#!groovy
/**
 * Jenkins pipeline to build Corda OS release branches and tags.
 * PLEASE NOTE: we DO want to run a build for each commit!!!
 */
@Library('corda-shared-build-pipeline-steps')

/**
 * Sense environment
 */
boolean isReleaseBranch = (env.BRANCH_NAME =~ /^release\/os\/.*/)
boolean isReleaseTag = (env.TAG_NAME =~ /^release-.*(?<!_JDK11)$/)
boolean isInternalRelease = (env.TAG_NAME =~ /^internal-release-.*$/)
boolean isReleaseCandidate = (env.TAG_NAME =~ /^(release-.*(RC|HC).*(?<!_JDK11))$/)
boolean isReleasePatch = (env.TAG_NAME =~ /^release.*([1-9]\d*|0)(\.([1-9]\d*|0)){2}$/)

/*
** calculate the stage for NexusIQ evaluation
**  * build for snapshots
**  * stage-release:  for release candidates and for health checks
**  * release: for GA release
*/
def nexusDefaultIqStage = "build"
if (isReleaseTag) {
    switch (env.TAG_NAME) {
        case ~/.*-RC\d+(-.*)?/: nexusDefaultIqStage = "stage-release"; break;
        case ~/.*-HC\d+(-.*)?/: nexusDefaultIqStage = "stage-release"; break;
        default: nexusDefaultIqStage = "release"
    }
}

/**
 * make sure calculated default value of NexusIQ stage is first in the list
 * thus making it default for the `choice` parameter
 */
def nexusIqStageChoices = [nexusDefaultIqStage].plus(
                [
                        'develop',
                        'build',
                        'stage-release',
                        'release',
                        'operate'
                ].minus([nexusDefaultIqStage]))

/**
 * Common Gradle arguments for all Gradle executions
 */
String COMMON_GRADLE_PARAMS = [
        '--no-daemon',
        '--stacktrace',
        '--info',
        '-Pcompilation.warningsAsErrors=false',
        '-Ptests.failFast=true',
].join(' ')

pipeline {
    agent { label 'standard' }

    /*
     * List options in alphabetical order
     */
    options {
        buildDiscarder(logRotator(daysToKeepStr: '14', artifactDaysToKeepStr: '14'))
        parallelsAlwaysFailFast()
        timeout(time: 6, unit: 'HOURS')
        timestamps()
    }

    parameters {
        choice choices: nexusIqStageChoices, description: 'NexusIQ stage for code evaluation', name: 'nexusIqStage'
        booleanParam defaultValue: true, description: 'Run tests during this build?', name: 'DO_TEST'
    }

    /*
     * List environment variables in alphabetical order
     */
    environment {
        ARTIFACTORY_BUILD_NAME = "Corda :: Publish :: Publish Release to Artifactory :: ${env.BRANCH_NAME}"
        ARTIFACTORY_CREDENTIALS = credentials('artifactory-credentials')
        CORDA_ARTIFACTORY_PASSWORD = "${env.ARTIFACTORY_CREDENTIALS_PSW}"
        CORDA_ARTIFACTORY_USERNAME = "${env.ARTIFACTORY_CREDENTIALS_USR}"
        DOCKER_URL = "https://index.docker.io/v1/"
        EMAIL_RECIPIENTS = credentials('corda4-email-recipient')
        SNYK_API_KEY = "c4-os-snyk"
    }

    stages {
        stage('Compile') {
            steps {
                sh script: [
                        './gradlew',
                        COMMON_GRADLE_PARAMS,
                        'clean',
                        'jar'
                ].join(' ')
            }
        }

