Code Review / releng / global-jjb.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Chore: Upgrade Jenkins-job-builder to 6.3.0
[releng/global-jjb.git] / jjb / lf-docker-jobs.yaml
1 ---
2 # This file contains job templates for Docker projects.
3
4 ##########
5 # Macros #
6 ##########
7
8 - builder:
9     name: lf-docker-get-container-tag
10     builders:
11       - inject:
12           properties-content: |
13             CONTAINER_TAG_METHOD={container-tag-method}
14             CONTAINER_TAG_YAML_DIR={container-tag-yaml-dir}
15             DOCKER_ROOT={docker-root}
16       - shell: !include-raw-escape: "{docker-get-container-tag-script}"
17       - inject:
18           # Import the container tag set by this build step
19           properties-file: "env_docker_inject.txt"
20
21 - builder:
22     name: lf-docker-build
23     builders:
24       - inject:
25           properties-content: |
26             DOCKER_ARGS={docker-build-args}
27             DOCKER_NAME={docker-name}
28             DOCKER_ROOT={docker-root}
29             CONTAINER_PULL_REGISTRY={container-public-registry}
30             CONTAINER_PUSH_REGISTRY={container-push-registry}
31       - shell: !include-raw-escape:
32           - ../shell/docker-build.sh
33
34 - builder:
35     name: lf-docker-push
36     builders:
37       - inject:
38           properties-content: |
39             CONTAINER_PUSH_REGISTRY={container-push-registry}
40       - shell: !include-raw-escape:
41           - ../shell/docker-push.sh
42
43 ####################
44 # COMMON FUNCTIONS #
45 ####################
46
47 - _lf_docker_common: &lf_docker_common
48     name: lf-docker-common
49
50     project-type: freestyle
51     node: "{build-node}"
52
53     ######################
54     # Default parameters #
55     ######################
56
57     branch: master
58     build-days-to-keep: 7
59     build-timeout: 60
60     submodule-disable: false
61     submodule-recursive: true
62     submodule-timeout: 10
63     pre_docker_build_script: "# pre docker build script goes here"
64     post_docker_build_script: "# post docker build script goes here"
65     disable-job: "false"
66     docker-get-container-tag-script: "../shell/docker-get-container-tag.sh"
67     docker-root: "$WORKSPACE"
68     docker-build-args: ""
69     git-url: "$GIT_URL/$PROJECT"
70     container-tag-method: "latest"
71     # TODO: how to interpolate value of {docker-root} parameter?
72     container-tag-yaml-dir: ""
73
74     #####################
75     # Job Configuration #
76     #####################
77
78     disabled: "{disable-job}"
79
80     properties:
81       - lf-infra-properties:
82           build-days-to-keep: "{build-days-to-keep}"
83
84     parameters:
85       - lf-infra-parameters:
86           branch: "{branch}"
87           project: "{project}"
88           refspec: "refs/heads/{branch}"
89           stream: "{stream}"
90
91     wrappers:
92       - lf-infra-wrappers:
93           build-timeout: "{build-timeout}"
94           jenkins-ssh-credential: "{jenkins-ssh-credential}"
95
96     publishers:
97       - lf-infra-publish
98
99 - _docker_verify_common: &docker_verify_common
100     name: docker-verify-common
101
102     concurrent: true
103
104     scm:
105       - lf-infra-gerrit-scm:
106           jenkins-ssh-credential: "{jenkins-ssh-credential}"
107           git-url: "{git-url}"
108           refspec: "$GERRIT_REFSPEC"
109           branch: "$GERRIT_BRANCH"
110           submodule-disable: "{submodule-disable}"
111           submodule-recursive: "{submodule-recursive}"
112           submodule-timeout: "{submodule-timeout}"
113           choosing-strategy: gerrit
114
115     gerrit_verify_triggers:
116       - patchset-created-event:
117           exclude-drafts: true
118           exclude-trivial-rebase: false
119           exclude-no-code-change: false
120       - draft-published-event
121       - comment-added-contains-event:
122           comment-contains-value: '^Patch Set\s+\d+:\s+(recheck|reverify)\s*$'
123
124     gerrit_trigger_file_paths:
125       - compare-type: REG_EXP
126         pattern: ".*"
127
128     # github_included_regions MUST match gerrit_trigger_file_paths
129     github_included_regions:
130       - ".*"
131
132     builders:
133       - lf-infra-pre-build
134       - lf-infra-docker-login:
135           global-settings-file: "global-settings"
136           settings-file: "{mvn-settings}"
137       - shell: "{pre_docker_build_script}"
138       - lf-docker-get-container-tag:
