git-url: "$GIT_URL/$PROJECT"
github-url: "https://github.com"
java-version: openjdk11 # Scanner is a jar
- nexus-iq-cli-version: 1.89.0-02
+ nexus-iq-cli-version: 1.140.0-01
nexus-iq-namespace: "" # Recommend a trailing dash when set. Example: odl-
+ nexus-target-build: "**/*"
pre-build-script: "# pre-build script goes here"
python-version: python3
requirements-file: requirements.txt
name: NEXUS_IQ_CLI_VERSION
default: "{nexus-iq-cli-version}"
description: Nexus IQ CLI jar to download and run.
+ - string:
+ name: NEXUS_TARGET_BUILD
+ default: "{nexus-target-build}"
+ description: File or dir to scan by Nexus CLI.
wrappers:
- lf-infra-wrappers:
white-list-target-branches:
- "{branch}"
+###################
+# Python Snyk CLI #
+###################
+
+- lf_python_snyk_cli: &lf_python_snyk_cli
+ name: lf-python-snyk_cli
+
+ ######################
+ # Default parameters #
+ ######################
+
+ branch: master
+ build-days-to-keep: 30 # 30 days for troubleshooting purposes
+ build-timeout: 60
+ disable-job: false
+ git-url: "$GIT_URL/$PROJECT"
+ github-url: "https://github.com"
+ java-version: openjdk11
+ parallel: false
+ pre-build-script: "# pre-build script goes here"
+ python-version: python3
+ snyk-cli-options: ""
+ snyk-token-credential-id: snyk-token
+ snyk-org-credential-id: snyk-org
+ stream: master
+ submodule-recursive: true
+ submodule-timeout: 10
+ submodule-disable: false
+ tox-dir: "."
+ tox-envs: ""
+
+ gerrit_snyk_triggers:
+ - comment-added-contains-event:
+ comment-contains-value: '^Patch Set\s+\d+:\s+run-snyk\s*$'
+
+ parameters:
+ - lf-infra-parameters:
+ project: "{project}"
+ branch: "{branch}"
+ stream: "{stream}"
+ - string:
+ name: SNYK_CLI_OPTIONS
+ default: "{snyk-cli-options}"
+ description: Additional Snyk CLI commands and options
+ - lf-infra-tox-parameters:
+ tox-dir: "{tox-dir}"
+ tox-envs: "{tox-envs}"
+
+ wrappers:
+ - credentials-binding:
+ - text:
+ credential-id: "{snyk-token-credential-id}"
+ variable: SNYK_TOKEN
+ - text:
+ credential-id: "{snyk-org-credential-id}"
+ variable: SNYK_ORG
+
+ #####################
+ # Job Configuration #
+ #####################
+
+ disabled: "{disable-job}"
+
+ builders:
+ - lf-infra-pre-build
+ - lf-infra-tox-install:
+ python-version: "{python-version}"
+ - shell: "{pre-build-script}"
+ - lf-infra-tox-run:
+ parallel: "{parallel}"
+ - lf-infra-snyk-cli-scanner
+
+- job-template:
+ name: "{project-name}-python-snyk-cli-{stream}"
+ id: gerrit-python-snyk-cli
+ # yamllint disable-line rule:key-duplicates
+ <<: *lf_python_snyk_cli
+
+ scm:
+ - lf-infra-gerrit-scm:
+ jenkins-ssh-credential: "{jenkins-ssh-credential}"
+ git-url: "{git-url}"
+ refspec: "$GERRIT_REFSPEC"
+ branch: "$GERRIT_BRANCH"
+ submodule-recursive: "{submodule-recursive}"
+ submodule-timeout: "{submodule-timeout}"
+ submodule-disable: "{submodule-disable}"
+ choosing-strategy: default
+
+ triggers:
+ # Build weekly on Saturdays
+ - timed: "H H * * 6"
+ - gerrit:
+ server-name: "{gerrit-server-name}"
+ trigger-on: "{obj:gerrit_snyk_triggers}"
