5519862965b49efe5d86dd33b89f0874dc3c094b
[releng/global-jjb.git] / lf-maven-jobs.yaml
1 ---
2 # This file contains job templates for Maven projects.
3
4 ##########
5 # Macros #
6 ##########
7
8 - builder:
9     name: lf-maven-build
10     builders:
11       - inject:
12           properties-content: "MAVEN_GOALS={mvn-goals}"
13       - shell: !include-raw-escape:
14           - ../shell/common-variables.sh
15           - ../shell/maven-build.sh
16
17 - builder:
18     name: lf-maven-deploy
19     builders:
20       - shell: !include-raw:
21           - ../shell/common-variables.sh
22           - ../shell/maven-deploy.sh
23
24 - builder:
25     name: lf-maven-versions-plugin
26     builders:
27       - conditional-step:
28           condition-kind: boolean-expression
29           condition-expression: "{maven-versions-plugin}"
30           steps:
31             - inject:
32                 properties-file: "{version-properties-file}"
33             - maven-target:
34                 maven-version: "{mvn-version}"
35                 pom: "{mvn-pom}"
36                 goals: "versions:set versions:update-child-modules versions:commit -B"
37                 properties:
38                   - "newVersion=${{release_version}}"
39                 settings: "{mvn-settings}"
40                 settings-type: cfp
41                 global-settings: "global-settings"
42                 global-settings-type: cfp
43
44 - builder:
45     name: lf-maven-stage
46     builders:
47       - lf-provide-maven-settings:
48           global-settings-file: "{mvn-global-settings}"
49           settings-file: "{mvn-settings}"
50       - lf-infra-create-netrc:
51           server-id: "{mvn-staging-id}"
52       # include-raw-escape fails due to JJB bug
53       - shell: !include-raw-escape:
54           - ../shell/common-variables.sh
55           - ../shell/maven-stage.sh
56       - lf-provide-maven-settings-cleanup
57
58 - builder:
59     name: lf-update-java-alternatives
60     builders:
61       - inject:
62           # Work around inject plugin overriding our GIT_URL variable incorrectly
63           # https://issues.jenkins-ci.org/browse/JENKINS-49775
64           properties-content: |
65             SET_JDK_VERSION={java-version}
66             GIT_URL="$GIT_URL"
67       - shell: !include-raw-escape: ../shell/update-java-alternatives.sh
68       - inject:
69           properties-file: "/tmp/java.env"
70
71 ####################
72 # COMMON FUNCTIONS #
73 ####################
74
75 - lf_maven_common: &lf_maven_common
76     name: lf-maven-common
77
78     ######################
79     # Default parameters #
80     ######################
81
82     archive-artifacts: >
83       **/*.log
84       **/hs_err_*.log
85       **/target/**/feature.xml
86       **/target/failsafe-reports/failsafe-summary.xml
87       **/target/surefire-reports/*-output.txt
88
89     #####################
90     # Job Configuration #
91     #####################
92
93     project-type: freestyle
94     node: "{build-node}"
95
96     properties:
97       - lf-infra-properties:
98           build-days-to-keep: "{build-days-to-keep}"
99
100     parameters:
101       - lf-infra-parameters:
102           project: "{project}"
103           branch: "{branch}"
104           stream: "{stream}"
105       - lf-infra-maven-parameters:
106           mvn-opts: "{mvn-opts}"
107           mvn-params: "{mvn-params}"
108           mvn-version: "{mvn-version}"
109       - string:
110           name: ARCHIVE_ARTIFACTS
111           default: "{archive-artifacts}"
112           description: Artifacts to archive to the logs server.
113
114     wrappers:
115       - lf-infra-wrappers:
116           build-timeout: "{build-timeout}"
117           jenkins-ssh-credential: "{jenkins-ssh-credential}"
118
119     publishers:
120       # TODO: Make email notification work.
121       # - lf-infra-email-notify:
122       #     email-recipients: '{email-recipients}'
123       #     email-prefix: '[releng]'
124       - lf-infra-publish
125
126 #############
127 # Maven CLM #
128 #############
129
130 - lf_maven_clm: &lf_maven_clm
131     name: lf-maven-clm
132
133     ######################
134     # Default parameters #
135     ######################
136
137     branch: master
138     build-days-to-keep: 30 # 30 days for troubleshooting purposes
139     build-timeout: 60
140     disable-job: false
141     git-url: "$GIT_URL/$PROJECT"
142     github-url: "https://github.com"
143     java-version: openjdk11
144     mvn-global-settings: global-settings
145     mvn-goals: clean install
146     mvn-opts: ""
147     mvn-params: ""
148     mvn-version: mvn35
149     nexus-iq-namespace: "" # Recommend a trailing dash when set. Example: odl-
150     nexus-iq-stage: "build"
151     stream: master
152     submodule-recursive: true
153     submodule-timeout: 10
154     submodule-disable: false
155
156     nexus_iq_scan_patterns:
157       - "**/*.ear"
158       - "**/*.jar"
159       - "**/*.tar.gz"
160       - "**/*.war"
161       - "**/*.zip"
162
163     gerrit_clm_triggers:
164       - comment-added-contains-event:
165           comment-contains-value: '^Patch Set\s+\d+:\s+run-clm\s*$'
166
167     parameters:
168       - lf-infra-parameters:
169           project: "{project}"
170           branch: "{branch}"
171           stream: "{stream}"
172       - lf-infra-maven-parameters:
173           mvn-opts: "{mvn-opts}"
174           mvn-params: "{mvn-params}"
175           mvn-version: "{mvn-version}"
176       - string:
177           name: ARCHIVE_ARTIFACTS
178           default: "{archive-artifacts}"
179           description: Artifacts to archive to the logs server.
180       - lf-clm-parameters:
181           nexus-iq-stage: "{nexus-iq-stage}"
182
183     #####################
184     # Job Configuration #
185     #####################
186
187     disabled: "{disable-job}"
188
189     builders:
190       - lf-infra-pre-build
191       - lf-maven-install:
192           mvn-version: "{mvn-version}"
193       - lf-update-java-alternatives:
194           java-version: "{java-version}"
195       - lf-provide-maven-settings:
196           global-settings-file: "{mvn-global-settings}"
197           settings-file: "{mvn-settings}"
198       - lf-infra-sonatype-clm:
199           mvn-goals: "{mvn-goals}"
200       - lf-provide-maven-settings-cleanup
201       - shell: 'find . -regex ".*karaf/target" | xargs rm -rf'
202       - nexus-iq-policy-evaluator:
203           stage: "{nexus-iq-stage}"
204           application-type: "manual"
205           application-id: "{nexus-iq-namespace}{project-name}"
206           scan-patterns: "{obj:nexus_iq_scan_patterns}"
207           fail-build-network-error: true
208
209 - builder:
210     name: lf-infra-sonatype-clm
211     # Run a CLM scan build with Maven
212     builders:
213       - inject:
214           properties-content: |
215             MAVEN_GOALS={mvn-goals}
216       - shell: !include-raw-escape:
217           - ../shell/common-variables.sh
218           - ../shell/sonatype-clm.sh
219
220 - job-template:
221     name: "{project-name}-maven-clm-{stream}"
222     id: gerrit-maven-clm
223     <<: *lf_maven_common
224     # yamllint disable-line rule:key-duplicates
225     <<: *lf_maven_clm
226
227     scm:
228       - lf-infra-gerrit-scm:
229           jenkins-ssh-credential: "{jenkins-ssh-credential}"
230           git-url: "{git-url}"
231           refspec: "$GERRIT_REFSPEC"
232           branch: "$GERRIT_BRANCH"
233           submodule-recursive: "{submodule-recursive}"
234           submodule-timeout: "{submodule-timeout}"
235           submodule-disable: "{submodule-disable}"
236           choosing-strategy: default
237
238     triggers:
239       # Build weekly on Saturdays
240       - timed: "H H * * 6"
241       - gerrit:
242           server-name: "{gerrit-server-name}"
243           trigger-on: "{obj:gerrit_clm_triggers}"
244           projects:
245             - project-compare-type: ANT
246               project-pattern: "{project}"
247               branches:
248                 - branch-compare-type: ANT
249                   branch-pattern: "**/{branch}"
250           skip-vote:
251             successful: true
252             failed: true
253             unstable: true
254             notbuilt: true
255
256 - job-template:
257     name: "{project-name}-maven-clm-{stream}"
258     id: github-maven-clm
259     <<: *lf_maven_common
260     # yamllint disable-line rule:key-duplicates
261     <<: *lf_maven_clm
262
263     properties:
264       - lf-infra-properties:
265           build-days-to-keep: "{build-days-to-keep}"
266       - github:
267           url: "{github-url}/{github-org}/{project}"
268
269     scm:
270       - lf-infra-github-scm:
271           url: "{git-clone-url}{github-org}/{project}"
272           refspec: ""
273           branch: "refs/heads/{branch}"
274           submodule-recursive: "{submodule-recursive}"
275           submodule-timeout: "{submodule-timeout}"
276           submodule-disable: "{submodule-disable}"
277           choosing-strategy: default
278           jenkins-ssh-credential: "{jenkins-ssh-credential}"
279
280     triggers:
281       # Build weekly on Saturdays
282       - timed: "H H * * 6"
283       - github-pull-request:
284           trigger-phrase: "^run-clm$"
285           only-trigger-phrase: true
286           status-context: "CLM"
287           permit-all: true
288           github-hooks: true
289           org-list:
290             - "{github-org}"
291           white-list: "{obj:github_pr_allowlist}"
292           admin-list: "{obj:github_pr_admin_list}"
293           white-list-target-branches:
294             - "{branch}"
295
296 ##################
297 # Maven Snyk CLI #
298 ##################
299
300 - lf_maven_snyk_cli: &lf_maven_snyk_cli
301     name: lf-maven-snyk_cli
302
303     ######################
304     # Default parameters #
305     ######################
306
307     branch: master
308     build-days-to-keep: 30 # 30 days for troubleshooting purposes
309     build-timeout: 60
310     disable-job: false
311     git-url: "$GIT_URL/$PROJECT"
312     github-url: "https://github.com"
313     java-version: openjdk11
314     mvn-global-settings: global-settings
315     mvn-goals: clean install
316     mvn-opts: ""
317     mvn-params: ""
318     mvn-version: mvn35
319     snyk-cli-options: ""
320     snyk-token-credential-id: snyk-token
321     snyk-org-credential-id: snyk-org
322     stream: master
323     submodule-recursive: true
324     submodule-timeout: 10
325     submodule-disable: false
326
327     gerrit_snyk_triggers:
328       - comment-added-contains-event:
329           comment-contains-value: '^Patch Set\s+\d+:\s+run-snyk\s*$'
330
331     parameters:
332       - lf-infra-parameters:
333           project: "{project}"
334           branch: "{branch}"
335           stream: "{stream}"
336       - lf-infra-maven-parameters:
337           mvn-opts: "{mvn-opts}"
338           mvn-params: "{mvn-params}"
339           mvn-version: "{mvn-version}"
340       - string:
341           name: SNYK_CLI_OPTIONS
342           default: "{snyk-cli-options}"
343           description: Additional Snyk CLI commands and options
344       - string:
345           name: ARCHIVE_ARTIFACTS
346           default: "{archive-artifacts}"
347           description: Artifacts to archive to the logs server.
