JFrog Mission Control - Version Control with Gitlab - jfrog-mission-control

Using Mission Control, we want to use the Version Control integration with gitlb so that we have version history of all the scripts.
We are running the docker container version.
during this setup process we encountered some problems where the commits back to gitlab were failing, even though the UI said they were successful. (Long story, not really relevant but it boiled down to a restriction in the project to check whether author is a gitlab user).
The concern here is: if these commits fail AND the UI assumes they worked, there is an ability to modify and a script from MC without that change ever being reflected in version control.
How do I force MC to disallow execution of a script that has not been committed to the gitlab source control?
Mission Control V 2.1.0

Related

Mercurial support partially not working in Atom-Nuclide

I have installed the latest version of watchman, which can be found here:
/usr/local/bin/watchman
I performed the Install Recommended Packages on Startup and I watched them install after restarting.
This is a fresh new install of Atom and Nuclide with the latest version of everything.
I have a test project with files added to the Mercurial repository. The repository .hg directory sits at the root of the project. When I open a Diff View into a file, Nuclide picks up the previous Mercurial version of that file just fine as I make edits and it shows the comparison between the two. Previous version on the left is shown. So I know that Atom-Nuclide is able to interact with the Mercurial repository.
However, nothing else seems to be working for Mercurial support.
When I select "Toggle Blame" on the same file where Diff View is working, I get this message: "Failed to fetch blame to display. The file is empty or untracked or the repository cannot be reached."
The File Tree Highlighting does not work. No colors on any of the files in any of their mercurial states.
The colored Line Modification Notifications do not show inside of the Atom gutter.
The Added and Removed Lines feature is not showing in the status bar.
These features in Atom-Nuclide are the reason why I am interested in trying out Mercurial instead of Git and are big reasons for trying this IDE in general.
The same problem was reproduced on a different distro. I can't be the only one who bumps into this. No business can safely rely on a development environment where the level of community interest outside of FB cannot support an attempt to claim a Stack Overflow bounty on a question like this. The solution is to wait for better type support and type checking to come to PHP. Numerous RFCs exist to do exactly that and other IDEs will take advantage of this in future versions of PHP.

Fortify and source code repositories

I am starting with HP Fortify SCA and I want to know how connect it to a source code repository. I read and look for how to integrate it but I didn't find anything about it.
You could try using Jenkins (https://jenkins-ci.org/) to download your code from a repository and then call HP Fortify from Jenkins. You could even use Jenkins to trigger automatic analysis with HP Fortify whenever it detects a new version or once a day/week/month.
Fortify does not natively make a direct connection to the repo. The code has to be local to the scan so that it can be cleaned, translated, and compiled.
Jenkins could probably do it like #Syslog said, but personally I wouldn't until you are very familiar with how Fortify runs against your codebase. If you are just getting started with Fortify, run it manually for a few months until you learn its (many, many ) quirks.

IBM Worklight - How to silently update the application's web resources?

I want to silently update the web resources of my application using the Direct Update feature.
I did not manage to find any related documentation to do that.Can anyone give me an idea on how to proceed?
I generated an apk for my application say app version 1.0.
With some modifications in UI I generated one more apk say version 1.1.
Now again with some change i generated apk for third version say v 1.2.(latest)
Now My intention is if a user has apk 1.0 then it should update the user that this version is deprecated and i will provide a link to get the latest version.
If the user has apk version 1.1 then it has to alert the user that an update is available.
All these things I am able to achieve using direct update. But when I am trying the same for silent update it is not working.
The property you're looking for is updateSliently set to true in initOptions.js.
For this to work, it is required that connectOnStartup will be set to true as well.
It seems to be working in Worklight 6.0, but fail in Worklight 5.0.6; I have opened a defect for this.
In any case,
The steps you have described are INCORRECT. These are the steps for Direct Update, silent or not:
Create an app, add environment
Build all and deploy
Launch app on device
Change WEB RESOURCES in the app (images, HTML, JavaScript)
Re-build and deploy the app
Re-open the app / bring it back to the foreground
If you are changing the version id, the changes you will make to the web resources will not reach their destination.
Changes done to version="1.0", will reach only apps running version "1.0"; if you up the value then changes will only reach apps of that new value.

