From c10993848174f2265ebb871e78506600ebdb811a Mon Sep 17 00:00:00 2001
From: Irina Batinic
 <117161143+irina-batinic-sonarsource@users.noreply.github.com>
Date: Thu, 6 Jul 2023 17:53:26 +0200
Subject: [PATCH] SONARGRADL-125 Add mend task (#180)

---
 .cirrus.yml              | 33 +++++++++++++++++++++++++++++++++
 export_ws_variables.sh   | 23 +++++++++++++++++++++++
 wss-unified-agent.config | 14 ++++++++++++++
 3 files changed, 70 insertions(+)
 create mode 100755 export_ws_variables.sh
 create mode 100644 wss-unified-agent.config

diff --git a/.cirrus.yml b/.cirrus.yml
index ecd67ca2..0162c298 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -61,6 +61,12 @@ container_definition_17: &CONTAINER_DEFINITION_17
   region: eu-central-1
   namespace: default
 
+setup_gradle_cache_template: &SETUP_GRADLE_CACHE
+  gradle_cache:
+    folder: .gradle/caches
+  create_gradle_directory_script:
+    - mkdir -p "${CIRRUS_WORKING_DIR}/.gradle"
+
 only_sonarsource_qa: &ONLY_SONARSOURCE_QA
   only_if: $CIRRUS_USER_COLLABORATOR == 'true' && ($CIRRUS_PR != "" || $CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BRANCH =~ "dogfood-on-.*")
 
@@ -88,6 +94,33 @@ build_task:
       path: "**/test-results/**/*.xml"
       format: junit
 
+mend_scan_task:
+  <<: *SETUP_GRADLE_CACHE
+  depends_on:
+    - build
+  # run only on master and long-living branches
+  only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*" || $CIRRUS_BRANCH =~ "mend-.*")
+  eks_container:
+    image: ${CIRRUS_AWS_ACCOUNT}.dkr.ecr.eu-central-1.amazonaws.com/base:j18-latest
+    region: eu-central-1
+    cluster_name: ${CIRRUS_CLUSTER_NAME}
+    namespace: default
+    cpu: 4
+    memory: 2G
+  env:
+    WS_APIKEY: VAULT[development/kv/data/mend data.apikey]
+  maven_cache:
+    folder: ${CIRRUS_WORKING_DIR}/.m2/repository
+  mend_script:
+    - source cirrus-env QA
+    - ./gradlew clean build -x test
+    - source ./export_ws_variables.sh
+    - source ws_scan.sh
+  allow_failures: "true"
+  always:
+    ws_scan_artifacts:
+      path: "whitesource/**/*"
+
 gradle_qa_java11_task:
   depends_on:
     - build
diff --git a/export_ws_variables.sh b/export_ws_variables.sh
new file mode 100755
index 00000000..27ec8894
--- /dev/null
+++ b/export_ws_variables.sh
@@ -0,0 +1,23 @@
+#! /usr/bin/env bash
+
+set -euox pipefail
+
+get_project_version() {
+  local version_property
+  version_property=$(./gradlew properties | grep --extended-regexp "^version: (.*)")
+  if [[ -z "${version_property}" ]]; then
+    echo "Could not find property version in project" >&2
+    exit 2
+  fi
+  local version
+  version=$(echo "${version_property}" | tr --delete "[:space:]" | cut --delimiter=":" --fields=2)
+  version="${version/-SNAPSHOT/}"
+  # Because the ws scan script expects a semver-like version (aa.bb.cc.XX), we append the build number to the project version.
+  if [[ "${version}" =~ ^[0-9]+\.[0-9]+$ ]]; then
+    version="${version}.0"
+  fi
+  version="${version}.${BUILD_NUMBER:-0}"
+  echo "${version}"
+}
+
+export PROJECT_VERSION="$(get_project_version)"
diff --git a/wss-unified-agent.config b/wss-unified-agent.config
new file mode 100644
index 00000000..1575af0d
--- /dev/null
+++ b/wss-unified-agent.config
@@ -0,0 +1,14 @@
+excludes=**/integrationTests/** **/*javadoc.jar
+fileSystemScan=False
+resolveAllDependencies=False
+
+gradle.aggregateModules=True
+gradle.preferredEnvironment=wrapper
+gradle.resolveDependencies=True
+gradle.excludeModules=integrationTests
+
+wss.url=https://saas-eu.whitesourcesoftware.com/agent
+
+forceUpdate=true
+checkPolicies=true
+forceUpdate.failBuildOnPolicyViolation=true