139           container-tag-method: "{container-tag-method}"
140           container-tag-yaml-dir: "{container-tag-yaml-dir}"
141           docker-root: "{docker-root}"
142           docker-get-container-tag-script: "{docker-get-container-tag-script}"
143       - lf-docker-build:
144           docker-build-args: "{docker-build-args}"
145           docker-name: "{docker-name}"
146           docker-root: "{docker-root}"
147           container-public-registry: "{container-public-registry}"
148           container-push-registry: "{container-push-registry}"
149       - shell: "{post_docker_build_script}"
150       - lf-provide-maven-settings-cleanup
151
152 - _docker_merge_common: &docker_merge_common
153     name: docker-merge-common
154     cron: "@weekly" # check dependencies regularly
155
156     scm:
157       - lf-infra-gerrit-scm:
158           jenkins-ssh-credential: "{jenkins-ssh-credential}"
159           git-url: "{git-url}"
160           refspec: "$GERRIT_REFSPEC"
161           branch: "$GERRIT_BRANCH"
162           submodule-disable: "{submodule-disable}"
163           submodule-recursive: "{submodule-recursive}"
164           submodule-timeout: "{submodule-timeout}"
165           choosing-strategy: default
166
167     gerrit_merge_triggers:
168       - change-merged-event
169       - comment-added-contains-event:
170           comment-contains-value: '^Patch Set\s+\d+:\s+remerge\s*$'
171
172     gerrit_trigger_file_paths:
173       - compare-type: REG_EXP
174         pattern: ".*"
175
176     # github_included_regions MUST match gerrit_trigger_file_paths
177     github_included_regions:
178       - ".*"
179
180     builders:
181       - lf-infra-pre-build
182       - lf-infra-docker-login:
183           global-settings-file: "global-settings"
184           settings-file: "{mvn-settings}"
185       - shell: "{pre_docker_build_script}"
186       - lf-docker-get-container-tag:
187           container-tag-method: "{container-tag-method}"
188           container-tag-yaml-dir: "{container-tag-yaml-dir}"
189           docker-root: "{docker-root}"
190           docker-get-container-tag-script: "{docker-get-container-tag-script}"
191       - lf-docker-build:
192           docker-build-args: "{docker-build-args}"
193           docker-name: "{docker-name}"
194           docker-root: "{docker-root}"
195           container-public-registry: "{container-public-registry}"
196           container-push-registry: "{container-push-registry}"
197       - shell: "{post_docker_build_script}"
198       # Provided all steps have already passed, push the docker image
199       - lf-docker-push:
200           container-push-registry: "{container-push-registry}"
201       - lf-provide-maven-settings-cleanup
202
203 #################
204 # Docker Verify #
205 #################
206
207 - job-template:
208     name: "{project-name}-docker-verify-{stream}"
209     id: gerrit-docker-verify
210     # Job template for Docker verify jobs
211     #
212     # The purpose of this job template is to run a docker build, and potentially
213     # test validation of the docker image
214
215     <<: *lf_docker_common
216     # yamllint disable-line rule:key-duplicates
217     <<: *docker_verify_common
218
219     triggers:
220       - gerrit:
221           server-name: "{gerrit-server-name}"
222           trigger-on: "{obj:gerrit_verify_triggers}"
223           projects:
224             - project-compare-type: ANT
225               project-pattern: "{project}"
226               branches:
227                 - branch-compare-type: ANT
228                   branch-pattern: "**/{branch}"
229               file-paths: "{obj:gerrit_trigger_file_paths}"
230
231 - job-template:
232     name: "{project-name}-docker-verify-{stream}"
233     id: github-docker-verify
234     # Job template for Docker verify jobs
235     #
236     # The purpose of this job template is to run a docker build, and potentially
237     # test validation of the docker image
238
239     <<: *lf_docker_common
240     # yamllint disable-line rule:key-duplicates
241     <<: *docker_verify_common
242
243     properties:
244       - lf-infra-properties:
245           build-days-to-keep: "{build-days-to-keep}"
246       - github:
247           url: "{github-url}/{github-org}/{project}"
248
249     scm:
250       - lf-infra-github-scm:
251           url: "{git-clone-url}{github-org}/{project}"
252           refspec: "+refs/pull/*:refs/remotes/origin/pr/*"
253           branch: "$sha1"
254           submodule-recursive: "{submodule-recursive}"
