builder steps. (default: "")
:post_docker_build_script: Build script to execute after the main verify
builder steps. (default: "")
- :snyk-cli-options: Additional Snyk CLI options. (default: '')
+ :snyk-cli-options: Snyk CLI options. (default: '')
:stream: Keyword that represents a release code-name.
Often the same as the branch. (default: master)
:submodule-recursive: Whether to checkout submodules recursively.
:build-timeout: Timeout in minutes before aborting build. (default: 60)
:git-url: URL clone project from. (default: $GIT_URL/$PROJECT)
:java-version: Version of Java to use for the build. (default: openjdk11)
- :snyk-cli-options: Additional Snyk CLI options. (default: '')
+ :snyk-cli-options: Snyk CLI options. (default: '')
:stream: Keyword that represents a release code-name.
Often the same as the branch. (default: master)
:submodule-recursive: Whether to checkout submodules recursively.
Job counts the votes from the committers against a change
to the INFO.yaml file
-If needed, will also check for a majority of TSC voters
-(not yet implemented)
-
Auto-merges the change on a majority vote.
:mvn-opts: Sets MAVEN_OPTS to start up the JVM running Maven. (default: '')
:mvn-params: Parameters to pass to the mvn CLI. (default: '')
:mvn-version: Version of maven to use. (default: mvn35)
- :snyk-cli-options: Additional Snyk CLI options. (default: '')
+ :snyk-cli-options: Snyk CLI options. (default: '')
:stream: Keyword that represents a release code-name.
Often the same as the branch. (default: master)
:submodule-recursive: Whether to checkout submodules recursively.
(default: false)
:sbom-generator-version: SBOM generator version to download and run if using sbom-generator.
(default: v0.0.10)
- :sbom-path: Path where SBOM is going to be executed from.
+ :sbom-path: SBOM execution path.
(default: $WORKSPACE)
:sign-artifacts: Sign artifacts with Sigul. (default: false)
:stream: Keyword that represents a release code-name.
:sonarcloud-project-organization: SonarCloud project organization.
(default: '')
:sonarcloud-api-token-cred-id: Jenkins credential ID which has the SonarCloud API Token.
- This one SHOULDN'T be overwritten as per we are standarizing the credential ID for all
+ This one SHOULDN'T be overwritten as we are standarizing the credential ID for all
projects (default: 'sonarcloud-api-token')
:sonarcloud-java-version: Version of Java to use for the Sonar scan. (default: openjdk11)
:stream: Keyword that represents a release code-name.
:sonarcloud-project-organization: SonarCloud project organization.
(default: '')
:sonarcloud-api-token-cred-id: Jenkins credential ID which has the SonarCloud API Token.
- This one SHOULDN'T be overwritten as per we are standarizing the credential ID for all
+ This one SHOULDN'T be overwritten as we are standarizing the credential ID for all
projects (default: 'sonarcloud-api-token')
:sonarcloud-java-version: Version of Java to use for the Sonar scan. (default: openjdk11)
:sonarcloud-qualitygate-wait: SonarCloud flag that forces the analysis step to
share a Nexus IQ system to avoid project name collision. We recommend
inserting a trailing - dash if using this parameter.
For example 'odl-'. (default: '')
- :nexus-target-build: Target directory or file to be scanned by Nexus IQ CLI
+ :nexus-target-build: Target directory or file for scanning by Nexus IQ CLI
(default: "\*\*/\*")
:pre-build-script: Shell script to run before tox. Useful for setting up
dependencies. (default: a string with a shell comment)
process, and Jenkins promotes the artifact when a project committer
merges the release yaml file in Gerrit.
-To use the self-release process, create a releases/ or .releases/
-directory at the root of the project repository, add one release yaml
-file to it, and submit a change set with that release yaml file. The
-required contents of the release yaml file are different for each type
-of release, see the schemas and examples shown below. The version
-string in the release yaml file should be a valid Semantic Versioning
-(SemVer) string, matching the pattern "#.#.#" where "#" is one or more
-digits. A version string matching the pattern "v#.#.#" is also
-accepted. Upon merge of the change, a Jenkins job promotes the
-artifact and pushes a gpg-signed tag to the repository.