        stage('Stash') {
            when {
                expression { params.DO_TEST }
            }
            steps {
                stash name: 'compiled', useDefaultExcludes: false
            }
        }
        stage('Sonatype Check') {
            steps {
                script {
                    sh "./gradlew --no-daemon properties | grep -E '^(version|group):' >version-properties"
                    /* every build related to Corda X.Y (GA, RC, HC, patch or snapshot) uses the same NexusIQ application */
                    def version = sh (returnStdout: true, script: "grep ^version: version-properties | sed -e 's/^version: \\([0-9]\\+\\(\\.[0-9]\\+\\)\\+\\).*\$/\\1/'").trim()
                    def groupId = sh (returnStdout: true, script: "grep ^group: version-properties | sed -e 's/^group: //'").trim()
                    def artifactId = 'corda'
                    nexusAppId = "${groupId}-${artifactId}-${version}"
                }
                nexusPolicyEvaluation (
                        failBuildOnNetworkError: false,
                        iqApplication: selectedApplication(nexusAppId), // application *has* to exist before a build starts!
                        iqScanPatterns: [[scanPattern: 'node/capsule/build/libs/corda*.jar']],
                        iqStage: params.nexusIqStage
                )
            }
        }
        stage('Generate Wiki Report') {
            when {
                expression { isReleaseTag && !isInternalRelease && !isReleaseCandidate }
                beforeAgent true
            }
            agent {
                docker {
                    image 'nexusiq-sonatype-cli:latest'
                    reuseNode true
                    registryUrl 'https://engineering-docker.software.r3.com/'
                    registryCredentialsId 'artifactory-credentials'
                }
            }
            options {
                retry(3)
            }
            environment {
                NEXUS_APP_ID="${nexusAppId}"
                NEXUS_APP_STAGE="${params.nexusIqStage}"
                NEXUSIQ_CREDENTIALS = credentials('jenkins-nexusiq-credentials')
            }
            steps {
                sh '''\
                    rm -f wiki-report.md
                    env NEXUSIQ_USERNAME="${NEXUSIQ_CREDENTIALS_USR}" \
                        NEXUSIQ_PASSWORD="${NEXUSIQ_CREDENTIALS_PSW}" \
                            /opt/app/wrapper wiki-report \
                                --app "${NEXUS_APP_ID}" \
                                --stage "${NEXUS_APP_STAGE}" >wiki-report.md
                '''.stripIndent()
                archiveArtifacts 'wiki-report.md'
            }
        }
        stage('Generate Licence Report') {
            when {
                expression { isReleaseTag && !isInternalRelease && !isReleaseCandidate }
                beforeAgent true
            }
            agent {
                docker {
                    image 'nexusiq-licence-report:latest'
                    reuseNode true
                    registryUrl 'https://engineering-docker.software.r3.com/'
                    registryCredentialsId 'artifactory-credentials'
                }
            }
            options {
                retry(3)
            }
            environment {
                NEXUS_APP_ID="${nexusAppId}"
                NEXUS_APP_STAGE="${params.nexusIqStage}"
                NEXUSIQ_CREDENTIALS = credentials('jenkins-nexusiq-credentials')
            }
            steps {
                sh '''\
                    rm -rf report
                    env NEXUSIQ_USERNAME="${NEXUSIQ_CREDENTIALS_USR}" \
                        NEXUSIQ_PASSWORD="${NEXUSIQ_CREDENTIALS_PSW}" \
                            /opt/app/wrapper --write --outdir report \
                                --force \
                                --app "${NEXUS_APP_ID}" \
                                --stage "${NEXUS_APP_STAGE}"
                '''.stripIndent()
                archiveArtifacts 'report/*.md'
            }
        }

        stage('Snyk Security') {
            when {
                expression { isReleaseTag || isReleaseCandidate || isReleaseBranch }
            }
            steps {
                script {
                    // Invoke Snyk for each Gradle sub project we wish to scan
                    def modulesToScan = ['node', 'capsule', 'bridge', 'bridgecapsule']
                    modulesToScan.each { module ->
                        snykSecurityScan("${env.SNYK_API_KEY}", "--sub-project=$module --configuration-matching='^runtimeClasspath\$' --prune-repeated-subdependencies --debug --target-reference='${env.BRANCH_NAME}' --project-tags=Branch='${env.BRANCH_NAME.replaceAll("[^0-9|a-z|A-Z]+","_")}'")
                    }
                }
            }
        }