255           submodule-timeout: "{submodule-timeout}"
256           submodule-disable: "{submodule-disable}"
257           choosing-strategy: default
258           jenkins-ssh-credential: "{jenkins-ssh-credential}"
259
260     triggers:
261       - github-pull-request:
262           trigger-phrase: "^(recheck|reverify)$"
263           only-trigger-phrase: false
264           status-context: "Docker Verify"
265           permit-all: true
266           github-hooks: true
267           white-list-target-branches:
268             - "{branch}"
269           included-regions: "{obj:github_included_regions}"
270
271 ################
272 # Docker Merge #
273 ################
274
275 - job-template:
276     name: "{project-name}-docker-merge-{stream}"
277     id: gerrit-docker-merge
278     # Job template for Docker merge jobs
279     #
280     # The purpose of this job template is to run a docker build, and potentially
281     # test validation of the docker image
282
283     <<: *lf_docker_common
284     # yamllint disable-line rule:key-duplicates
285     <<: *docker_merge_common
286
287     triggers:
288       - timed: "{obj:cron}"
289       - gerrit:
290           server-name: "{gerrit-server-name}"
291           trigger-on: "{obj:gerrit_merge_triggers}"
292           projects:
293             - project-compare-type: ANT
294               project-pattern: "{project}"
295               branches:
296                 - branch-compare-type: ANT
297                   branch-pattern: "**/{branch}"
298               file-paths: "{obj:gerrit_trigger_file_paths}"
299
300 - job-template:
301     name: "{project-name}-docker-merge-{stream}"
302     id: github-docker-merge
303     # Job template for Docker merge jobs
304     #
305     # The purpose of this job template is to run a docker build, and potentially
306     # test validation of the docker image
307
308     <<: *lf_docker_common
309     # yamllint disable-line rule:key-duplicates
310     <<: *docker_merge_common
311
312     properties:
313       - lf-infra-properties:
314           build-days-to-keep: "{build-days-to-keep}"
315       - github:
316           url: "{github-url}/{github-org}/{project}"
317
318     scm:
319       - lf-infra-github-scm:
320           url: "{git-clone-url}{github-org}/{project}"
321           refspec: ""
322           branch: "refs/heads/{branch}"
323           submodule-recursive: "{submodule-recursive}"
324           submodule-timeout: "{submodule-timeout}"
325           submodule-disable: "{submodule-disable}"
326           choosing-strategy: default
327           jenkins-ssh-credential: "{jenkins-ssh-credential}"
328
329     triggers:
330       - timed: "{obj:cron}"
331       - github
332       - pollscm:
333           cron: ""
334       - github-pull-request:
335           trigger-phrase: "^remerge$"
336           only-trigger-phrase: true
337           status-context: "Docker Merge"
338           permit-all: true
339           github-hooks: true
340           org-list:
341             - "{github-org}"
342           white-list: "{obj:github_pr_allowlist}"
343           admin-list: "{obj:github_pr_admin_list}"
344           white-list-target-branches:
345             - "{branch}"
346           included-regions: "{obj:github_included_regions}"
347
348 ##################
349 # Docker Snyk CLI #
350 ##################
351
352 - _lf_docker_snyk_cli: &lf_docker_snyk_cli
353     name: lf-docker-snyk_cli
354
355     ######################
356     # Default parameters #
357     ######################
358
359     branch: master
360     build-days-to-keep: 30 # 30 days for troubleshooting purposes
361     build-timeout: 60
362     container-tag-method: "latest"
363     container-tag-yaml-dir: ""
364     disable-job: false
365     docker-get-container-tag-script: "../shell/docker-get-container-tag.sh"
366     docker-root: "$WORKSPACE"
367     docker-build-args: ""
368     git-url: "$GIT_URL/$PROJECT"
369     github-url: "https://github.com"
370     pre_docker_build_script: "# pre docker build script goes here"
371     post_docker_build_script: "# post docker build script goes here"
372     snyk-cli-options: ""
373     snyk-token-credential-id: snyk-token
374     snyk-org-credential-id: snyk-org
375     stream: master
376     submodule-recursive: true
377     submodule-timeout: 10
378     submodule-disable: false
379
380     gerrit_snyk_triggers:
381       - comment-added-contains-event:
382           comment-contains-value: '^Patch Set\s+\d+:\s+run-snyk\s*$'
