# COMMON FUNCTIONS #
####################
-- lf_maven_common: &lf_maven_common
+- _lf_maven_common: &lf_maven_common
name: lf-maven-common
######################
# Maven CLM #
#############
-- lf_maven_clm: &lf_maven_clm
+- _lf_maven_clm: &lf_maven_clm
name: lf-maven-clm
######################
disable-job: false
git-url: "$GIT_URL/$PROJECT"
github-url: "https://github.com"
- java-version: openjdk11
+ java-version: openjdk13
mvn-global-settings: global-settings
mvn-goals: clean install
mvn-opts: ""
white-list-target-branches:
- "{branch}"
+##################
+# Maven Snyk CLI #
+##################
+
+- _lf_maven_snyk_cli: &lf_maven_snyk_cli
+ name: lf-maven-snyk_cli
+
+ ######################
+ # Default parameters #
+ ######################
+
+ branch: master
+ build-days-to-keep: 30 # 30 days for troubleshooting purposes
+ build-timeout: 60
+ disable-job: false
+ git-url: "$GIT_URL/$PROJECT"
+ github-url: "https://github.com"
+ java-version: openjdk11
+ mvn-global-settings: global-settings
+ mvn-goals: clean install
+ mvn-opts: ""
+ mvn-params: ""
+ mvn-version: mvn35
+ snyk-cli-options: ""
+ snyk-token-credential-id: snyk-token
+ snyk-org-credential-id: snyk-org
+ stream: master
+ submodule-recursive: true
+ submodule-timeout: 10
+ submodule-disable: false
+
+ gerrit_snyk_triggers:
+ - comment-added-contains-event:
+ comment-contains-value: '^Patch Set\s+\d+:\s+run-snyk\s*$'
+
+ parameters:
+ - lf-infra-parameters:
+ project: "{project}"
+ branch: "{branch}"
+ stream: "{stream}"
+ - lf-infra-maven-parameters:
+ mvn-opts: "{mvn-opts}"
+ mvn-params: "{mvn-params}"
+ mvn-version: "{mvn-version}"
+ - string:
+ name: SNYK_CLI_OPTIONS
+ default: "{snyk-cli-options}"
+ description: Additional Snyk CLI commands and options
+ - string:
+ name: ARCHIVE_ARTIFACTS
+ default: "{archive-artifacts}"
+ description: Artifacts to archive to the logs server.
+
+ wrappers:
+ - credentials-binding:
+ - text:
+ credential-id: "{snyk-token-credential-id}"
+ variable: SNYK_TOKEN
+ - text:
+ credential-id: "{snyk-org-credential-id}"
+ variable: SNYK_ORG
+
+ #####################
+ # Job Configuration #
+ #####################
+
+ disabled: "{disable-job}"
+
+ builders:
+ - lf-infra-pre-build
+ - lf-maven-install:
+ mvn-version: "{mvn-version}"
+ - lf-update-java-alternatives:
+ java-version: "{java-version}"
+ - lf-provide-maven-settings:
+ global-settings-file: "{mvn-global-settings}"
+ settings-file: "{mvn-settings}"
+ - lf-maven-build:
+ mvn-goals: "{mvn-goals}"
+ - lf-infra-snyk-cli-scanner
+ - lf-provide-maven-settings-cleanup
+ - shell: 'find . -regex ".*karaf/target" | xargs rm -rf'
+
+- builder:
+ name: lf-infra-snyk-cli-scanner
+ # Download and run the Snyk CLI scanner
+ builders:
+ - shell: !include-raw-escape:
+ - ../shell/snyk-cli-scanner-run.sh
+
+- job-template:
+ name: "{project-name}-maven-snyk-cli-{stream}"
+ id: gerrit-maven-snyk-cli
+ <<: *lf_maven_common
+ # yamllint disable-line rule:key-duplicates
+ <<: *lf_maven_snyk_cli
+
+ scm:
+ - lf-infra-gerrit-scm:
+ jenkins-ssh-credential: "{jenkins-ssh-credential}"
+ git-url: "{git-url}"
+ refspec: "$GERRIT_REFSPEC"
+ branch: "$GERRIT_BRANCH"
+ submodule-recursive: "{submodule-recursive}"
+ submodule-timeout: "{submodule-timeout}"
+ submodule-disable: "{submodule-disable}"
+ choosing-strategy: default
+
+ triggers:
+ # Build weekly on Saturdays
+ - timed: "H H * * 6"
+ - gerrit:
+ server-name: "{gerrit-server-name}"
+ trigger-on: "{obj:gerrit_snyk_triggers}"
+ projects:
+ - project-compare-type: ANT
+ project-pattern: "{project}"
+ branches:
+ - branch-compare-type: ANT
+ branch-pattern: "**/{branch}"
+ skip-vote:
+ successful: true
+ failed: true
+ unstable: true
+ notbuilt: true
+
+- job-template:
+ name: "{project-name}-maven-snyk-cli-{stream}"
+ id: github-maven-snyk-cli
+ <<: *lf_maven_common
