X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=blobdiff_plain;f=jjb%2Flf-maven-jobs.yaml;h=528e15041e2a14325f6c8b67cb792cc3ff0b4e55;hb=refs%2Ftags%2Fv0.75.0;hp=d4a5f0836625829a02e82756d2e0e55ae32f9e19;hpb=928def91ec7a5c862a7210f89532836898fe829b;p=releng%2Fglobal-jjb.git diff --git a/jjb/lf-maven-jobs.yaml b/jjb/lf-maven-jobs.yaml index d4a5f083..528e1504 100644 --- a/jjb/lf-maven-jobs.yaml +++ b/jjb/lf-maven-jobs.yaml @@ -288,7 +288,7 @@ github-hooks: true org-list: - "{github-org}" - white-list: "{obj:github_pr_whitelist}" + white-list: "{obj:github_pr_allowlist}" admin-list: "{obj:github_pr_admin_list}" white-list-target-branches: - "{branch}" @@ -420,7 +420,7 @@ github-hooks: true org-list: - "{github-org}" - white-list: "{obj:github_pr_whitelist}" + white-list: "{obj:github_pr_allowlist}" admin-list: "{obj:github_pr_admin_list}" white-list-target-branches: - "{branch}" @@ -696,7 +696,7 @@ github-hooks: true org-list: - "{github-org}" - white-list: "{obj:github_pr_whitelist}" + white-list: "{obj:github_pr_allowlist}" admin-list: "{obj:github_pr_admin_list}" white-list-target-branches: - "{branch}" @@ -807,7 +807,7 @@ github-hooks: true org-list: - "{github-org}" - white-list: "{obj:github_pr_whitelist}" + white-list: "{obj:github_pr_allowlist}" admin-list: "{obj:github_pr_admin_list}" white-list-target-branches: - "{branch}" @@ -842,6 +842,9 @@ mvn-version: mvn35 ossrh-profile-id: "" mvn-pom: "" + sbom-flags: "" + sbom-generator: false + sbom-generator-version: "v0.0.10" sign-artifacts: false sign-mode: serial stream: master @@ -889,6 +892,10 @@ name: STAGING_PROFILE_ID default: "{staging-profile-id}" description: Nexus staging profile ID. + - string: + name: SBOM_GENERATOR_VERSION + default: "{sbom-generator-version}" + description: SBOM generator version to download and run. builders: - lf-infra-pre-build @@ -909,6 +916,14 @@ - shell: !include-raw-escape: ../shell/maven-patch-release.sh - lf-maven-build: mvn-goals: "{mvn-goals}" + # With SBOM Generator + - conditional-step: + condition-kind: boolean-expression + condition-expression: "{sbom-generator}" + steps: + - shell: echo 'Running SBOM Generator' + - lf-infra-maven-sbom-generator: + sbom-flags: "{sbom-flags}" - lf-sigul-sign-dir: sign-artifacts: "{sign-artifacts}" sign-dir: "$WORKSPACE/m2repo" @@ -1138,6 +1153,7 @@ sonarcloud-project-key: "" sonarcloud-project-organization: "" sonarcloud-api-token: "" + sonarcloud-qualitygate-wait: false # SonarCloud scan using jdk8 will become deprecated by Oct, 2020 # Projects not compatible with jdk11 can set java-version to something else sonarcloud-java-version: openjdk11 @@ -1224,6 +1240,7 @@ sonarcloud-project-organization: "{sonarcloud-project-organization}" sonarcloud-api-token: "{sonarcloud-api-token}" sonarcloud-java-version: "{sonarcloud-java-version}" + sonarcloud-qualitygate-wait: "{sonarcloud-qualitygate-wait}" scan-dev-branch: "{scan-dev-branch}" # With SonarQube - conditional-step: @@ -1259,6 +1276,7 @@ sonarcloud-project-organization: "{sonarcloud-project-organization}" sonarcloud-api-token: "{sonarcloud-api-token}" sonarcloud-java-version: "{sonarcloud-java-version}" + sonarcloud-qualitygate-wait: "{sonarcloud-qualitygate-wait}" scan-dev-branch: "{scan-dev-branch}" # With SonarQube - conditional-step: @@ -1274,6 +1292,16 @@ mvn-settings: "{mvn-settings}" mvn-version: "{mvn-version}" +- builder: + name: lf-infra-maven-sbom-generator + # Run Maven goals and trigger SPDX SBOM Generator tool + builders: + - inject: + properties-content: | + SBOM_FLAGS={sbom-flags} + - shell: !include-raw-escape: + - ../shell/sbom-generator.sh + - builder: name: lf-infra-maven-sonar # Run a Sonar build with Maven @@ -1313,6 +1341,7 @@ API_TOKEN={sonarcloud-api-token} SONARCLOUD_JAVA_VERSION={sonarcloud-java-version} SCAN_DEV_BRANCH={scan-dev-branch} + SONARCLOUD_QUALITYGATE_WAIT={sonarcloud-qualitygate-wait} - lf-provide-maven-settings: global-settings-file: global-settings settings-file: "{mvn-settings}" @@ -1340,6 +1369,54 @@ submodule-disable: "{submodule-disable}" choosing-strategy: default +- job-template: + name: "{project-name}-sonar-verify" + id: gerrit-maven-sonar-verify + <<: *lf_maven_common + # yamllint disable-line rule:key-duplicates + <<: *lf_maven_sonar + <<: *mvn_sonar_builders + + sonarcloud: true + scan-dev-branch: true + sonarcloud-qualitygate-wait: false + + gerrit_sonar_triggers: + - patchset-created-event: + exclude-drafts: true + exclude-trivial-rebase: false + exclude-no-code-change: false + - draft-published-event + - comment-added-contains-event: + comment-contains-value: '^Patch Set\s+\d+:\s+(recheck|reverify)\s*$' + + gerrit_trigger_file_paths: + - compare-type: REG_EXP + pattern: ".*" + + triggers: + - gerrit: + server-name: "{gerrit-server-name}" + trigger-on: "{obj:gerrit_sonar_triggers}" + projects: + - project-compare-type: "ANT" + project-pattern: "{project}" + branches: + - branch-compare-type: "ANT" + branch-pattern: "**/{branch}" + file-paths: "{obj:gerrit_trigger_file_paths}" + + scm: + - lf-infra-gerrit-scm: + jenkins-ssh-credential: "{jenkins-ssh-credential}" + git-url: "{git-url}" + refspec: $GERRIT_REFSPEC + branch: $GERRIT_BRANCH + submodule-recursive: "{submodule-recursive}" + submodule-timeout: "{submodule-timeout}" + submodule-disable: "{submodule-disable}" + choosing-strategy: gerrit + - job-template: name: "{project-name}-sonar-prescan-script" id: gerrit-maven-sonar-prescan-script @@ -1393,7 +1470,7 @@ github-hooks: true org-list: - "{github-org}" - white-list: "{obj:github_pr_whitelist}" + white-list: "{obj:github_pr_allowlist}" admin-list: "{obj:github_pr_admin_list}" white-list-target-branches: - "{branch}" @@ -1433,7 +1510,7 @@ github-hooks: true org-list: - "{github-org}" - white-list: "{obj:github_pr_whitelist}" + white-list: "{obj:github_pr_allowlist}" admin-list: "{obj:github_pr_admin_list}" white-list-target-branches: - "{branch}"