b/settings.gradle
@@ -59,6 +59,7 @@ pluginManagement {
         id 'io.snyk.gradle.plugin.snykplugin' version snykVersion
         id 'com.github.ben-manes.versions' version dependencyCheckVersion
         id "org.cyclonedx.bom" version cyclonedxVersion
+        id "org.sonarqube" version sonarVersion
     }
 }