X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=blobdiff_plain;f=jjb%2Flf-python-jobs.yaml;h=18268ebc3cb9fc69c102c6f4f196abcee4476f0a;hb=766dbef8a63d824d6e551d4f179806521be95d13;hp=b21f0b2b48b99cb3356d10bcdf364faaec9f3dfe;hpb=928def91ec7a5c862a7210f89532836898fe829b;p=releng%2Fglobal-jjb.git diff --git a/jjb/lf-python-jobs.yaml b/jjb/lf-python-jobs.yaml index b21f0b2b..18268ebc 100644 --- a/jjb/lf-python-jobs.yaml +++ b/jjb/lf-python-jobs.yaml @@ -30,7 +30,7 @@ # COMMON FUNCTIONS # #################### -- lf_python_common: &lf_python_common +- _lf_python_common: &lf_python_common name: lf-python-common ###################### @@ -69,7 +69,7 @@ # Tox Nexus IQ CLM # #################### -- lf_tox_nexus_iq_clm: &lf_tox_nexus_iq_clm +- _lf_tox_nexus_iq_clm: &lf_tox_nexus_iq_clm name: lf-tox-nexus-iq-clm ###################### @@ -84,8 +84,9 @@ git-url: "$GIT_URL/$PROJECT" github-url: "https://github.com" java-version: openjdk11 # Scanner is a jar - nexus-iq-cli-version: 1.89.0-02 + nexus-iq-cli-version: 1.140.0-01 nexus-iq-namespace: "" # Recommend a trailing dash when set. Example: odl- + nexus-target-build: "**/*" pre-build-script: "# pre-build script goes here" python-version: python3 requirements-file: requirements.txt @@ -118,6 +119,10 @@ name: NEXUS_IQ_CLI_VERSION default: "{nexus-iq-cli-version}" description: Nexus IQ CLI jar to download and run. + - string: + name: NEXUS_TARGET_BUILD + default: "{nexus-target-build}" + description: File or dir to scan by Nexus CLI. wrappers: - lf-infra-wrappers: @@ -222,11 +227,323 @@ white-list-target-branches: - "{branch}" +################### +# Python Snyk CLI # +################### + +- _lf_python_snyk_cli: &lf_python_snyk_cli + name: lf-python-snyk_cli + + ###################### + # Default parameters # + ###################### + + branch: master + build-days-to-keep: 30 # 30 days for troubleshooting purposes + build-timeout: 60 + disable-job: false + git-url: "$GIT_URL/$PROJECT" + github-url: "https://github.com" + java-version: openjdk11 + parallel: false + pre-build-script: "# pre-build script goes here" + python-version: python3 + snyk-cli-options: "" + snyk-token-credential-id: snyk-token + snyk-org-credential-id: snyk-org + stream: master + submodule-recursive: true + submodule-timeout: 10 + submodule-disable: false + tox-dir: "." + tox-envs: "" + + gerrit_snyk_triggers: + - comment-added-contains-event: + comment-contains-value: '^Patch Set\s+\d+:\s+run-snyk\s*$' + + parameters: + - lf-infra-parameters: + project: "{project}" + branch: "{branch}" + stream: "{stream}" + - string: + name: SNYK_CLI_OPTIONS + default: "{snyk-cli-options}" + description: Additional Snyk CLI commands and options + - lf-infra-tox-parameters: + tox-dir: "{tox-dir}" + tox-envs: "{tox-envs}" + + wrappers: + - credentials-binding: + - text: + credential-id: "{snyk-token-credential-id}" + variable: SNYK_TOKEN + - text: + credential-id: "{snyk-org-credential-id}" + variable: SNYK_ORG + + ##################### + # Job Configuration # + ##################### + + disabled: "{disable-job}" + + builders: + - lf-infra-pre-build + - lf-infra-tox-install: + python-version: "{python-version}" + - shell: "{pre-build-script}" + - lf-infra-tox-run: + parallel: "{parallel}" + - lf-infra-snyk-cli-scanner + +- job-template: + name: "{project-name}-python-snyk-cli-{stream}" + id: gerrit-python-snyk-cli + # yamllint disable-line rule:key-duplicates + <<: *lf_python_snyk_cli + + scm: + - lf-infra-gerrit-scm: + jenkins-ssh-credential: "{jenkins-ssh-credential}" + git-url: "{git-url}" + refspec: "$GERRIT_REFSPEC" + branch: "$GERRIT_BRANCH" + submodule-recursive: "{submodule-recursive}" + submodule-timeout: "{submodule-timeout}" + submodule-disable: "{submodule-disable}" + choosing-strategy: default + + triggers: + # Build weekly on Saturdays + - timed: "H H * * 6" + - gerrit: + server-name: "{gerrit-server-name}" + trigger-on: "{obj:gerrit_snyk_triggers}" + projects: + - project-compare-type: ANT + project-pattern: "{project}" + branches: + - branch-compare-type: ANT + branch-pattern: "**/{branch}" + skip-vote: + successful: true + failed: true + unstable: true + notbuilt: true + +- job-template: + name: "{project-name}-python-snyk-cli-{stream}" + id: github-python-snyk-cli + # yamllint disable-line rule:key-duplicates + <<: *lf_python_snyk_cli + + properties: + - lf-infra-properties: + build-days-to-keep: "{build-days-to-keep}" + - github: + url: "{github-url}/{github-org}/{project}" + + scm: + - lf-infra-github-scm: + url: "{git-clone-url}{github-org}/{project}" + refspec: "" + branch: "refs/heads/{branch}" + submodule-recursive: "{submodule-recursive}" + submodule-timeout: "{submodule-timeout}" + submodule-disable: "{submodule-disable}" + choosing-strategy: default + jenkins-ssh-credential: "{jenkins-ssh-credential}" + + triggers: + # Build weekly on Saturdays + - timed: "H H * * 6" + - github-pull-request: + trigger-phrase: "^run-snyk$" + only-trigger-phrase: true + status-context: "SNYK scan" + permit-all: true + github-hooks: true + org-list: + - "{github-org}" + white-list: "{obj:github_pr_allowlist}" + admin-list: "{obj:github_pr_admin_list}" + white-list-target-branches: + - "{branch}" + +######################### +# Python Sonar with CLI # +######################### + +- _lf_cli_sonar: &lf_cli_sonar + name: lf-cli-sonar + + ###################### + # Default parameters # + ###################### + + branch: master # Sonar should always be run on master branch + build-days-to-keep: 7 + build-timeout: 60 + cron: "H H * * *" # run daily + disable-job: false + git-url: "$GIT_URL/$PROJECT" + github-url: "https://github.com" + # SonarCloud scan using jdk8 will become deprecated by Oct, 2020 + # Projects not compatible with jdk11 can set java-version to something else + java-version: openjdk11 + parallel: true + pre-build-script: "# pre-build script goes here" + python-version: python3 + stream: master + sonar-scanner-version: "4.7.0.2747" + sonar-scanner-home: "$WORKSPACE/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION-linux" + sonar-scanner-opts: "-server" + submodule-recursive: true + submodule-timeout: 10 + submodule-disable: false + tox-dir: "." + tox-envs: "" + + gerrit_trigger_file_paths: + - compare-type: REG_EXP + pattern: ".*" + + # github_included_regions MUST match gerrit_trigger_file_paths + github_included_regions: + - ".*" + + ##################### + # Job Configuration # + ##################### + + disabled: "{disable-job}" + + parameters: + - lf-infra-parameters: + project: "{project}" + branch: "{branch}" + stream: "{stream}" + - lf-infra-sonar-cli-parameters: + tox-dir: "{tox-dir}" + tox-envs: "{tox-envs}" + sonar-scanner-version: "{sonar-scanner-version}" + sonar-scanner-home: "{sonar-scanner-home}" + sonar-scanner-opts: "{sonar-scanner-opts}" + - string: + name: ARCHIVE_ARTIFACTS + default: "{archive-artifacts}" + description: Artifacts to archive to the logs server. + wrappers: + - credentials-binding: + - text: + credential-id: sonar-token-{project-name} + variable: SONAR_TOKEN + builders: + - lf-infra-pre-build + - lf-infra-tox-install: + python-version: "{python-version}" + - shell: "{pre-build-script}" + - lf-infra-tox-run: + parallel: "{parallel}" + # With Sonar CLI + - inject: + properties-content: | + SONARCLOUD_PROJECT_ORGANIZATION={sonarcloud-project-organization} + SONARCLOUD_PROJECT_KEY={sonarcloud-project-key} + - shell: !include-raw-escape: ../shell/sonar-cli.sh + + publishers: + - lf-infra-publish + +- job-template: + name: "{project-name}-cli-sonar" + id: gerrit-cli-sonar + <<: *lf_python_common + <<: *lf_cli_sonar + + ###################### + # Default parameters # + ###################### + + gerrit_sonar_triggers: + - comment-added-contains-event: + comment-contains-value: '^Patch Set\s+\d+:\s+run-sonar\s*$' + + ##################### + # Job Configuration # + ##################### + + scm: + - lf-infra-gerrit-scm: + jenkins-ssh-credential: "{jenkins-ssh-credential}" + git-url: "{git-url}" + refspec: $GERRIT_REFSPEC + branch: $GERRIT_BRANCH + submodule-recursive: "{submodule-recursive}" + submodule-timeout: "{submodule-timeout}" + submodule-disable: "{submodule-disable}" + choosing-strategy: default + + triggers: + - timed: "{obj:cron}" + - gerrit: + server-name: "{gerrit-server-name}" + trigger-on: "{obj:gerrit_sonar_triggers}" + projects: + - project-compare-type: "ANT" + project-pattern: "{project}" + branches: + - branch-compare-type: "ANT" + branch-pattern: "**/{branch}" + file-paths: "{obj:gerrit_trigger_file_paths}" + skip-vote: + successful: true + failed: true + unstable: true + notbuilt: true + +- job-template: + name: "{project-name}-cli-sonar" + id: github-cli-sonar + <<: *lf_python_common + <<: *lf_cli_sonar + + properties: + - lf-infra-properties: + build-days-to-keep: "{build-days-to-keep}" + - github: + url: "{github-url}/{github-org}/{project}" + + scm: + - lf-infra-github-scm: + url: "{git-clone-url}{github-org}/{project}" + refspec: "+refs/pull/*:refs/remotes/origin/pr/*" + branch: "$sha1" + submodule-recursive: "{submodule-recursive}" + submodule-timeout: "{submodule-timeout}" + submodule-disable: "{submodule-disable}" + choosing-strategy: default + jenkins-ssh-credential: "{jenkins-ssh-credential}" + + triggers: + - github-pull-request: + trigger-phrase: "^run-sonar$" + only-trigger-phrase: false + status-context: "Python Sonar" + permit-all: true + github-hooks: true + white-list-target-branches: + - "{branch}" + included-regions: "{obj:github_included_regions}" + ######################### # Python Sonar with Tox # ######################### -- lf_tox_sonar: &lf_tox_sonar +- _lf_tox_sonar: &lf_tox_sonar name: lf-tox-sonar ###################### @@ -245,7 +562,7 @@ mvn-goals: validate mvn-opts: "" mvn-params: "" - mvn-settings: "{mvn-settings}" + mvn-settings: "" mvn-version: mvn35 parallel: true pre-build-script: "# pre-build script goes here" @@ -254,10 +571,10 @@ sonarcloud: false sonarcloud-project-key: "" sonarcloud-project-organization: "" - sonarcloud-api-token: "" - # SonarCloud scan using jdk8 will become