Feat: use credential for sonarcloud token

[releng/global-jjb.git] / jjb / lf-maven-jobs.yaml

diff --git a/jjb/lf-maven-jobs.yaml b/jjb/lf-maven-jobs.yaml
index 878840c..e4a3442 100644 (file)
--- a/jjb/lf-maven-jobs.yaml
+++ b/jjb/lf-maven-jobs.yaml
@@ -574,6 +574,8 @@
     mvn-params: "-Dmerge"
     mvn-version: mvn35
     nexus-cut-dirs: 6 # Number of dirs in the Nexus path to remove for wget -r.
+    pre-build-script: "# pre-build script goes here"
+    post-build-script: "# post-build script goes here"
     stream: master
     submodule-recursive: true
     submodule-timeout: 10
@@ -617,8 +619,10 @@
             NEXUS_CUT_DIRS={nexus-cut-dirs}
             NEXUS_REPO={nexus-snapshot-repo}
       - shell: !include-raw-escape: ../shell/maven-fetch-metadata.sh
+      - shell: "{pre-build-script}"
       - lf-maven-build:
           mvn-goals: "{mvn-goals}"
+      - shell: "{post-build-script}"
       - lf-maven-deploy
       - lf-provide-maven-settings-cleanup
 
@@ -845,7 +849,7 @@
     sbom-flags: ""
     sbom-path: "$WORKSPACE"
     sbom-generator: false
-    sbom-generator-version: "v0.0.10"
+    sbom-generator-version: "v0.0.15"
     sign-artifacts: false
     sign-mode: serial
     stream: master
@@ -1157,7 +1161,7 @@
     sonarcloud: false
     sonarcloud-project-key: ""
     sonarcloud-project-organization: ""
-    sonarcloud-api-token: ""
+    sonarcloud-api-token-cred-id: sonarcloud-api-token
     sonarcloud-qualitygate-wait: false
     # SonarCloud scan using jdk8 will become deprecated by Oct, 2020
     # Projects not compatible with jdk11 can set java-version to something else
@@ -1204,6 +1208,12 @@
             however to use a specific version of the sonar-maven-plugin we
             can call "org.codehaus.mojo:sonar-maven-plugin:3.3.0.603:sonar".
 
+    wrappers:
+      - credentials-binding:
+          - text:
+              credential-id: '{sonarcloud-api-token-cred-id}'
+              variable: API_TOKEN
+
     triggers:
       - timed: "{obj:cron}"
       - gerrit:
@@ -1243,7 +1253,6 @@
                 mvn-version: "{mvn-version}"
                 sonarcloud-project-key: "{sonarcloud-project-key}"
                 sonarcloud-project-organization: "{sonarcloud-project-organization}"
-                sonarcloud-api-token: "{sonarcloud-api-token}"
                 sonarcloud-java-version: "{sonarcloud-java-version}"
                 sonarcloud-qualitygate-wait: "{sonarcloud-qualitygate-wait}"
                 scan-dev-branch: "{scan-dev-branch}"
@@ -1279,7 +1288,6 @@
                 mvn-version: "{mvn-version}"
                 sonarcloud-project-key: "{sonarcloud-project-key}"
                 sonarcloud-project-organization: "{sonarcloud-project-organization}"
-                sonarcloud-api-token: "{sonarcloud-api-token}"
                 sonarcloud-java-version: "{sonarcloud-java-version}"
                 sonarcloud-qualitygate-wait: "{sonarcloud-qualitygate-wait}"
                 scan-dev-branch: "{scan-dev-branch}"
@@ -1343,7 +1351,6 @@
             PROJECT_KEY={sonarcloud-project-key}
             PROJECT_ORGANIZATION={sonarcloud-project-organization}
             MAVEN_GOALS={mvn-goals}
-            API_TOKEN={sonarcloud-api-token}
             SONARCLOUD_JAVA_VERSION={sonarcloud-java-version}
             SCAN_DEV_BRANCH={scan-dev-branch}
             SONARCLOUD_QUALITYGATE_WAIT={sonarcloud-qualitygate-wait}
@@ -1543,6 +1550,8 @@
     mvn-opts: ""
     mvn-params: "-Dstream=$STREAM -Dmaven.source.skip=true"
     mvn-version: mvn35
+    pre-build-script: "# pre-build script goes here"
+    post-build-script: "# post-build script goes here"
     stream: master
     submodule-recursive: true
     submodule-timeout: 10
@@ -1582,8 +1591,10 @@
       - lf-provide-maven-settings:
           global-settings-file: "{mvn-global-settings}"
           settings-file: "{mvn-settings}"
+      - shell: "{pre-build-script}"
       - lf-maven-build:
           mvn-goals: "{mvn-goals}"
+      - shell: "{post-build-script}"
       - lf-provide-maven-settings-cleanup
 
     publishers: