CONTAINER_TAG_METHOD={container-tag-method}
CONTAINER_TAG_YAML_DIR={container-tag-yaml-dir}
DOCKER_ROOT={docker-root}
- - shell: !include-raw-escape:
- - ../shell/docker-get-container-tag.sh
+ - shell: !include-raw-escape: "{docker-get-container-tag-script}"
- inject:
# Import the container tag set by this build step
- properties-file: 'env_docker_inject.txt'
+ properties-file: "env_docker_inject.txt"
- builder:
name: lf-docker-build
builders:
- inject:
properties-content: |
- CONTAINER_PUSH_REGISTRY={container-push-registry}
+ CONTAINER_PUSH_REGISTRY={container-push-registry}
- shell: !include-raw-escape:
- ../shell/docker-push.sh
# COMMON FUNCTIONS #
####################
-- lf_docker_common: &lf_docker_common
+- _lf_docker_common: &lf_docker_common
name: lf-docker-common
project-type: freestyle
- node: '{build-node}'
+ node: "{build-node}"
######################
# Default parameters #
submodule-disable: false
submodule-recursive: true
submodule-timeout: 10
- pre_docker_build_script: '# pre docker build script goes here'
- post_docker_build_script: '# post docker build script goes here'
- disable-job: 'false'
- docker-root: '$WORKSPACE'
- docker-build-args: ''
- git-url: '$GIT_URL/$PROJECT'
- container-tag-method: 'latest'
+ pre_docker_build_script: "# pre docker build script goes here"
+ post_docker_build_script: "# post docker build script goes here"
+ disable-job: "false"
+ docker-get-container-tag-script: "../shell/docker-get-container-tag.sh"
+ docker-root: "$WORKSPACE"
+ docker-build-args: ""
+ git-url: "$GIT_URL/$PROJECT"
+ container-tag-method: "latest"
# TODO: how to interpolate value of {docker-root} parameter?
- container-tag-yaml-dir: ''
+ container-tag-yaml-dir: ""
#####################
# Job Configuration #
#####################
- disabled: '{disable-job}'
+ disabled: "{disable-job}"
properties:
- lf-infra-properties:
- build-days-to-keep: '{build-days-to-keep}'
+ build-days-to-keep: "{build-days-to-keep}"
parameters:
- lf-infra-parameters:
- branch: '{branch}'
- project: '{project}'
- refspec: 'refs/heads/{branch}'
- stream: '{stream}'
+ branch: "{branch}"
+ project: "{project}"
+ refspec: "refs/heads/{branch}"
+ stream: "{stream}"
wrappers:
- lf-infra-wrappers:
- build-timeout: '{build-timeout}'
- jenkins-ssh-credential: '{jenkins-ssh-credential}'
+ build-timeout: "{build-timeout}"
+ jenkins-ssh-credential: "{jenkins-ssh-credential}"
publishers:
- lf-infra-publish
-- docker_verify_common: &docker_verify_common
+- _docker_verify_common: &docker_verify_common
name: docker-verify-common
concurrent: true
scm:
- lf-infra-gerrit-scm:
- jenkins-ssh-credential: '{jenkins-ssh-credential}'
- git-url: '{git-url}'
- refspec: '$GERRIT_REFSPEC'
- branch: '$GERRIT_BRANCH'
- submodule-disable: '{submodule-disable}'
- submodule-recursive: '{submodule-recursive}'
- submodule-timeout: '{submodule-timeout}'
+ jenkins-ssh-credential: "{jenkins-ssh-credential}"
+ git-url: "{git-url}"
+ refspec: "$GERRIT_REFSPEC"
+ branch: "$GERRIT_BRANCH"
+ submodule-disable: "{submodule-disable}"
+ submodule-recursive: "{submodule-recursive}"
+ submodule-timeout: "{submodule-timeout}"
choosing-strategy: gerrit
gerrit_verify_triggers:
exclude-no-code-change: false
- draft-published-event
- comment-added-contains-event:
