JFrog Xray缺少人工制品最新版本的组件报告

时间:2019-07-05 10:46:08

标签: jenkins artifactory jfrog-xray

我们使用詹金斯(Jenkins),然后发布文物并向Artifactory建立信息,然后进行X射线扫描。我们发现的问题是,我们似乎仅获得某些文物的内部编号的X射线“组件”报告。没有错误,只是报告似乎不在Xray中(通过“组件”搜索并使用Artefact名称时)。

例如,如果人工制品是hellofred :: develop :: 55,那么我们可以进行X射线扫描(如下所示),并且该人工制品的报告确实存在于Xray中。但是,当我们从Jenkins进行另一个构建时(无需更改代码,而是重新构建并部署和扫描),我们会看到一切成功,并且看不到任何错误。但是,在Xray中看不到hellofred :: develop :: 56。它仍然说最新的是55!排除故障的最佳方法是什么?

作为标准,我们使用Jenkins JFrog插件代码来执行X射线扫描。例如,我们的管道代码看起来像...

 def scanConfig = [
                        'buildName': script.artifactoryBuildInfo.name,
                        'buildNumber': script.artifactoryBuildInfo.number,
                        'failBuild'  : true
                    ]
                    def scanResult = artifactory.xrayScan scanConfig

该报告的Jenkins控制台输出示例甚至向我们显示了hellofred :: develop :: 56链接的URL,但是当我们单击它时,它将带我们到最新的hellofred :: develop :: 55。 。 (这是因为似乎没有关于56的报告) 例如。 Jenkins控制台输出的一些摘录是:

11:03:31  [Pipeline] }
11:03:31  [Pipeline] // stage
11:03:31  [Pipeline] stage (hide)
11:03:31  [Pipeline] { (Xray scan) (hide)
11:03:31  [Pipeline] echo (hide)
11:03:31  Xray scan: true
11:03:31  [Pipeline] xrayScanBuild (hide)
11:03:40  Build hellofred:: develop number 56 was scanned by Xray and passed with no Alerts
11:03:40  Xray scan details are available at: http://xray-1.blah.blah:8000/web/#/component/details/build:~2F~2Fhellofred%20::%20develop%2F56
11:03:40  [Pipeline] echo (hide)
11:03:40  XRAY failed: SUCCESS
11:03:40  [Pipeline] echo (hide)
11:03:40  {
11:03:40    "summary" : {
11:03:40      "message" : "Build hellofred :: develop number 56 was scanned by Xray and passed with no Alerts",
11:03:40      "total_alerts" : 0,
11:03:40      "fail_build" : false,
11:03:40      "more_details_url" : "http://xray-1.blah.blah:8000/web/#/component/details/build:~2F~2Fhellofred%20::%20develop%2F56”
11:03:40    },
11:03:40    "alerts" : [ ],
11:03:40    "licenses" : [ {
11:03:40      "name" : "Unknown",
11:03:40      "components" : [etc blah blah blah],
11:03:40      "full_name" : "Unknown license"
11:03:40    }, {
11:03:40      "name" : "Apache-2.0",
11:03:40      "components" : [ "gav://org.apache.logging.log4j:log4j-slf4j-impl:2.11.2", "gav://org.mongodb:mongodb-driver:3.8.2", 

2 个答案:

答案 0 :(得分:0)

问题可能是您没有发布信息?让我分享一个执行类似操作的示例管道脚本。

node {
    def server = Artifactory.server SERVER_ID
    def rtGradle = Artifactory.newGradleBuild()
    //Clone example code from GitHub repository
    stage 'Build'
        git url: 'myGitServer', branch: 'myProjectBranch'
    //Configure Artifactory repository to pull/push artifacts
    stage 'Artifactory configuration'
        rtGradle.tool = 'gradle-3.5' // Tool name from Jenkins configuration
        rtGradle.deployer repo: 'gradle-release', server: server // This is where I deploy to
        rtGradle.resolver repo:'libs-release', server: server
        rtGradle.deployer.addProperty("unit-test", "pass").addProperty("qa-team", "platform", "ui")
        def buildInfo = Artifactory.newBuildInfo() // This is where the initial BuildInfo is created
        buildInfo.env.capture = true // This is where all environment data is captured
    //Run gradle build
    stage 'Exec Gradle'
        sh 'rm -rf ~/.gradle/caches'
        rtGradle.run rootDir: "gradle-examples/4/gradle-example-ci-server/", buildFile: 'build.gradle', tasks: 'clean artifactoryPublish', buildInfo: buildInfo
    //Publish artifacts to Artifactory along with build information and scan build artifacts in Xray
    stage 'Publish Build Information & Scan Artifacts'
        server.publishBuildInfo buildInfo // This is where BuildInfo is published
            def scanConfig = [
                'buildName'      : env.JOB_NAME,
                'buildNumber'    : env.BUILD_NUMBER,
                'failBuild'      : true
            ]
            def scanResult = server.xrayScan scanConfig
            echo scanResult as String
}

答案 1 :(得分:0)

我已经确认我们确实确实如上所述将buildInfo发布到Artifactory。这似乎是一个非常奇怪的问题,因为它是间歇性的。但是,我们始终会注意到Xray组件的“日期已修改”字段始终针对报告进行更新,但不一定是“最新内部版本号”。例如。如果Jenkins在8月1日下午3:55为hello-fred执行编号为88的构建,我们将信息发布到了Artifactory,并且确实为hello-fred提供了编号:build号88。但是,当我们搜索Xray时会触发和对于组件“ hello-fred”,有时我们可能会看到最新的构建报告,例如。最新版本号为88的“ hello-fred:88”,8月1日下午3:55的“ DATE修改”。但是,这是断断续续的,我们经常注意到Xray中似乎缺少此组件的报告。例如,它可能未更新。最新版本是最后一个版本。例如“ 82”。因此,Xray表示最新的版本是“ 82”(尽管它使我们可以链接到显然成功生成的报告“ 88”)。但是,“日期已修改”字段始终正确更新。例如。 8月1日下午3:55。我们正在使用“试用许可证”。所以。不知道如何最好地解决此问题?有任何想法吗?似乎Xray中的某些内容正在丢失。例如,也许在RabbitMq队列上有一条消息?这是一个已知的错误?或者如何最好地排除故障?谢谢