+ projects:
+ - project-compare-type: ANT
+ project-pattern: "{project}"
+ branches:
+ - branch-compare-type: ANT
+ branch-pattern: "**/{branch}"
+ skip-vote:
+ successful: true
+ failed: true
+ unstable: true
+ notbuilt: true
+
+- job-template:
+ name: "{project-name}-python-snyk-cli-{stream}"
+ id: github-python-snyk-cli
+ # yamllint disable-line rule:key-duplicates
+ <<: *lf_python_snyk_cli
+
+ properties:
+ - lf-infra-properties:
+ build-days-to-keep: "{build-days-to-keep}"
+ - github:
+ url: "{github-url}/{github-org}/{project}"
+
+ scm:
+ - lf-infra-github-scm:
+ url: "{git-clone-url}{github-org}/{project}"
+ refspec: ""
+ branch: "refs/heads/{branch}"
+ submodule-recursive: "{submodule-recursive}"
+ submodule-timeout: "{submodule-timeout}"
+ submodule-disable: "{submodule-disable}"
+ choosing-strategy: default
+ jenkins-ssh-credential: "{jenkins-ssh-credential}"
+
+ triggers:
+ # Build weekly on Saturdays
+ - timed: "H H * * 6"
+ - github-pull-request:
+ trigger-phrase: "^run-snyk$"
+ only-trigger-phrase: true
+ status-context: "SNYK scan"
+ permit-all: true
+ github-hooks: true
+ org-list:
+ - "{github-org}"
+ white-list: "{obj:github_pr_allowlist}"
+ admin-list: "{obj:github_pr_admin_list}"
+ white-list-target-branches:
+ - "{branch}"
+
+#########################
+# Python Sonar with CLI #
+#########################
+
+- lf_cli_sonar: &lf_cli_sonar
+ name: lf-cli-sonar
+
+ ######################
+ # Default parameters #
+ ######################
+
+ branch: master # Sonar should always be run on master branch
+ build-days-to-keep: 7
+ build-timeout: 60
+ cron: "H H * * *" # run daily
+ disable-job: false
+ git-url: "$GIT_URL/$PROJECT"
+ github-url: "https://github.com"
+ # SonarCloud scan using jdk8 will become deprecated by Oct, 2020
+ # Projects not compatible with jdk11 can set java-version to something else
+ java-version: openjdk11
+ parallel: true
+ pre-build-script: "# pre-build script goes here"
+ python-version: python3
+ stream: master
+ sonar-scanner-version: "4.7.0.2747"
+ sonar-scanner-home: "$WORKSPACE/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION-linux"
+ sonar-scanner-opts: "-server"
+ submodule-recursive: true
+ submodule-timeout: 10
+ submodule-disable: false
+ tox-dir: "."
+ tox-envs: ""
+
+ gerrit_trigger_file_paths:
+ - compare-type: REG_EXP
+ pattern: ".*"
+
+ # github_included_regions MUST match gerrit_trigger_file_paths
+ github_included_regions:
+ - ".*"
+
+ #####################
+ # Job Configuration #
+ #####################
+
+ disabled: "{disable-job}"
+
+ parameters:
+ - lf-infra-parameters:
+ project: "{project}"
+ branch: "{branch}"
+ stream: "{stream}"
+ - lf-infra-sonar-cli-parameters:
+ tox-dir: "{tox-dir}"
+ tox-envs: "{tox-envs}"
+ sonar-scanner-version: "{sonar-scanner-version}"
+ sonar-scanner-home: "{sonar-scanner-home}"
+ sonar-scanner-opts: "{sonar-scanner-opts}"
+ - string:
+ name: ARCHIVE_ARTIFACTS
+ default: "{archive-artifacts}"
+ description: Artifacts to archive to the logs server.
