X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=blobdiff_plain;f=docs%2Fjjb%2Flf-maven-jobs.rst;h=78dfc875c9e23dcc09d4b84ba2650c7ceedf8021;hb=5e7040b0710c05df16d1815be74214c5eb5f9239;hp=d312cecc7f569d85c487cc1b1f70e15dad280cec;hpb=c8b9acd166fcbd88139a65f7721e522980a0e013;p=releng%2Fglobal-jjb.git diff --git a/docs/jjb/lf-maven-jobs.rst b/docs/jjb/lf-maven-jobs.rst index d312cecc..78dfc875 100644 --- a/docs/jjb/lf-maven-jobs.rst +++ b/docs/jjb/lf-maven-jobs.rst @@ -23,7 +23,7 @@ Runs Sonar against a Maven project. :Required Parameters: - :java-version: Version of Java to execute Sonar with. + :java-version: Version of Java to execute Sonar with. (default: openjdk13) :mvn-version: Version of Maven to execute Sonar with. :mvn-settings: Maven settings.xml file containing credentials to use. @@ -34,13 +34,14 @@ Runs Sonar against a Maven project and pushes results to SonarCloud. :Required Parameters: - :java-version: Version of Java to execute Maven build. (default: openjdk8) + :java-version: Version of Java to execute Maven build. (default: openjdk11) :mvn-version: Version of Maven to execute Sonar with. :mvn-settings: Maven settings.xml file containing credentials to use. :sonarcloud-project-key: SonarCloud project key. :sonarcloud-project-organization: SonarCloud project organization. - :sonarcloud-api-token: SonarCloud API Token. - :sonarcloud-java-version: Version of Java to run the Sonar scan. + :sonarcloud-java-version: Version of Java to run the Sonar scan. (default: openjdk13) + :sonarcloud-qualitygate-wait: SonarCloud flag that forces the analysis step to + wait for the quality gate result. (default: false) lf-maven-build -------------- @@ -95,7 +96,7 @@ Setup Java alternatives for the Distro. :Required Parameters: :java-version: Version of Java to set as the default Java. - Eg. openjdk8 + Eg. openjdk11 lf-infra-sonatype-clm --------------------- @@ -107,6 +108,25 @@ Nexus IQ server. :mvn-goals: The maven goals to perform for the build. (default: clean install) +lf-infra-snyk-cli-scanner +------------------------- + +Downloads the latest Snyk CLI and triggers a code scan. It publishes a report into +the Snyk dashboard. + +:Optional parameters: + :mvn-goals: The maven goals to perform for the build. + (default: clean install) + +lf-infra-maven-sbom-generator +----------------------------- + +Runs a specific version of SPDX SBOM Generator tool to generate a report. +The calling job template sets the version to run in the SBOM_GENERATOR_VERSION parameter. + +:Optional parameters: + :sbom-flags: SBOM generator options. See https://github.com/opensbom-generator/spdx-sbom-generator + Job Templates ============= @@ -135,7 +155,7 @@ Produces a CLM scan of the code into Nexus IQ Server. :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7) :build-timeout: Timeout in minutes before aborting build. (default: 60) :git-url: URL clone project from. (default: $GIT_URL/$PROJECT) - :java-version: Version of Java to use for the build. (default: openjdk8) + :java-version: Version of Java to use for the build. (default: openjdk11) :mvn-global-settings: The name of the Maven global settings to use for Maven configuration. (default: global-settings) :mvn-goals: The maven goals to perform for the build. @@ -160,6 +180,53 @@ Produces a CLM scan of the code into Nexus IQ Server. :gerrit_merge_triggers: Override Gerrit Triggers. +Maven SNYK CLI +-------------- + +Builds the code, downloads and runs a Snyk CLI scan of the code into the Snyk dashboard. + +:Template Names: + + - {project-name}-maven-snyk-cli-{stream} + - gerrit-maven-snyk-cli + - github-maven-snyk-cli + +:Comment Trigger: run-snyk + +:Required parameters: + + :build-node: The node to run build on. + :jenkins-ssh-credential: Credential to use for SSH. (Generally configured in defaults.yaml) + :mvn-settings: The name of settings file containing credentials for the project. + :snyk-token-credential-id: Snyk API token to communicate with Jenkins. + :snyk-org-credential-id: Snyk organization ID. + +:Optional parameters: + + :branch: The branch to build against. (default: master) + :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7) + :build-timeout: Timeout in minutes before aborting build. (default: 60) + :git-url: URL clone project from. (default: $GIT_URL/$PROJECT) + :java-version: Version of Java to use for the build. (default: openjdk11) + :mvn-global-settings: The name of the Maven global settings to use for + Maven configuration. (default: global-settings) + :mvn-goals: The maven goals to perform for the build. + (default: clean install) + :mvn-opts: Sets MAVEN_OPTS to start up the JVM running Maven. (default: '') + :mvn-params: Parameters to pass to the mvn CLI. (default: '') + :mvn-version: Version of maven to use. (default: mvn35) + :snyk-cli-options: Snyk CLI options. (default: '') + :stream: Keyword that represents a release code-name. + Often