From 49689c44074ddbc5afef45d88e4a0f9bcf94e51a Mon Sep 17 00:00:00 2001
From: "antoine.vinot" <antoine.vinot@sonarsource.com>
Date: Mon, 20 May 2024 15:13:57 +0200
Subject: [PATCH] SCSCANGHA-9 Enable Mend scan

---
 .cirrus.star                     |  4 ++++
 .cirrus.yml                      | 35 ++++++++++++++++++++++++++++++++
 .cirrus/wss-unified-agent.config |  4 ++++
 3 files changed, 43 insertions(+)
 create mode 100644 .cirrus.star
 create mode 100644 .cirrus.yml
 create mode 100644 .cirrus/wss-unified-agent.config

diff --git a/.cirrus.star b/.cirrus.star
new file mode 100644
index 0000000..28b17b7
--- /dev/null
+++ b/.cirrus.star
@@ -0,0 +1,4 @@
+load("github.com/SonarSource/cirrus-modules@v2", "load_features")
+
+def main(ctx):
+    return load_features(ctx)
diff --git a/.cirrus.yml b/.cirrus.yml
new file mode 100644
index 0000000..e2c861c
--- /dev/null
+++ b/.cirrus.yml
@@ -0,0 +1,35 @@
+env:
+  CIRRUS_VAULT_URL: https://vault.sonar.build:8200
+  CIRRUS_VAULT_AUTH_PATH: jwt-cirrusci
+  CIRRUS_VAULT_ROLE: cirrusci-${CIRRUS_REPO_OWNER}-${CIRRUS_REPO_NAME}
+
+  # Staging image configuration
+  STAGING_IMAGE_NAME: sonarsource/sonarcloud-github-action
+  CURRENT_TAG: master
+
+vm_instance_template: &VM_TEMPLATE
+  experimental: true # see https://github.com/cirruslabs/cirrus-ci-docs/issues/1051
+  image: docker-builder-v*
+  type: t2.small
+  region: eu-central-1
+  subnet_id: ${CIRRUS_AWS_SUBNET}
+  disk: 10
+  cpu: 4
+  memory: 16G
+
+mend_task:
+  ec2_instance:
+    <<: *VM_TEMPLATE
+  # run only on master and long-term branches
+  only_if: $CIRRUS_USER_COLLABORATOR == 'true' && $CIRRUS_TAG == "" && ($CIRRUS_BRANCH == "master" || $CIRRUS_BRANCH =~ "branch-.*")
+  env:
+    MEND_API_KEY: VAULT[development/kv/data/mend data.apikey]
+  setup_script:
+    - docker build --tag "${STAGING_IMAGE_NAME}:${CURRENT_TAG}" .
+    - apt-get remove -y unattended-upgrades
+    - apt-get update && apt-get install -y --no-install-recommends openjdk-17-jre
+    - curl -sSL https://unified-agent.s3.amazonaws.com/wss-unified-agent.jar -o wss-unified-agent.jar
+    - echo "docker.includes=${CURRENT_TAG}" >> .cirrus/wss-unified-agent.config
+  scan_script:
+    - echo "Scan the ${STAGING_IMAGE_NAME}:${CURRENT_TAG} image"
+    - java -jar wss-unified-agent.jar -c .cirrus/wss-unified-agent.config -apiKey $MEND_API_KEY
diff --git a/.cirrus/wss-unified-agent.config b/.cirrus/wss-unified-agent.config
new file mode 100644
index 0000000..d23b6de
--- /dev/null
+++ b/.cirrus/wss-unified-agent.config
@@ -0,0 +1,4 @@
+docker.projectNameFormat=repositoryNameAndTag
+docker.scanImages=true
+wss.url=https://saas-eu.whitesourcesoftware.com/agent
+productName=GitHubAction/SonarCloudGitHubAction