- comment-contains-value: '^Patch Set[ ]+[0-9]+:([ ]+|[\n]+)(recheck|reverify)$'
+ comment-contains-value: '^Patch Set\s+\d+:\s+(recheck|reverify)\s*$'
gerrit_trigger_file_paths:
- compare-type: REG_EXP
- pattern: '.*'
+ pattern: ".*"
# github_included_regions MUST match gerrit_trigger_file_paths
github_included_regions:
- - '.*'
+ - ".*"
builders:
- lf-infra-pre-build
- lf-infra-docker-login:
- global-settings-file: 'global-settings'
- settings-file: '{mvn-settings}'
- - shell: '{pre_docker_build_script}'
+ global-settings-file: "global-settings"
+ settings-file: "{mvn-settings}"
+ - shell: "{pre_docker_build_script}"
- lf-docker-get-container-tag:
- container-tag-method: '{container-tag-method}'
- container-tag-yaml-dir: '{container-tag-yaml-dir}'
- docker-root: '{docker-root}'
+ container-tag-method: "{container-tag-method}"
+ container-tag-yaml-dir: "{container-tag-yaml-dir}"
+ docker-root: "{docker-root}"
+ docker-get-container-tag-script: "{docker-get-container-tag-script}"
- lf-docker-build:
- docker-build-args: '{docker-build-args}'
- docker-name: '{docker-name}'
- docker-root: '{docker-root}'
- container-public-registry: '{container-public-registry}'
- container-push-registry: '{container-push-registry}'
- - shell: '{post_docker_build_script}'
+ docker-build-args: "{docker-build-args}"
+ docker-name: "{docker-name}"
+ docker-root: "{docker-root}"
+ container-public-registry: "{container-public-registry}"
+ container-push-registry: "{container-push-registry}"
+ - shell: "{post_docker_build_script}"
- lf-provide-maven-settings-cleanup
-- docker_merge_common: &docker_merge_common
+- _docker_merge_common: &docker_merge_common
name: docker-merge-common
- cron: ''
+ cron: "@weekly" # check dependencies regularly
scm:
- lf-infra-gerrit-scm:
- jenkins-ssh-credential: '{jenkins-ssh-credential}'
- git-url: '{git-url}'
- refspec: '$GERRIT_REFSPEC'
- branch: '$GERRIT_BRANCH'
- submodule-disable: '{submodule-disable}'
- submodule-recursive: '{submodule-recursive}'
- submodule-timeout: '{submodule-timeout}'
- choosing-strategy: gerrit
+ jenkins-ssh-credential: "{jenkins-ssh-credential}"
+ git-url: "{git-url}"
+ refspec: "$GERRIT_REFSPEC"
+ branch: "$GERRIT_BRANCH"
+ submodule-disable: "{submodule-disable}"
+ submodule-recursive: "{submodule-recursive}"
+ submodule-timeout: "{submodule-timeout}"
+ choosing-strategy: default
gerrit_merge_triggers:
- change-merged-event
- comment-added-contains-event:
- comment-contains-value: remerge$
+ comment-contains-value: '^Patch Set\s+\d+:\s+remerge\s*$'
gerrit_trigger_file_paths:
- compare-type: REG_EXP
- pattern: '.*'
+ pattern: ".*"
# github_included_regions MUST match gerrit_trigger_file_paths
github_included_regions:
- - '.*'
+ - ".*"
builders:
- lf-infra-pre-build
- lf-infra-docker-login:
- global-settings-file: 'global-settings'
- settings-file: '{mvn-settings}'
- - shell: '{pre_docker_build_script}'
+ global-settings-file: "global-settings"
+ settings-file: "{mvn-settings}"
+ - shell: "{pre_docker_build_script}"
- lf-docker-get-container-tag:
- container-tag-method: '{container-tag-method}'
- container-tag-yaml-dir: '{container-tag-yaml-dir}'
- docker-root: '{docker-root}'
+ container-tag-method: "{container-tag-method}"
+ container-tag-yaml-dir: "{container-tag-yaml-dir}"
+ docker-root: "{docker-root}"