        stage('All Tests') {
            when {
                expression { params.DO_TEST }
                beforeAgent true
            }
            parallel {
                stage('Another agent') {
                    agent {
                        label 'standard'
                    }
                    options {
                        skipDefaultCheckout true
                    }
                    post {
                        always {
                            archiveArtifacts artifacts: '**/*.log', fingerprint: false
                            junit testResults: '**/build/test-results/**/*.xml', keepLongStdio: true
                            /*
                             * Copy all JUnit results files into a single top level directory.
                             * This is necessary to stop the allure plugin from hitting out
                             * of memory errors due to being passed many directories with
                             * long paths.
                             *
                             * File names are pre-pended with a prefix when
                             * copied to avoid collisions between files where the same test
                             * classes have run on multiple agents.
                             */
                            fileOperations([fileCopyOperation(
                                    includes: '**/build/test-results/**/*.xml',
                                    targetLocation: 'allure-input',
                                    flattenFiles: true,
                                    renameFiles: true,
                                    sourceCaptureExpression: '.*/([^/]+)$',
                                    targetNameExpression: 'other-agent-$1')])
                            stash name: 'allure-input', includes: 'allure-input/**', useDefaultExcludes: false
                        }
                        cleanup {
                            deleteDir() /* clean up our workspace */
                        }
                    }
                    stages {
                        stage('Unstash') {
                            steps {
                                unstash 'compiled'
                            }
                        }
                        stage('Recompile') {
                            steps {
                                sh script: [
                                        './gradlew',
                                        COMMON_GRADLE_PARAMS,
                                        'jar'
                                ].join(' ')
                            }
                        }
                        stage('Unit Test') {
                            steps {
                                sh script: [
                                        './gradlew',
                                        COMMON_GRADLE_PARAMS,
                                        'test'
                                ].join(' ')
                            }
                        }
                        stage('Smoke Test') {
                            steps {
                                sh script: [
                                        './gradlew',
                                        COMMON_GRADLE_PARAMS,
                                        'smokeTest'
                                ].join(' ')
                            }
                        }
                        stage('Slow Integration Test') {
                            steps {
                                sh script: [
                                        './gradlew',
                                        COMMON_GRADLE_PARAMS,
                                        'slowIntegrationTest'
                                ].join(' ')
                            }
                        }
                    }
                }
                stage('Same agent') {
                    post {
                        always {
                            archiveArtifacts artifacts: '**/*.log', fingerprint: false
                            junit testResults: '**/build/test-results/**/*.xml', keepLongStdio: true
                            /*
                             * Copy all JUnit results files into a single top level directory.
                             * This is necessary to stop the allure plugin from hitting out
                             * of memory errors due to being passed many directories with
                             * long paths.
                             *
                             * File names are pre-pended with a prefix when
                             * copied to avoid collisions between files where the same test
                             * classes have run on multiple agents.
                             */
                            fileOperations([fileCopyOperation(
                                    includes: '**/build/test-results/**/*.xml',
                                    targetLocation: 'allure-input',
                                    flattenFiles: true,
                                    renameFiles: true,
                                    sourceCaptureExpression: '.*/([^/]+)$',
                                    targetNameExpression: 'same-agent-$1')])
                        }
                    }
                    stages {
                        stage('Integration Test') {
                            steps {
                                sh script: [
                                        './gradlew',
                                        COMMON_GRADLE_PARAMS,
                                        'integrationTest'
                                ].join(' ')
                            }
                        }