348
349     wrappers:
350       - credentials-binding:
351           - text:
352               credential-id: "{snyk-token-credential-id}"
353               variable: SNYK_TOKEN
354           - text:
355               credential-id: "{snyk-org-credential-id}"
356               variable: SNYK_ORG
357
358     #####################
359     # Job Configuration #
360     #####################
361
362     disabled: "{disable-job}"
363
364     builders:
365       - lf-infra-pre-build
366       - lf-maven-install:
367           mvn-version: "{mvn-version}"
368       - lf-update-java-alternatives:
369           java-version: "{java-version}"
370       - lf-provide-maven-settings:
371           global-settings-file: "{mvn-global-settings}"
372           settings-file: "{mvn-settings}"
373       - lf-maven-build:
374           mvn-goals: "{mvn-goals}"
375       - lf-infra-snyk-cli-scanner
376       - lf-provide-maven-settings-cleanup
377       - shell: 'find . -regex ".*karaf/target" | xargs rm -rf'
378
379 - builder:
380     name: lf-infra-snyk-cli-scanner
381     # Download and run the Snyk CLI scanner
382     builders:
383       - shell: !include-raw-escape:
384           - ../shell/snyk-cli-scanner-run.sh
385
386 - job-template:
387     name: "{project-name}-maven-snyk-cli-{stream}"
388     id: gerrit-maven-snyk-cli
389     <<: *lf_maven_common
390     # yamllint disable-line rule:key-duplicates
391     <<: *lf_maven_snyk_cli
392
393     scm:
394       - lf-infra-gerrit-scm:
395           jenkins-ssh-credential: "{jenkins-ssh-credential}"
396           git-url: "{git-url}"
397           refspec: "$GERRIT_REFSPEC"
398           branch: "$GERRIT_BRANCH"
399           submodule-recursive: "{submodule-recursive}"
400           submodule-timeout: "{submodule-timeout}"
401           submodule-disable: "{submodule-disable}"
402           choosing-strategy: default
403
404     triggers:
405       # Build weekly on Saturdays
406       - timed: "H H * * 6"
407       - gerrit:
408           server-name: "{gerrit-server-name}"
409           trigger-on: "{obj:gerrit_snyk_triggers}"
410           projects:
411             - project-compare-type: ANT
412               project-pattern: "{project}"
413               branches:
414                 - branch-compare-type: ANT
415                   branch-pattern: "**/{branch}"
416           skip-vote:
417             successful: true
418             failed: true
419             unstable: true
420             notbuilt: true
421
422 - job-template:
423     name: "{project-name}-maven-snyk-cli-{stream}"
424     id: github-maven-snyk-cli
425     <<: *lf_maven_common
426     # yamllint disable-line rule:key-duplicates
427     <<: *lf_maven_snyk_cli
428
429     properties:
430       - lf-infra-properties:
431           build-days-to-keep: "{build-days-to-keep}"
432       - github:
433           url: "{github-url}/{github-org}/{project}"
434
435     scm:
436       - lf-infra-github-scm:
437           url: "{git-clone-url}{github-org}/{project}"
438           refspec: ""
439           branch: "refs/heads/{branch}"
440           submodule-recursive: "{submodule-recursive}"
441           submodule-timeout: "{submodule-timeout}"
442           submodule-disable: "{submodule-disable}"
443           choosing-strategy: default
444           jenkins-ssh-credential: "{jenkins-ssh-credential}"
445
446     triggers:
447       # Build weekly on Saturdays
448       - timed: "H H * * 6"
449       - github-pull-request:
450           trigger-phrase: "^run-snyk$"
451           only-trigger-phrase: true
452           status-context: "SNYK scan"
453           permit-all: true
454           github-hooks: true
455           org-list:
456             - "{github-org}"
457           white-list: "{obj:github_pr_allowlist}"
458           admin-list: "{obj:github_pr_admin_list}"
459           white-list-target-branches:
460             - "{branch}"
461
462 #########################
463 # Maven Javadoc Publish #
464 #########################
465
466 - lf_maven_javadoc_publish: &lf_maven_javadoc_publish
467     name: lf-maven-javadoc-publish
468
469     ######################
470     # Default parameters #
471     ######################
472
473     branch: master
474     build-days-to-keep: 30 # 30 days in case a release takes long to get approved.
475     build-timeout: 60
476     disable-job: false
477     git-url: "$GIT_URL/$PROJECT"
478     github-url: "https://github.com"
479     java-version: openjdk11
480     mvn-dir: "."
481     mvn-global-settings: global-settings
482     mvn-opts: ""
483     mvn-params: ""
484     mvn-version: mvn35
485     stream: master
486     submodule-recursive: true
487     submodule-timeout: 10
488     submodule-disable: false
489
490     gerrit_merge_triggers:
491       - change-merged-event
492       - comment-added-contains-event:
493           comment-contains-value: '^Patch Set\s+\d+:\s+remerge\s*$'
494
495     #####################
496     # Job Configuration #
497     #####################
498
499     disabled: "{disable-job}"
500
501     builders:
502       - lf-infra-pre-build
503       - lf-maven-install:
504           mvn-version: "{mvn-version}"
505       - lf-update-java-alternatives:
506           java-version: "{java-version}"
507       - lf-provide-maven-settings:
508           global-settings-file: "{mvn-global-settings}"
509           settings-file: "{mvn-settings}"
510       - lf-infra-create-netrc:
511           server-id: "{mvn-site-id}"
512       - inject:
513           properties-content: |
514             DEPLOY_PATH={javadoc-path}
515             MAVEN_DIR={mvn-dir}
516       - shell: !include-raw-escape:
517           - ../shell/common-variables.sh
518           - ../shell/maven-javadoc-generate.sh
519           - ../shell/maven-javadoc-publish.sh
520       - lf-provide-maven-settings-cleanup
521
522 - job-template:
523     name: "{project-name}-maven-javadoc-publish-{stream}-{java-version}"
524     id: gerrit-maven-javadoc-publish
525     <<: *lf_maven_common
526     # yamllint disable-line rule:key-duplicates
527     <<: *lf_maven_javadoc_publish
528
529     git-url: "$GIT_URL/$GERRIT_PROJECT"
530
531     scm:
532       - lf-infra-gerrit-scm:
533           git-url: "{git-url}"
534           refspec: ""
535           branch: "{branch}"
536           submodule-recursive: "{submodule-recursive}"
537           submodule-timeout: "{submodule-timeout}"
538           submodule-disable: "{submodule-disable}"
539           choosing-strategy: default
540           jenkins-ssh-credential: "{jenkins-ssh-credential}"
541
542     triggers:
543       - gerrit:
544           server-name: "{gerrit-server-name}"
545           trigger-on: "{obj:gerrit_merge_triggers}"
546           projects:
547             - project-compare-type: ANT
548               project-pattern: "{project}"
549               branches:
550                 - branch-compare-type: ANT
551                   branch-pattern: "**/{branch}"
552
553 - job-template:
554     name: "{project-name}-maven-javadoc-publish-{stream}-{java-version}"
555     id: github-maven-javadoc-publish
556     <<: *lf_maven_common
557     # yamllint disable-line rule:key-duplicates
558     <<: *lf_maven_javadoc_publish
559
560     properties:
561       - lf-infra-properties:
562           build-days-to-keep: "{build-days-to-keep}"
563       - github:
564           url: "{github-url}/{github-org}/{project}"
565
566     scm:
567       - lf-infra-github-scm:
568           url: "{git-clone-url}{github-org}/{project}"
569           refspec: ""
570           branch: "{branch}"
571           submodule-recursive: "{submodule-recursive}"
572           submodule-timeout: "{submodule-timeout}"
573           submodule-disable: "{submodule-disable}"
574           choosing-strategy: default
575           jenkins-ssh-credential: "{jenkins-ssh-credential}"
576
577     triggers:
578       - github
579       - pollscm:
580           cron: ""
581       - github-pull-request:
582           trigger-phrase: "^remerge$"
583           only-trigger-phrase: true
584           status-context: "Maven Javadoc Publish"
585           permit-all: true
586           github-hooks: true
587           org-list:
588             - "{github-org}"
589           white-list: "{obj:github_pr_allowlist}"
590           admin-list: "{obj:github_pr_admin_list}"
591           white-list-target-branches:
592             - "{branch}"
593
594 ########################
595 # Maven Javadoc Verify #
596 ########################
597
598 - lf_maven_javadoc_verify: &lf_maven_javadoc_verify
599     name: lf-maven-javadoc-verify
600
601     ######################
602     # Default parameters #
603     ######################
604
605     branch: master
606     build-days-to-keep: 30 # 30 days in case a release takes long to get approved.