+ docker-get-container-tag-script: "{docker-get-container-tag-script}"
- lf-docker-build:
- docker-build-args: '{docker-build-args}'
- docker-name: '{docker-name}'
- docker-root: '{docker-root}'
- container-public-registry: '{container-public-registry}'
- container-push-registry: '{container-push-registry}'
- - shell: '{post_docker_build_script}'
+ docker-build-args: "{docker-build-args}"
+ docker-name: "{docker-name}"
+ docker-root: "{docker-root}"
+ container-public-registry: "{container-public-registry}"
+ container-push-registry: "{container-push-registry}"
+ - shell: "{post_docker_build_script}"
# Provided all steps have already passed, push the docker image
- lf-docker-push:
- container-push-registry: '{container-push-registry}'
+ container-push-registry: "{container-push-registry}"
- lf-provide-maven-settings-cleanup
#################
#################
- job-template:
- name: '{project-name}-docker-verify-{stream}'
+ name: "{project-name}-docker-verify-{stream}"
id: gerrit-docker-verify
# Job template for Docker verify jobs
#
triggers:
- gerrit:
- server-name: '{gerrit-server-name}'
- trigger-on: '{obj:gerrit_verify_triggers}'
+ server-name: "{gerrit-server-name}"
+ trigger-on: "{obj:gerrit_verify_triggers}"
projects:
- project-compare-type: ANT
- project-pattern: '{project}'
+ project-pattern: "{project}"
branches:
- branch-compare-type: ANT
- branch-pattern: '**/{branch}'
- file-paths: '{obj:gerrit_trigger_file_paths}'
+ branch-pattern: "**/{branch}"
+ file-paths: "{obj:gerrit_trigger_file_paths}"
- job-template:
- name: '{project-name}-docker-verify-{stream}'
+ name: "{project-name}-docker-verify-{stream}"
id: github-docker-verify
# Job template for Docker verify jobs
#
properties:
- lf-infra-properties:
- build-days-to-keep: '{build-days-to-keep}'
+ build-days-to-keep: "{build-days-to-keep}"
- github:
- url: '{github-url}/{github-org}/{project}'
+ url: "{github-url}/{github-org}/{project}"
scm:
- lf-infra-github-scm:
- url: '{git-clone-url}{github-org}/{project}'
- refspec: '+refs/pull/*:refs/remotes/origin/pr/*'
- branch: '$sha1'
- submodule-recursive: '{submodule-recursive}'
- submodule-timeout: '{submodule-timeout}'
- submodule-disable: '{submodule-disable}'
+ url: "{git-clone-url}{github-org}/{project}"
+ refspec: "+refs/pull/*:refs/remotes/origin/pr/*"
+ branch: "$sha1"
+ submodule-recursive: "{submodule-recursive}"
+ submodule-timeout: "{submodule-timeout}"
+ submodule-disable: "{submodule-disable}"
choosing-strategy: default
- jenkins-ssh-credential: '{jenkins-ssh-credential}'
+ jenkins-ssh-credential: "{jenkins-ssh-credential}"
triggers:
- github-pull-request:
- trigger-phrase: '^(recheck|reverify)$'
+ trigger-phrase: "^(recheck|reverify)$"
only-trigger-phrase: false
- status-context: 'Docker Verify'
+ status-context: "Docker Verify"
permit-all: true
github-hooks: true
white-list-target-branches:
- - '{branch}'
- included-regions: '{obj:github_included_regions}'
+ - "{branch}"
+ included-regions: "{obj:github_included_regions}"
################
# Docker Merge #
################
- job-template:
- name: '{project-name}-docker-merge-{stream}'
+ name: "{project-name}-docker-merge-{stream}"
id: gerrit-docker-merge
# Job template for Docker merge jobs
#
<<: *docker_merge_common
triggers:
- - timed: '{obj:cron}'