How do I choose an artifact from Nexus in a Hudson / Jenkins job?

I have a job in Hudson server A which builds an artifact and deploys it to Nexus. I have another job in a completely separate Hudson server B which needs to download the artifact and deploy it. This job is normally run manually, and the person running it needs to indicate which version of the artifact to deploy - they may not always want to deploy the latest version (e.g. to roll back to a previous known good version).
Currently, I achieve this by using a parameterized build, and require the user to pass in the artifact version number; the job then uses the Execute shell build step to run wget on a URL constructed using the parameter. This is error prone.
Ideally I'd like a plugin that lets the user browse the artifact versions in the Nexus repository and pick and choose the one to deploy, but I'm open to other suggestions. A plugin that also handles the download would be nice, but I can live without it as long as I can still get a string that I can use in shell commands.
I've looked through the available Hudson & Jenkins plugins around Maven style artifact repositories, but they all seem more concerned with pushing artifacts into repos rather than getting them back down.
I'm using Hudson's "Copy Artifact" in other jobs, to get artifacts from other Hudson jobs on the same server, but this doesn't work across different Hudson servers, which is why I've turned to Nexus (which we're already using anyway).
Does anyone have any suggestions?
I recommend using rundeck to execute your deployments.
There is a rundeck plugin for Nexus that enables rundeck to display a pull down menu of available versions in Nexus.
There is a rundeck plugin for Jenkins that can be used to invoke deployments using rundeck and kick-off post deployment jobs (like integration testing) inn Jenkins.

Execute command in Hudson as Post-build Actions

I am new in Hudson.
I would like to execute a 'sourcecodeanalyzer' command in Hudson as Post-build Actions to generate an html report. Please let me know is this at all possible, if yes let me know the Hudson configuration steps to execute the command.
Your earliest response in this regard will be extremely helpful.
Thanks in advance.
Yes, it is almost certainly possible.
You will need to configure the Hudson project to have either a post-build action or a build step that runs your source code analyzer.
You've not stated in your question precisely which analyzer - it may be that Hudson already has a plug-in installed for it, in which case it may be listed on the Config page for the project at the bottom under Post-build Actions.
If not, next check to see if there's a plug-in available for the analyzer that hasn't been installed. From the main Hudson page select Manage Hudson, then Manage Plugins, and choose the Available tab. If there is a plug-in available it's definitely a good idea to use it as they are generally very well integrated with Hudson itself.
As a last resort you'll have to configure a build step to run the analyzer. Configure the project, then choose "Add build step". The drop-down that appears depends on your environment (Windows or Linux) but should include the ability to run a shell command or batch file. You can configure your analyzer there.
(If you're building Windows Visual Studio applications, a more flexible way that I've used is to use the MSBuild plug-in for builds, and have an MSBuild script that builds the application and then runs analysis tools. This can automate pretty much everything: mine builds the application, builds an acceptance test database, runs the acceptance tests and copies the result HTML to a page linked from the project.)
You could create a new job with a "Execute Shell" build step. Type in the command you wish to run in the text box. Then all you have to do is trigger this job by selecting:
"Build after other projects are built"
And select the trigger job from the list.
Hope this helps!
As a follow up to Jeremy's post. If you don't see the ability to add post build steps, you might work with maven jobs. In that case you need the Hudson M2 Extra Steps Plugin. This will give you pre and post build steps.
I use the 'Post build task' plugin to delete some resources after a build. You could call any shell script or command lines. If you want you could make the call depends on some logging output.
there is one best way to solve this:
Upgrade to Fortify SCA 2.6.x (as of writing, latest version is 2.6.5).
Download the Fortify Maven Plugin version 2.6 from https://customerportal.fortify.com and install it into your Hudson server's Maven repository.
Update your project's pom to carry out the Fortify scan. There is an example provided with the Maven plugin.
Currently , I am experiment with sonar plug in. It looks great check the details here
http://sonar.codehaus.org/a-new-hudson-plugin-for-a-closer-integration-with-sonar/
http://wiki.hudson-ci.org/display/HUDSON/Sonar+plugin