the same as the branch. (default: master) + :submodule-recursive: Whether to checkout submodules recursively. + (default: true) + :submodule-timeout: Timeout (in minutes) for checkout operation. + (default: 10) + :submodule-disable: Disable submodule checkout operation. + (default: false) + + :gerrit_snyk_triggers: Override Gerrit Triggers. + Maven JavaDoc Publish --------------------- @@ -192,7 +259,7 @@ in ``$WORKSPACE/{mvn-dir}/target/site/apidocs``. :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7) :build-timeout: Timeout in minutes before aborting build. (default: 60) :git-url: URL clone project from. (default: $GIT_URL/$PROJECT) - :java-version: Version of Java to use for the build. (default: openjdk8) + :java-version: Version of Java to use for the build. (default: openjdk11) :mvn-dir: Directory supplied as argument to -f option (default: '.') :mvn-global-settings: The name of the Maven global settings to use for Maven configuration. (default: global-settings) @@ -240,7 +307,7 @@ in ``$WORKSPACE/{mvn-dir}/target/site/apidocs``. :build-timeout: Timeout in minutes before aborting build. (default: 60) :deploy-path: The path in Nexus to deploy javadoc to. (default: $PROJECT/$STREAM) :git-url: URL clone project from. (default: $GIT_URL/$PROJECT) - :java-version: Version of Java to use for the build. (default: openjdk8) + :java-version: Version of Java to use for the build. (default: openjdk11) :mvn-dir: Directory supplied as argument to -f option (default: '.') :mvn-global-settings: The name of the Maven global settings to use for Maven configuration. (default: global-settings) @@ -304,13 +371,17 @@ This job uses the following strategy to deploy jobs to Nexus: one may want to provide more than 1 cron timer. (default: 'H H * * 0' to run weekly) :git-url: URL clone project from. (default: $GIT_URL/$PROJECT) - :java-version: Version of Java to use for the build. (default: openjdk8) + :jacoco-exclude-pattern: Ant-style patterns to exclude from Jacoco coverage + report. (default: ``"**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**"``) + :java-version: Version of Java to use for the build. (default: openjdk11) :mvn-global-settings: The name of the Maven global settings to use for Maven configuration. (default: global-settings) :mvn-opts: Sets MAVEN_OPTS to start up the JVM running Maven. (default: '') :mvn-params: Parameters to pass to the mvn CLI. (default: '') :mvn-version: Version of maven to use. (default: mvn35) :nexus-cut-dirs: Number of directories to cut from file path for `wget -r`. + :pre-build-script: Shell script to run before maven build. (default: a string with a shell comment) + :post-build-script: Shell script to run after maven build. (default: a string with a shell comment) :stream: Keyword that represents a release code-name. Often the same as the branch. (default: master) :submodule-recursive: Whether to checkout submodules recursively. @@ -390,7 +461,7 @@ directory is then used later to deploy to Nexus. one may want to provide more than 1 cron timer. (default: '') :deploy-path: The path in Nexus to deploy javadoc to. (default: $PROJECT/$STREAM) :git-url: URL clone project from. (default: $GIT_URL/$PROJECT) - :java-version: Version of Java to use for the build. (default: openjdk8) + :java-version: Version of Java to use for the build. (default: openjdk11) :mvn-central: Set to ``true`` to also stage to **OSSRH**. This is for projects that want to release to Maven Central. If set, then also set the parameter ``ossrh-profile-id``. (default: false) @@ -402,6 +473,14 @@ directory is then used later to deploy to Nexus. :mvn-version: Version of maven to use. (default: mvn35) :ossrh-profile-id: Profile ID for project as provided by OSSRH. (default: '') + :sbom-flags: SBOM generator options if using sbom-generator. + See https://github.com/opensbom-generator/spdx-sbom-generator + :sbom-generator: Calls lf-infra-maven-sbom-generator to run the SPDX SBOM generator tool. + (default: false) + :sbom-generator-version: SBOM generator version to download and run if using sbom-generator. + (default: v0.0.10) + :sbom-path: SBOM execution path. + (default: $WORKSPACE) :sign-artifacts: Sign artifacts with Sigul. (default: false) :stream: Keyword that represents a release code-name. Often the same as the branch. (default: master) @@ -490,7 +569,7 @@ multi-branch configuration. one may want to provide more than 1 cron timer. (default: 'H H * * 6' to run weekly) :git-url: URL clone project from. (default: $GIT_URL/$PROJECT) - :java-version: Version of Java to use for the Maven build. (default: openjdk8) + :java-version: Version of Java to use for the Maven build. (default: openjdk11) :mvn-global-settings: The name of the Maven global settings to use for Maven configuration. (default: global-settings) :mvn-goals: The maven goals to perform for the build. @@ -505,7 +584,9 @@ multi-branch configuration. :sonarcloud-project-key: SonarCloud project key. (default: '') :sonarcloud-project-organization: SonarCloud project organization. (default: '') - :sonarcloud-api-token: SonarCloud API Token. (default: '') + :sonarcloud-api-token-cred-id: Jenkins credential ID which has the SonarCloud API Token. + This one SHOULDN'T be overwritten as we are standarizing the credential ID for all + projects (default: 'sonarcloud-api-token') :sonarcloud-java-version: Version of Java to use for the Sonar scan. (default: openjdk11) :stream: Keyword that represents a release code-name. Often the same as the branch. (default: master) @@ -515,6 +596,75 @@ multi-branch configuration. (default: 10) :submodule-disable: Disable submodule checkout operation. (default: false) + :scan-dev-branch: Run the scan on a developer branch. + (default: false) + + :gerrit_sonar_triggers: Override Gerrit Triggers. + + +SonarCloud Example: + +.. literalinclude:: ../../.jjb-test/lf-maven-jobs/maven-sonarcloud.yaml + :language: yaml + +Maven Sonar Verify +------------------ + +Sonar job which runs mvn clean install then publishes to Sonar. + +This job runs on dev branches and its triggered on new patchsets. + +:Template Names: + + - {project-name}-sonar-verify + - gerrit-maven-sonar-verify + +:Comment Trigger: recheck|reverify + +:Required parameters: + + :build-node: The node to run build on. + :jenkins-ssh-credential: Credential to use for SSH. (Generally configured in defaults.yaml) + :mvn-settings: The name of settings file containing credentials for the project. + +:Optional parameters: + + :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7) + :build-timeout: Timeout in minutes before aborting build. (default: 60) + :git-url: URL clone project from. (default: $GIT_URL/$PROJECT) + :java-version: Version of Java to use for the Maven build. (default: openjdk11) + :mvn-global-settings: The name of the Maven global settings to use for + Maven configuration. (default: global-settings) + :mvn-goals: The maven goals to perform for the build. + (default: clean install) + :mvn-opts: Sets MAVEN_OPTS to start up the JVM running Maven. (default: '') + :mvn-params: Parameters to pass to the mvn CLI. (default: '') + :mvn-version: Version of maven to use. (default: mvn35) + :pre-build-script: Shell script to run before maven build. (default: a string with a shell comment) + :post-build-script: Shell script to run after maven build. (default: a string with a shell comment) + :sonar-mvn-goal: Maven goals to run for sonar analysis. + (default: sonar:sonar) + :sonarcloud: Set to ``true`` to use SonarCloud ``true|false``. + (default: true) + :sonarcloud-project-key: SonarCloud project key. (default: '') + :sonarcloud-project-organization: SonarCloud project organization. + (default: '') + :sonarcloud-api-token-cred-id: Jenkins credential ID which has the SonarCloud API Token. + This one SHOULDN'T be overwritten as we are standarizing the credential ID for all + projects (default: 'sonarcloud-api-token') + :sonarcloud-java-version: Version of Java to use for the Sonar scan. (default: openjdk11) + :sonarcloud-qualitygate-wait: SonarCloud flag that forces the analysis step to + wait for the quality gate result. (default: false) + :stream: Keyword that represents a release code-name. + Often the same as the branch. (default: master) + :submodule-recursive: Whether to checkout submodules recursively. + (default: true) + :submodule-timeout: Timeout (in minutes) for checkout operation. + (default: 10) + :submodule-disable: Disable submodule checkout operation. + (default: false) + :scan-dev-branch: Run the scan on a developer branch. + (default: true) :gerrit_sonar_triggers: Override Gerrit Triggers. @@ -549,7 +699,7 @@ Verify job which runs mvn clean install to test a project build.. :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7) :build-timeout: Timeout in minutes before aborting build. (default: 60) :git-url: URL clone project from. (default: $GIT_URL/$PROJECT) - :java-version: Version of Java to use for the build. (default: openjdk8) + :java-version: Version of Java to use for the build. (default: openjdk11) :mvn-global-settings: The name of the Maven global settings to use for Maven configuration. (default: global-settings) :mvn-opts: Sets MAVEN_OPTS to start up the JVM running Maven. (default: '') @@ -617,7 +767,7 @@ comment trigger. :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7) :build-timeout: Timeout in minutes before aborting build. (default: 60) :git-url: URL clone project from. (default: $GIT_URL/$PROJECT) - :java-version: Version of Java to use for the build. (default: openjdk8) + :java-version: Version of Java to use for the build. (default: openjdk11) :mvn-global-settings: The name of the Maven global settings to use for Maven configuration. (default: global-settings) :mvn-opts: Sets MAVEN_OPTS to start up the JVM running Maven. (default: '')