Google Cloud Build is a service that executes your builds on the Google Cloud Platform infrastructure. Cloud Build can import source code from Google Cloud Storage, Cloud Source Repositories, GitHub, or Bitbucket. It executes a build to your specifications, and produces artifacts such as Docker containers or Java archives, and it enforces security and licensing compliance in the CI/CD pipeline.
Cloud Build executes your build as a series of build steps, where each build step runs in a container. A build step can do anything that can be done from a container irrespective of the environment. Google Cloud Build is a fully managed build service that compiles source code, runs tests, and produces software packages that are ready to deploy. With Google Cloud Build, you don’t need to provision, manage, and scale your own build servers. Google Cloud Build scales continuously and processes multiple builds concurrently, so your builds are not left waiting in a queue. You can get started quickly by using prepackaged build environments, or you can create custom build environments that use your own build tools. With Google Cloud Build, you are charged for the compute resources you use. For further information, refer to https://cloud.google.com/cloud-build/docs/.
Integration with WhiteSource allows customers to automate the scanning of any project using Google Cloud Build, tapping into the continuous integration pipeline. The integration allows customers to automatically fail builds in case of an organizational compliance or security policy violation. The scanning mechanism of WhiteSource automatically handles a large variety of programming languages, dependency managers and package managers.
Configuring the 'cloudbuild.yaml' File
- Add the following build steps to your cloudbuild.yaml file:
Download the 'wss_agent.sh' script file:
- Run 'curl' to download the Unified Agent configuration file:
- Initially, download the latest configuration file from https://github.com/whitesource/unified-agent-distribution/raw/master/standAlone/wss-unified-agent.config
- Save the Unified Agent configuration file to your local machine.
- Edit the 'includes', 'archiveIncludes', and 'archiveExtractionDepth' sections to support the relevant file or archive extensions. See Unified Agent Configuration File & Parameters.
- Store the updated Unified Agent configuration file in an online drive (e.g., Google Drive).
Run the script 'wss_agent.sh'. This script downloads the latest version of WhiteSource Unified Agent Jar file and uses your custom configuration file:
Afterwards, the script runs the Jar with the regular command line arguments of the Unified Agent. In the configuration file, you must use the organization API key ('apiKey') and determine the name of the WhiteSource project ('project'). See also User Level Access Control in Integrations and APIs.
The following is a sample 'cloudbuild.yaml' file with WhiteSource integration:
The register path is retrieved from the 'image' page as displayed in the following screenshot.
Running the Build
Run the build via the command:
Breaking builds with WhiteSource
In case of a WhiteSource scanning error, the scanning step returns an error code. See return codes below. Returning an exit code other than success results in a failure of the build step.
Success=0, Error=-1, Policy Violation=-2, Client Failure=-3, Connection Failure=-4
The exit codes WhiteSource returns in the Bash command language should be treated as 'x' modulo 256:
- Exit code 0 is equivalent to code 0 (0 mod 256 = 0)
- Exit code -1 is equivalent to code 255 (-1 mod 256 = 255)
- Exit code -2 is equivalent to code 254 (-2 mod 256 = 254)
- Exit code -3 is equivalent to code 253 (-3 mod 256 = 253)
- Exit code -4 is equivalent to code 252 (-4 mod 256 = 252)