607     build-timeout: 60
608     disable-job: false
609     git-url: "$GIT_URL/$PROJECT"
610     github-url: "https://github.com"
611     java-version: openjdk11
612     mvn-dir: "."
613     mvn-global-settings: global-settings
614     mvn-opts: ""
615     mvn-params: ""
616     mvn-version: mvn35
617     stream: master
618     submodule-recursive: true
619     submodule-timeout: 10
620     submodule-disable: false
621
622     gerrit_verify_triggers:
623       - patchset-created-event:
624           exclude-drafts: true
625           exclude-trivial-rebase: false
626           exclude-no-code-change: false
627       - draft-published-event
628       - comment-added-contains-event:
629           comment-contains-value: '^Patch Set\s+\d+:\s+(recheck|reverify)\s*$'
630
631     #####################
632     # Job Configuration #
633     #####################
634
635     concurrent: true
636     disabled: "{disable-job}"
637
638     builders:
639       - lf-infra-pre-build
640       - lf-maven-install:
641           mvn-version: "{mvn-version}"
642       - lf-update-java-alternatives:
643           java-version: "{java-version}"
644       - lf-provide-maven-settings:
645           global-settings-file: "{mvn-global-settings}"
646           settings-file: "{mvn-settings}"
647       - inject:
648           properties-content: |
649             MAVEN_DIR={mvn-dir}
650       - shell: !include-raw-escape:
651           - ../shell/common-variables.sh
652           - ../shell/maven-javadoc-generate.sh
653       - lf-provide-maven-settings-cleanup
654
655 - job-template:
656     name: "{project-name}-maven-javadoc-verify-{stream}-{java-version}"
657     id: gerrit-maven-javadoc-verify
658     <<: *lf_maven_common
659     # yamllint disable-line rule:key-duplicates
660     <<: *lf_maven_javadoc_verify
661
662     scm:
663       - lf-infra-gerrit-scm:
664           jenkins-ssh-credential: "{jenkins-ssh-credential}"
665           git-url: "{git-url}"
666           refspec: "$GERRIT_REFSPEC"
667           branch: "$GERRIT_BRANCH"
668           submodule-recursive: "{submodule-recursive}"
669           submodule-timeout: "{submodule-timeout}"
670           submodule-disable: "{submodule-disable}"
671           choosing-strategy: gerrit
672
673     triggers:
674       - gerrit:
675           server-name: "{gerrit-server-name}"
676           trigger-on: "{obj:gerrit_verify_triggers}"
677           projects:
678             - project-compare-type: ANT
679               project-pattern: "{project}"
680               branches:
681                 - branch-compare-type: ANT
682                   branch-pattern: "**/{branch}"
683
684 - job-template:
685     name: "{project-name}-maven-javadoc-verify-{stream}-{java-version}"
686     id: github-maven-javadoc-verify
687     <<: *lf_maven_common
688     # yamllint disable-line rule:key-duplicates
689     <<: *lf_maven_javadoc_verify
690
691     properties:
692       - lf-infra-properties:
693           build-days-to-keep: "{build-days-to-keep}"
694       - github:
695           url: "{github-url}/{github-org}/{project}"
696
697     scm:
698       - lf-infra-github-scm:
699           url: "{git-clone-url}{github-org}/{project}"
700           refspec: "+refs/pull/*:refs/remotes/origin/pr/*"
701           branch: "$sha1"
702           submodule-recursive: "{submodule-recursive}"
703           submodule-timeout: "{submodule-timeout}"
704           submodule-disable: "{submodule-disable}"
705           choosing-strategy: default
706           jenkins-ssh-credential: "{jenkins-ssh-credential}"
707
708     triggers:
709       - github-pull-request:
710           trigger-phrase: ^(recheck|reverify)$
711           only-trigger-phrase: false
712           status-context: "Maven Javadoc Verify"
713           permit-all: true
714           github-hooks: true
715           white-list-target-branches:
716             - "{branch}"
717
718 ###############
719 # Maven Merge #
720 ###############
721
722 - lf_maven_merge: &lf_maven_merge
723     name: lf-maven-merge
724
725     ######################
726     # Default parameters #
727     ######################
728
729     branch: master
730     build-days-to-keep: 30 # 30 days in case we need to troubleshoot
731     build-timeout: 60
732     cron: "@daily"
733     disable-job: false
734     git-url: "$GIT_URL/$PROJECT"
735     github-url: "https://github.com"
736     java-version: openjdk11
737     mvn-global-settings: global-settings
738     mvn-goals: clean deploy
739     mvn-opts: ""
740     mvn-params: "-Dmerge"
741     mvn-version: mvn35
742     nexus-cut-dirs: 6 # Number of dirs in the Nexus path to remove for wget -r.
743     pre-build-script: "# pre-build script goes here"
744     post-build-script: "# post-build script goes here"
745     stream: master
746     submodule-recursive: true
747     submodule-timeout: 10
748     submodule-disable: false
749
750     gerrit_merge_triggers:
751       - change-merged-event
752       - comment-added-contains-event:
753           comment-contains-value: '^Patch Set\s+\d+:\s+remerge\s*$'
754
755     gerrit_trigger_file_paths:
756       - compare-type: REG_EXP
757         pattern: ".*"
758
759     # github_included_regions MUST match gerrit_trigger_file_paths
760     github_included_regions:
761       - ".*"
762
763     post_build_trigger: ""
764
765     #####################
766     # Job Configuration #
767     #####################
768
769     disabled: "{disable-job}"
770
771     builders:
772       - lf-infra-pre-build
773       - lf-jacoco-nojava-workaround
774       - lf-maven-install:
775           mvn-version: "{mvn-version}"
776       - lf-update-java-alternatives:
777           java-version: "{java-version}"
778       - lf-provide-maven-settings:
779           global-settings-file: "{mvn-global-settings}"
780           settings-file: "{mvn-settings}"
781       - lf-infra-create-netrc:
782           server-id: "{mvn-snapshot-id}"
783       - inject:
784           properties-content: |
785             NEXUS_CUT_DIRS={nexus-cut-dirs}
786             NEXUS_REPO={nexus-snapshot-repo}
787       - shell: !include-raw-escape: ../shell/maven-fetch-metadata.sh
788       - shell: "{pre-build-script}"
789       - lf-maven-build:
790           mvn-goals: "{mvn-goals}"
791       - shell: "{post-build-script}"
792       - lf-maven-deploy
793       - lf-provide-maven-settings-cleanup
794
795     publishers:
796       - findbugs
797       - lf-jacoco-report
798       - lf-infra-publish
799       - trigger-parameterized-builds: "{obj:post_build_trigger}"
800
801 - job-template:
802     name: "{project-name}-maven-merge-{stream}"
803     id: gerrit-maven-merge
804     <<: *lf_maven_common
805     # yamllint disable-line rule:key-duplicates
806     <<: *lf_maven_merge
807
808     scm:
809       - lf-infra-gerrit-scm:
810           jenkins-ssh-credential: "{jenkins-ssh-credential}"
811           git-url: "{git-url}"
812           refspec: "$GERRIT_REFSPEC"
813           branch: "$GERRIT_BRANCH"
814           submodule-recursive: "{submodule-recursive}"
815           submodule-timeout: "{submodule-timeout}"
816           submodule-disable: "{submodule-disable}"
817           choosing-strategy: default
818
819     triggers:
820       - timed: "{obj:cron}"
821       - gerrit:
822           server-name: "{gerrit-server-name}"
823           trigger-on: "{obj:gerrit_merge_triggers}"
824           projects:
825             - project-compare-type: ANT
826               project-pattern: "{project}"
827               branches:
828                 - branch-compare-type: ANT
829                   branch-pattern: "**/{branch}"
830               file-paths: "{obj:gerrit_trigger_file_paths}"
831
832 - job-template:
833     name: "{project-name}-maven-merge-{stream}"
834     id: github-maven-merge
835     <<: *lf_maven_common
836     # yamllint disable-line rule:key-duplicates
837     <<: *lf_maven_merge
838
839     properties:
840       - lf-infra-properties:
841           build-days-to-keep: "{build-days-to-keep}"
842       - github:
843           url: "{github-url}/{github-org}/{project}"
844
845     scm:
846       - lf-infra-github-scm:
847           url: "{git-clone-url}{github-org}/{project}"
848           refspec: ""
849           branch: "refs/heads/{branch}"
850           submodule-recursive: "{submodule-recursive}"
851           submodule-timeout: "{submodule-timeout}"
852           submodule-disable: "{submodule-disable}"
853           choosing-strategy: default
854           jenkins-ssh-credential: "{jenkins-ssh-credential}"
855
856     triggers:
857       - timed: "{obj:cron}"
858       - github
859       - pollscm:
860           cron: ""
861       - github-pull-request:
862           trigger-phrase: "^remerge$"
863           only-trigger-phrase: true
864           status-context: "Maven Merge"
865           permit-all: true
866           github-hooks: true
867           org-list:
868             - "{github-org}"
869           white-list: "{obj:github_pr_allowlist}"
870           admin-list: "{obj:github_pr_admin_list}"
871           white-list-target-branches:
872             - "{branch}"
873           included-regions: "{obj:github_included_regions}"
874
875 ##########################
876 # Maven Merge for Docker #
877 ##########################
878
879 - lf_maven_docker_merge: &lf_maven_docker_merge
880     name: lf-maven-docker-merge
881
882     builders:
883       - lf-infra-pre-build
884       - lf-jacoco-nojava-workaround
885       - lf-maven-install:
886           mvn-version: "{mvn-version}"
887       - lf-infra-docker-login:
888           global-settings-file: "{mvn-global-settings}"
889           settings-file: "{mvn-settings}"
890       - lf-update-java-alternatives:
891           java-version: "{java-version}"
892       # must provide maven settings AFTER docker due to its cleanup
893       - lf-provide-maven-settings:
894           global-settings-file: "{mvn-global-settings}"
895           settings-file: "{mvn-settings}"
896       - lf-infra-create-netrc:
897           server-id: "{mvn-snapshot-id}"
898       - inject:
899           properties-content: |
900             NEXUS_CUT_DIRS={nexus-cut-dirs}
901             NEXUS_REPO={nexus-snapshot-repo}
902             CONTAINER_PULL_REGISTRY={container-public-registry}
903             CONTAINER_PUSH_REGISTRY={container-snapshot-registry}
904       - shell: !include-raw-escape: ../shell/maven-fetch-metadata.sh
905       - lf-maven-build:
906           mvn-goals: "{mvn-goals}"
907       # NO lf-maven-deploy
908       - lf-provide-maven-settings-cleanup
909
910 - job-template:
911     name: "{project-name}-maven-docker-merge-{stream}"
912     id: gerrit-maven-docker-merge
913     <<: *lf_maven_common
914     # yamllint disable-line rule:key-duplicates
915     <<: *lf_maven_merge
916     # yamllint disable-line rule:key-duplicates
917     <<: *lf_maven_docker_merge
918
919     scm:
920       - lf-infra-gerrit-scm:
921           jenkins-ssh-credential: "{jenkins-ssh-credential}"
922           git-url: "{git-url}"
923           refspec: "$GERRIT_REFSPEC"
924           branch: "$GERRIT_BRANCH"
925           submodule-recursive: "{submodule-recursive}"
926           submodule-timeout: "{submodule-timeout}"
927           submodule-disable: "{submodule-disable}"
928           choosing-strategy: default
929
930     triggers:
931       - gerrit:
932           server-name: "{gerrit-server-name}"
933           trigger-on: "{obj:gerrit_merge_triggers}"
934           projects:
935             - project-compare-type: ANT
936               project-pattern: "{project}"
937               branches:
938                 - branch-compare-type: ANT
939                   branch-pattern: "**/{branch}"
940               file-paths: "{obj:gerrit_trigger_file_paths}"
941
942 - job-template:
943     name: "{project-name}-maven-docker-merge-{stream}"
944     id: github-maven-docker-merge
945     <<: *lf_maven_common
946     # yamllint disable-line rule:key-duplicates
947     <<: *lf_maven_merge
948     # yamllint disable-line rule:key-duplicates
949     <<: *lf_maven_docker_merge
950
951     properties:
952       - lf-infra-properties:
953           build-days-to-keep: "{build-days-to-keep}"
954       - github:
955           url: "{github-url}/{github-org}/{project}"
956
957     scm:
958       - lf-infra-github-scm:
959           url: "{git-clone-url}{github-org}/{project}"
960           refspec: ""
961           branch: "refs/heads/{branch}"
962           submodule-recursive: "{submodule-recursive}"
963           submodule-timeout: "{submodule-timeout}"
964           submodule-disable: "{submodule-disable}"
965           choosing-strategy: default
966           jenkins-ssh-credential: "{jenkins-ssh-credential}"
967
968     triggers:
969       - github
970       - pollscm:
971           cron: ""
972       - github-pull-request:
973           trigger-phrase: "^remerge$"
974           only-trigger-phrase: true
975           status-context: "Maven Docker Merge"
976           permit-all: true
977           github-hooks: true
978           org-list:
979             - "{github-org}"
980           white-list: "{obj:github_pr_allowlist}"
981           admin-list: "{obj:github_pr_admin_list}"
982           white-list-target-branches:
983             - "{branch}"
984           included-regions: "{obj:github_included_regions}"
985
986 ###############
987 # Maven Stage #
988 ###############
989
990 - lf_maven_stage: &lf_maven_stage
991     name: lf-maven-stage
992
993     ######################
994     # Default parameters #
995     ######################
996
997     branch: master
998     build-days-to-keep: 30 # 30 days in case a release takes long to get approved.
999     build-timeout: 60
1000     cron: ""
1001     disable-job: false
1002     git-url: "$GIT_URL/$PROJECT"
1003     github-url: "https://github.com"
1004     java-version: openjdk11
1005     maven-versions-plugin: false
1006     version-properties-file: version.properties
1007     mvn-central: false
1008     mvn-global-settings: global-settings
1009     mvn-goals: clean deploy
1010     mvn-opts: ""
1011     mvn-params: ""
1012     mvn-version: mvn35
1013     ossrh-profile-id: ""
1014     mvn-pom: ""
1015     sbom-flags: ""
1016     sbom-path: "$WORKSPACE"
1017     sbom-generator: false
1018     sbom-generator-version: "v0.0.15"
1019     sign-artifacts: false
1020     sign-mode: serial
1021     stream: master
1022     submodule-recursive: true
1023     submodule-timeout: 10
1024     submodule-disable: false
1025
1026     gerrit_release_triggers:
1027       - comment-added-contains-event:
1028           comment-contains-value: '^Patch Set\s+\d+:\s+stage-(maven-)?release\s*$'
1029
1030     gerrit_trigger_file_paths:
1031       - compare-type: ANT
1032         pattern: "**"
1033
1034     # github_included_regions MUST match gerrit_trigger_file_paths
1035     github_included_regions:
1036       - ".*"
1037
1038     #####################
1039     # Job Configuration #
1040     #####################
1041
1042     disabled: "{disable-job}"
1043
1044     parameters:
1045       - lf-infra-parameters:
1046           project: "{project}"
1047           branch: "{branch}"
1048           stream: "{stream}"
1049       - lf-infra-maven-parameters:
1050           mvn-opts: "{mvn-opts}"
1051           mvn-params: "{mvn-params}"
1052           mvn-version: "{mvn-version}"
1053           staging-profile-id: "{staging-profile-id}"
1054       - bool:
1055           name: MAVEN_VERSIONS_PLUGIN
1056           default: "{maven-versions-plugin}"
1057           description: Use maven-versions-plugin to update pom versions.
1058       - string:
1059           name: ARCHIVE_ARTIFACTS
1060           default: "{archive-artifacts}"
1061           description: Artifacts to archive to the logs server.
1062       - string:
1063           name: STAGING_PROFILE_ID
1064           default: "{staging-profile-id}"
1065           description: Nexus staging profile ID.
1066       - string:
1067           name: SBOM_GENERATOR_VERSION
1068           default: "{sbom-generator-version}"
1069           description: SBOM generator version to download and run.
1070       - string:
1071           name: SBOM_PATH
1072           default: "{sbom-path}"
1073           description: path where SBOM needs to be executed.
