From 59b3a3c53b1604b9aa5d46ed8e7083d46c6f95d1 Mon Sep 17 00:00:00 2001
From: Jessica Wagantall <jwagantall@linuxfoundation.org>
Date: Tue, 6 Mar 2018 17:10:41 -0800
Subject: [PATCH] Add CLM support for Python

Add template to support CLM scans for python
based projects. This template uses the nexus-iq-cli
package directly and executes an extended report to
scan python based projects.

Change-Id: I5e5c420539ab3a3e5b292620da4418c16d557221
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
Signed-off-by: Jeremy Phelps <jphelps@linuxfoundation.org>
---
 jjb/lf-python-jobs.yaml | 168 ++++++++++++++++++++++++++++++++++++++++++++++++
 shell/sonar-cli.sh      |  21 ++++++
 2 files changed, 189 insertions(+)
 create mode 100644 shell/sonar-cli.sh

diff --git a/jjb/lf-python-jobs.yaml b/jjb/lf-python-jobs.yaml
index e07810ca..671eaf9b 100644
--- a/jjb/lf-python-jobs.yaml
+++ b/jjb/lf-python-jobs.yaml
@@ -6,6 +6,7 @@
     # for any project ci that is using Gerrit.
 
     jobs:
+      - gerrit-python-xc-clm
       - gerrit-tox-verify
 
 - job-group:
@@ -15,6 +16,7 @@
     # for any project ci that is using GitHub.
 
     jobs:
+      - github-python-xc-clm
       - github-tox-verify
 
 ##########
@@ -28,6 +30,172 @@
           properties-content: 'PYTHON_VERSION={python-version}'
       - shell: !include-raw-escape: ../shell/tox-install.sh
 
