diff options
author | Mark Benvenuto <mark.benvenuto@mongodb.com> | 2023-01-23 15:41:31 -0500 |
---|---|---|
committer | Evergreen Agent <no-reply@evergreen.mongodb.com> | 2023-02-09 21:30:20 +0000 |
commit | 03a47c8f3c9014ad80243fe8661e209c6f8e215f (patch) | |
tree | 51bef1e117f5a3c3909f986b8598b97ff3218278 | |
parent | 65b491d3e1363bf68a337b4a5e3177419ce817b0 (diff) | |
download | mongo-03a47c8f3c9014ad80243fe8661e209c6f8e215f.tar.gz |
SERVER-73216 Upgrade BlackDuck to Detect v8
(cherry picked from commit 5935850dae716e5f482ff11b0dc9bd9e317c6e17)
-rw-r--r-- | buildscripts/blackduck_hub.py | 5 | ||||
-rw-r--r-- | etc/evergreen_yml_components/definitions.yml | 19 | ||||
-rwxr-xr-x | evergreen/blackduck_hub.sh | 10 | ||||
-rwxr-xr-x | evergreen/blackduck_setup.sh | 1 |
4 files changed, 32 insertions, 3 deletions
diff --git a/buildscripts/blackduck_hub.py b/buildscripts/blackduck_hub.py index 15746f3773d..01e3e9feb1e 100644 --- a/buildscripts/blackduck_hub.py +++ b/buildscripts/blackduck_hub.py @@ -559,8 +559,7 @@ class BlackDuckConfig: rc = json.loads(rfh.read()) self.url = rc["baseurl"] - self.username = rc["username"] - self.password = rc["password"] + self.token = rc["token"] def _run_scan(): @@ -569,7 +568,7 @@ def _run_scan(): with tempfile.NamedTemporaryFile() as fp: fp.write(f"""#/!bin/sh -curl --retry 5 -s -L https://detect.synopsys.com/detect.sh | bash -s -- --blackduck.url={bdc.url} --blackduck.username={bdc.username} --blackduck.password={bdc.password} --detect.report.timeout={BLACKDUCK_TIMEOUT_SECS} --snippet-matching --upload-source --detect.wait.for.results=true +curl --retry 5 -s -L https://detect.synopsys.com/detect8.sh | bash -s -- --blackduck.url={bdc.url} --blackduck.api.token={bdc.token} --detect.report.timeout={BLACKDUCK_TIMEOUT_SECS} --snippet-matching --upload-source --detect.wait.for.results=true --logging.level.detect=TRACE --detect.diagnostic=true --detect.cleanup=false """.encode()) fp.flush() diff --git a/etc/evergreen_yml_components/definitions.yml b/etc/evergreen_yml_components/definitions.yml index 9f18d13b03a..bb6a63d5cfc 100644 --- a/etc/evergreen_yml_components/definitions.yml +++ b/etc/evergreen_yml_components/definitions.yml @@ -1825,6 +1825,24 @@ functions: - *tar_jepsen_results - *archive_jepsen_results + "save blackduck artifacts": + - command: archive.targz_pack + params: + target: blackduck.tgz + source_dir: /home/ec2-user/blackduck/runs/ + include: + - "**" + - command: s3.put + params: + aws_key: ${aws_key} + aws_secret: ${aws_secret} + local_file: blackduck.tgz + remote_file: ${project}/${build_variant}/${version_id}/blackduck-${task_id}-${execution}.tgz + bucket: mciuploads + permissions: public-read + content_type: ${content_type|application/gzip} + display_name: BlackDuck logs + ### Process & archive mongo coredumps ### "gather mongo coredumps": &gather_mongo_coredumps command: subprocess.exec @@ -2171,6 +2189,7 @@ post: - func: "save local client logs" - func: "save code coverage data" - func: "save jepsen artifacts" +- func: "save blackduck artifacts" - func: "save mongo coredumps" - func: "save failed unittests" - func: "save hang analyzer debugger files" diff --git a/evergreen/blackduck_hub.sh b/evergreen/blackduck_hub.sh index f7edf2d486e..ce3d81fc79c 100755 --- a/evergreen/blackduck_hub.sh +++ b/evergreen/blackduck_hub.sh @@ -14,4 +14,14 @@ if [ "$branch_name" != "master" ]; then additional_args="--vulnerabilities_only" fi +# BlackDuck crashes on this gzip file because it is not well-formed +# invalid compressed data--format violated +rm ./src/third_party/zstandard/zstd/tests/gzip/hufts-segv.gz + +# Remove package.json since it only exists for vscode +# MongoDB server does not use Node.JS code so we strip this file to not confuse BlackDuck Detect +# Otherwise we need to run npm install to install everything in package.json or disable the NPM +# scanner. +rm package.json + python buildscripts/blackduck_hub.py -v scan_and_report --build_logger=mci.buildlogger --build_logger_task_id=${task_id} --report_file=report.json $additional_args diff --git a/evergreen/blackduck_setup.sh b/evergreen/blackduck_setup.sh index 8ed396833a3..d2fc4cfaa87 100755 --- a/evergreen/blackduck_setup.sh +++ b/evergreen/blackduck_setup.sh @@ -9,6 +9,7 @@ cat > .restconfig.json << END_OF_CREDS "baseurl": "${blackduck_url}", "username": "${blackduck_username}", "password": "${blackduck_password}", +"token": "${blackduck_token}", "debug": false, "insecure" : false } |