:mvn-settings: Maven settings.xml file containing credentials to use.
:sonarcloud-project-key: SonarCloud project key.
:sonarcloud-project-organization: SonarCloud project organization.
- :sonarcloud-api-token: SonarCloud API Token.
- :sonarcloud-java-version: Version of Java to run the Sonar scan. (default: openjdk11)
+ :sonarcloud-java-version: Version of Java to run the Sonar scan. (default: openjdk17)
+ :sonarcloud-qualitygate-wait: SonarCloud flag that forces the analysis step to
+ wait for the quality gate result. (default: false)
lf-maven-build
--------------
:mvn-goals: The maven goals to perform for the build.
(default: clean install)
+lf-infra-snyk-cli-scanner
+-------------------------
+
+Downloads the latest Snyk CLI and triggers a code scan. It publishes a report into
+the Snyk dashboard.
+
+:Optional parameters:
+ :mvn-goals: The maven goals to perform for the build.
+ (default: clean install)
+
+lf-infra-maven-sbom-generator
+-----------------------------
+
+Runs a specific version of SPDX SBOM Generator tool to generate a report.
+The calling job template sets the version to run in the SBOM_GENERATOR_VERSION parameter.
+
+:Optional parameters:
+ :sbom-flags: SBOM generator options. See https://github.com/opensbom-generator/spdx-sbom-generator
+
Job Templates
=============
:gerrit_merge_triggers: Override Gerrit Triggers.
+Maven SNYK CLI
+--------------
+
+Builds the code, downloads and runs a Snyk CLI scan of the code into the Snyk dashboard.
+
+:Template Names:
+
+ - {project-name}-maven-snyk-cli-{stream}
+ - gerrit-maven-snyk-cli
+ - github-maven-snyk-cli
+
+:Comment Trigger: run-snyk
+
+:Required parameters:
+
+ :build-node: The node to run build on.
+ :jenkins-ssh-credential: Credential to use for SSH. (Generally configured in defaults.yaml)
+ :mvn-settings: The name of settings file containing credentials for the project.
+ :snyk-token-credential-id: Snyk API token to communicate with Jenkins.
+ :snyk-org-credential-id: Snyk organization ID.
+
+:Optional parameters:
+
+ :branch: The branch to build against. (default: master)
+ :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7)
+ :build-timeout: Timeout in minutes before aborting build. (default: 60)
+ :git-url: URL clone project from. (default: $GIT_URL/$PROJECT)
+ :java-version: Version of Java to use for the build. (default: openjdk11)
+ :mvn-global-settings: The name of the Maven global settings to use for
+ Maven configuration. (default: global-settings)
+ :mvn-goals: The maven goals to perform for the build.
+ (default: clean install)
+ :mvn-opts: Sets MAVEN_OPTS to start up the JVM running Maven. (default: '')
+ :mvn-params: Parameters to pass to the mvn CLI. (default: '')
+ :mvn-version: Version of maven to use. (default: mvn35)
+ :snyk-cli-options: Snyk CLI options. (default: '')
+ :stream: Keyword that represents a release code-name.
+ Often the same as the branch. (default: master)
+ :submodule-recursive: Whether to checkout submodules recursively.
+ (default: true)
+ :submodule-timeout: Timeout (in minutes) for checkout operation.
+ (default: 10)
+ :submodule-disable: Disable submodule checkout operation.
+ (default: false)
+
+ :gerrit_snyk_triggers: Override Gerrit Triggers.
+
Maven JavaDoc Publish
---------------------
one may want to provide more than 1 cron timer. (default: 'H H * * 0'
to run weekly)
:git-url: URL clone project from. (default: $GIT_URL/$PROJECT)
+ :jacoco-exclude-pattern: Ant-style patterns to exclude from Jacoco coverage
+ report. (default: ``"**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**"``)
:java-version: Version of Java to use for the build. (default: openjdk11)
:mvn-global-settings: The name of the Maven global settings to use for
Maven configuration. (default: global-settings)
:mvn-params: Parameters to pass to the mvn CLI. (default: '')
:mvn-version: Version of maven to use. (default: mvn35)
:nexus-cut-dirs: Number of directories to cut from file path for `wget -r`.
+ :pre-build-script: Shell script to run before maven build. (default: a string with a shell comment)
+ :post-build-script: Shell script to run after maven build. (default: a string with a shell comment)
:stream: Keyword that represents a release code-name.
Often the same as the branch. (default: master)
:submodule-recursive: Whether to checkout submodules recursively.
:mvn-version: Version of maven to use. (default: mvn35)
:ossrh-profile-id: Profile ID for project as provided by OSSRH.