                        stage('Deploy Node') {
                            steps {
                                sh script: [
                                        './gradlew',
                                        COMMON_GRADLE_PARAMS,
                                        'deployNode'
                                ].join(' ')
                            }
                        }
                    }
                }
            }
        }

        stage('Publish to Artifactory') {
            when {
                expression { isReleaseTag }
            }
            steps {
                rtServer(
                        id: 'R3-Artifactory',
                        url: 'https://software.r3.com/artifactory',
                        credentialsId: 'artifactory-credentials'
                )
                rtGradleDeployer(
                        id: 'deployer',
                        serverId: 'R3-Artifactory',
                        repo: 'corda-releases'
                )
                rtGradleRun(
                        usesPlugin: true,
                        useWrapper: true,
                        switches: '-s --info',
                        tasks: 'artifactoryPublish',
                        deployerId: 'deployer',
                        buildName: env.ARTIFACTORY_BUILD_NAME
                )
                rtPublishBuildInfo(
                        serverId: 'R3-Artifactory',
                        buildName: env.ARTIFACTORY_BUILD_NAME
                )
            }
        }

        stage('Publish Release to Docker Hub') {
            when {
                expression { isReleaseTag && !isInternalRelease && !isReleaseCandidate && !isReleasePatch}
            }
            steps {
                withCredentials([
                        usernamePassword(credentialsId: 'corda-publisher-docker-hub-credentials',
                                usernameVariable: 'DOCKER_USERNAME',
                                passwordVariable: 'DOCKER_PASSWORD')
                ]) {
                    sh script: [
                            './gradlew',
                            COMMON_GRADLE_PARAMS,
                            'pushOfficialImages'
                            ].join(' ')
                }
            }
        }
    }

    post {
        always {
            script {
                try {
                    if (params.DO_TEST) {
                        unstash 'allure-input'
                        allure includeProperties: false,
                                jdk: '',
                                results: [[path: '**/allure-input']]
                    }
                } catch (err) {
                    echo("Allure report generation failed: $err")

                    if (currentBuild.resultIsBetterOrEqualTo('SUCCESS')) {
                        currentBuild.result = 'UNSTABLE'
                    }
                }
            }

            script
            {
                if (!isReleaseTag) {
                    // We want to send a summary email, but want to limit to once per day.
                    // Comparing the dates of the previous and current builds achieves this,
                    // i.e. we will only send an email for the first build on a given day.
                    def prevBuildDate = new Date(
                            currentBuild.previousBuild?.timeInMillis ?: 0).clearTime()
                    def currentBuildDate = new Date(
                            currentBuild.timeInMillis).clearTime()

                    if (prevBuildDate != currentBuildDate) {
                        def statusSymbol = '\u2753'
                        switch(currentBuild.result) {
                            case 'SUCCESS':
                                statusSymbol = '\u2705'
                                break;
                            case 'UNSTABLE':
                                statusSymbol = '\u26A0'
                                break;
                            case 'FAILURE':
                                statusSymbol = '\u274c'
                                break;
                            default:
                                break;
                        }

                        echo('First build for this date, sending summary email')
                        emailext to: '$DEFAULT_RECIPIENTS',
                            subject: "$statusSymbol" + '$BRANCH_NAME regression tests - $BUILD_STATUS',
                            mimeType: 'text/html',
                            body: '${SCRIPT, template="groovy-html.template"}'
                    } else {
                        echo('Already sent summary email today, suppressing')
                    }
                }
            }
        }
        success {
        	script {
        		sendSlackNotifications("good", "BUILD PASSED", false, "#corda-corda4-open-source-build-notifications")
                if (isReleaseTag || isReleaseCandidate || isReleaseBranch) {
                    snykSecurityScan.generateHtmlElements()
                }
        	}
        }
        unstable {
        	script {
        		sendSlackNotifications("warning", "BUILD UNSTABLE - Unstable Builds are likely a result of Nexus Sonar Scanner violations", false, "#corda-corda4-open-source-build-notifications")
                if (isReleaseTag || isReleaseCandidate || isReleaseBranch) {
                    snykSecurityScan.generateHtmlElements()
                }
        	}
        }
        failure {
        	script {
        		sendSlackNotifications("danger", "BUILD FAILURE", true, "#corda-corda4-open-source-build-notifications")
        		if (isReleaseTag || isReleaseBranch || isReleaseCandidate) {
        			sendEmailNotifications("${env.EMAIL_RECIPIENTS}")
        		}
        	}
        }
        cleanup {
            deleteDir() /* clean up our workspace */
        }
    }
}