deprecated by Oct, 2020 - # Projects not compatible with jdk11 can set java-version to something else - sonarcloud-java-version: openjdk11 + sonarcloud-api-token-cred-id: sonarcloud-api-token + sonarcloud-qualitygate-wait: false + # Projects not compatible with jdk17 can set java-version to something else + sonarcloud-java-version: openjdk17 stream: master submodule-recursive: true submodule-timeout: 10 @@ -311,6 +628,12 @@ however to use a specific version of the sonar-maven-plugin we can call "org.codehaus.mojo:sonar-maven-plugin:3.3.0.603:sonar". + wrappers: + - credentials-binding: + - text: + credential-id: "{sonarcloud-api-token-cred-id}" + variable: API_TOKEN + builders: - lf-infra-pre-build - lf-infra-tox-install: @@ -335,8 +658,8 @@ sonarcloud-project-key: "{sonarcloud-project-key}" # yamllint disable-line rule:line-length sonarcloud-project-organization: "{sonarcloud-project-organization}" - sonarcloud-api-token: "{sonarcloud-api-token}" sonarcloud-java-version: "{sonarcloud-java-version}" + sonarcloud-qualitygate-wait: "{sonarcloud-qualitygate-wait}" scan-dev-branch: "{scan-dev-branch}" # With SonarQube - conditional-step: @@ -440,7 +763,7 @@ # Tox SonarQube # ################# -- lf_tox_sonarqube: &lf_tox_sonarqube +- _lf_tox_sonarqube: &lf_tox_sonarqube name: lf-tox-sonarqube ###################### @@ -456,6 +779,7 @@ disable-job: false git-url: "$GIT_URL/$PROJECT" github-url: "https://github.com" + java-version: openjdk17 parallel: false pre-build-script: "# pre-build script goes here" python-version: python3 @@ -471,6 +795,7 @@ sonar-project-file: "sonar-project.properties" sonar-properties: "" sonar-task: "" + sonar-jdk: openjdk17 ##################### # Job Configuration # @@ -504,6 +829,8 @@ builders: - lf-infra-pre-build + - lf-update-java-alternatives: + java-version: "{java-version}" - lf-infra-tox-install: python-version: "{python-version}" - shell: "{pre-build-script}" @@ -515,6 +842,7 @@ sonar-properties: "{sonar-properties}" sonar-java-opts: "{sonar-java-opts}" sonar-additional-args: "{sonar-additional-args}" + sonar-jdk: "{sonar-jdk}" publishers: - lf-infra-publish @@ -587,7 +915,7 @@ # Tox Common # ############## -- lf_tox_common: &lf_tox_common +- _lf_tox_common: &lf_tox_common name: lf-tox-common ###################### @@ -817,7 +1145,7 @@ github-hooks: true org-list: - "{github-org}" - white-list: "{obj:github_pr_whitelist}" + white-list: "{obj:github_pr_allowlist}" admin-list: "{obj:github_pr_admin_list}" white-list-target-branches: - "{branch}" @@ -827,7 +1155,7 @@ # PyPI # ######## -- lf_pypi_common: &lf_pypi_common +- _lf_pypi_common: &lf_pypi_common name: lf-pypi-common ###################### @@ -898,7 +1226,7 @@ publishers: - lf-infra-publish -- lf_pypi_verify_builders: &lf_pypi_verify_builders +- _lf_pypi_verify_builders: &lf_pypi_verify_builders name: lf-pypi-verify-builders builders: @@ -910,7 +1238,7 @@ parallel: "{parallel}" - shell: !include-raw-escape: ../shell/pypi-dist-build.sh -- lf_pypi_publish_builders: &lf_pypi_publish_builders +- _lf_pypi_publish_builders: &lf_pypi_publish_builders name: lf-pypi-publish-builders builders: @@ -1069,7 +1397,7 @@ github-hooks: true org-list: - "{github-org}" - white-list: "{obj:github_pr_whitelist}" + white-list: "{obj:github_pr_allowlist}" admin-list: "{obj:github_pr_admin_list}" white-list-target-branches: - "{branch}"