:go-root: Path to the Go project root directory.
+lf-infra-nexus-iq-go-cli
+------------------------
+
+Calls nexus-iq-go-cli.sh to CLM scan a Go project.
+
+:Required Parameters:
+
+ :NEXUS_IQ_PROJECT_NAME: Nexus IQ project name that will receive the CLM scan results.
+
+install-golang
+--------------
+
+Installs the specified Golang version throuhg a plug-in.
+
+:Required Parameters:
+
+ :version: Golang version number to install.
+
lf-go-common
------------
:gerrit_verify_triggers: Override Gerrit Triggers.
:gerrit_trigger_file_paths: Override file paths to filter which file
modifications will trigger a build.
+
+Go CLM
+------
+
+Job which runs a CLM scan over a Golang project.
+
+:Template Names:
+
+ - {project-name}-nexus-iq-go-clm
+ - gerrit-nexus-iq-go-clm
+
+:Comment Trigger: run-clm
+
+:Required parameters:
+
+ :build-node: The node to run build on.
+ :golang-version: Golang version you want to use for the CLM scan. (default: 1.23)
+
+:Optional parameters:
+
+ :jenkins-ssh-credential: Credential to use for SSH. (Generally configured in defaults.yaml)
+ :branch: Git branch to fetch for the build. (default: master)
+ :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7)
+ :build-timeout: Timeout in minutes before aborting build. (default: 15)
+ :cron: cronjob frequency to run the job. (default: @weekly)
+ :disable-job: boolean flag to enable/disable the job (default: false)
+ :git-url: URL clone project from. (default: $GIT_URL/$PROJECT)
+ :java-version: Java version to run the Nexus scanner (default: openjdk17)
+ :nexus-iq-cli-version: version of the Nexus CLI scanner (default: 1.185.0-01)
+ :nexus-iq-namespace: prefix to append to the Nexus project name.
+ Recommend using a trailing dash when set. Example: "onap-". (default: "")
+ :nexus-target-build: file to use for the Nexus CLM scan (default: go.sum)
+ :pre-build-script: optional pre-build script.
+ :stream: Keyword that represents a release code-name.
+ Often the same as the branch. (default: master)
+ :submodule-recursive: Whether to checkout submodules recursively.
+ (default: true)
+ :submodule-timeout: Timeout (in minutes) for checkout operation.
+ (default: 10)
+ :submodule-disable: Disable submodule checkout operation.
+ (default: false)
properties-content: "GO_ROOT={go-root}"
- shell: !include-raw-escape: ../shell/go-test.sh
+- builder:
+ name: lf-infra-nexus-iq-go-cli
+ builders:
+ - inject:
+ properties-content: |
+ NEXUS_IQ_PROJECT_NAME={nexus-iq-project-name}
+ - shell: !include-raw-escape: ../shell/nexus-iq-go-cli.sh
+
+############
+# WRAPPERS #
+############
+
+- wrapper:
+ name: install-golang
+ wrappers:
+ - raw:
+ xml: |
+ <org.jenkinsci.plugins.golang.GolangBuildWrapper plugin="golang">
+ <goVersion>Golang {version}</goVersion>
+ </org.jenkinsci.plugins.golang.GolangBuildWrapper>
+
####################
# COMMON FUNCTIONS #
####################
admin-list: "{obj:github_pr_admin_list}"
white-list-target-branches:
- "{branch}"
+
+#######################
+# Nexus IQ Golang CLM #
+#######################
+
+- _lf_nexus_iq_go_clm: &lf_nexus_iq_go_clm
+ name: lf-nexus-iq-go-clm
+
+ ######################
+ # Default parameters #
+ ######################
+
+ branch: master
+ build-days-to-keep: 7
+ build-timeout: 15
+ cron: "@weekly"
+ disable-job: false
+ git-url: "$GIT_URL/$PROJECT"
+ github-url: "https://github.com"
+ java-version: openjdk17 # Scanner is a jar
+ nexus-iq-cli-version: 1.185.0-01
+ nexus-iq-namespace: "" # Recommend a trailing dash when set. Example: odl-
+ nexus-target-build: "go.sum"
+ pre-build-script: "# pre-build script goes here"
+ stream: master
+ submodule-recursive: true
+ submodule-timeout: 10
+ submodule-disable: false
+ golang-version: "1.23"
+
+ #####################
+ # Job Configuration #
+ #####################
+
+ disabled: "{disable-job}"
+
+ parameters:
+ - lf-infra-parameters:
+ project: "{project}"
+ branch: "{branch}"
+ stream: "{stream}"
+ - string:
+ name: ARCHIVE_ARTIFACTS
+ default: "{archive-artifacts}"
+ description: Artifacts to archive to the logs server.
+ - string:
+ name: NEXUS_IQ_CLI_VERSION
+ default: "{nexus-iq-cli-version}"
+ description: Nexus IQ CLI jar to download and run.