+ - timed: "{obj:cron}"
- gerrit:
- server-name: '{gerrit-server-name}'
- trigger-on: '{obj:gerrit_merge_triggers}'
+ server-name: "{gerrit-server-name}"
+ trigger-on: "{obj:gerrit_merge_triggers}"
projects:
- project-compare-type: ANT
- project-pattern: '{project}'
+ project-pattern: "{project}"
branches:
- branch-compare-type: ANT
- branch-pattern: '**/{branch}'
- file-paths: '{obj:gerrit_trigger_file_paths}'
+ branch-pattern: "**/{branch}"
+ file-paths: "{obj:gerrit_trigger_file_paths}"
- job-template:
- name: '{project-name}-docker-merge-{stream}'
+ name: "{project-name}-docker-merge-{stream}"
id: github-docker-merge
# Job template for Docker merge jobs
#
properties:
- lf-infra-properties:
- build-days-to-keep: '{build-days-to-keep}'
+ build-days-to-keep: "{build-days-to-keep}"
- github:
- url: '{github-url}/{github-org}/{project}'
+ url: "{github-url}/{github-org}/{project}"
scm:
- lf-infra-github-scm:
- url: '{git-clone-url}{github-org}/{project}'
- refspec: ''
- branch: 'refs/heads/{branch}'
- submodule-recursive: '{submodule-recursive}'
- submodule-timeout: '{submodule-timeout}'
- submodule-disable: '{submodule-disable}'
+ url: "{git-clone-url}{github-org}/{project}"
+ refspec: ""
+ branch: "refs/heads/{branch}"
+ submodule-recursive: "{submodule-recursive}"
+ submodule-timeout: "{submodule-timeout}"
+ submodule-disable: "{submodule-disable}"
choosing-strategy: default
- jenkins-ssh-credential: '{jenkins-ssh-credential}'
+ jenkins-ssh-credential: "{jenkins-ssh-credential}"
triggers:
- - timed: '{obj:cron}'
+ - timed: "{obj:cron}"
- github
- pollscm:
- cron: ''
+ cron: ""
+ - github-pull-request:
+ trigger-phrase: "^remerge$"
+ only-trigger-phrase: true
+ status-context: "Docker Merge"
+ permit-all: true
+ github-hooks: true
+ org-list:
+ - "{github-org}"
+ white-list: "{obj:github_pr_allowlist}"
+ admin-list: "{obj:github_pr_admin_list}"
+ white-list-target-branches:
+ - "{branch}"
+ included-regions: "{obj:github_included_regions}"
+
+##################
+# Docker Snyk CLI #
+##################
+
+- _lf_docker_snyk_cli: &lf_docker_snyk_cli
+ name: lf-docker-snyk_cli
+
+ ######################
+ # Default parameters #
+ ######################
+
+ branch: master
+ build-days-to-keep: 30 # 30 days for troubleshooting purposes
+ build-timeout: 60
+ container-tag-method: "latest"
+ container-tag-yaml-dir: ""
+ disable-job: false
+ docker-get-container-tag-script: "../shell/docker-get-container-tag.sh"
+ docker-root: "$WORKSPACE"
+ docker-build-args: ""
+ git-url: "$GIT_URL/$PROJECT"
+ github-url: "https://github.com"
+ pre_docker_build_script: "# pre docker build script goes here"
+ post_docker_build_script: "# post docker build script goes here"
+ snyk-cli-options: ""
+ snyk-token-credential-id: snyk-token
+ snyk-org-credential-id: snyk-org
+ stream: master
+ submodule-recursive: true
+ submodule-timeout: 10
+ submodule-disable: false
+
+ gerrit_snyk_triggers:
+ - comment-added-contains-event:
+ comment-contains-value: '^Patch Set\s+\d+:\s+run-snyk\s*$'
+
+ parameters:
+ - lf-infra-parameters:
+ project: "{project}"
+ branch: "{branch}"
+ stream: "{stream}"
+ - string:
+ name: SNYK_CLI_OPTIONS
+ default: "{snyk-cli-options}"
+ description: Additional Snyk CLI commands and options
+
+ wrappers:
+ - credentials-binding:
