generated from hmcts/spring-boot-template
-
Notifications
You must be signed in to change notification settings - Fork 6
/
Jenkinsfile_nightly
126 lines (110 loc) · 4.8 KB
/
Jenkinsfile_nightly
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
#!groovy
properties([
// H allow predefined but random minute see https://en.wikipedia.org/wiki/Cron#Non-standard_characters
pipelineTriggers([cron('27 07 * * 1-5')]),
parameters([
string(name: 'URL_TO_TEST', defaultValue: 'http://am-role-assignment-service-aat.service.core-compute-aat.internal', description: 'The URL you want to run these tests against'),
string(name: 'SecurityRules',
defaultValue: 'http://raw.githubusercontent.com/hmcts/security-test-rules/master/conf/security-rules.conf',
description: 'The URL you want to run these tests against'),
])
])
@Library("Infrastructure")
def type = "java"
def product = "am"
def component = "role-assignment-service"
def secrets = [
's2s-${env}': [
secret('microservicekey-am-role-assignment-service', 'BEFTA_S2S_CLIENT_SECRET'),
secret('microservicekey-am-role-assignment-service', 'S2S_SECRET'),
secret('microservicekey-am-org-role-mapping-service', 'AM_ORG_S2S_SECRET')
],
'am-${env}': [
secret('role-assignment-service-IDAM-CLIENT-SECRET', 'ROLE_ASSIGNMENT_IDAM_CLIENT_SECRET'),
secret('role-assignment-service-LD-SDK-KEY', 'LD_SDK_KEY'),
secret('test-am-user1-befta-pwd', 'TEST_AM_USER1_BEFTA_PWD'),
secret('test-am-user2-befta-pwd', 'TEST_AM_USER2_BEFTA_PWD'),
secret('test-am-user3-befta-pwd', 'TEST_AM_USER3_BEFTA_PWD'),
secret('role-assignment-service-IDAM-CLIENT-SECRET', 'OAUTH2_CLIENT_SECRET')
],
'ccd-${env}': [
secret('ccd-data-s2s-secret', 'CCD_DATA_S2S_SECRET')
],
'rpx-${env}': [
secret('xui-webapp', 'XUI_WEBAPP_S2S_SECRET')
]
]
static LinkedHashMap<String, Object> secret(String secretName, String envVar) {
[$class : 'AzureKeyVaultSecret',
secretType : 'Secret',
name : secretName,
version : '',
envVariable: envVar
]
}
def vaultOverrides = [
'preview' : 'aat',
'spreview': 'saat'
]
withNightlyPipeline(type, product, component) {
if (env.BRANCH_NAME.startsWith("PR")) {
env.LAUNCH_DARKLY_ENV = "pr"
}
else if (env.BRANCH_NAME == 'master') {
env.LAUNCH_DARKLY_ENV = "aat"
}
else {
env.LAUNCH_DARKLY_ENV = env.BRANCH_NAME
}
env.IDAM_URL = "https://idam-api.aat.platform.hmcts.net"
env.TEST_URL = "http://am-role-assignment-service-aat.service.core-compute-aat.internal"
env.IDAM_S2S_URL = "http://rpe-service-auth-provider-aat.service.core-compute-aat.internal"
env.S2S_URL = "http://rpe-service-auth-provider-aat.service.core-compute-aat.internal"
env.S2S_URL_BASE = "http://rpe-service-auth-provider-aat.service.core-compute-aat.internal"
env.BEFTA_S2S_CLIENT_ID = "am_role_assignment_service"
env.DEFINITION_STORE_HOST = "http://ccd-definition-store-api-aat.service.core-compute-aat.internal"
env.DEFINITION_STORE_URL_BASE = "http://ccd-definition-store-api-aat.service.core-compute-aat.internal"
env.CCD_DATA_STORE_URL = "http://ccd-data-store-api-aat.service.core-compute-aat.internal"
env.OAUTH2_CLIENT_ID = "am_role_assignment"
env.OAUTH2_REDIRECT_URI = "http://am-role-assignment-service-aat.service.core-compute-aat.internal/oauth2redirect"
env.OAUTH2_ACCESS_TOKEN_TYPE = "OIDC"
env.BEFTA_RESPONSE_HEADER_CHECK_POLICY = "JUST_WARN"
env.OAUTH2_SCOPE_VARIABLES = "openid%20profile%20roles%20authorities"
env.IDAM_CLIENT_ID = "am_role_assignment"
env.OPENID_SCOPE_VARIABLES = "openid+profile+roles+authorities"
env.MICROSERVICE_NAME = "am_role_assignment_service"
env.EXTERNAL_FLAG_QUERY_PATH = "am/role-assignments/fetchFlagStatus?flagName="
env.IDAM_API_URL_BASE = "https://idam-api.aat.platform.hmcts.net"
env.Rules = params.SecurityRules
// Var to turn FTAs that rely on the RAS-CCD case validation on/off, i.e. when CCD is not available.
env.AZURE_CASE_VALIDATION_FTA_ENABLED = "true"
overrideVaultEnvironments(vaultOverrides)
loadVaultSecrets(secrets)
enableSecurityScan()
enableFullFunctionalTest()
enableFortifyScan()
before('fullFunctionalTest') {
steps.archiveArtifacts allowEmptyArchive: true, artifacts: 'build/reports/tests/integration/**/*'
}
afterSuccess('build') {
stage("integration tests") {
sh "./gradlew integration"
steps.archiveArtifacts allowEmptyArchive: true, artifacts: 'build/reports/tests/integration/**/*'
}
}
afterAlways('fullFunctionalTest') {
steps.archiveArtifacts allowEmptyArchive: true, artifacts: '**/target/cucumber/**/*'
publishHTML target: [
allowMissing : true,
alwaysLinkToLastBuild: true,
keepAll : true,
reportDir : "target/cucumber/functional-html-reports",
reportFiles : "overview-features.html,overview-failures.html,",
reportTitles : "Features,Failures",
reportName : "Functional Test Report"
]
}
afterAlways('fortify-scan') {
steps.archiveArtifacts allowEmptyArchive: true, artifacts: '**/Fortify Scan/**/*'
}
}