1074
1075     builders:
1076       - lf-infra-pre-build
1077       - lf-jacoco-nojava-workaround
1078       - lf-maven-install:
1079           mvn-version: "{mvn-version}"
1080       - lf-update-java-alternatives:
1081           java-version: "{java-version}"
1082       - lf-provide-maven-settings:
1083           global-settings-file: "{mvn-global-settings}"
1084           settings-file: "{mvn-settings}"
1085       - lf-maven-versions-plugin:
1086           maven-versions-plugin: "{maven-versions-plugin}"
1087           version-properties-file: "{version-properties-file}"
1088           mvn-version: "{mvn-version}"
1089           mvn-pom: "{mvn-pom}"
1090           mvn-settings: "{mvn-settings}"
1091       - shell: !include-raw-escape: ../shell/maven-patch-release.sh
1092       - lf-maven-build:
1093           mvn-goals: "{mvn-goals}"
1094       # With SBOM Generator
1095       - conditional-step:
1096           condition-kind: boolean-expression
1097           condition-expression: "{sbom-generator}"
1098           steps:
1099             - shell: echo 'Running SBOM Generator'
1100             - lf-infra-maven-sbom-generator:
1101                 sbom-flags: "{sbom-flags}"
1102       - lf-sigul-sign-dir:
1103           sign-artifacts: "{sign-artifacts}"
1104           sign-dir: "$WORKSPACE/m2repo"
1105           sign-mode: "{sign-mode}"
1106       - lf-maven-stage:
1107           mvn-global-settings: "{mvn-global-settings}"
1108           mvn-settings: "{mvn-settings}"
1109           mvn-staging-id: "{mvn-staging-id}"
1110       - lf-maven-central:
1111           mvn-central: "{mvn-central}"
1112           mvn-global-settings: "{mvn-global-settings}"
1113           mvn-settings: "{mvn-settings}"
1114           ossrh-profile-id: "{ossrh-profile-id}"
1115       - lf-provide-maven-settings-cleanup
1116
1117 - job-template:
1118     name: "{project-name}-maven-stage-{stream}"
1119     id: gerrit-maven-stage
1120     <<: *lf_maven_common
1121     # yamllint disable-line rule:key-duplicates
1122     <<: *lf_maven_stage
1123
1124     scm:
1125       - lf-infra-gerrit-scm:
1126           jenkins-ssh-credential: "{jenkins-ssh-credential}"
1127           git-url: "{git-url}"
1128           refspec: "$GERRIT_REFSPEC"
1129           branch: "$GERRIT_BRANCH"
1130           submodule-recursive: "{submodule-recursive}"
1131           submodule-timeout: "{submodule-timeout}"
1132           submodule-disable: "{submodule-disable}"
1133           choosing-strategy: default
1134
1135     triggers:
1136       - timed: "{obj:cron}"
1137       - gerrit:
1138           server-name: "{gerrit-server-name}"
1139           trigger-on: "{obj:gerrit_release_triggers}"
1140           projects:
1141             - project-compare-type: ANT
1142               project-pattern: "{project}"
1143               branches:
1144                 - branch-compare-type: ANT
1145                   branch-pattern: "**/{branch}"
1146               file-paths: "{obj:gerrit_trigger_file_paths}"
1147
1148 - job-template:
1149     name: "{project-name}-maven-stage-{stream}"
1150     id: github-maven-stage
1151     <<: *lf_maven_common
1152     # yamllint disable-line rule:key-duplicates
1153     <<: *lf_maven_stage
1154
1155     properties:
1156       - lf-infra-properties:
1157           build-days-to-keep: "{build-days-to-keep}"
1158       - github:
1159           url: "{github-url}/{github-org}/{project}"
1160
1161     scm:
1162       - lf-infra-github-scm:
1163           url: "{git-clone-url}{github-org}/{project}"
1164           refspec: "+refs/pull/*:refs/remotes/origin/pr/*"
1165           branch: "{branch}"
1166           submodule-recursive: "{submodule-recursive}"
1167           submodule-timeout: "{submodule-timeout}"
1168           submodule-disable: "{submodule-disable}"
1169           choosing-strategy: default
1170           jenkins-ssh-credential: "{jenkins-ssh-credential}"
1171
1172     triggers:
1173       - timed: "{obj:cron}"
1174       - github-pull-request:
1175           trigger-phrase: "^stage-(maven-)?release$"
1176           only-trigger-phrase: true
1177           status-context: "Maven Release"
1178           permit-all: true
1179           github-hooks: true
1180           white-list-target-branches:
1181             - "{branch}"
1182           included-regions: "{obj:github_included_regions}"
1183
1184 ##########################
1185 # Maven Stage for Docker #
1186 ##########################
1187
1188 - lf_maven_docker_stage: &lf_maven_docker_stage
1189     name: lf-maven-docker-stage
1190
1191     builders:
1192       - lf-infra-pre-build
1193       - lf-jacoco-nojava-workaround
1194       - lf-maven-install:
1195           mvn-version: "{mvn-version}"
1196       - lf-update-java-alternatives:
1197           java-version: "{java-version}"
1198       - lf-infra-docker-login:
1199           global-settings-file: "{mvn-global-settings}"
1200           settings-file: "{mvn-settings}"
1201       # must provide maven settings AFTER docker-login due to its cleanup
1202       - lf-provide-maven-settings:
1203           global-settings-file: "{mvn-global-settings}"
1204           settings-file: "{mvn-settings}"
1205       - lf-maven-versions-plugin:
1206           maven-versions-plugin: "{maven-versions-plugin}"
1207           version-properties-file: "{version-properties-file}"
1208           mvn-version: "{mvn-version}"
1209           mvn-pom: "{mvn-pom}"
1210           mvn-settings: "{mvn-settings}"
1211       - shell: !include-raw-escape: ../shell/maven-patch-release.sh
1212       - inject:
1213           properties-content: |
1214             CONTAINER_PULL_REGISTRY={container-public-registry}
1215             CONTAINER_PUSH_REGISTRY={container-staging-registry}
1216       - lf-maven-build:
1217           mvn-goals: "{mvn-goals}"
1218       - lf-sigul-sign-dir:
1219           sign-artifacts: "{sign-artifacts}"
1220           sign-dir: "$WORKSPACE/m2repo"
1221           sign-mode: "{sign-mode}"
1222       # NO lf-maven-stage
1223       # NO lf-maven-central
1224       - lf-provide-maven-settings-cleanup
1225
1226     gerrit_release_docker_triggers:
1227       - comment-added-contains-event:
1228           comment-contains-value: '^Patch Set\s+\d+:\s+stage-(docker-)?release\s*$'
1229
1230 - job-template:
1231     name: "{project-name}-maven-docker-stage-{stream}"
1232     id: gerrit-maven-docker-stage
1233     <<: *lf_maven_common
1234     # yamllint disable-line rule:key-duplicates
1235     <<: *lf_maven_stage
1236     # yamllint disable-line rule:key-duplicates
1237     <<: *lf_maven_docker_stage
1238
1239     scm:
1240       - lf-infra-gerrit-scm:
1241           jenkins-ssh-credential: "{jenkins-ssh-credential}"
1242           git-url: "{git-url}"
1243           refspec: "$GERRIT_REFSPEC"
1244           branch: "$GERRIT_BRANCH"
1245           submodule-recursive: "{submodule-recursive}"
1246           submodule-timeout: "{submodule-timeout}"
1247           submodule-disable: "{submodule-disable}"
1248           choosing-strategy: default
1249
1250     triggers:
1251       - timed: "{obj:cron}"
1252       - gerrit:
1253           server-name: "{gerrit-server-name}"
1254           trigger-on: "{obj:gerrit_release_docker_triggers}"
1255           projects:
1256             - project-compare-type: ANT
1257               project-pattern: "{project}"
1258               branches:
1259                 - branch-compare-type: ANT
1260                   branch-pattern: "**/{branch}"
1261               file-paths: "{obj:gerrit_trigger_file_paths}"
1262
1263 - job-template:
1264     name: "{project-name}-maven-docker-stage-{stream}"
1265     id: github-maven-docker-stage
1266     <<: *lf_maven_common
1267     # yamllint disable-line rule:key-duplicates
1268     <<: *lf_maven_stage
1269     # yamllint disable-line rule:key-duplicates
1270     <<: *lf_maven_docker_stage
1271
1272     properties:
1273       - lf-infra-properties:
1274           build-days-to-keep: "{build-days-to-keep}"
1275       - github:
1276           url: "{github-url}/{github-org}/{project}"
1277
1278     scm:
1279       - lf-infra-github-scm:
1280           url: "{git-clone-url}{github-org}/{project}"
1281           refspec: "+refs/pull/*:refs/remotes/origin/pr/*"
1282           branch: "{branch}"
1283           submodule-recursive: "{submodule-recursive}"
1284           submodule-timeout: "{submodule-timeout}"
1285           submodule-disable: "{submodule-disable}"
1286           choosing-strategy: default
1287           jenkins-ssh-credential: "{jenkins-ssh-credential}"
1288
1289     triggers:
1290       - timed: "{obj:cron}"
1291       - github-pull-request:
1292           trigger-phrase: "^stage-(docker-)?release$"
1293           only-trigger-phrase: true
1294           status-context: "Maven Release"
1295           permit-all: true
1296           github-hooks: true
1297           white-list-target-branches:
1298             - "{branch}"
1299           included-regions: "{obj:github_included_regions}"
1300
1301 ###############
1302 # Maven Sonar #
1303 ###############
1304
1305 - lf_maven_sonar: &lf_maven_sonar
1306     name: lf-maven-sonar
1307
1308     ######################
1309     # Default parameters #
1310     ######################
1311
1312     branch: master # Sonar should always be run on master branch
1313     build-days-to-keep: 7
1314     build-timeout: 60
1315     cron: "H H * * 6" # run weekly
1316     disable-job: false
1317     git-url: "$GIT_URL/$PROJECT"
1318     github-url: "https://github.com"
1319     java-version: openjdk11
1320     java-opts: ""
1321     mvn-global-settings: global-settings
1322     mvn-goals: clean install
1323     mvn-opts: ""
1324     mvn-params: ""
1325     mvn-version: mvn35
1326     sonar-mvn-goal: "sonar:sonar"
1327     sonarcloud: false
1328     sonarcloud-project-key: ""
1329     sonarcloud-project-organization: ""
1330     sonarcloud-api-token-cred-id: sonarcloud-api-token
1331     sonarcloud-qualitygate-wait: false
1332     # SonarCloud scan using jdk8 will become deprecated by Oct, 2020
1333     # Projects not compatible with jdk11 can set java-version to something else
1334     sonarcloud-java-version: openjdk11
1335     stream: master
1336     submodule-recursive: true
1337     submodule-timeout: 10
1338     submodule-disable: false
1339     scan-dev-branch: false
1340
1341     gerrit_sonar_triggers:
1342       - comment-added-contains-event:
1343           comment-contains-value: '^Patch Set\s+\d+:\s+run-sonar\s*$'
1344
1345     #####################
1346     # Job Configuration #
1347     #####################
1348
1349     disabled: "{disable-job}"
1350
1351     parameters:
1352       - lf-infra-parameters:
1353           project: "{project}"
1354           branch: "{branch}"
1355           stream: "{stream}"
1356       - lf-infra-maven-parameters:
1357           mvn-opts: "{mvn-opts}"
1358           mvn-params: "{mvn-params}"
1359           mvn-version: "{mvn-version}"
1360       - string:
1361           name: ARCHIVE_ARTIFACTS
1362           default: "{archive-artifacts}"
1363           description: Artifacts to archive to the logs server.
