lf-docker-get-container-tag
---------------------------
-Chooses a container tag to label the image based on the 'container-tag-method'
-parameter. If container-tag-method: latest, the tag 'latest' is used.
-If container-tag-method: git-describe, the tag is obtained using
-the git describe command, which requires that the repository has a git tag.
-If container-tag-method: yaml-file, the tag is obtained using
-the yq command, which requires that the repository has a YAML file named
-'container-tag.yaml'. The script checks the docker-root directory by
-default or the directory specified by parameter container-tag-yaml-dir.
-An example file appears below.
+Chooses a tag to label the container image based on the
+'container-tag-method' parameter using the global-jjb script
+docker-get-container-tag.sh. Use one of the following methods:
+
+If ``container-tag-method: latest``, uses the literal string ``latest``.
+
+If ``container-tag-method: stream``, uses the value of the variable ``stream``.
+
+If ``container-tag-method: git-describe``, reads the tag from the
+``git describe`` command on the repository, which requires that the repository
+has a git tag. For example, if the most recent tag is 'v0.48.1', this
+method yields a string like 'v0.48.1' or 'v0.48.1-25-gaee2dcb'.
+
+If ``container-tag-method: yaml-file``, reads the tag from the YAML file
+``container-tag.yaml`` in the docker-root directory using the top-level entry
+'tag'. Alternately specify the directory with the YAML file in parameter
+'container-tag-yaml-dir'. An example file appears next.
+
+Example container-tag.yaml file:
+
+.. code-block:: yaml
+
+ ---
+ tag: 1.0.0
+
+
+Optionally, teams can supply their own script to choose the docker
+tag. Pass the shell script path in optional configuration parameter
+'docker-get-container-tag-script' which by default is the path to
+file docker-get-container-tag.sh. The script must create the file
+'env_docker_inject.txt' in the workspace with a line that assigns a
+value to shell variable DOCKER_IMAGE_TAG, as shown next.
+
+Example env_docker_inject.txt file:
+
+.. code-block:: shell
+
+ DOCKER_IMAGE_TAG=1.0.0
lf-docker-build
Docker Verify
-------------
-Executes a docker build task.
+Executes a docker build task to verify an test image build and discards the
+test image upon completion.
:Template Names:
- gerrit-docker-verify
- github-docker-verify
-:Comment Trigger: recheck|reverify
+:Comment Trigger: **recheck|reverify** post a comment with one of the
+ triggers to launch this job manually. Do not include any other
+ text or vote in the same comment.
:Required parameters:
:build-node: The node to run build on.
:container-public-registry: Docker registry source with base images.
:docker-name: Name of the Docker image.
- :jenkins-ssh-credential: Credential to use for SSH. (Generally should
- be configured in defaults.yaml)
- :mvn-settings: Maven settings.xml file containing credentials to use.
+ :jenkins-ssh-credential: Credential to use for SSH. (Generally configured
+ in defaults.yaml)
+ :mvn-settings: Maven settings.xml file containing Docker credentials.
:Optional parameters:
:build-timeout: Timeout in minutes before aborting build. (default: 60)
:container-tag-method: Specifies the docker tag-choosing method.
Options are "latest", "git-describe" or "yaml-file".
- Option git-describe requires a git tag to exist in the repository.
- Option yaml-file requires a file "container-tag.yaml" to exist in the repository.
- (default: latest)
+ Option latest uses the "latest" tag.
+ Option git-describe uses the string returned by git-describe,
+ which requires a tag to exist in the repository.
+ Option yaml-file uses the string from file "container-tag.yaml"
+ in the repository. (default: latest)
:container-tag-yaml-dir: Directory with container-tag.yaml. (default: $DOCKER_ROOT)
- :docker-build-args: Additional arguments for the docker build command.
+ :docker-build-args: Arguments for the docker build command.
+ :docker-get-container-tag-script: Path to script that chooses docker tag.