+To use the self-release process, create a releases/ or .releases/ directory at
+the root of the project repository, add one release yaml file to it, and submit
+a change set with that release yaml file. The required contents of the release
+yaml file are different for each release, see the schemas and examples shown
+below. The version string in the release yaml file should be a valid Semantic
+Versioning (SemVer) string, matching the pattern "#.#.#" where "#" is one or
+more digits. A version string matching the pattern "v#.#.#" is also accepted.
+Upon merge of the change, a Jenkins job promotes the artifact and pushes a
+gpg-signed tag to the repository.
.. note::
# Else: No Swap
case $blockCount in
'') blockCount=1 ;;
- [0-9]*) blockCount=$blockCount ;;
+ [0-9]*) ;;
*) exit ;;
esac
[[ $blockCount == 0 ]] && exit
systemctl stop firewalld
;;
CentOS|RedHat)
- os_release_ver = "$(facter operatingsystemrelease | cut -d '.' -f1)"
+ os_release_ver="$(facter operatingsystemrelease | cut -d '.' -f1)"
if [ "${os_release_ver}" -lt "7" ]; then
service iptables stop
else
pyenv versions
if command -v pyenv 1>/dev/null 2>&1; then
eval "$(pyenv init - --no-rehash)"
+ # shellcheck disable=SC2046
pyenv local $(lf-pyver "${python}")
fi
fi
wrappers:
- credentials-binding:
- text:
- credential-id: '{sonarcloud-api-token-cred-id}'
+ credential-id: "{sonarcloud-api-token-cred-id}"
variable: API_TOKEN
- job-template:
wrappers:
- credentials-binding:
- text:
- credential-id: '{sonarcloud-api-token-cred-id}'
+ credential-id: "{sonarcloud-api-token-cred-id}"
variable: API_TOKEN
triggers:
wrappers:
- credentials-binding:
- text:
- credential-id: '{sonarcloud-api-token-cred-id}'
+ credential-id: "{sonarcloud-api-token-cred-id}"
variable: API_TOKEN
builders:
---
prelude: >
- OpenDaylight jenkins maven jobs with jdk17 and CentOS7 currently fails
- with a confusing message stating that the JAVA_HOME variable is not
- correctly set.
- This can happen in various cases, usually when there is a mismatch
- between the jdk used by maven and the folder pointed by JAVA_HOME.
- It appears that openjdk17 is not available with CentOS7 and that
- the folder indeed does not exist
+ OpenDaylight jenkins maven jobs with jdk17 and CentOS7 currently fails
+ with a confusing message stating that the JAVA_HOME variable is not
+ correctly set.
+ This can happen in various cases, usually when there is a mismatch
+ between the jdk used by maven and the folder pointed by JAVA_HOME.
+ It appears that openjdk17 is not available with CentOS7 and that
+ the folder indeed does not exist
issues:
- |
Current message (JAVA_HOME variable is not set) is confusing and can lead
- |
Adapt and refactor code consequently to be more agnostic to distribution
and jdk installation specificities
-
---
prelude: >
- The SBOM generator script creates an spdx file in the root level.
- When the artifacts are staged the file gets overwritten.
+ The SBOM generator script creates an spdx file in the root level.
+ When the artifacts are staged the file gets overwritten.
fixes:
- |
Create the spdx file as ${PROJECT}-sbom-${release_version}.spdx
---
prelude: >
- PyPI verify jobs requires Python 3.x. The tox run picks up default version
- of python instead of the version made available through pyenv.
+ PyPI verify jobs requires Python 3.x. The tox run picks up default version
+ of python instead of the version made available through pyenv.
issues:
- |
Re-factor lf-activate-venv() to skip a return, while the venv is
---
fixes:
- |
- The latest (2.42.0.01) clm-maven-plugin introduced an error in our
+ The latest (2.42.0.01) clm-maven-plugin introduced an error in our
environment.
Failed to execute goal com.sonatype.clm:clm-maven-plugin:2.42.0-01:index
---
prelude: >
- Update openstack images with the auto update image requires more recent
- version of git-review > 2.2.
+ Update openstack images with the auto update image requires more recent
+ version of git-review > 2.2.
upgrade:
- |
The previous version of git-review is incompatible with the latest version of
source ~/lf-env.sh
if [[ "${PYTHON:-}" -ne "" ]]; then
- lf-activate-venv --python $PYTHON lftools
+ lf-activate-venv --python "$PYTHON" lftools
elif python3; then
lf-activate-venv --python python3 lftools
else
# scripts. It is meant to be sourced in other scripts so that the variables can
# be called.
+# shellcheck disable=SC2140
MAVEN_OPTIONS="$(echo --show-version \
--batch-mode \
-Djenkins \
do_login() {
docker_version=$( docker -v | awk '{print $3}')
if version_lt "$docker_version" "17.06.0" && \
- "$DOCKERHUB_REGISTRY" == "docker.io" && \
+ [ "$DOCKERHUB_REGISTRY" == "docker.io" ] && \
"$DOCKERHUB_EMAIL:-none" != 'none'
then
docker login -u "$USER" -p "$PASS" -e "$2" "$1"
# Disable SC2086 because we want to allow word splitting for $MAVEN_* parameters.
# shellcheck disable=SC2086
+# shellcheck disable=SC2048
_JAVA_OPTIONS="$JAVA_OPTS" $MVN $MAVEN_GOALS \
-e -Dsonar \
${params[*]} \
if [ -n "$SONARCLOUD_JAVA_VERSION" ] && [ "$SET_JDK_VERSION" != "$SONARCLOUD_JAVA_VERSION" ]; then
export SET_JDK_VERSION="$SONARCLOUD_JAVA_VERSION"
bash <(curl -s https://raw.githubusercontent.com/lfit/releng-global-jjb/master/shell/update-java-alternatives.sh)
+ # shellcheck source=/dev/null
source /tmp/java.env
fi
# Disable SC2086 because we want to allow word splitting for $MAVEN_* parameters.
# shellcheck disable=SC2086
+# shellcheck disable=SC2048
"$MVN" $SONAR_MAVEN_GOAL \
-e -Dsonar -Dsonar.host.url="$SONAR_HOST_URL" \
${params[*]} \
# Souce the python version from lf-env.sh if available.
python="python3"
if [[ -f ~/lf-env.sh ]]; then
+ # shellcheck source=/dev/null
source ~/lf-env.sh
lf-activate-venv --python "$python" lftools
# Save the virtualenv path
+ # shellcheck disable=SC2154
echo "$lf_venv" > "/tmp/.os_lf_venv"
elif [[ -d /opt/pyenv ]]; then
echo "Setup up pyenv"
wget "${path}"/"${name}" -o artifacts/"${name}"
if [[ "$JOB_NAME" =~ "merge" ]] && [[ "$DRY_RUN" = false ]]; then
#lftools sign sigul artifacts
+ # shellcheck disable=SC2261
curl -v -u <NEXUSUSER>:<NEXUSPASS> --upload-file \
"${NEXUS_URL}"/content/repositories/releases/org/"${ORG}"/"${VERSION}"/"${name}" \;
fi
# forward from the tagging point, then a spur commit is created
# for the tag
taghash="$(awk '{print $NF}' "$PATCH_DIR/taglist.log")"
- if [ "${taghash}" = $(git rev-parse origin/${GERRIT_BRANCH}) ]; then
+ # shellcheck disable=SC2046
+ if [ "${taghash}" = $(git rev-parse "origin/${GERRIT_BRANCH}") ]; then
git checkout "origin/${GERRIT_BRANCH}"
# sentinal file
touch .testhash
# Extract SBOM bin in SBOM_PATH
# This is a workaround until the --path flag works
# https://github.com/opensbom-generator/spdx-sbom-generator/issues/227
+# shellcheck disable=SC2086
tar -xzf "${SBOM_LOCATION}" -C ${SBOM_PATH}
echo "INFO: running spdx-sbom-generator"
+# shellcheck disable=SC2086
cd ${SBOM_PATH}
./spdx-sbom-generator "${SBOM_FLAGS:-}" -g "$GLOBAL_SETTINGS_FILE" -o "${WORKSPACE}"/archives
OS_RELEASE=$(facter lsbdistrelease | tr '[:upper:]' '[:lower:]')
if [[ "$OS_RELEASE" == "8" && "$OS" == 'centos' ]]; then
# Get Dockerfile and the enterpoint to build the docker image.
+ # shellcheck disable=SC2140
wget -O "${WORKSPACE}/sigul-sign.sh" "https://raw.githubusercontent.com/"\
"lfit/releng-global-jjb/master/shell/sigul-sign.sh"
+ # shellcheck disable=SC2140
wget -O "${WORKSPACE}/Dockerfile" "https://raw.githubusercontent.com/"\
"lfit/releng-global-jjb/master/docker/Dockerfile"
# Setup the docker environment for jenkins user
- docker build -f ${WORKSPACE}/Dockerfile \
- --build-arg SIGN_DIR=${SIGN_DIR} \
+ docker build -f "${WORKSPACE}/Dockerfile" \
+ --build-arg SIGN_DIR="${SIGN_DIR}" \
-t sigul-sign .
docker volume create --driver local \
docker volume inspect wrkspc_vol
+ # shellcheck disable=SC2140
docker run -e SIGUL_KEY="${SIGUL_KEY}" \
-e SIGUL_PASSWORD="${SIGUL_PASSWORD}" \
- -e SIGUL_CONFIG=${SIGUL_CONFIG} \
- -e SIGN_DIR=${SIGN_DIR} \
- -e WORKSPACE=${WORKSPACE} \
+ -e SIGUL_CONFIG="${SIGUL_CONFIG}" \
+ -e SIGN_DIR="${SIGN_DIR}" \
+ -e WORKSPACE="${WORKSPACE}" \
--name sigul-sign \
--security-opt label:disable \
--mount type=bind,source="/w/workspace",target="/w/workspace" \
--mount type=bind,source="/home/jenkins",target="/home/jenkins" \
- -u root:root -w $(pwd) sigul-sign
+ -u root:root -w "$(pwd)" sigul-sign
# change the .asc files owner permissions back to jenkins
sudo chown -R jenkins:jenkins "${SIGN_DIR}"
! -name "_remote.repositories" \
! -name "*.lastUpdated" \
! -name "maven-metadata-local.xml" \
- ! -name "maven-metadata.xml" > ${WORKSPACE}/sign.lst
+ ! -name "maven-metadata.xml" > "${WORKSPACE}/sign.lst"
-if [ -s ${WORKSPACE}/sign.lst ]; then
+if [ -s "${WORKSPACE}/sign.lst" ]; then
echo "Sign list is not empty"
fi
while IFS= read -rd $'\n' line; do
files_to_sign+=("$line")
sigul --batch -c "${SIGUL_CONFIG}" sign-data -a -o "${line}.asc" "${SIGUL_KEY}" "${line}" < "${SIGUL_PASSWORD}"
-done < ${WORKSPACE}/sign.lst
+done < "${WORKSPACE}/sign.lst"
if [ "${#files_to_sign[@]}" -eq 0 ]; then
echo "ERROR: No files to sign. Quitting..."
if ! [ -d "$JAVA_HOME" ]; then
echo "$JAVA_HOME directory not found - trying to find an approaching one"
if ls -d "$JAVA_HOME"*; then
+ # shellcheck disable=SC2012
JAVA_HOME=$(ls -d "$JAVA_HOME"* | head -1)
export JAVA_HOME
else