+ wrappers:
+ - credentials-binding:
+ - text:
+ credential-id: sonar-token-{project-name}
+ variable: SONAR_TOKEN
+ builders:
+ - lf-infra-pre-build
+ - lf-infra-tox-install:
+ python-version: "{python-version}"
+ - shell: "{pre-build-script}"
+ - lf-infra-tox-run:
+ parallel: "{parallel}"
+ # With Sonar CLI
+ - inject:
+ properties-content: |
+ SONARCLOUD_PROJECT_ORGANIZATION={sonarcloud-project-organization}
+ SONARCLOUD_PROJECT_KEY={sonarcloud-project-key}
+ - shell: !include-raw-escape: ../shell/sonar-cli.sh
+
+ publishers:
+ - lf-infra-publish
+
+- job-template:
+ name: "{project-name}-cli-sonar"
+ id: gerrit-cli-sonar
+ <<: *lf_python_common
+ <<: *lf_cli_sonar
+
+ ######################
+ # Default parameters #
+ ######################
+
+ gerrit_sonar_triggers:
+ - comment-added-contains-event:
+ comment-contains-value: '^Patch Set\s+\d+:\s+run-sonar\s*$'
+
+ #####################
+ # Job Configuration #
+ #####################
+
+ scm:
+ - lf-infra-gerrit-scm:
+ jenkins-ssh-credential: "{jenkins-ssh-credential}"
+ git-url: "{git-url}"
+ refspec: $GERRIT_REFSPEC
+ branch: $GERRIT_BRANCH
+ submodule-recursive: "{submodule-recursive}"
+ submodule-timeout: "{submodule-timeout}"
+ submodule-disable: "{submodule-disable}"
+ choosing-strategy: default
+
+ triggers:
+ - timed: "{obj:cron}"
+ - gerrit:
+ server-name: "{gerrit-server-name}"
+ trigger-on: "{obj:gerrit_sonar_triggers}"
+ projects:
+ - project-compare-type: "ANT"
+ project-pattern: "{project}"
+ branches:
+ - branch-compare-type: "ANT"
+ branch-pattern: "**/{branch}"
+ file-paths: "{obj:gerrit_trigger_file_paths}"
+ skip-vote:
+ successful: true
+ failed: true
+ unstable: true
+ notbuilt: true
+
+- job-template:
+ name: "{project-name}-cli-sonar"
+ id: github-cli-sonar
+ <<: *lf_python_common
+ <<: *lf_cli_sonar
+
+ properties:
+ - lf-infra-properties:
+ build-days-to-keep: "{build-days-to-keep}"
+ - github:
+ url: "{github-url}/{github-org}/{project}"
+
+ scm:
+ - lf-infra-github-scm:
+ url: "{git-clone-url}{github-org}/{project}"
+ refspec: "+refs/pull/*:refs/remotes/origin/pr/*"
+ branch: "$sha1"
+ submodule-recursive: "{submodule-recursive}"
+ submodule-timeout: "{submodule-timeout}"
+ submodule-disable: "{submodule-disable}"
+ choosing-strategy: default
+ jenkins-ssh-credential: "{jenkins-ssh-credential}"
+
+ triggers:
+ - github-pull-request:
+ trigger-phrase: "^run-sonar$"
+ only-trigger-phrase: false
+ status-context: "Python Sonar"
+ permit-all: true
+ github-hooks: true
+ white-list-target-branches:
+ - "{branch}"
+ included-regions: "{obj:github_included_regions}"
+
#########################
# Python Sonar with Tox #
#########################
sonarcloud: false
sonarcloud-project-key: ""
sonarcloud-project-organization: ""
- sonarcloud-api-token: ""
+ sonarcloud-api-token-cred-id: sonarcloud-api-token
+ sonarcloud-qualitygate-wait: false
# SonarCloud scan using jdk8 will become deprecated by Oct, 2020
# Projects not compatible with jdk11 can set java-version to something else
sonarcloud-java-version: openjdk11
however to use a specific version of the sonar-maven-plugin we
can call "org.codehaus.mojo:sonar-maven-plugin:3.3.0.603:sonar".
+ wrappers:
+ - credentials-binding:
+ - text:
+ credential-id: "{sonarcloud-api-token-cred-id}"
+ variable: API_TOKEN
+
builders:
- lf-infra-pre-build
- lf-infra-tox-install:
sonarcloud-project-key: "{sonarcloud-project-key}"
# yamllint disable-line rule:line-length
sonarcloud-project-organization: "{sonarcloud-project-organization}"
- sonarcloud-api-token: "{sonarcloud-api-token}"
sonarcloud-java-version: "{sonarcloud-java-version}"
+ sonarcloud-qualitygate-wait: "{sonarcloud-qualitygate-wait}"
scan-dev-branch: "{scan-dev-branch}"
# With SonarQube
- conditional-step:
Code Review / releng / global-jjb.git / blobdiff