From: Kevin Sandi Date: Fri, 27 Dec 2024 09:52:23 +0000 (-0600) Subject: Feat: add CLM job that supports Golang X-Git-Tag: v0.91.0^0 X-Git-Url: https://gerrit.linuxfoundation.org/infra/gitweb?a=commitdiff_plain;h=8f94bfd1c89094166919ae87928a8453fd4981a9;p=releng%2Fglobal-jjb.git Feat: add CLM job that supports Golang Issue: RELENG-5667 Signed-off-by: Kevin Sandi Change-Id: I937774a1d7d0c0bfb52fc8b97b4379802b77c9d1 --- diff --git a/docs/jjb/lf-go-jobs.rst b/docs/jjb/lf-go-jobs.rst index 6cac0471..9993bd6d 100644 --- a/docs/jjb/lf-go-jobs.rst +++ b/docs/jjb/lf-go-jobs.rst @@ -14,6 +14,24 @@ Calls go-test.sh script against a Go project. :go-root: Path to the Go project root directory. +lf-infra-nexus-iq-go-cli +------------------------ + +Calls nexus-iq-go-cli.sh to CLM scan a Go project. + +:Required Parameters: + + :NEXUS_IQ_PROJECT_NAME: Nexus IQ project name that will receive the CLM scan results. + +install-golang +-------------- + +Installs the specified Golang version throuhg a plug-in. + +:Required Parameters: + + :version: Golang version number to install. + lf-go-common ------------ @@ -97,3 +115,44 @@ Job which runs go test ./... to verify a Go project. :gerrit_verify_triggers: Override Gerrit Triggers. :gerrit_trigger_file_paths: Override file paths to filter which file modifications will trigger a build. + +Go CLM +------ + +Job which runs a CLM scan over a Golang project. + +:Template Names: + + - {project-name}-nexus-iq-go-clm + - gerrit-nexus-iq-go-clm + +:Comment Trigger: run-clm + +:Required parameters: + + :build-node: The node to run build on. + :golang-version: Golang version you want to use for the CLM scan. (default: 1.23) + +:Optional parameters: + + :jenkins-ssh-credential: Credential to use for SSH. (Generally configured in defaults.yaml) + :branch: Git branch to fetch for the build. (default: master) + :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7) + :build-timeout: Timeout in minutes before aborting build. (default: 15) + :cron: cronjob frequency to run the job. (default: @weekly) + :disable-job: boolean flag to enable/disable the job (default: false) + :git-url: URL clone project from. (default: $GIT_URL/$PROJECT) + :java-version: Java version to run the Nexus scanner (default: openjdk17) + :nexus-iq-cli-version: version of the Nexus CLI scanner (default: 1.185.0-01) + :nexus-iq-namespace: prefix to append to the Nexus project name. + Recommend using a trailing dash when set. Example: "onap-". (default: "") + :nexus-target-build: file to use for the Nexus CLM scan (default: go.sum) + :pre-build-script: optional pre-build script. + :stream: Keyword that represents a release code-name. + Often the same as the branch. (default: master) + :submodule-recursive: Whether to checkout submodules recursively. + (default: true) + :submodule-timeout: Timeout (in minutes) for checkout operation. + (default: 10) + :submodule-disable: Disable submodule checkout operation. + (default: false) diff --git a/jjb/lf-go-jobs.yaml b/jjb/lf-go-jobs.yaml index 876cbdfd..3796fb53 100644 --- a/jjb/lf-go-jobs.yaml +++ b/jjb/lf-go-jobs.yaml @@ -9,6 +9,27 @@ properties-content: "GO_ROOT={go-root}" - shell: !include-raw-escape: ../shell/go-test.sh +- builder: + name: lf-infra-nexus-iq-go-cli + builders: + - inject: + properties-content: | + NEXUS_IQ_PROJECT_NAME={nexus-iq-project-name} + - shell: !include-raw-escape: ../shell/nexus-iq-go-cli.sh + +############ +# WRAPPERS # +############ + +- wrapper: + name: install-golang + wrappers: + - raw: + xml: | + + Golang {version} + + #################### # COMMON FUNCTIONS # #################### @@ -303,3 +324,122 @@ admin-list: "{obj:github_pr_admin_list}" white-list-target-branches: - "{branch}" + +####################### +# Nexus IQ Golang CLM # +####################### + +- _lf_nexus_iq_go_clm: &lf_nexus_iq_go_clm + name: lf-nexus-iq-go-clm + + ###################### + # Default parameters # + ###################### + + branch: master + build-days-to-keep: 7 + build-timeout: 15 + cron: "@weekly" + disable-job: false + git-url: "$GIT_URL/$PROJECT" + github-url: "https://github.com" + java-version: openjdk17 # Scanner is a jar + nexus-iq-cli-version: 1.185.0-01 + nexus-iq-namespace: "" # Recommend a trailing dash when set. Example: odl- + nexus-target-build: "go.sum" + pre-build-script: "# pre-build script goes here" + stream: master + submodule-recursive: true + submodule-timeout: 10 + submodule-disable: false + golang-version: "1.23" + + ##################### + # Job Configuration # + ##################### + + disabled: "{disable-job}" + + parameters: + - lf-infra-parameters: + project: "{project}" + branch: "{branch}" + stream: "{stream}" + - string: + name: ARCHIVE_ARTIFACTS + default: "{archive-artifacts}" + description: Artifacts to archive to the logs server. + - string: + name: NEXUS_IQ_CLI_VERSION + default: "{nexus-iq-cli-version}" + description: Nexus IQ CLI jar to download and run. + - string: + name: NEXUS_TARGET_BUILD + default: "{nexus-target-build}" + description: File or dir to scan by Nexus CLI. + + wrappers: + - lf-infra-wrappers: + build-timeout: "{build-timeout}" + jenkins-ssh-credential: "{jenkins-ssh-credential}" + - credentials-binding: + - username-password-separated: + credential-id: onap-nexus-clm + username: NEXUS_IQ_USER + password: NEXUS_IQ_PASSWORD + - install-golang: + version: "{golang-version}" + + builders: + - lf-infra-pre-build + - lf-update-java-alternatives: + java-version: "{java-version}" + - shell: "{pre-build-script}" + - lf-infra-nexus-iq-go-cli: + nexus-iq-project-name: "{nexus-iq-namespace}{project-name}" + +- job-template: + name: "{project-name}-nexus-iq-go-clm" + id: gerrit-nexus-iq-go-clm + <<: *lf_go_common + <<: *lf_nexus_iq_go_clm + + ###################### + # Default parameters # + ###################### + + gerrit_nexus_iq_triggers: + - comment-added-contains-event: + comment-contains-value: '^Patch Set\s+\d+:\s+run-clm\s*$' + + ##################### + # Job Configuration # + ##################### + + scm: + - lf-infra-gerrit-scm: + jenkins-ssh-credential: "{jenkins-ssh-credential}" + git-url: "{git-url}" + refspec: "$GERRIT_REFSPEC" + branch: "$GERRIT_BRANCH" + submodule-recursive: "{submodule-recursive}" + submodule-timeout: "{submodule-timeout}" + submodule-disable: "{submodule-disable}" + choosing-strategy: default + + triggers: + - timed: "{obj:cron}" + - gerrit: + server-name: "{gerrit-server-name}" + trigger-on: "{obj:gerrit_nexus_iq_triggers}" + projects: + - project-compare-type: ANT + project-pattern: "{project}" + branches: + - branch-compare-type: ANT + branch-pattern: "**/{branch}" + skip-vote: + successful: true + failed: true + unstable: true + notbuilt: true diff --git a/releasenotes/notes/add-go-clm-job-2c13b2e6f5220f40.yaml b/releasenotes/notes/add-go-clm-job-2c13b2e6f5220f40.yaml new file mode 100644 index 00000000..abe7c867 --- /dev/null +++ b/releasenotes/notes/add-go-clm-job-2c13b2e6f5220f40.yaml @@ -0,0 +1,5 @@ +--- +features: + - | + Add CLM job that scans Golang projects. This includes a new builder, + new macros and new template. diff --git a/shell/nexus-iq-go-cli.sh b/shell/nexus-iq-go-cli.sh new file mode 100644 index 00000000..8737e3b4 --- /dev/null +++ b/shell/nexus-iq-go-cli.sh @@ -0,0 +1,46 @@ +#!/bin/bash +# SPDX-License-Identifier: EPL-1.0 +############################################################################## +# Copyright (c) 2024 The Linux Foundation and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +############################################################################## +echo "---> nexus-iq-go-cli.sh" +# This script downloads the specified version of the nexus-iq-cli jar, uses it +# to analyze the Go project dependencies then publishes the result to an LF +# server using the specified credentials. + +# stop on error or unbound variable +set -eu +# do not print commands, credentials should not be logged +set +x + +# shellcheck disable=SC1090 +. ~/lf-env.sh + +go version +go mod tidy + +CLI_LOCATION="/tmp/nexus-iq-cli-${NEXUS_IQ_CLI_VERSION}.jar" +echo "INFO: downloading nexus-iq-cli version $NEXUS_IQ_CLI_VERSION" +wget -nv "https://download.sonatype.com/clm/scanner/nexus-iq-cli-${NEXUS_IQ_CLI_VERSION}.jar" -O "${CLI_LOCATION}" +echo "-a" > cli-auth.txt +echo "${NEXUS_IQ_USER}:${NEXUS_IQ_PASSWORD}" >> cli-auth.txt +if [ -z "${NEXUS_TARGET_BUILD}" ]; then + echo "WARN: NEXUS_TARGET_BUILD has not been set" +fi +echo "INFO: running nexus-iq-cli on project $NEXUS_IQ_PROJECT_NAME and target: ${NEXUS_TARGET_BUILD}" + +# result.json is a mystery +# Do NOT double-quote ${NEXUS_TARGET_BUILD} below; causes breakage +# shellcheck disable=SC2086 +java -jar "${CLI_LOCATION}" @cli-auth.txt \ + -s https://nexus-iq.wl.linuxfoundation.org -i "${NEXUS_IQ_PROJECT_NAME}" \ + -t build -r result.json ${NEXUS_TARGET_BUILD} +rm cli-auth.txt +rm "${CLI_LOCATION}" + +echo "---> nexus-iq-go-cli.sh ends"