+- builder:
+    name: lf-infra-clm-python
+    builders:
+      - inject:
+          properties-content: 'CLM_PROJECT_NAME={clm-project-name}'
+      - shell: !include-raw-escape:
+          - ../shell/sonar-cli.sh
+
+####################
+# COMMON FUNCTIONS #
+####################
+
+- lf_python_common: &lf_python_common
+    name: lf-python-common
+
+    ######################
+    # Default parameters #
+    ######################
+
+    archive-artifacts: >
+      **/*.log
+      **/hs_err_*.log
+      **/target/**/feature.xml
+      **/target/failsafe-reports/failsafe-summary.xml
+      **/target/surefire-reports/*-output.txt
+
+    #####################
+    # Job Configuration #
+    #####################
+
+    project-type: freestyle
+    node: '{build-node}'
+
+    properties:
+      - lf-infra-properties:
+          build-days-to-keep: '{build-days-to-keep}'
+
+    parameters:
+      - lf-infra-parameters:
+          project: '{project}'
+          branch: '{branch}'
+          stream: '{stream}'
+          lftools-version: '{lftools-version}'
+      - string:
+          name: NEXUS_IQ_CLI_JAR
+          default: nexus-iq-cli-1.44.0-01.jar
+          description: Nexus IQ CLI package to download and use.
+      - string:
+          name: ARCHIVE_ARTIFACTS
+          default: '{archive-artifacts}'
+          description: Artifacts to archive to the logs server.
+
+    wrappers:
+      - lf-infra-wrappers:
+          build-timeout: '{build-timeout}'
+          jenkins-ssh-credential: '{jenkins-ssh-credential}'
+
+    publishers:
+      - lf-infra-publish
+
+#################
+# Python XC CLM #
+#################
+
+- lf_python_clm_xc: &lf_python_xc_clm
+    name: lf-python-xc-clm
+
+    ######################
+    # Default parameters #
+    ######################
+
+    branch: master
+    build-days-to-keep: 30  # 30 days for troubleshooting purposes
+    build-timeout: 60
+    git-url: '$GIT_URL/$PROJECT'
+    java-version: openjdk8
+    staging-profile-id: ''  # Unused in this job
+    stream: master
+    submodule-recursive: true
+
+    gerrit_clm_triggers:
+      - comment-added-contains-event:
+          comment-contains-value: run-xc-clm$
+
+    #####################
+    # Job Configuration #
+    #####################
+
+    triggers:
+      # Build weekly on Saturdays
+      - timed: 'H H * * 6'
+      - gerrit:
+          server-name: '{gerrit-server-name}'
+          trigger-on: '{obj:gerrit_clm_triggers}'
+          projects:
+            - project-compare-type: ANT
+              project-pattern: '{project}'
+              branches:
+                - branch-compare-type: ANT
+                  branch-pattern: '**/{branch}'
+          skip-vote:
+            successful: true
+            failed: true
+            unstable: true
+            notbuilt: true
+    wrappers:
+      - credentials-binding:
+          - username-password-separated:
+              credential-id: sonar-xc-clm
+              username: CLM_USER
+              password: CLM_PASSWORD
+    builders:
+      - lf-update-java-alternatives:
+          java-version: '{java-version}'
+      - lf-infra-clm-python:
+          clm-project-name: '{project-name}'
+
+- job-template:
+    name: '{project-name}-python-clm-{stream}'
+    id: gerrit-python-xc-clm
+    <<: *lf_python_common
+    # yamllint disable-line rule:key-duplicates
+    <<: *lf_python_xc_clm
+
+    scm:
+      - lf-infra-gerrit-scm:
+          jenkins-ssh-credential: '{jenkins-ssh-credential}'
+          git-url: '{git-url}'
+          refspec: '$GERRIT_REFSPEC'
+          branch: '$GERRIT_BRANCH'
+          submodule-recursive: '{submodule-recursive}'
+          choosing-strategy: default
+
+- job-template:
+    name: '{project-name}-python-clm-{stream}'
+    id: github-python-xc-clm
+    <<: *lf_python_common
+    # yamllint disable-line rule:key-duplicates
+    <<: *lf_python_xc_clm
+
+    properties:
+      - github:
+          url: '{git-url}/{github-org}/{project}'
+
+    scm:
+      - lf-infra-github-scm:
+          url: '{git-clone-url}{github-org}/{project}'
+          refspec: ''
+          branch: 'refs/heads/{branch}'
+          submodule-recursive: '{submodule-recursive}'
+          choosing-strategy: default
+          jenkins-ssh-credential: '{jenkins-ssh-credential}'
+
+    triggers:
+      - lf-infra-github-pr-trigger:
+          trigger-phrase: '^run-xc-clm$'
+          only-trigger-phrase: false
+          status-context: 'CLM'
+          permit-all: true
+          github-hooks: true
+          github-org: ''
+          github_pr_whitelist:
+            - ''
+          github_pr_admin_list:
+            - ''
+
 ##############
 # Tox Verify #
 ##############
diff --git a/shell/sonar-cli.sh b/shell/sonar-cli.sh
new file mode 100644
index 00000000..d12e6700
--- /dev/null
+++ b/shell/sonar-cli.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+# SPDX-License-Identifier: EPL-1.0
+##############################################################################
+# Copyright (c) 2018 The Linux Foundation and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+##############################################################################
+
+# This script downloads nexus-iq-cli-1.44.0-01.jar and uses it to perform an
+# XC Evaluation or extended report which provides a scan of python files within
+# the repo
+
+set +x
+wget -nv https://download.sonatype.com/clm/scanner/${NEXUS_IQ_CLI_JAR} -O /tmp/${NEXUS_IQ_CLI_JAR}
+echo "-a" > cli-auth.txt
+echo "${CLM_USER}:${CLM_PASSWORD}" >> cli-auth.txt
+java -jar /tmp/${NEXUS_IQ_CLI_JAR} @cli-auth.txt -xc -i ${CLM_PROJECT_NAME} -s https://nexus-iq.wl.linuxfoundation.org -t build .
+rm cli-auth.txt
-- 
2.16.6