1364       - string:
1365           name: JAVA_OPTS
1366           default: "{java-opts}"
1367           description: |
1368             Java options. Example: -Xmx1024m
1369       - string:
1370           name: SONAR_MAVEN_GOAL
1371           default: "{sonar-mvn-goal}"
1372           description: |
1373             Maven goals to pass to the Sonar call. Typically sonar:sonar
1374             however to use a specific version of the sonar-maven-plugin we
1375             can call "org.codehaus.mojo:sonar-maven-plugin:3.3.0.603:sonar".
1376
1377     wrappers:
1378       - credentials-binding:
1379           - text:
1380               credential-id: '{sonarcloud-api-token-cred-id}'
1381               variable: API_TOKEN
1382
1383     triggers:
1384       - timed: "{obj:cron}"
1385       - gerrit:
1386           server-name: "{gerrit-server-name}"
1387           trigger-on: "{obj:gerrit_sonar_triggers}"
1388           projects:
1389             - project-compare-type: "ANT"
1390               project-pattern: "{project}"
1391               branches:
1392                 - branch-compare-type: "ANT"
1393                   branch-pattern: "**/master"
1394           skip-vote:
1395             successful: true
1396             failed: true
1397             unstable: true
1398             notbuilt: true
1399
1400     publishers:
1401       - lf-jacoco-report
1402       - findbugs
1403       - lf-infra-publish
1404
1405 - mvn_sonar_builders: &mvn_sonar_builders
1406     name: mvn-sonar-builders
1407     builders:
1408       - lf-infra-pre-build
1409       # With SonarCloud
1410       - conditional-step:
1411           condition-kind: boolean-expression
1412           condition-expression: "{sonarcloud}"
1413           steps:
1414             - shell: echo 'Using SonarCloud'
1415             - lf-infra-maven-sonarcloud:
1416                 java-version: "{java-version}"
1417                 mvn-goals: "{mvn-goals}"
1418                 mvn-settings: "{mvn-settings}"
1419                 mvn-version: "{mvn-version}"
1420                 sonarcloud-project-key: "{sonarcloud-project-key}"
1421                 sonarcloud-project-organization: "{sonarcloud-project-organization}"
1422                 sonarcloud-java-version: "{sonarcloud-java-version}"
1423                 sonarcloud-qualitygate-wait: "{sonarcloud-qualitygate-wait}"
1424                 scan-dev-branch: "{scan-dev-branch}"
1425       # With SonarQube
1426       - conditional-step:
1427           condition-kind: not
1428           condition-operand:
1429             condition-kind: boolean-expression
1430             condition-expression: "{sonarcloud}"
1431           steps:
1432             - shell: echo 'Using SonarQube'
1433             - lf-infra-maven-sonar:
1434                 java-version: "{java-version}"
1435                 mvn-goals: "{mvn-goals}"
1436                 mvn-settings: "{mvn-settings}"
1437                 mvn-version: "{mvn-version}"
1438
1439 - mvn_sonar_builders_prescan_script: &mvn_sonar_builders_prescan_script
1440     name: mvn-sonar-builders-prescan-script
1441     builders:
1442       - shell: "{sonar-prescan-script}"
1443       - lf-infra-pre-build
1444       # With SonarCloud
1445       - conditional-step:
1446           condition-kind: boolean-expression
1447           condition-expression: "{sonarcloud}"
1448           steps:
1449             - shell: echo 'Using SonarCloud'
1450             - lf-infra-maven-sonarcloud:
1451                 java-version: "{java-version}"
1452                 mvn-goals: "{mvn-goals}"
1453                 mvn-settings: "{mvn-settings}"
1454                 mvn-version: "{mvn-version}"
1455                 sonarcloud-project-key: "{sonarcloud-project-key}"
1456                 sonarcloud-project-organization: "{sonarcloud-project-organization}"
1457                 sonarcloud-java-version: "{sonarcloud-java-version}"
1458                 sonarcloud-qualitygate-wait: "{sonarcloud-qualitygate-wait}"
1459                 scan-dev-branch: "{scan-dev-branch}"
1460       # With SonarQube
1461       - conditional-step:
1462           condition-kind: not
1463           condition-operand:
1464             condition-kind: boolean-expression
1465             condition-expression: "{sonarcloud}"
1466           steps:
1467             - shell: echo 'Using SonarQube'
1468             - lf-infra-maven-sonar:
1469                 java-version: "{java-version}"
1470                 mvn-goals: "{mvn-goals}"
1471                 mvn-settings: "{mvn-settings}"
1472                 mvn-version: "{mvn-version}"
1473
1474 - builder:
1475     name: lf-infra-maven-sbom-generator
1476     # Run Maven goals and trigger SPDX SBOM Generator tool
1477     builders:
1478       - inject:
1479           properties-content: |
1480             SBOM_FLAGS={sbom-flags}
1481       - shell: !include-raw-escape:
1482           - ../shell/sbom-generator.sh
1483
1484 - builder:
1485     name: lf-infra-maven-sonar
1486     # Run a Sonar build with Maven
1487     builders:
1488       - lf-maven-install:
1489           mvn-version: "{mvn-version}"
1490       - lf-update-java-alternatives:
1491           java-version: "{java-version}"
1492       - inject:
1493           # Switch this to the sonar wrapper when JJB 2.0 is available
1494           properties-content: |
1495             SONAR_HOST_URL=$SONAR_URL
1496             MAVEN_GOALS={mvn-goals}
1497       - lf-provide-maven-settings:
1498           global-settings-file: global-settings
1499           settings-file: "{mvn-settings}"
1500       - shell: !include-raw-escape:
1501           - ../shell/common-variables.sh
1502           - ../shell/maven-sonar.sh
1503       - lf-provide-maven-settings-cleanup
1504
1505 - builder:
1506     name: lf-infra-maven-sonarcloud
1507     # Run a Sonar build with Maven
1508     builders:
1509       - lf-maven-install:
1510           mvn-version: "{mvn-version}"
1511       - lf-update-java-alternatives:
1512           java-version: "{java-version}"
1513       - inject:
1514           # Switch this to the sonar wrapper when JJB 2.0 is available
1515           properties-content: |
1516             SONAR_HOST_URL=https://sonarcloud.io
1517             PROJECT_KEY={sonarcloud-project-key}
1518             PROJECT_ORGANIZATION={sonarcloud-project-organization}
1519             MAVEN_GOALS={mvn-goals}
1520             SONARCLOUD_JAVA_VERSION={sonarcloud-java-version}
1521             SCAN_DEV_BRANCH={scan-dev-branch}
1522             SONARCLOUD_QUALITYGATE_WAIT={sonarcloud-qualitygate-wait}
1523       - lf-provide-maven-settings:
1524           global-settings-file: global-settings
1525           settings-file: "{mvn-settings}"
1526       - shell: !include-raw-escape:
1527           - ../shell/common-variables.sh
1528           - ../shell/maven-sonar.sh
1529       - lf-provide-maven-settings-cleanup
1530
1531 - job-template:
1532     name: "{project-name}-sonar"
1533     id: gerrit-maven-sonar
1534     <<: *lf_maven_common
1535     # yamllint disable-line rule:key-duplicates
1536     <<: *lf_maven_sonar
1537     <<: *mvn_sonar_builders
1538
1539     scm:
1540       - lf-infra-gerrit-scm:
1541           jenkins-ssh-credential: "{jenkins-ssh-credential}"
1542           git-url: "{git-url}"
1543           refspec: $GERRIT_REFSPEC
1544           branch: $GERRIT_BRANCH
1545           submodule-recursive: "{submodule-recursive}"
1546           submodule-timeout: "{submodule-timeout}"
1547           submodule-disable: "{submodule-disable}"
1548           choosing-strategy: default
1549
1550 - job-template:
1551     name: "{project-name}-sonar-verify"
1552     id: gerrit-maven-sonar-verify
1553     <<: *lf_maven_common
1554     # yamllint disable-line rule:key-duplicates
1555     <<: *lf_maven_sonar
1556     <<: *mvn_sonar_builders
1557
1558     sonarcloud: true
1559     scan-dev-branch: true
1560     sonarcloud-qualitygate-wait: false
1561
1562     gerrit_sonar_triggers:
1563       - patchset-created-event:
1564           exclude-drafts: true
1565           exclude-trivial-rebase: false
1566           exclude-no-code-change: false
1567       - draft-published-event
1568       - comment-added-contains-event:
1569           comment-contains-value: '^Patch Set\s+\d+:\s+(recheck|reverify)\s*$'
1570
1571     gerrit_trigger_file_paths:
1572       - compare-type: REG_EXP