+ (default: ../shell/docker-get-container-tag.sh in global-jjb)
:docker-root: Build directory within the repo. (default: $WORKSPACE, the repo root)
:git-url: URL clone project from. (default: $GIT_URL/$PROJECT)
:pre_docker_build_script: Build script to execute before the main verify
- builder steps. (default: a string with only a comment)
+ builder steps. (default: "")
:post_docker_build_script: Build script to execute after the main verify
- builder steps. (default: a string with only a comment)
- :stream: Keyword that can be used to represent a release code-name.
+ builder steps. (default: "")
+ :stream: Keyword that represents a release code-name.
Often the same as the branch. (default: master)
:submodule-recursive: Whether to checkout submodules recursively.
(default: true)
(default: 10)
:gerrit_verify_triggers: Override Gerrit Triggers.
- :gerrit_trigger_file_paths: Override Gerrit file paths which can be
- used to filter which file modifications will trigger a build.
- :github_included_regions: Override Github file paths which can be
- used to filter which file modifications will trigger a build;
- must match parameter gerrit_trigger_file_paths
+ :gerrit_trigger_file_paths: Override Gerrit file paths to filter which file
+ modifications will trigger a build.
+ :github_included_regions: Override Github file paths to filter which file
+ modifications will trigger a build; must match parameter
+ gerrit_trigger_file_paths
container-tag.yaml example:
Docker Merge
------------
-Executes a docker build task and publishes the resulting images to a specified Docker registry.
+Executes a docker build task and pushes the resulting image to the specified
+Docker registry. If every image is a release candidate, this should use a
+staging repository and occassionally run to check dependencies.
:Template Names:
- gerrit-docker-merge
- github-docker-merge
-:Comment Trigger: remerge
+:Comment Trigger: **remerge** post a comment with the trigger to launch
+ this job manually. Do not include any other text or vote in the
+ same comment.
:Required parameters:
:build-node: The node to run build on.
:container-public-registry: Docker registry source with base images.
- :container-push-registry: Docker registry target for the deploy action.
+ :container-push-registry: Docker registry target for the push action.
:docker-name: Name of the Docker image.
- :jenkins-ssh-credential: Credential to use for SSH. (Generally should
- be configured in defaults.yaml)
- :mvn-settings: Maven settings.xml file containing credentials to use.
+ :jenkins-ssh-credential: Credential to use for SSH. (Generally configured
+ in defaults.yaml)
+ :mvn-settings: Maven settings.xml file containing Docker credentials.
:Optional parameters:
:build-timeout: Timeout in minutes before aborting build. (default: 60)
:container-tag-method: Specifies the docker tag-choosing method.
Options are "latest", "git-describe" or "yaml-file".
- Option git-describe requires a git tag to exist in the repository.
- Option yaml-file requires a file "container-tag.yaml" to exist in the repository.
- (default: latest)
+ Option latest uses the "latest" tag.
+ Option git-describe uses the string returned by git-describe,
+ which requires a tag to exist in the repository.
+ Option yaml-file uses the string from file "container-tag.yaml"
+ in the repository. (default: latest)
:container-tag-yaml-dir: Directory with container-tag.yaml. (default: $DOCKER_ROOT)
:cron: Cron schedule when to trigger the job. This parameter also
supports multiline input via YAML pipe | character in cases where
- one may want to provide more than 1 cron timer. No default. Use
- '@daily' to run daily or 'H H * * 0' to run weekly.
- :docker-build-args: Additional arguments for the docker build command.
+ one may want to provide more than 1 cron timer. Use '@daily' to run
+ daily or '@weekly' to run weekly. (default: @weekly)
+ :docker-build-args: Arguments for the docker build command.
+ :docker-get-container-tag-script: Path to script that chooses docker tag.
+ (default: ../shell/docker-get-container-tag.sh in global-jjb)
:docker-root: Build directory within the repo. (default: $WORKSPACE, the repo root)
:git-url: URL clone project from. (default: $GIT_URL/$PROJECT)
:pre_docker_build_script: Build script to execute before the main merge
- builder steps. (default: a string with only a comment)
+ builder steps. (default: "")
:post_docker_build_script: Build script to execute after the main merge
- builder steps. (default: a string with only a comment)
- :stream: Keyword that can be used to represent a release code-name.
+ builder steps. (default: "")
+ :stream: Keyword that represents a release code-name.
Often the same as the branch. (default: master)
:submodule-recursive: Whether to checkout submodules recursively.
(default: true)
(default: 10)
:gerrit_merge_triggers: Override Gerrit Triggers.
- :gerrit_trigger_file_paths: Override Gerrit file paths which can be
- used to filter which file modifications will trigger a build.
- :github_included_regions: Override Github file paths which can be
- used to filter which file modifications will trigger a build;
- must match parameter gerrit_trigger_file_paths
+ :gerrit_trigger_file_paths: Override Gerrit file paths to filter which file
+ modifications will trigger a build.
+ :github_included_regions: Override GitHub file paths to filter which file
+ modifications will trigger a build; must match parameter
+ gerrit_trigger_file_paths
Sample container-tag.yaml File
------------------------------
---
tag: 1.0.0
+
+Docker Snyk CLI
+---------------
+
+Builds the code, downloads and runs a Snyk CLI scan of the code into the Snyk dashboard.
+
+:Template Names:
+
+ - {project-name}-docker-snyk-cli-{stream}
+ - gerrit-docker-snyk-cli
+ - github-docker-snyk-cli
+
+:Comment Trigger: run-snyk
+
+:Required parameters:
+
+ :build-node: The node to run build on.
+ :container-public-registry: Docker registry source with base images.
+ :docker-name: Name of the Docker image.
+ :jenkins-ssh-credential: Credential to use for SSH. (Generally configured
+ in defaults.yaml)
+ :mvn-settings: Maven settings.xml file containing Docker credentials.
+ :snyk-token-credential-id: Snyk API token to communicate with Jenkins.
+ :snyk-org-credential-id: Snyk organization ID.
+
+:Optional parameters:
+
+ :branch: Git branch to fetch for the build. (default: master)
+ :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7)
+ :build-timeout: Timeout in minutes before aborting build. (default: 60)
+ :container-tag-method: Specifies the docker tag-choosing method.
+ Options are "latest", "git-describe" or "yaml-file".
+ Option latest uses the "latest" tag.
+ Option git-describe uses the string returned by git-describe,
+ which requires a tag to exist in the repository.
+ Option yaml-file uses the string from file "container-tag.yaml"
+ in the repository. (default: latest)
+ :container-tag-yaml-dir: Directory with container-tag.yaml. (default: $DOCKER_ROOT)
+ :docker-build-args: Arguments for the docker build command.
+ :docker-get-container-tag-script: Path to script that chooses docker tag.
+ (default: ../shell/docker-get-container-tag.sh in global-jjb)
+ :docker-root: Build directory within the repo. (default: $WORKSPACE, the repo root)
+ :git-url: URL clone project from. (default: $GIT_URL/$PROJECT)
+ :pre_docker_build_script: Build script to execute before the main verify
+ builder steps. (default: "")
+ :post_docker_build_script: Build script to execute after the main verify
+ builder steps. (default: "")
+ :snyk-cli-options: Additional Snyk CLI options. (default: '')
+ :stream: Keyword that represents a release code-name.
+ Often the same as the branch. (default: master)
+ :submodule-recursive: Whether to checkout submodules recursively.
+ (default: true)
+ :submodule-timeout: Timeout (in minutes) for checkout operation.
+ (default: 10)
+
+ :gerrit_snyk_triggers: Override Gerrit Triggers.
Code Review / releng / global-jjb.git / blobdiff