+ - string:
+ name: NEXUS_TARGET_BUILD
+ default: "{nexus-target-build}"
+ description: File or dir to scan by Nexus CLI.
+
+ wrappers:
+ - lf-infra-wrappers:
+ build-timeout: "{build-timeout}"
+ jenkins-ssh-credential: "{jenkins-ssh-credential}"
+ - credentials-binding:
+ - username-password-separated:
+ credential-id: onap-nexus-clm
+ username: NEXUS_IQ_USER
+ password: NEXUS_IQ_PASSWORD
+ - install-golang:
+ version: "{golang-version}"
+
+ builders:
+ - lf-infra-pre-build
+ - lf-update-java-alternatives:
+ java-version: "{java-version}"
+ - shell: "{pre-build-script}"
+ - lf-infra-nexus-iq-go-cli:
+ nexus-iq-project-name: "{nexus-iq-namespace}{project-name}"
+
+- job-template:
+ name: "{project-name}-nexus-iq-go-clm"
+ id: gerrit-nexus-iq-go-clm
+ <<: *lf_go_common
+ <<: *lf_nexus_iq_go_clm
+
+ ######################
+ # Default parameters #
+ ######################
+
+ gerrit_nexus_iq_triggers:
+ - comment-added-contains-event:
+ comment-contains-value: '^Patch Set\s+\d+:\s+run-clm\s*$'
+
+ #####################
+ # Job Configuration #
+ #####################
+
+ scm:
+ - lf-infra-gerrit-scm:
+ jenkins-ssh-credential: "{jenkins-ssh-credential}"
+ git-url: "{git-url}"
+ refspec: "$GERRIT_REFSPEC"
+ branch: "$GERRIT_BRANCH"
+ submodule-recursive: "{submodule-recursive}"
+ submodule-timeout: "{submodule-timeout}"
+ submodule-disable: "{submodule-disable}"
+ choosing-strategy: default
+
+ triggers:
+ - timed: "{obj:cron}"
+ - gerrit:
+ server-name: "{gerrit-server-name}"
+ trigger-on: "{obj:gerrit_nexus_iq_triggers}"
+ projects:
+ - project-compare-type: ANT
+ project-pattern: "{project}"
+ branches:
+ - branch-compare-type: ANT
+ branch-pattern: "**/{branch}"
+ skip-vote:
+ successful: true
+ failed: true
+ unstable: true
+ notbuilt: true
--- /dev/null
+---
+features:
+ - |
+ Add CLM job that scans Golang projects. This includes a new builder,
+ new macros and new template.
--- /dev/null
+#!/bin/bash
+# SPDX-License-Identifier: EPL-1.0
+##############################################################################
+# Copyright (c) 2024 The Linux Foundation and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+##############################################################################
+echo "---> nexus-iq-go-cli.sh"
+# This script downloads the specified version of the nexus-iq-cli jar, uses it
+# to analyze the Go project dependencies then publishes the result to an LF
+# server using the specified credentials.
+
+# stop on error or unbound variable
+set -eu
+# do not print commands, credentials should not be logged
+set +x
+
+# shellcheck disable=SC1090
+. ~/lf-env.sh
+
+go version
+go mod tidy
+
+CLI_LOCATION="/tmp/nexus-iq-cli-${NEXUS_IQ_CLI_VERSION}.jar"
+echo "INFO: downloading nexus-iq-cli version $NEXUS_IQ_CLI_VERSION"
+wget -nv "https://download.sonatype.com/clm/scanner/nexus-iq-cli-${NEXUS_IQ_CLI_VERSION}.jar" -O "${CLI_LOCATION}"
+echo "-a" > cli-auth.txt
+echo "${NEXUS_IQ_USER}:${NEXUS_IQ_PASSWORD}" >> cli-auth.txt
+if [ -z "${NEXUS_TARGET_BUILD}" ]; then
+ echo "WARN: NEXUS_TARGET_BUILD has not been set"
+fi
+echo "INFO: running nexus-iq-cli on project $NEXUS_IQ_PROJECT_NAME and target: ${NEXUS_TARGET_BUILD}"
+
+# result.json is a mystery
+# Do NOT double-quote ${NEXUS_TARGET_BUILD} below; causes breakage
+# shellcheck disable=SC2086
+java -jar "${CLI_LOCATION}" @cli-auth.txt \
+ -s https://nexus-iq.wl.linuxfoundation.org -i "${NEXUS_IQ_PROJECT_NAME}" \
+ -t build -r result.json ${NEXUS_TARGET_BUILD}
+rm cli-auth.txt
+rm "${CLI_LOCATION}"
+
+echo "---> nexus-iq-go-cli.sh ends"
Code Review / releng / global-jjb.git / commitdiff