383
384     parameters:
385       - lf-infra-parameters:
386           project: "{project}"
387           branch: "{branch}"
388           stream: "{stream}"
389       - string:
390           name: SNYK_CLI_OPTIONS
391           default: "{snyk-cli-options}"
392           description: Additional Snyk CLI commands and options
393
394     wrappers:
395       - credentials-binding:
396           - text:
397               credential-id: "{snyk-token-credential-id}"
398               variable: SNYK_TOKEN
399           - text:
400               credential-id: "{snyk-org-credential-id}"
401               variable: SNYK_ORG
402
403     #####################
404     # Job Configuration #
405     #####################
406
407     disabled: "{disable-job}"
408
409     builders:
410       - lf-infra-pre-build
411       - lf-infra-docker-login:
412           global-settings-file: "global-settings"
413           settings-file: "{mvn-settings}"
414       - shell: "{pre_docker_build_script}"
415       - lf-docker-get-container-tag:
416           container-tag-method: "{container-tag-method}"
417           container-tag-yaml-dir: "{container-tag-yaml-dir}"
418           docker-root: "{docker-root}"
419           docker-get-container-tag-script: "{docker-get-container-tag-script}"
420       - lf-docker-build:
421           docker-build-args: "{docker-build-args}"
422           docker-name: "{docker-name}"
423           docker-root: "{docker-root}"
424           container-public-registry: "{container-public-registry}"
425           container-push-registry: "{container-push-registry}"
426       - shell: "{post_docker_build_script}"
427       - lf-infra-snyk-cli-scanner
428       - lf-provide-maven-settings-cleanup
429       - shell: 'find . -regex ".*karaf/target" | xargs rm -rf'
430
431 - job-template:
432     name: "{project-name}-docker-snyk-cli-{stream}"
433     id: gerrit-docker-snyk-cli
434     <<: *lf_docker_common
435     # yamllint disable-line rule:key-duplicates
436     <<: *lf_docker_snyk_cli
437
438     scm:
439       - lf-infra-gerrit-scm:
440           jenkins-ssh-credential: "{jenkins-ssh-credential}"
441           git-url: "{git-url}"
442           refspec: "$GERRIT_REFSPEC"
443           branch: "$GERRIT_BRANCH"
444           submodule-recursive: "{submodule-recursive}"
445           submodule-timeout: "{submodule-timeout}"
446           submodule-disable: "{submodule-disable}"
447           choosing-strategy: default
448
449     triggers:
450       # Build weekly on Saturdays
451       - timed: "H H * * 6"
452       - gerrit:
453           server-name: "{gerrit-server-name}"
454           trigger-on: "{obj:gerrit_snyk_triggers}"
455           projects:
456             - project-compare-type: ANT
457               project-pattern: "{project}"
458               branches:
459                 - branch-compare-type: ANT
460                   branch-pattern: "**/{branch}"
461           skip-vote:
462             successful: true
463             failed: true
464             unstable: true
465             notbuilt: true
466
467 - job-template:
468     name: "{project-name}-docker-snyk-cli-{stream}"
469     id: github-docker-snyk-cli
470     <<: *lf_docker_common
471     # yamllint disable-line rule:key-duplicates
472     <<: *lf_docker_snyk_cli
473
474     properties:
475       - lf-infra-properties:
476           build-days-to-keep: "{build-days-to-keep}"
477       - github:
478           url: "{github-url}/{github-org}/{project}"
479
480     scm:
481       - lf-infra-github-scm:
482           url: "{git-clone-url}{github-org}/{project}"
483           refspec: ""
484           branch: "refs/heads/{branch}"
485           submodule-recursive: "{submodule-recursive}"
486           submodule-timeout: "{submodule-timeout}"
487           submodule-disable: "{submodule-disable}"
488           choosing-strategy: default
489           jenkins-ssh-credential: "{jenkins-ssh-credential}"
490
491     triggers:
492       # Build weekly on Saturdays
493       - timed: "H H * * 6"
494       - github-pull-request:
495           trigger-phrase: "^run-snyk$"
496           only-trigger-phrase: true
497           status-context: "SNYK scan"
498           permit-all: true
499           github-hooks: true
500           org-list:
501             - "{github-org}"
502           white-list: "{obj:github_pr_allowlist}"
503           admin-list: "{obj:github_pr_admin_list}"
504           white-list-target-branches:
505             - "{branch}"
Global Jenkins Job Builder templates