From f32a666231103080ac65a3184c507202e5ba6a0e Mon Sep 17 00:00:00 2001
From: Jessica Wagantall <jwagantall@linuxfoundation.org>
Date: Thu, 15 Jun 2017 23:29:09 -0700
Subject: [PATCH] Add Nexus IQ CLM scan job

This template will be used to perform code scans
and report the results in nexus-iq server.
A plugin for nexus-iq will need to be installed and
configured in Jenkins before using this job.

JIRA: RELENG-176
Change-Id: I813da293728615a42b43ec785385a38237c57213
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
---
 jjb/lf-maven-jobs.yaml | 105 +++++++++++++++++++++++++++++++++++++++++++++++++
 shell/sonatype-clm.sh  |  28 +++++++++++++
 2 files changed, 133 insertions(+)
 create mode 100644 shell/sonatype-clm.sh

diff --git a/jjb/lf-maven-jobs.yaml b/jjb/lf-maven-jobs.yaml
index 3bafab5c..36edbdc9 100644
--- a/jjb/lf-maven-jobs.yaml
+++ b/jjb/lf-maven-jobs.yaml
@@ -8,6 +8,7 @@
     # for any project ci.
 
     jobs:
+      - gerrit-maven-clm
       - gerrit-maven-release
 
 - job-group:
@@ -17,11 +18,83 @@
     # for any project ci that is using github.
 
     jobs:
+      - gerrit-maven-clm
       - github-maven-release
 
 ####################
 # Anchors & Macros #
 ####################
+
+- lf_maven_clm: &lf_maven_clm
+    name: lf-maven-clm
+
+    # Produces a CLM scan of the code into Nexus IQ Server.
+    #
+    # Required parameters:
+    #     build-node:    The node to run build on.
+    #     jenkins-ssh-credential: Credential to use for SSH. (Generally should
+    #                             be configured in defaults.yaml)
+    #     settings-file: The name of settings file containing credentials for
+    #                    the project.
+    #     global-settings-file: The name of the Maven global settings to use for
+    #                           Maven configuration.
+
+    project-type: freestyle
+    node: '{build-node}'
+    jdk: '{java-version}'
+
+    ######################
+    # Default parameters #
+    ######################
+
+    branch: master
+    build-timeout: 15
+    git-url: '$GIT_URL/$PROJECT'
+    global-settings-file: global-settings
+    java-version: openjdk8
+    mvn-opts: ''
+    mvn-params: ''
+    mvn-version: mvn33
+    submodule-recursive: true
+
+    #####################
+    # Job Configuration #
+    #####################
+
+    properties:
+      - lf-infra-properties:
+          # Keep around for 30 days for troubleshooting purposes.
+          build-days-to-keep: 30
+
+    parameters:
+      - lf-infra-parameters:
+          project: '{project}'
+          branch: '{branch}'
+      - lf-infra-maven-parameters
+
+    wrappers:
+      - lf-infra-wrappers:
+          build-timeout: '{build-timeout}'
+          jenkins-ssh-credential: '{jenkins-ssh-credential}'
+
+    builders:
+      - lf-maven-install:
+          mvn-version: '{mvn-version}'
+      - lf-provide-maven-settings:
+          global-settings-file: '{global-settings-file}'
+          settings-file: '{settings-file}'
+      - shell: !include-raw-escape:
+          - ../shell/lftools-install.sh
+          - ../shell/common-variables.sh
+          - ../shell/sonatype-clm.sh
+      - lf-provide-maven-settings-cleanup
+      - shell: 'find . -regex ".*karaf/target" | xargs rm -rf'
+      - sonatype-clm:
+          application-name: '{project-name}'
+
+    publishers:
+      - lf-infra-publish
+
 - lf_maven_release: &lf_maven_release
     name: lf-maven-release
 
@@ -113,6 +186,38 @@
 # Job Templates #
 #################
 
+- job-template:
+    name: '{project-name}-maven-clm-{stream}'
+    id: gerrit-maven-clm
+    <<: *lf_maven_clm
+
+    scm:
+      - lf-infra-gerrit-scm:
+          jenkins-ssh-credential: '{jenkins-ssh-credential}'
+          git-url: '{git-url}'
+          refspec: '$GERRIT_REFSPEC'
+          branch: '$GERRIT_BRANCH'
+          submodule-recursive: '{submodule-recursive}'
+          choosing-strategy: default
+
+- job-template:
+    name: '{project-name}-maven-clm-{stream}'
+    id: github-maven-clm
+    <<: *lf_maven_clm
+
+    properties:
+      - github:
+          url: '{git-url}/{github-org}/{project}'
+
+    scm:
+      - lf-infra-github-scm:
+          url: '{git-clone-url}{github-org}/{project}'
+          refspec: '+refs/pull/*:refs/remotes/origin/pr/*'
+          branch: '{branch}'
+          submodule-recursive: '{submodule-recursive}'
+          choosing-strategy: default
+          jenkins-ssh-credential: '{jenkins-ssh-credential}'
+
 - job-template:
     name: '{project-name}-maven-release-{stream}'
     id: gerrit-maven-release
diff --git a/shell/sonatype-clm.sh b/shell/sonatype-clm.sh
new file mode 100644
index 00000000..504ef7b3
--- /dev/null
+++ b/shell/sonatype-clm.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+# @License EPL-1.0 <http://spdx.org/licenses/EPL-1.0>
+##############################################################################
+# Copyright (c) 2017 The Linux Foundation and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+##############################################################################
+
+# This script builds a Maven project and deploys it into a staging repo which
+# can be used to deploy elsewhere later eg. Nexus staging / snapshot repos.
+
+# DO NOT enable -u because $MAVEN_PARAMS and $MAVEN_OPTIONS could be unbound.
+# Ensure we fail the job if any steps fail.
+set -e -o pipefail
+set +u
+
+export MAVEN_OPTS
+
+# Disable SC2086 because we want to allow word splitting for $MAVEN_* parameters.
+# shellcheck disable=SC2086
+$MVN clean install dependency:tree com.sonatype.clm:clm-maven-plugin:index \
+    --global-settings "$GLOBAL_SETTINGS_FILE" \
+    --settings "$SETTINGS_FILE" \
+    -DaltDeploymentRepository=staging::default::file:"$WORKSPACE"/m2repo \
+    $MAVEN_PARAMS $MAVEN_OPTIONS
-- 
2.16.6