2 # This file contains job templates for Docker projects.
9 name: lf-docker-get-container-tag
13 CONTAINER_TAG_METHOD={container-tag-method}
14 CONTAINER_TAG_YAML_DIR={container-tag-yaml-dir}
15 DOCKER_ROOT={docker-root}
16 - shell: !include-raw: "{docker-get-container-tag-script}"
18 # Import the container tag set by this build step
19 properties-file: "env_docker_inject.txt"
26 DOCKER_ARGS={docker-build-args}
27 DOCKER_NAME={docker-name}
28 DOCKER_ROOT={docker-root}
29 CONTAINER_PULL_REGISTRY={container-public-registry}
30 CONTAINER_PUSH_REGISTRY={container-push-registry}
31 - shell: !include-raw-escape:
32 - ../shell/docker-build.sh
39 CONTAINER_PUSH_REGISTRY={container-push-registry}
40 - shell: !include-raw-escape:
41 - ../shell/docker-push.sh
47 - lf_docker_common: &lf_docker_common
48 name: lf-docker-common
50 project-type: freestyle
53 ######################
54 # Default parameters #
55 ######################
60 submodule-disable: false
61 submodule-recursive: true
63 pre_docker_build_script: "# pre docker build script goes here"
64 post_docker_build_script: "# post docker build script goes here"
66 docker-get-container-tag-script: "../shell/docker-get-container-tag.sh"
67 docker-root: "$WORKSPACE"
69 git-url: "$GIT_URL/$PROJECT"
70 container-tag-method: "latest"
71 # TODO: how to interpolate value of {docker-root} parameter?
72 container-tag-yaml-dir: ""
78 disabled: "{disable-job}"
81 - lf-infra-properties:
82 build-days-to-keep: "{build-days-to-keep}"
85 - lf-infra-parameters:
88 refspec: "refs/heads/{branch}"
93 build-timeout: "{build-timeout}"
94 jenkins-ssh-credential: "{jenkins-ssh-credential}"
99 - docker_verify_common: &docker_verify_common
100 name: docker-verify-common
105 - lf-infra-gerrit-scm:
106 jenkins-ssh-credential: "{jenkins-ssh-credential}"
108 refspec: "$GERRIT_REFSPEC"
109 branch: "$GERRIT_BRANCH"
110 submodule-disable: "{submodule-disable}"
111 submodule-recursive: "{submodule-recursive}"
112 submodule-timeout: "{submodule-timeout}"
113 choosing-strategy: gerrit
115 gerrit_verify_triggers:
116 - patchset-created-event:
118 exclude-trivial-rebase: false
119 exclude-no-code-change: false
120 - draft-published-event
121 - comment-added-contains-event:
122 comment-contains-value: '^Patch Set\s+\d+:\s+(recheck|reverify)\s*$'
124 gerrit_trigger_file_paths:
125 - compare-type: REG_EXP
128 # github_included_regions MUST match gerrit_trigger_file_paths
129 github_included_regions:
134 - lf-infra-docker-login:
135 global-settings-file: "global-settings"
136 settings-file: "{mvn-settings}"
137 - shell: "{pre_docker_build_script}"
138 - lf-docker-get-container-tag:
139 container-tag-method: "{container-tag-method}"
140 container-tag-yaml-dir: "{container-tag-yaml-dir}"
141 docker-root: "{docker-root}"
142 docker-get-container-tag-script: "{docker-get-container-tag-script}"
144 docker-build-args: "{docker-build-args}"
145 docker-name: "{docker-name}"
146 docker-root: "{docker-root}"
147 container-public-registry: "{container-public-registry}"
148 container-push-registry: "{container-push-registry}"
149 - shell: "{post_docker_build_script}"
150 - lf-provide-maven-settings-cleanup
152 - docker_merge_common: &docker_merge_common
153 name: docker-merge-common
154 cron: "@weekly" # check dependencies regularly
157 - lf-infra-gerrit-scm:
158 jenkins-ssh-credential: "{jenkins-ssh-credential}"
160 refspec: "$GERRIT_REFSPEC"
161 branch: "$GERRIT_BRANCH"
162 submodule-disable: "{submodule-disable}"
163 submodule-recursive: "{submodule-recursive}"
164 submodule-timeout: "{submodule-timeout}"
165 choosing-strategy: default
167 gerrit_merge_triggers:
168 - change-merged-event
169 - comment-added-contains-event:
170 comment-contains-value: '^Patch Set\s+\d+:\s+remerge\s*$'
172 gerrit_trigger_file_paths:
173 - compare-type: REG_EXP
176 # github_included_regions MUST match gerrit_trigger_file_paths
177 github_included_regions:
182 - lf-infra-docker-login:
183 global-settings-file: "global-settings"