1573         pattern: ".*"
1574
1575     triggers:
1576       - gerrit:
1577           server-name: "{gerrit-server-name}"
1578           trigger-on: "{obj:gerrit_sonar_triggers}"
1579           projects:
1580             - project-compare-type: "ANT"
1581               project-pattern: "{project}"
1582               branches:
1583                 - branch-compare-type: "ANT"
1584                   branch-pattern: "**/{branch}"
1585               file-paths: "{obj:gerrit_trigger_file_paths}"
1586
1587     scm:
1588       - lf-infra-gerrit-scm:
1589           jenkins-ssh-credential: "{jenkins-ssh-credential}"
1590           git-url: "{git-url}"
1591           refspec: $GERRIT_REFSPEC
1592           branch: $GERRIT_BRANCH
1593           submodule-recursive: "{submodule-recursive}"
1594           submodule-timeout: "{submodule-timeout}"
1595           submodule-disable: "{submodule-disable}"
1596           choosing-strategy: gerrit
1597
1598 - job-template:
1599     name: "{project-name}-sonar-prescan-script"
1600     id: gerrit-maven-sonar-prescan-script
1601     <<: *lf_maven_common
1602     # yamllint disable-line rule:key-duplicates
1603     <<: *lf_maven_sonar
1604     <<: *mvn_sonar_builders_prescan_script
1605
1606     scm:
1607       - lf-infra-gerrit-scm:
1608           jenkins-ssh-credential: "{jenkins-ssh-credential}"
1609           git-url: "{git-url}"
1610           refspec: $GERRIT_REFSPEC
1611           branch: $GERRIT_BRANCH
1612           submodule-recursive: "{submodule-recursive}"
1613           submodule-timeout: "{submodule-timeout}"
1614           submodule-disable: "{submodule-disable}"
1615           choosing-strategy: default
1616
1617 - job-template:
1618     name: "{project-name}-sonar"
1619     id: github-maven-sonar
1620     <<: *lf_maven_common
1621     # yamllint disable-line rule:key-duplicates
1622     <<: *lf_maven_sonar
1623
1624     properties:
1625       - lf-infra-properties:
1626           build-days-to-keep: "{build-days-to-keep}"
1627       - github:
1628           url: "{github-url}/{github-org}/{project}"
1629
1630     scm:
1631       - lf-infra-github-scm:
1632           url: "{git-clone-url}{github-org}/{project}"
1633           refspec: "+refs/pull/*:refs/remotes/origin/pr/*"
1634           branch: "$sha1"
1635           submodule-recursive: "{submodule-recursive}"
1636           submodule-timeout: "{submodule-timeout}"
1637           submodule-disable: "{submodule-disable}"
1638           choosing-strategy: default
1639           jenkins-ssh-credential: "{jenkins-ssh-credential}"
1640
1641     triggers:
1642       - timed: "{obj:cron}"
1643       - github-pull-request:
1644           trigger-phrase: "^run-sonar$"
1645           only-trigger-phrase: true
1646           status-context: "Maven Sonar"
1647           permit-all: true
1648           github-hooks: true
1649           org-list:
1650             - "{github-org}"
1651           white-list: "{obj:github_pr_allowlist}"
1652           admin-list: "{obj:github_pr_admin_list}"
1653           white-list-target-branches:
1654             - "{branch}"
1655
1656 - job-template:
1657     name: "{project-name}-sonar-prescan-script"
1658     id: github-maven-sonar-prescan-script
1659     <<: *lf_maven_common
1660     # yamllint disable-line rule:key-duplicates
1661     <<: *lf_maven_sonar
1662     <<: *mvn_sonar_builders_prescan_script
1663
1664     properties:
1665       - lf-infra-properties:
1666           build-days-to-keep: "{build-days-to-keep}"
1667       - github:
1668           url: "{github-url}/{github-org}/{project}"
1669
1670     scm:
1671       - lf-infra-github-scm:
1672           url: "{git-clone-url}{github-org}/{project}"
1673           refspec: "+refs/pull/*:refs/remotes/origin/pr/*"
1674           branch: "$sha1"
1675           submodule-recursive: "{submodule-recursive}"
1676           submodule-timeout: "{submodule-timeout}"
1677           submodule-disable: "{submodule-disable}"
1678           choosing-strategy: default
1679           jenkins-ssh-credential: "{jenkins-ssh-credential}"
1680
1681     triggers:
1682       - timed: "{obj:cron}"
1683       - github-pull-request:
1684           trigger-phrase: "^run-sonar$"
1685           only-trigger-phrase: true
1686           status-context: "Maven Sonar"
1687           permit-all: true
1688           github-hooks: true
1689           org-list:
1690             - "{github-org}"
1691           white-list: "{obj:github_pr_allowlist}"
1692           admin-list: "{obj:github_pr_admin_list}"
1693           white-list-target-branches:
1694             - "{branch}"
1695
1696 ################
1697 # Maven Verify #
1698 ################
1699
1700 - lf_maven_verify: &lf_maven_verify
1701     name: lf-maven-verify
1702
1703     ######################
1704     # Default parameters #
1705     ######################
1706
1707     branch: master
1708     build-days-to-keep: 7
1709     build-timeout: 60
1710     disable-job: false
1711     git-url: "$GIT_URL/$PROJECT"
1712     github-url: "https://github.com"
1713     java-version: openjdk11
1714     mvn-global-settings: global-settings
1715     mvn-goals: clean deploy
1716     mvn-opts: ""
1717     mvn-params: "-Dstream=$STREAM -Dmaven.source.skip=true"
1718     mvn-version: mvn35
1719     pre-build-script: "# pre-build script goes here"
1720     post-build-script: "# post-build script goes here"
1721     stream: master
1722     submodule-recursive: true
1723     submodule-timeout: 10
1724     submodule-disable: false
1725
1726     gerrit_verify_triggers:
1727       - patchset-created-event:
1728           exclude-drafts: true
1729           exclude-trivial-rebase: false
1730           exclude-no-code-change: false
1731       - draft-published-event
1732       - comment-added-contains-event:
1733           comment-contains-value: '^Patch Set\s+\d+:\s+(recheck|reverify)\s*$'
1734
1735     gerrit_trigger_file_paths:
1736       - compare-type: REG_EXP
1737         pattern: ".*"
1738
1739     # github_included_regions MUST match gerrit_trigger_file_paths
1740     github_included_regions:
1741       - ".*"
1742
1743     #####################
1744     # Job Configuration #
1745     #####################
1746
1747     concurrent: true
1748     disabled: "{disable-job}"
1749
1750     builders:
1751       - lf-infra-pre-build
1752       - lf-jacoco-nojava-workaround
1753       - lf-maven-install:
1754           mvn-version: "{mvn-version}"
1755       - lf-update-java-alternatives:
1756           java-version: "{java-version}"
1757       - lf-provide-maven-settings:
1758           global-settings-file: "{mvn-global-settings}"
1759           settings-file: "{mvn-settings}"
1760       - shell: "{pre-build-script}"
1761       - lf-maven-build:
1762           mvn-goals: "{mvn-goals}"
1763       - shell: "{post-build-script}"
1764       - lf-provide-maven-settings-cleanup
1765
1766     publishers:
1767       - findbugs
1768       - lf-jacoco-report
1769       - lf-infra-publish
1770
1771 - job-template:
1772     name: "{project-name}-maven-verify-{stream}-{mvn-version}-{java-version}"
1773     id: gerrit-maven-verify
1774     <<: *lf_maven_common
1775     # yamllint disable-line rule:key-duplicates
1776     <<: *lf_maven_verify
1777
1778     scm:
1779       - lf-infra-gerrit-scm:
1780           jenkins-ssh-credential: "{jenkins-ssh-credential}"
1781           git-url: "{git-url}"
1782           refspec: "$GERRIT_REFSPEC"
1783           branch: "$GERRIT_BRANCH"
1784           submodule-recursive: "{submodule-recursive}"
1785           submodule-timeout: "{submodule-timeout}"
1786           submodule-disable: "{submodule-disable}"
1787           choosing-strategy: gerrit
1788
1789     triggers:
1790       - gerrit:
1791           server-name: "{gerrit-server-name}"
1792           trigger-on: "{obj:gerrit_verify_triggers}"
1793           projects:
1794             - project-compare-type: ANT
1795               project-pattern: "{project}"
1796               branches:
1797                 - branch-compare-type: ANT
1798                   branch-pattern: "**/{branch}"
1799               file-paths: "{obj:gerrit_trigger_file_paths}"
1800
1801 - job-template:
1802     name: "{project-name}-maven-verify-{stream}-{mvn-version}-{java-version}"
1803     id: github-maven-verify
1804     <<: *lf_maven_common
1805     # yamllint disable-line rule:key-duplicates