+ # yamllint disable-line rule:key-duplicates
+ <<: *lf_maven_snyk_cli
+
+ properties:
+ - lf-infra-properties:
+ build-days-to-keep: "{build-days-to-keep}"
+ - github:
+ url: "{github-url}/{github-org}/{project}"
+
+ scm:
+ - lf-infra-github-scm:
+ url: "{git-clone-url}{github-org}/{project}"
+ refspec: ""
+ branch: "refs/heads/{branch}"
+ submodule-recursive: "{submodule-recursive}"
+ submodule-timeout: "{submodule-timeout}"
+ submodule-disable: "{submodule-disable}"
+ choosing-strategy: default
+ jenkins-ssh-credential: "{jenkins-ssh-credential}"
+
+ triggers:
+ # Build weekly on Saturdays
+ - timed: "H H * * 6"
+ - github-pull-request:
+ trigger-phrase: "^run-snyk$"
+ only-trigger-phrase: true
+ status-context: "SNYK scan"
+ permit-all: true
+ github-hooks: true
+ org-list:
+ - "{github-org}"
+ white-list: "{obj:github_pr_allowlist}"
+ admin-list: "{obj:github_pr_admin_list}"
+ white-list-target-branches:
+ - "{branch}"
+
#########################
# Maven Javadoc Publish #
#########################
-- lf_maven_javadoc_publish: &lf_maven_javadoc_publish
+- _lf_maven_javadoc_publish: &lf_maven_javadoc_publish
name: lf-maven-javadoc-publish
######################
# Maven Javadoc Verify #
########################
-- lf_maven_javadoc_verify: &lf_maven_javadoc_verify
+- _lf_maven_javadoc_verify: &lf_maven_javadoc_verify
name: lf-maven-javadoc-verify
######################
# Maven Merge #
###############
-- lf_maven_merge: &lf_maven_merge
+- _lf_maven_merge: &lf_maven_merge
name: lf-maven-merge
######################
disable-job: false
git-url: "$GIT_URL/$PROJECT"
github-url: "https://github.com"
+ jacoco-exclude-pattern: "**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**"
java-version: openjdk11
mvn-global-settings: global-settings
mvn-goals: clean deploy
publishers:
- findbugs
- - lf-jacoco-report
+ - lf-jacoco-report:
+ exclude-pattern: "{jacoco-exclude-pattern}"
- lf-infra-publish
- trigger-parameterized-builds: "{obj:post_build_trigger}"
# Maven Merge for Docker #
##########################
-- lf_maven_docker_merge: &lf_maven_docker_merge
+- _lf_maven_docker_merge: &lf_maven_docker_merge
name: lf-maven-docker-merge
builders:
# Maven Stage #
###############
-- lf_maven_stage: &lf_maven_stage
+- _lf_maven_stage: &lf_maven_stage
name: lf-maven-stage
######################
branch: master
build-days-to-keep: 30 # 30 days in case a release takes long to get approved.
build-timeout: 60
- cron: "@daily"
+ cron: ""
disable-job: false
git-url: "$GIT_URL/$PROJECT"
github-url: "https://github.com"
# Maven Stage for Docker #
##########################
-- lf_maven_docker_stage: &lf_maven_docker_stage
+- _lf_maven_docker_stage: &lf_maven_docker_stage
name: lf-maven-docker-stage
builders:
# Maven Sonar #
###############
-- lf_maven_sonar: &lf_maven_sonar
+- _lf_maven_sonar: &lf_maven_sonar
name: lf-maven-sonar
######################
disable-job: false
git-url: "$GIT_URL/$PROJECT"
github-url: "https://github.com"
+ jacoco-exclude-pattern: "**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**"
java-version: openjdk11
java-opts: ""
mvn-global-settings: global-settings
sonarcloud: false
sonarcloud-project-key: ""
sonarcloud-project-organization: ""
- sonarcloud-api-token: ""
+ sonarcloud-api-token-cred-id: sonarcloud-api-token
sonarcloud-qualitygate-wait: false
- # SonarCloud scan using jdk8 will become deprecated by Oct, 2020
- # Projects not compatible with jdk11 can set java-version to something else
- sonarcloud-java-version: openjdk11
+ # Projects not compatible with jdk13 can set java-version to something else
+ sonarcloud-java-version: openjdk13
stream: master
submodule-recursive: true
submodule-timeout: 10
however to use a specific version of the sonar-maven-plugin we
can call "org.codehaus.mojo:sonar-maven-plugin:3.3.0.603:sonar".
+ wrappers:
+ - credentials-binding:
+ - text:
+ credential-id: "{sonarcloud-api-token-cred-id}"
+ variable: API_TOKEN
+
triggers:
- timed: "{obj:cron}"
- gerrit:
notbuilt: true
publishers:
- - lf-jacoco-report
+ - lf-jacoco-report:
+ exclude-pattern: "{jacoco-exclude-pattern}"
- findbugs
- lf-infra-publish
-- mvn_sonar_builders: &mvn_sonar_builders
+- _mvn_sonar_builders: &mvn_sonar_builders
name: mvn-sonar-builders
builders:
- lf-infra-pre-build
mvn-version: "{mvn-version}"
sonarcloud-project-key: "{sonarcloud-project-key}"
sonarcloud-project-organization: "{sonarcloud-project-organization}"
- sonarcloud-api-token: "{sonarcloud-api-token}"
sonarcloud-java-version: "{sonarcloud-java-version}"
sonarcloud-qualitygate-wait: "{sonarcloud-qualitygate-wait}"
scan-dev-branch: "{scan-dev-branch}"
mvn-settings: "{mvn-settings}"
mvn-version: "{mvn-version}"
-- mvn_sonar_builders_prescan_script: &mvn_sonar_builders_prescan_script
+- _mvn_sonar_builders_prescan_script: &mvn_sonar_builders_prescan_script
name: mvn-sonar-builders-prescan-script
builders:
- shell: "{sonar-prescan-script}"
mvn-version: "{mvn-version}"
sonarcloud-project-key: "{sonarcloud-project-key}"
sonarcloud-project-organization: "{sonarcloud-project-organization}"
- sonarcloud-api-token: "{sonarcloud-api-token}"
sonarcloud-java-version: "{sonarcloud-java-version}"
sonarcloud-qualitygate-wait: "{sonarcloud-qualitygate-wait}"
scan-dev-branch: "{scan-dev-branch}"
PROJECT_KEY={sonarcloud-project-key}
PROJECT_ORGANIZATION={sonarcloud-project-organization}
MAVEN_GOALS={mvn-goals}
- API_TOKEN={sonarcloud-api-token}
SONARCLOUD_JAVA_VERSION={sonarcloud-java-version}
SCAN_DEV_BRANCH={scan-dev-branch}
SONARCLOUD_QUALITYGATE_WAIT={sonarcloud-qualitygate-wait}
# Maven Verify #
################
-- lf_maven_verify: &lf_maven_verify
+- _lf_maven_verify: &lf_maven_verify
name: lf-maven-verify
######################
disable-job: false
git-url: "$GIT_URL/$PROJECT"
github-url: "https://github.com"
+ jacoco-exclude-pattern: "**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**"
java-version: openjdk11
mvn-global-settings: global-settings
mvn-goals: clean deploy
publishers:
- findbugs
- - lf-jacoco-report
+ - lf-jacoco-report:
+ exclude-pattern: "{jacoco-exclude-pattern}"
- lf-infra-publish
- job-template:
# Maven Verify for Docker #
###########################
-- lf_maven_docker_verify: &lf_maven_docker_verify
+- _lf_maven_docker_verify: &lf_maven_docker_verify
name: lf-maven-docker-verify
# image push not allowed during verification
# Maven Verify Dependencies #
#############################
-- lf_maven_verify_dependencies: &lf_maven_verify_dependencies
+- _lf_maven_verify_dependencies: &lf_maven_verify_dependencies
name: lf-maven-verify-dependencies
######################
disable-job: false
git-url: "$GIT_URL/$PROJECT"
github-url: "https://github.com"
+ jacoco-exclude-pattern: "**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**"
java-version: openjdk11
mvn-global-settings: global-settings
mvn-goals: clean deploy
publishers:
- findbugs
- - lf-jacoco-report
+ - lf-jacoco-report:
+ exclude-pattern: "{jacoco-exclude-pattern}"
- lf-infra-publish
- job-template:
Code Review / releng / global-jjb.git / blobdiff