(default: '')
+ :sbom-flags: SBOM generator options if using sbom-generator.
+ See https://github.com/opensbom-generator/spdx-sbom-generator
+ :sbom-generator: Calls lf-infra-maven-sbom-generator to run the SPDX SBOM generator tool.
+ (default: false)
+ :sbom-generator-version: SBOM generator version to download and run if using sbom-generator.
+ (default: v0.0.10)
+ :sbom-path: SBOM execution path.
+ (default: $WORKSPACE)
:sign-artifacts: Sign artifacts with Sigul. (default: false)
:stream: Keyword that represents a release code-name.
Often the same as the branch. (default: master)
:sonarcloud-project-key: SonarCloud project key. (default: '')
:sonarcloud-project-organization: SonarCloud project organization.
(default: '')
- :sonarcloud-api-token: SonarCloud API Token. (default: '')
- :sonarcloud-java-version: Version of Java to use for the Sonar scan. (default: openjdk11)
+ :sonarcloud-api-token-cred-id: Jenkins credential ID which has the SonarCloud API Token.
+ This one SHOULDN'T be overwritten as we are standarizing the credential ID for all
+ projects (default: 'sonarcloud-api-token')
+ :sonarcloud-java-version: Version of Java to use for the Sonar scan. (default: openjdk17)
:stream: Keyword that represents a release code-name.
Often the same as the branch. (default: master)
:submodule-recursive: Whether to checkout submodules recursively.
:gerrit_sonar_triggers: Override Gerrit Triggers.
+SonarCloud Example:
+
+.. literalinclude:: ../../.jjb-test/lf-maven-jobs/maven-sonarcloud.yaml
+ :language: yaml
+
+Maven Sonar Verify
+------------------
+
+Sonar job which runs mvn clean install then publishes to Sonar.
+
+This job runs on dev branches and its triggered on new patchsets.
+
+:Template Names:
+
+ - {project-name}-sonar-verify
+ - gerrit-maven-sonar-verify
+
+:Comment Trigger: recheck|reverify
+
+:Required parameters:
+
+ :build-node: The node to run build on.
+ :jenkins-ssh-credential: Credential to use for SSH. (Generally configured in defaults.yaml)
+ :mvn-settings: The name of settings file containing credentials for the project.
+
+:Optional parameters:
+
+ :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7)
+ :build-timeout: Timeout in minutes before aborting build. (default: 60)
+ :git-url: URL clone project from. (default: $GIT_URL/$PROJECT)
+ :java-version: Version of Java to use for the Maven build. (default: openjdk11)
+ :mvn-global-settings: The name of the Maven global settings to use for
+ Maven configuration. (default: global-settings)
+ :mvn-goals: The maven goals to perform for the build.
+ (default: clean install)
+ :mvn-opts: Sets MAVEN_OPTS to start up the JVM running Maven. (default: '')
+ :mvn-params: Parameters to pass to the mvn CLI. (default: '')
+ :mvn-version: Version of maven to use. (default: mvn35)
+ :pre-build-script: Shell script to run before maven build. (default: a string with a shell comment)
+ :post-build-script: Shell script to run after maven build. (default: a string with a shell comment)
+ :sonar-mvn-goal: Maven goals to run for sonar analysis.
+ (default: sonar:sonar)
+ :sonarcloud: Set to ``true`` to use SonarCloud ``true|false``.
+ (default: true)
+ :sonarcloud-project-key: SonarCloud project key. (default: '')
+ :sonarcloud-project-organization: SonarCloud project organization.
+ (default: '')
+ :sonarcloud-api-token-cred-id: Jenkins credential ID which has the SonarCloud API Token.
+ This one SHOULDN'T be overwritten as we are standarizing the credential ID for all
+ projects (default: 'sonarcloud-api-token')
+ :sonarcloud-java-version: Version of Java to use for the Sonar scan. (default: openjdk17)
+ :sonarcloud-qualitygate-wait: SonarCloud flag that forces the analysis step to
+ wait for the quality gate result. (default: false)
+ :stream: Keyword that represents a release code-name.
+ Often the same as the branch. (default: master)
+ :submodule-recursive: Whether to checkout submodules recursively.
+ (default: true)
+ :submodule-timeout: Timeout (in minutes) for checkout operation.
+ (default: 10)
+ :submodule-disable: Disable submodule checkout operation.
+ (default: false)
+ :scan-dev-branch: Run the scan on a developer branch.
+ (default: true)
+
+ :gerrit_sonar_triggers: Override Gerrit Triggers.
+
+
SonarCloud Example:
.. literalinclude:: ../../.jjb-test/lf-maven-jobs/maven-sonarcloud.yaml