1806     <<: *lf_maven_verify
1807
1808     properties:
1809       - lf-infra-properties:
1810           build-days-to-keep: "{build-days-to-keep}"
1811       - github:
1812           url: "{github-url}/{github-org}/{project}"
1813
1814     scm:
1815       - lf-infra-github-scm:
1816           url: "{git-clone-url}{github-org}/{project}"
1817           refspec: "+refs/pull/*:refs/remotes/origin/pr/*"
1818           branch: "$sha1"
1819           submodule-recursive: "{submodule-recursive}"
1820           submodule-timeout: "{submodule-timeout}"
1821           submodule-disable: "{submodule-disable}"
1822           choosing-strategy: default
1823           jenkins-ssh-credential: "{jenkins-ssh-credential}"
1824
1825     triggers:
1826       - github-pull-request:
1827           trigger-phrase: "^(recheck|reverify)$"
1828           only-trigger-phrase: false
1829           status-context: "Maven Verify {mvn-version}-{java-version}"
1830           permit-all: true
1831           github-hooks: true
1832           white-list-target-branches:
1833             - "{branch}"
1834           included-regions: "{obj:github_included_regions}"
1835
1836 ###########################
1837 # Maven Verify for Docker #
1838 ###########################
1839
1840 - lf_maven_docker_verify: &lf_maven_docker_verify
1841     name: lf-maven-docker-verify
1842
1843     # image push not allowed during verification
1844     mvn-goals: clean install
1845
1846     builders:
1847       - lf-infra-pre-build
1848       - lf-jacoco-nojava-workaround
1849       - lf-maven-install:
1850           mvn-version: "{mvn-version}"
1851       - lf-update-java-alternatives:
1852           java-version: "{java-version}"
1853       - lf-infra-docker-login:
1854           global-settings-file: "{mvn-global-settings}"
1855           settings-file: "{mvn-settings}"
1856       # must provide maven settings AFTER docker due to its cleanup
1857       - lf-provide-maven-settings:
1858           global-settings-file: "{mvn-global-settings}"
1859           settings-file: "{mvn-settings}"
1860       - inject:
1861           properties-content: |
1862             CONTAINER_PULL_REGISTRY={container-public-registry}
1863       - lf-maven-build:
1864           mvn-goals: "{mvn-goals}"
1865       - lf-provide-maven-settings-cleanup
1866
1867 - job-template:
1868     name: "{project-name}-maven-docker-verify-{stream}-{mvn-version}-{java-version}"
1869     id: gerrit-maven-docker-verify
1870     <<: *lf_maven_common
1871     # yamllint disable-line rule:key-duplicates
1872     <<: *lf_maven_verify
1873     # yamllint disable-line rule:key-duplicates
1874     <<: *lf_maven_docker_verify
1875
1876     scm:
1877       - lf-infra-gerrit-scm:
1878           jenkins-ssh-credential: "{jenkins-ssh-credential}"
1879           git-url: "{git-url}"
1880           refspec: "$GERRIT_REFSPEC"
1881           branch: "$GERRIT_BRANCH"
1882           submodule-recursive: "{submodule-recursive}"
1883           submodule-timeout: "{submodule-timeout}"
1884           submodule-disable: "{submodule-disable}"
1885           choosing-strategy: gerrit
1886
1887     triggers:
1888       - gerrit:
1889           server-name: "{gerrit-server-name}"
1890           trigger-on: "{obj:gerrit_verify_triggers}"
1891           projects:
1892             - project-compare-type: ANT
1893               project-pattern: "{project}"
1894               branches:
1895                 - branch-compare-type: ANT
1896                   branch-pattern: "**/{branch}"
1897               file-paths: "{obj:gerrit_trigger_file_paths}"
1898
1899 - job-template:
1900     name: "{project-name}-maven-docker-verify-{stream}-{mvn-version}-{java-version}"
1901     id: github-maven-docker-verify
1902     <<: *lf_maven_common
1903     # yamllint disable-line rule:key-duplicates
1904     <<: *lf_maven_verify
1905     # yamllint disable-line rule:key-duplicates
1906     <<: *lf_maven_docker_verify
1907
1908     properties:
1909       - lf-infra-properties:
1910           build-days-to-keep: "{build-days-to-keep}"
1911       - github:
1912           url: "{github-url}/{github-org}/{project}"
1913
1914     scm:
1915       - lf-infra-github-scm:
1916           url: "{git-clone-url}{github-org}/{project}"
1917           refspec: "+refs/pull/*:refs/remotes/origin/pr/*"
1918           branch: "$sha1"
1919           submodule-recursive: "{submodule-recursive}"
1920           submodule-timeout: "{submodule-timeout}"
1921           submodule-disable: "{submodule-disable}"
1922           choosing-strategy: default
1923           jenkins-ssh-credential: "{jenkins-ssh-credential}"
1924
1925     triggers:
1926       - github-pull-request:
1927           trigger-phrase: "^(recheck|reverify)$"
1928           only-trigger-phrase: false
1929           status-context: "Maven Docker Verify {mvn-version}-{java-version}"
1930           permit-all: true
1931           github-hooks: true
1932           white-list-target-branches:
1933             - "{branch}"
1934           included-regions: "{obj:github_included_regions}"
1935
1936 #############################
1937 # Maven Verify Dependencies #
1938 #############################
1939
1940 - lf_maven_verify_dependencies: &lf_maven_verify_dependencies
1941     name: lf-maven-verify-dependencies
1942
1943     ######################
1944     # Default parameters #
1945     ######################
1946
1947     branch: master
1948     build-days-to-keep: 7
1949     build-timeout: 60
1950     disable-job: false
1951     git-url: "$GIT_URL/$PROJECT"
1952     github-url: "https://github.com"
1953     java-version: openjdk11
1954     mvn-global-settings: global-settings
1955     mvn-goals: clean deploy
1956     mvn-opts: ""
1957     mvn-params: "-Dstream=$STREAM"
1958     mvn-version: mvn35
1959     stream: master
1960     submodule-recursive: true
1961     submodule-timeout: 10
1962     submodule-disable: false
1963
1964     gerrit_verify_triggers:
1965       - comment-added-contains-event:
1966           comment-contains-value: "recheck: [0-9 ]+"
1967     gerrit_trigger_file_paths:
1968       - compare-type: ANT
1969         pattern: "**"
1970
1971     #####################
1972     # Job Configuration #
1973     #####################
1974
1975     concurrent: true
1976     disabled: "{disable-job}"
1977
1978     builders:
1979       - lf-infra-pre-build
1980       - lf-jacoco-nojava-workaround
1981       - lf-maven-install:
1982           mvn-version: "{mvn-version}"
1983       - lf-update-java-alternatives:
1984           java-version: "{java-version}"
1985       - lf-provide-maven-settings:
1986           global-settings-file: "{mvn-global-settings}"
1987           settings-file: "{mvn-settings}"
1988       - lf-fetch-dependent-patches
1989       - shell: !include-raw-escape:
1990           - ../shell/common-variables.sh
1991           - ../shell/maven-build-deps.sh
1992       - lf-maven-build:
1993           mvn-goals: "{mvn-goals}"
1994       - lf-provide-maven-settings-cleanup
1995
1996     publishers:
1997       - findbugs
1998       - lf-jacoco-report
1999       - lf-infra-publish
2000
2001 - job-template:
2002     name: "{project-name}-maven-verify-deps-{stream}-{mvn-version}-{java-version}"
2003     id: gerrit-maven-verify-dependencies
2004     <<: *lf_maven_common
2005     # yamllint disable-line rule:key-duplicates
2006     <<: *lf_maven_verify_dependencies
2007
2008     scm:
2009       - lf-infra-gerrit-scm:
2010           jenkins-ssh-credential: "{jenkins-ssh-credential}"
2011           git-url: "{git-url}"
2012           refspec: "$GERRIT_REFSPEC"
2013           branch: "$GERRIT_BRANCH"
2014           submodule-recursive: "{submodule-recursive}"
2015           submodule-timeout: "{submodule-timeout}"
2016           submodule-disable: "{submodule-disable}"
2017           choosing-strategy: gerrit
2018
2019     triggers:
2020       - gerrit:
2021           server-name: "{gerrit-server-name}"
2022           trigger-on: "{obj:gerrit_verify_triggers}"
2023           projects:
2024             - project-compare-type: ANT
2025               project-pattern: "{project}"
2026               branches:
2027                 - branch-compare-type: ANT
2028                   branch-pattern: "**/{branch}"
2029               file-paths: "{obj:gerrit_trigger_file_paths}"
2030           comment-text-parameter-mode: PLAIN