184 settings-file: "{mvn-settings}"
185 - shell: "{pre_docker_build_script}"
186 - lf-docker-get-container-tag:
187 container-tag-method: "{container-tag-method}"
188 container-tag-yaml-dir: "{container-tag-yaml-dir}"
189 docker-root: "{docker-root}"
190 docker-get-container-tag-script: "{docker-get-container-tag-script}"
192 docker-build-args: "{docker-build-args}"
193 docker-name: "{docker-name}"
194 docker-root: "{docker-root}"
195 container-public-registry: "{container-public-registry}"
196 container-push-registry: "{container-push-registry}"
197 - shell: "{post_docker_build_script}"
198 # Provided all steps have already passed, push the docker image
200 container-push-registry: "{container-push-registry}"
201 - lf-provide-maven-settings-cleanup
208 name: "{project-name}-docker-verify-{stream}"
209 id: gerrit-docker-verify
210 # Job template for Docker verify jobs
212 # The purpose of this job template is to run a docker build, and potentially
213 # test validation of the docker image
215 <<: *lf_docker_common
216 # yamllint disable-line rule:key-duplicates
217 <<: *docker_verify_common
221 server-name: "{gerrit-server-name}"
222 trigger-on: "{obj:gerrit_verify_triggers}"
224 - project-compare-type: ANT
225 project-pattern: "{project}"
227 - branch-compare-type: ANT
228 branch-pattern: "**/{branch}"
229 file-paths: "{obj:gerrit_trigger_file_paths}"
232 name: "{project-name}-docker-verify-{stream}"
233 id: github-docker-verify
234 # Job template for Docker verify jobs
236 # The purpose of this job template is to run a docker build, and potentially
237 # test validation of the docker image
239 <<: *lf_docker_common
240 # yamllint disable-line rule:key-duplicates
241 <<: *docker_verify_common
244 - lf-infra-properties:
245 build-days-to-keep: "{build-days-to-keep}"
247 url: "{github-url}/{github-org}/{project}"
250 - lf-infra-github-scm:
251 url: "{git-clone-url}{github-org}/{project}"
252 refspec: "+refs/pull/*:refs/remotes/origin/pr/*"
254 submodule-recursive: "{submodule-recursive}"
255 submodule-timeout: "{submodule-timeout}"
256 submodule-disable: "{submodule-disable}"
257 choosing-strategy: default
258 jenkins-ssh-credential: "{jenkins-ssh-credential}"
261 - github-pull-request:
262 trigger-phrase: "^(recheck|reverify)$"
263 only-trigger-phrase: false
264 status-context: "Docker Verify"
267 white-list-target-branches:
269 included-regions: "{obj:github_included_regions}"
276 name: "{project-name}-docker-merge-{stream}"
277 id: gerrit-docker-merge
278 # Job template for Docker merge jobs
280 # The purpose of this job template is to run a docker build, and potentially
281 # test validation of the docker image
283 <<: *lf_docker_common
284 # yamllint disable-line rule:key-duplicates
285 <<: *docker_merge_common
288 - timed: "{obj:cron}"
290 server-name: "{gerrit-server-name}"
291 trigger-on: "{obj:gerrit_merge_triggers}"
293 - project-compare-type: ANT
294 project-pattern: "{project}"
296 - branch-compare-type: ANT
297 branch-pattern: "**/{branch}"
298 file-paths: "{obj:gerrit_trigger_file_paths}"
301 name: "{project-name}-docker-merge-{stream}"
302 id: github-docker-merge
303 # Job template for Docker merge jobs
305 # The purpose of this job template is to run a docker build, and potentially
306 # test validation of the docker image
308 <<: *lf_docker_common
309 # yamllint disable-line rule:key-duplicates
310 <<: *docker_merge_common
313 - lf-infra-properties:
314 build-days-to-keep: "{build-days-to-keep}"
316 url: "{github-url}/{github-org}/{project}"
319 - lf-infra-github-scm:
320 url: "{git-clone-url}{github-org}/{project}"
322 branch: "refs/heads/{branch}"
323 submodule-recursive: "{submodule-recursive}"
324 submodule-timeout: "{submodule-timeout}"
325 submodule-disable: "{submodule-disable}"
326 choosing-strategy: default
327 jenkins-ssh-credential: "{jenkins-ssh-credential}"
330 - timed: "{obj:cron}"
334 - github-pull-request:
335 trigger-phrase: "^remerge$"
336 only-trigger-phrase: true
