I am using maven with a Fortify360 plug-in to analyze the source code. The sca:translate step runs fine and seems to generate the correct sca-translate-java.txt files, but the sca:scan step does not actually run the scan on any of the sub-projects.
I am given no reason why, just error message like :
* Skipping scan of sub-project
I am new to Fortify. Anyone have experience with this, and have some ideas for why it could be skipping the scans?
Thanks!
If your projects are inheriting from a top level pom, you need to also use the -Dsca.toplevel=foo parameter, and also you need to set the build ID manually.
So in the translate step, add the extra -D parameter to set a build id.
In the scan step, add the same -D parameter to set a build id.
Also in the scan step, add the "top level" -D parameter.
As it is nicely self-documented in sources here ScanMojo if you want aggregated result for entire project you need to specify both <buildId>...</buildId>and <toplevelArtifactId>...</toplevelArtifactId> and they should match otherwise it skips sub-projects.
Related
I have a build configuration that runs on multiple branches. I would like to set a failure condition that compares code coverage numbers, but only within the current branch.
What i've done:
Added a build step that sets a custom parameter "CurrentBranch" to the value of the current branch (either %teamcity.build.branch% or %teamcity.pullRequest.target.branch% if its a PR build)
Added a build step that successfully adds a tag to the build (using the REST API) with the value of %CurrentBranch%.
Added a failure condition that compares the current code coverage with the last successful build with tag %CurrentBranch%
However, when I execute the build, I get a warning:
Invalid settings for build failure on metric
buildTag: Tag must be specified
If i explicitly set the tag in the "failure condition" properties to one of the branches, it works as expected.
Anyone know what I'm doing wrong?
I've also tried using the original %teamcity.build.branch% parameter. That did not produce the warning. So it seems to support parameters, but not parameters set during the build?
Edit: If I initialize my custom %CurrentBranch% parameter with %teamcity.build.branch% I no longer get the warning. Will need to check if (in the case of pull-requests) it actually uses the correct branch for metrics comparison.
The behavior still seems odd. If anyone can shine a little light on this, I'd be very thankful!
I want to ignore test files in codeql result.
but this query includes test files.
import codeql.ruby.AST
from RegExpLiteral t, File f
where not f.getBaseName().regexpMatch("spec")
select t
ignore test files in the result
regexpMatch requires that the given pattern matches the entire receiver. In your case that means it would only succeed if the file name is exactly "spec". Maybe you rather want to test for ".*spec.*" (or use matches("%spec%")).
I am not sure though if that answers your question. As far as I know there is in general no direct way to ignore test sources. You could however do one of the following things:
Exclude the test directory when building the CodeQL database; for GitHub code scanning see the documentation
For GitHub code scanning filter out non-application code alerts in the repository alerts list (see documentation)
Manually add conditions to your query which exclude tests, for example a file name check as you have done or checking the code for certain test-related constructs
Context:
We build our maven apps in which version number is injected by a build.properties file. Problem with this approach is that for every release, version number needs to be bumped manually.
Browsing online to fix this problem, i bumped into version number plugin which offers some cool ways to fix the issue.
For instance -Dproject.version=${BUILD_YEAR}.${BUILDS_THIS_YEAR} will solve the issue for me
Problem
I have issue setting up the values for the defined variables
Quoting from the doc:
Initialization Values
Before the build is started, the number of
builds this year / month / week / day can be specified on the command
line or via the job's plugin-configuration web-GUI. If they are
specified, then they will override whatever values are currently in
production. This allows you to migrate your version number from
another system to Jenkins if you choose to do so.
Additionally, it is possible to automatically override the number of
builds this year / month / week / day with values taken from
environment-variables. Instead of just providing a simple number in
the form-fields of the job's plugin-configuration which overrides the
value for the next build (as described above), you can instead provide
an environment-variable whose value will be extracted and used during
the next builds. If it is not set or its value is not convertible to a
positive integer (without loosing precision), the value of the
previous build will be taken instead and increased by one (as is the
standard behavior).
In the last sentence, it says
If it is not set or its value is not convertible to a positive integer (without
loosing precision), the value of the previous build will be taken instead
and increased by one (as is the standard behavior)
So, going by this i built an jar with injected values of BUILD_YEAR and BUILDS_THIS_YEAR, worked as expected (jenkin says Building my_app_2019.1-SNAPSHOT). After that, i removed the variables assuming that they would be picked but unfortunatley jenkin says Building my_app_${BUILD_YEAR}.${BUILDS_THIS_YEAR}-SNAPSHOT.
There is no relevant doc around this or may be i have missed something totally obvious
Question
How do i ensure these var are injected correctly in my maven builds? or rather how do i populate the values using the plugin?
This is not a jenkins pipeline, its a simple jar builds.
Missed setting up Create a formatted version number as below :
updated as per image above and changed command to -Dproject.version=${VERSION_NUMBER}-SNAPSHOT.... voila!!!!!
I want to add a choice parameter to a Jenkins job. The list is fixed, but I want the dropbox to display custom value, and not the actual ones (analogous to name of a web page and not its URL).
In the certain case this is the path of the pom.xml file, however, I want to display the module name instead of the full path. An example:
Actual value | What I want to be displayed
-------------------------------------|----------------------------
full/path/to/my/modules/pom.xml | All modules
full/path/to/my/modules/util/pom.xml | Utilities
full/path/to/my/modules/data/pom.xml | Data handling
Thanks for the help in advance!
You can do this with the Extended Choice Parameter plugin.
To set it the way you want, under "This build is parameterized", choose Extended Choice Parameter, and set it up like this:
Note it may look a little different depending on what version of Jenkins you have but it shouldn't be too different (this screenshot was on 2.0-beta-2).
With the Active Choices plugin, you can set this up with a groovy map:
Set a "Active Choices Parameter" with the following groovy script:
return['full/path/to/my/modules/pom.xml' : 'All modules',
'full/path/to/my/modules/util/pom.xml' : 'Utilities',
'full/path/to/my/modules/data/pom.xml' : 'Data handling']
The "value" of the map will be displayed in the build parameters choices:
And "key" of the map will be set in the variable:
> echo "$URL"
full/path/to/my/modules/pom.xml
I found it painful that there were no easy solution to this problem for so many years, like writing a display|value line with the choice plugin, so I finally wrote my own plugin: https://github.com/Avalancs/ChoiceWithDisplay
You can get the .hpi file from the release tab, and if you don't know how to install .hpi files check this SO post: https://stackoverflow.com/a/19588907/7216760
As I learned from DevGuide testing ReSharper plugins works as follows:
Plugin is loaded and test input file is passed to it
Plugin performs it's actions on the passed file
ReSharper's test environment writes plugin actions results to .tmp file in a special format that depends on the type of functionality tested (for example, if we test completion, .tmp file will contain the list of generated completion items)
ReSharper's test environment compares .tmp file with .gold file to decide if test is failed or succeeded
But I need the following scenario. The first two steps are the same as the above ones, then:
I write code that obtains the results of plugin's actions and check are they what I'm expected so I can make test fail if needed
How can I achieve this?
I need it because I have a code that uses AST generated by ReSharper to build some graphs and I want to test are the graphs built correctly.
Yes, you can do this. You need to create your own test base class, instead of using one of the provided ones.
There is a hierarchy of base classes, each adding extra functionality. Usually, you'll derive from something like QuickFixAvailabilityTestBase or QuickFixTestBase, which add the functionality for testing quick fixes. These are the classes that will do something and write the output to a .tmp file that is then compared to the .gold file.
These classes themselves derive from something like BaseTestWithSingleProject, which provides the functionality to setup an in-memory solution and project that's populated with files you specify in your test, or BaseTestWithTextControl which also gives you a text control for the file you're testing. If you derive from this class directly (or with your own custom base class), you can perform the action you need for the actual test, and either assert something in memory, or write the appropriate text to the .tmp file to compare against the .gold.
You should override the DoTest method. This will give you an IProject that is already set up, and you can do whatever you need to in order to test your extension's functionality. You can use project.Solution.GetComponent<> to get at any shell or solution component, and use the ExecuteWithGold method to execute something, write to the .tmp file and have ReSharper compare to the .gold file for you.