+ - text:
+ credential-id: "{snyk-token-credential-id}"
+ variable: SNYK_TOKEN
+ - text:
+ credential-id: "{snyk-org-credential-id}"
+ variable: SNYK_ORG
+
+ #####################
+ # Job Configuration #
+ #####################
+
+ disabled: "{disable-job}"
+
+ builders:
+ - lf-infra-pre-build
+ - lf-infra-docker-login:
+ global-settings-file: "global-settings"
+ settings-file: "{mvn-settings}"
+ - shell: "{pre_docker_build_script}"
+ - lf-docker-get-container-tag:
+ container-tag-method: "{container-tag-method}"
+ container-tag-yaml-dir: "{container-tag-yaml-dir}"
+ docker-root: "{docker-root}"
+ docker-get-container-tag-script: "{docker-get-container-tag-script}"
+ - lf-docker-build:
+ docker-build-args: "{docker-build-args}"
+ docker-name: "{docker-name}"
+ docker-root: "{docker-root}"
+ container-public-registry: "{container-public-registry}"
+ container-push-registry: "{container-push-registry}"
+ - shell: "{post_docker_build_script}"
+ - lf-infra-snyk-cli-scanner
+ - lf-provide-maven-settings-cleanup
+ - shell: 'find . -regex ".*karaf/target" | xargs rm -rf'
+
+- job-template:
+ name: "{project-name}-docker-snyk-cli-{stream}"
+ id: gerrit-docker-snyk-cli
+ <<: *lf_docker_common
+ # yamllint disable-line rule:key-duplicates
+ <<: *lf_docker_snyk_cli
+
+ scm:
+ - lf-infra-gerrit-scm:
+ jenkins-ssh-credential: "{jenkins-ssh-credential}"
+ git-url: "{git-url}"
+ refspec: "$GERRIT_REFSPEC"
+ branch: "$GERRIT_BRANCH"
+ submodule-recursive: "{submodule-recursive}"
+ submodule-timeout: "{submodule-timeout}"
+ submodule-disable: "{submodule-disable}"
+ choosing-strategy: default
+
+ triggers:
+ # Build weekly on Saturdays
+ - timed: "H H * * 6"
+ - gerrit:
+ server-name: "{gerrit-server-name}"
+ trigger-on: "{obj:gerrit_snyk_triggers}"
+ projects:
+ - project-compare-type: ANT
+ project-pattern: "{project}"
+ branches:
+ - branch-compare-type: ANT
+ branch-pattern: "**/{branch}"
+ skip-vote:
+ successful: true
+ failed: true
+ unstable: true
+ notbuilt: true
+
+- job-template:
+ name: "{project-name}-docker-snyk-cli-{stream}"
+ id: github-docker-snyk-cli
+ <<: *lf_docker_common
+ # yamllint disable-line rule:key-duplicates
+ <<: *lf_docker_snyk_cli
+
+ properties:
+ - lf-infra-properties:
+ build-days-to-keep: "{build-days-to-keep}"
+ - github:
+ url: "{github-url}/{github-org}/{project}"
+
+ scm:
+ - lf-infra-github-scm:
+ url: "{git-clone-url}{github-org}/{project}"
+ refspec: ""
+ branch: "refs/heads/{branch}"
+ submodule-recursive: "{submodule-recursive}"
+ submodule-timeout: "{submodule-timeout}"
+ submodule-disable: "{submodule-disable}"
+ choosing-strategy: default
+ jenkins-ssh-credential: "{jenkins-ssh-credential}"
+
+ triggers:
+ # Build weekly on Saturdays
+ - timed: "H H * * 6"
- github-pull-request:
- trigger-phrase: '^remerge$'
+ trigger-phrase: "^run-snyk$"
only-trigger-phrase: true
- status-context: 'Docker Merge'
+ status-context: "SNYK scan"
permit-all: true
github-hooks: true
org-list:
- - '{github-org}'
- white-list: '{obj:github_pr_whitelist}'
- admin-list: '{obj:github_pr_admin_list}'
+ - "{github-org}"
+ white-list: "{obj:github_pr_allowlist}"
+ admin-list: "{obj:github_pr_admin_list}"
white-list-target-branches:
- - '{branch}'
- included-regions: '{obj:github_included_regions}'
+ - "{branch}"