From f32a666231103080ac65a3184c507202e5ba6a0e Mon Sep 17 00:00:00 2001 From: Jessica Wagantall Date: Thu, 15 Jun 2017 23:29:09 -0700 Subject: [PATCH] Add Nexus IQ CLM scan job This template will be used to perform code scans and report the results in nexus-iq server. A plugin for nexus-iq will need to be installed and configured in Jenkins before using this job. JIRA: RELENG-176 Change-Id: I813da293728615a42b43ec785385a38237c57213 Signed-off-by: Jessica Wagantall --- jjb/lf-maven-jobs.yaml | 105 +++++++++++++++++++++++++++++++++++++++++++++++++ shell/sonatype-clm.sh | 28 +++++++++++++ 2 files changed, 133 insertions(+) create mode 100644 shell/sonatype-clm.sh diff --git a/jjb/lf-maven-jobs.yaml b/jjb/lf-maven-jobs.yaml index 3bafab5c..36edbdc9 100644 --- a/jjb/lf-maven-jobs.yaml +++ b/jjb/lf-maven-jobs.yaml @@ -8,6 +8,7 @@ # for any project ci. jobs: + - gerrit-maven-clm - gerrit-maven-release - job-group: @@ -17,11 +18,83 @@ # for any project ci that is using github. jobs: + - gerrit-maven-clm - github-maven-release #################### # Anchors & Macros # #################### + +- lf_maven_clm: &lf_maven_clm + name: lf-maven-clm + + # Produces a CLM scan of the code into Nexus IQ Server. + # + # Required parameters: + # build-node: The node to run build on. + # jenkins-ssh-credential: Credential to use for SSH. (Generally should + # be configured in defaults.yaml) + # settings-file: The name of settings file containing credentials for + # the project. + # global-settings-file: The name of the Maven global settings to use for + # Maven configuration. + + project-type: freestyle + node: '{build-node}' + jdk: '{java-version}' + + ###################### + # Default parameters # + ###################### + + branch: master + build-timeout: 15 + git-url: '$GIT_URL/$PROJECT' + global-settings-file: global-settings + java-version: openjdk8 + mvn-opts: '' + mvn-params: '' + mvn-version: mvn33 + submodule-recursive: true + + ##################### + # Job Configuration # + ##################### + + properties: + - lf-infra-properties: + # Keep around for 30 days for troubleshooting purposes. + build-days-to-keep: 30 + + parameters: + - lf-infra-parameters: + project: '{project}' + branch: '{branch}' + - lf-infra-maven-parameters + + wrappers: + - lf-infra-wrappers: + build-timeout: '{build-timeout}' + jenkins-ssh-credential: '{jenkins-ssh-credential}' + + builders: + - lf-maven-install: + mvn-version: '{mvn-version}' + - lf-provide-maven-settings: + global-settings-file: '{global-settings-file}' + settings-file: '{settings-file}' + - shell: !include-raw-escape: + - ../shell/lftools-install.sh + - ../shell/common-variables.sh + - ../shell/sonatype-clm.sh + - lf-provide-maven-settings-cleanup + - shell: 'find . -regex ".*karaf/target" | xargs rm -rf' + - sonatype-clm: + application-name: '{project-name}' + + publishers: + - lf-infra-publish + - lf_maven_release: &lf_maven_release name: lf-maven-release @@ -113,6 +186,38 @@ # Job Templates # ################# +- job-template: + name: '{project-name}-maven-clm-{stream}' + id: gerrit-maven-clm + <<: *lf_maven_clm + + scm: + - lf-infra-gerrit-scm: + jenkins-ssh-credential: '{jenkins-ssh-credential}' + git-url: '{git-url}' + refspec: '$GERRIT_REFSPEC' + branch: '$GERRIT_BRANCH' + submodule-recursive: '{submodule-recursive}' + choosing-strategy: default + +- job-template: + name: '{project-name}-maven-clm-{stream}' + id: github-maven-clm + <<: *lf_maven_clm + + properties: + - github: + url: '{git-url}/{github-org}/{project}' + + scm: + - lf-infra-github-scm: + url: '{git-clone-url}{github-org}/{project}' + refspec: '+refs/pull/*:refs/remotes/origin/pr/*' + branch: '{branch}' + submodule-recursive: '{submodule-recursive}' + choosing-strategy: default + jenkins-ssh-credential: '{jenkins-ssh-credential}' + - job-template: name: '{project-name}-maven-release-{stream}' id: gerrit-maven-release diff --git a/shell/sonatype-clm.sh b/shell/sonatype-clm.sh new file mode 100644 index 00000000..504ef7b3 --- /dev/null +++ b/shell/sonatype-clm.sh @@ -0,0 +1,28 @@ +#!/bin/bash +# @License EPL-1.0 +############################################################################## +# Copyright (c) 2017 The Linux Foundation and others. +# +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +############################################################################## + +# This script builds a Maven project and deploys it into a staging repo which +# can be used to deploy elsewhere later eg. Nexus staging / snapshot repos. + +# DO NOT enable -u because $MAVEN_PARAMS and $MAVEN_OPTIONS could be unbound. +# Ensure we fail the job if any steps fail. +set -e -o pipefail +set +u + +export MAVEN_OPTS + +# Disable SC2086 because we want to allow word splitting for $MAVEN_* parameters. +# shellcheck disable=SC2086 +$MVN clean install dependency:tree com.sonatype.clm:clm-maven-plugin:index \ + --global-settings "$GLOBAL_SETTINGS_FILE" \ + --settings "$SETTINGS_FILE" \ + -DaltDeploymentRepository=staging::default::file:"$WORKSPACE"/m2repo \ + $MAVEN_PARAMS $MAVEN_OPTIONS -- 2.16.6