337 status-context: "Docker Merge"
342 white-list: "{obj:github_pr_allowlist}"
343 admin-list: "{obj:github_pr_admin_list}"
344 white-list-target-branches:
346 included-regions: "{obj:github_included_regions}"
352 - lf_docker_snyk_cli: &lf_docker_snyk_cli
353 name: lf-docker-snyk_cli
355 ######################
356 # Default parameters #
357 ######################
360 build-days-to-keep: 30 # 30 days for troubleshooting purposes
362 container-tag-method: "latest"
363 container-tag-yaml-dir: ""
365 docker-get-container-tag-script: "../shell/docker-get-container-tag.sh"
366 docker-root: "$WORKSPACE"
367 docker-build-args: ""
368 git-url: "$GIT_URL/$PROJECT"
369 github-url: "https://github.com"
370 pre_docker_build_script: "# pre docker build script goes here"
371 post_docker_build_script: "# post docker build script goes here"
373 snyk-token-credential-id: snyk-token
374 snyk-org-credential-id: snyk-org
376 submodule-recursive: true
377 submodule-timeout: 10
378 submodule-disable: false
380 gerrit_snyk_triggers:
381 - comment-added-contains-event:
382 comment-contains-value: '^Patch Set\s+\d+:\s+run-snyk\s*$'
385 - lf-infra-parameters:
390 name: SNYK_CLI_OPTIONS
391 default: "{snyk-cli-options}"
392 description: Additional Snyk CLI commands and options
395 - credentials-binding:
397 credential-id: "{snyk-token-credential-id}"
400 credential-id: "{snyk-org-credential-id}"
403 #####################
404 # Job Configuration #
405 #####################
407 disabled: "{disable-job}"
411 - lf-infra-docker-login:
412 global-settings-file: "global-settings"
413 settings-file: "{mvn-settings}"
414 - shell: "{pre_docker_build_script}"
415 - lf-docker-get-container-tag:
416 container-tag-method: "{container-tag-method}"
417 container-tag-yaml-dir: "{container-tag-yaml-dir}"
418 docker-root: "{docker-root}"
419 docker-get-container-tag-script: "{docker-get-container-tag-script}"
421 docker-build-args: "{docker-build-args}"
422 docker-name: "{docker-name}"
423 docker-root: "{docker-root}"
424 container-public-registry: "{container-public-registry}"
425 container-push-registry: "{container-push-registry}"
426 - shell: "{post_docker_build_script}"
427 - lf-infra-snyk-cli-scanner
428 - lf-provide-maven-settings-cleanup
429 - shell: 'find . -regex ".*karaf/target" | xargs rm -rf'
432 name: "{project-name}-docker-snyk-cli-{stream}"
433 id: gerrit-docker-snyk-cli
434 <<: *lf_docker_common
435 # yamllint disable-line rule:key-duplicates
436 <<: *lf_docker_snyk_cli
439 - lf-infra-gerrit-scm:
440 jenkins-ssh-credential: "{jenkins-ssh-credential}"
442 refspec: "$GERRIT_REFSPEC"
443 branch: "$GERRIT_BRANCH"
444 submodule-recursive: "{submodule-recursive}"
445 submodule-timeout: "{submodule-timeout}"
446 submodule-disable: "{submodule-disable}"
447 choosing-strategy: default
450 # Build weekly on Saturdays
453 server-name: "{gerrit-server-name}"
454 trigger-on: "{obj:gerrit_snyk_triggers}"
456 - project-compare-type: ANT
457 project-pattern: "{project}"
459 - branch-compare-type: ANT
460 branch-pattern: "**/{branch}"
468 name: "{project-name}-docker-snyk-cli-{stream}"
469 id: github-docker-snyk-cli
470 <<: *lf_docker_common
471 # yamllint disable-line rule:key-duplicates
472 <<: *lf_docker_snyk_cli
475 - lf-infra-properties:
476 build-days-to-keep: "{build-days-to-keep}"
478 url: "{github-url}/{github-org}/{project}"
481 - lf-infra-github-scm:
482 url: "{git-clone-url}{github-org}/{project}"
484 branch: "refs/heads/{branch}"
485 submodule-recursive: "{submodule-recursive}"
486 submodule-timeout: "{submodule-timeout}"
487 submodule-disable: "{submodule-disable}"
488 choosing-strategy: default
489 jenkins-ssh-credential: "{jenkins-ssh-credential}"
492 # Build weekly on Saturdays
494 - github-pull-request:
495 trigger-phrase: "^run-snyk$"
496 only-trigger-phrase: true
497 status-context: "SNYK scan"
502 white-list: "{obj:github_pr_allowlist}"
503 admin-list: "{obj:github_pr_admin_list}"
504 white-list-target-branches: