From: Kevin Sandi Date: Thu, 14 Oct 2021 22:55:42 +0000 (-0600) Subject: Feat: Add Maven SonarCloud verify job X-Git-Tag: v0.69.0^2 X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=commitdiff_plain;h=67a03561e61b95229587867d0fd8518489dcf9bf;p=releng%2Fglobal-jjb.git Feat: Add Maven SonarCloud verify job Add new Maven SonarCloud verify job that will execute SonarCloud scans before a change gets merged. Issue-ID: RELENG-4011 Signed-off-by: Kevin Sandi Change-Id: I6045b186bfde76e19d77f50ef14c98107e2cb0c5 --- diff --git a/.jjb-test/lf-maven-jobs.yaml b/.jjb-test/lf-maven-jobs.yaml index 03c722bd..87637662 100644 --- a/.jjb-test/lf-maven-jobs.yaml +++ b/.jjb-test/lf-maven-jobs.yaml @@ -7,6 +7,7 @@ - gerrit-maven-javadoc-verify - gerrit-maven-merge - gerrit-maven-sonar + - gerrit-maven-sonar-verify - gerrit-maven-stage - gerrit-maven-verify - gerrit-maven-verify-dependencies diff --git a/.jjb-test/lf-maven-jobs/maven-sonarcloud.yaml b/.jjb-test/lf-maven-jobs/maven-sonarcloud.yaml index 5d73a168..8cbed769 100644 --- a/.jjb-test/lf-maven-jobs/maven-sonarcloud.yaml +++ b/.jjb-test/lf-maven-jobs/maven-sonarcloud.yaml @@ -32,3 +32,19 @@ sonar-prescan-script: | echo "Run script at start of job." scan-dev-branch: false + +- project: + name: example-sonarcloud-verify + jobs: + - gerrit-maven-sonar-verify + + project: "sonarcloud" + project-name: "sonarcloud" + branch: "master" + mvn-settings: "sonarcloud-settings" + mvn-opts: "-Xmx1024m" + sonarcloud: true + sonarcloud-project-key: KEY + sonarcloud-project-organization: ORGANIZATION + sonarcloud-api-token: TOKEN + scan-dev-branch: true diff --git a/docs/jjb/lf-maven-jobs.rst b/docs/jjb/lf-maven-jobs.rst index adb4ca01..86e586e0 100644 --- a/docs/jjb/lf-maven-jobs.rst +++ b/docs/jjb/lf-maven-jobs.rst @@ -521,6 +521,67 @@ multi-branch configuration. :gerrit_sonar_triggers: Override Gerrit Triggers. +SonarCloud Example: + +.. literalinclude:: ../../.jjb-test/lf-maven-jobs/maven-sonarcloud.yaml + :language: yaml + +Maven Sonar Verify +------------------ + +Sonar job which runs mvn clean install then publishes to Sonar. + +This job runs on dev branches and its triggered on new patchsets. + +:Template Names: + + - {project-name}-sonar-verify + - gerrit-maven-sonar-verify + +:Comment Trigger: recheck|reverify + +:Required parameters: + + :build-node: The node to run build on. + :jenkins-ssh-credential: Credential to use for SSH. (Generally configured in defaults.yaml) + :mvn-settings: The name of settings file containing credentials for the project. + +:Optional parameters: + + :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7) + :build-timeout: Timeout in minutes before aborting build. (default: 60) + :git-url: URL clone project from. (default: $GIT_URL/$PROJECT) + :java-version: Version of Java to use for the Maven build. (default: openjdk11) + :mvn-global-settings: The name of the Maven global settings to use for + Maven configuration. (default: global-settings) + :mvn-goals: The maven goals to perform for the build. + (default: clean install) + :mvn-opts: Sets MAVEN_OPTS to start up the JVM running Maven. (default: '') + :mvn-params: Parameters to pass to the mvn CLI. (default: '') + :mvn-version: Version of maven to use. (default: mvn35) + :sonar-mvn-goal: Maven goals to run for sonar analysis. + (default: sonar:sonar) + :sonarcloud: Set to ``true`` to use SonarCloud ``true|false``. + (default: true) + :sonarcloud-project-key: SonarCloud project key. (default: '') + :sonarcloud-project-organization: SonarCloud project organization. + (default: '') + :sonarcloud-api-token: SonarCloud API Token. (default: '') + :sonarcloud-java-version: Version of Java to use for the Sonar scan. (default: openjdk11) + :stream: Keyword that represents a release code-name. + Often the same as the branch. (default: master) + :submodule-recursive: Whether to checkout submodules recursively. + (default: true) + :submodule-timeout: Timeout (in minutes) for checkout operation. + (default: 10) + :submodule-disable: Disable submodule checkout operation. + (default: false) + :scan-dev-branch: Run the scan on a developer branch. + (default: true) + + :gerrit_sonar_triggers: Override Gerrit Triggers. + + SonarCloud Example: .. literalinclude:: ../../.jjb-test/lf-maven-jobs/maven-sonarcloud.yaml diff --git a/jjb/lf-maven-jobs.yaml b/jjb/lf-maven-jobs.yaml index d4a5f083..ea5f6089 100644 --- a/jjb/lf-maven-jobs.yaml +++ b/jjb/lf-maven-jobs.yaml @@ -1340,6 +1340,53 @@ submodule-disable: "{submodule-disable}" choosing-strategy: default +- job-template: + name: "{project-name}-sonar-verify" + id: gerrit-maven-sonar-verify + <<: *lf_maven_common + # yamllint disable-line rule:key-duplicates + <<: *lf_maven_sonar + <<: *mvn_sonar_builders + + sonarcloud: true + scan-dev-branch: true + + gerrit_sonar_triggers: + - patchset-created-event: + exclude-drafts: true + exclude-trivial-rebase: false + exclude-no-code-change: false + - draft-published-event + - comment-added-contains-event: + comment-contains-value: '^Patch Set\s+\d+:\s+(recheck|reverify)\s*$' + + gerrit_trigger_file_paths: + - compare-type: REG_EXP + pattern: ".*" + + triggers: + - gerrit: + server-name: "{gerrit-server-name}" + trigger-on: "{obj:gerrit_sonar_triggers}" + projects: + - project-compare-type: "ANT" + project-pattern: "{project}" + branches: + - branch-compare-type: "ANT" + branch-pattern: "**/{branch}" + file-paths: "{obj:gerrit_trigger_file_paths}" + + scm: + - lf-infra-gerrit-scm: + jenkins-ssh-credential: "{jenkins-ssh-credential}" + git-url: "{git-url}" + refspec: $GERRIT_REFSPEC + branch: $GERRIT_BRANCH + submodule-recursive: "{submodule-recursive}" + submodule-timeout: "{submodule-timeout}" + submodule-disable: "{submodule-disable}" + choosing-strategy: default + - job-template: name: "{project-name}-sonar-prescan-script" id: gerrit-maven-sonar-prescan-script diff --git a/releasenotes/notes/add-maven-sonarcloud-verify-job-fca8aeb04cfe004b.yaml b/releasenotes/notes/add-maven-sonarcloud-verify-job-fca8aeb04cfe004b.yaml new file mode 100644 index 00000000..4ef5cbae --- /dev/null +++ b/releasenotes/notes/add-maven-sonarcloud-verify-job-fca8aeb04cfe004b.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Add new Maven SonarCloud verify job that will execute SonarCloud + scans before a change gets merged.