Feat: use credential for sonarcloud token

[releng/global-jjb.git] / jjb / lf-maven-jobs.yaml

diff --git a/jjb/lf-maven-jobs.yaml b/jjb/lf-maven-jobs.yaml
index 04ae40f..e4a3442 100644 (file)
--- a/jjb/lf-maven-jobs.yaml
+++ b/jjb/lf-maven-jobs.yaml
@@ -574,6 +574,8 @@
     mvn-params: "-Dmerge"
     mvn-version: mvn35
     nexus-cut-dirs: 6 # Number of dirs in the Nexus path to remove for wget -r.
+    pre-build-script: "# pre-build script goes here"
+    post-build-script: "# post-build script goes here"
     stream: master
     submodule-recursive: true
     submodule-timeout: 10
@@ -617,8 +619,10 @@
             NEXUS_CUT_DIRS={nexus-cut-dirs}
             NEXUS_REPO={nexus-snapshot-repo}
       - shell: !include-raw-escape: ../shell/maven-fetch-metadata.sh
+      - shell: "{pre-build-script}"
       - lf-maven-build:
           mvn-goals: "{mvn-goals}"
+      - shell: "{post-build-script}"
       - lf-maven-deploy
       - lf-provide-maven-settings-cleanup
 
@@ -842,6 +846,10 @@
     mvn-version: mvn35
     ossrh-profile-id: ""
     mvn-pom: ""
+    sbom-flags: ""
+    sbom-path: "$WORKSPACE"
+    sbom-generator: false
+    sbom-generator-version: "v0.0.15"
     sign-artifacts: false
     sign-mode: serial
     stream: master
@@ -889,6 +897,14 @@
           name: STAGING_PROFILE_ID
           default: "{staging-profile-id}"
           description: Nexus staging profile ID.
+      - string:
+          name: SBOM_GENERATOR_VERSION
+          default: "{sbom-generator-version}"
+          description: SBOM generator version to download and run.
+      - string:
+          name: SBOM_PATH
+          default: "{sbom-path}"
+          description: path where SBOM needs to be executed.
 
     builders:
       - lf-infra-pre-build
@@ -909,6 +925,14 @@
       - shell: !include-raw-escape: ../shell/maven-patch-release.sh
       - lf-maven-build:
           mvn-goals: "{mvn-goals}"
+      # With SBOM Generator
+      - conditional-step:
+          condition-kind: boolean-expression
+          condition-expression: "{sbom-generator}"
+          steps:
+            - shell: echo 'Running SBOM Generator'
+            - lf-infra-maven-sbom-generator:
+                sbom-flags: "{sbom-flags}"
       - lf-sigul-sign-dir:
           sign-artifacts: "{sign-artifacts}"
           sign-dir: "$WORKSPACE/m2repo"
@@ -1137,7 +1161,8 @@
     sonarcloud: false
     sonarcloud-project-key: ""
     sonarcloud-project-organization: ""
-    sonarcloud-api-token: ""
+    sonarcloud-api-token-cred-id: sonarcloud-api-token
+    sonarcloud-qualitygate-wait: false
     # SonarCloud scan using jdk8 will become deprecated by Oct, 2020
     # Projects not compatible with jdk11 can set java-version to something else
     sonarcloud-java-version: openjdk11
@@ -1183,6 +1208,12 @@
             however to use a specific version of the sonar-maven-plugin we
             can call "org.codehaus.mojo:sonar-maven-plugin:3.3.0.603:sonar".
 
+    wrappers:
+      - credentials-binding:
+          - text:
+              credential-id: '{sonarcloud-api-token-cred-id}'
+              variable: API_TOKEN
+
     triggers:
       - timed: "{obj:cron}"
       - gerrit:
@@ -1222,8 +1253,8 @@
                 mvn-version: "{mvn-version}"
                 sonarcloud-project-key: "{sonarcloud-project-key}"
                 sonarcloud-project-organization: "{sonarcloud-project-organization}"
-                sonarcloud-api-token: "{sonarcloud-api-token}"
                 sonarcloud-java-version: "{sonarcloud-java-version}"
+                sonarcloud-qualitygate-wait: "{sonarcloud-qualitygate-wait}"
                 scan-dev-branch: "{scan-dev-branch}"
       # With SonarQube
       - conditional-step:
@@ -1257,8 +1288,8 @@
                 mvn-version: "{mvn-version}"
                 sonarcloud-project-key: "{sonarcloud-project-key}"
                 sonarcloud-project-organization: "{sonarcloud-project-organization}"
-                sonarcloud-api-token: "{sonarcloud-api-token}"
                 sonarcloud-java-version: "{sonarcloud-java-version}"
+                sonarcloud-qualitygate-wait: "{sonarcloud-qualitygate-wait}"
                 scan-dev-branch: "{scan-dev-branch}"
       # With SonarQube
       - conditional-step:
@@ -1274,6 +1305,16 @@
                 mvn-settings: "{mvn-settings}"
                 mvn-version: "{mvn-version}"
 
+- builder:
+    name: lf-infra-maven-sbom-generator
+    # Run Maven goals and trigger SPDX SBOM Generator tool
+    builders:
+      - inject:
+          properties-content: |
+            SBOM_FLAGS={sbom-flags}
+      - shell: !include-raw-escape:
+          - ../shell/sbom-generator.sh
+
 - builder:
     name: lf-infra-maven-sonar
     # Run a Sonar build with Maven
@@ -1310,9 +1351,9 @@
             PROJECT_KEY={sonarcloud-project-key}
             PROJECT_ORGANIZATION={sonarcloud-project-organization}
             MAVEN_GOALS={mvn-goals}
-            API_TOKEN={sonarcloud-api-token}
             SONARCLOUD_JAVA_VERSION={sonarcloud-java-version}
             SCAN_DEV_BRANCH={scan-dev-branch}
+            SONARCLOUD_QUALITYGATE_WAIT={sonarcloud-qualitygate-wait}
       - lf-provide-maven-settings:
           global-settings-file: global-settings
           settings-file: "{mvn-settings}"
@@ -1350,6 +1391,7 @@
 
     sonarcloud: true
     scan-dev-branch: true
+    sonarcloud-qualitygate-wait: false
 
     gerrit_sonar_triggers:
       - patchset-created-event:
@@ -1508,6 +1550,8 @@
     mvn-opts: ""
     mvn-params: "-Dstream=$STREAM -Dmaven.source.skip=true"
     mvn-version: mvn35
+    pre-build-script: "# pre-build script goes here"
+    post-build-script: "# post-build script goes here"
     stream: master
     submodule-recursive: true
     submodule-timeout: 10
@@ -1547,8 +1591,10 @@
       - lf-provide-maven-settings:
           global-settings-file: "{mvn-global-settings}"
           settings-file: "{mvn-settings}"
+      - shell: "{pre-build-script}"
       - lf-maven-build:
           mvn-goals: "{mvn-goals}"
+      - shell: "{post-build-script}"
       - lf-provide-maven-settings-cleanup
 
     publishers: