[releng/global-jjb.git] / jjb / lf-maven-jobs.yaml

---
# This file contains job templates for Maven projects.

##########
# Macros #
##########

- builder:
    name: lf-maven-build
    builders:
      - inject:
          properties-content: "MAVEN_GOALS={mvn-goals}"
      - shell: !include-raw-escape:
          - ../shell/common-variables.sh
          - ../shell/maven-build.sh

- builder:
    name: lf-maven-deploy
    builders:
      - shell: !include-raw:
          - ../shell/common-variables.sh
          - ../shell/maven-deploy.sh

- builder:
    name: lf-maven-versions-plugin
    builders:
      - conditional-step:
          condition-kind: boolean-expression
          condition-expression: "{maven-versions-plugin}"
          steps:
            - inject:
                properties-file: "{version-properties-file}"
            - maven-target:
                maven-version: "{mvn-version}"
                pom: "{mvn-pom}"
                goals: "versions:set versions:update-child-modules versions:commit -B"
                properties:
                  - "newVersion=${{release_version}}"
                settings: "{mvn-settings}"
                settings-type: cfp
                global-settings: "global-settings"
                global-settings-type: cfp

- builder:
    name: lf-maven-stage
    builders:
      - lf-provide-maven-settings:
          global-settings-file: "{mvn-global-settings}"
          settings-file: "{mvn-settings}"
      - lf-infra-create-netrc:
          server-id: "{mvn-staging-id}"
      # include-raw-escape fails due to JJB bug
      - shell: !include-raw-escape:
          - ../shell/common-variables.sh
          - ../shell/maven-stage.sh
      - lf-provide-maven-settings-cleanup

- builder:
    name: lf-update-java-alternatives
    builders:
      - inject:
          # Work around inject plugin overriding our GIT_URL variable incorrectly
          # https://issues.jenkins-ci.org/browse/JENKINS-49775
          properties-content: |
            SET_JDK_VERSION={java-version}
            GIT_URL="$GIT_URL"
      - shell: !include-raw-escape: ../shell/update-java-alternatives.sh
      - inject:
          properties-file: "/tmp/java.env"

####################
# COMMON FUNCTIONS #
####################

- _lf_maven_common: &lf_maven_common
    name: lf-maven-common

    ######################
    # Default parameters #
    ######################

    archive-artifacts: >
      **/*.log
      **/hs_err_*.log
      **/target/**/feature.xml
      **/target/failsafe-reports/failsafe-summary.xml
      **/target/surefire-reports/*-output.txt

    #####################
    # Job Configuration #
    #####################

    project-type: freestyle
    node: "{build-node}"

    properties:
      - lf-infra-properties:
          build-days-to-keep: "{build-days-to-keep}"

    parameters:
      - lf-infra-parameters:
          project: "{project}"
          branch: "{branch}"
          stream: "{stream}"
      - lf-infra-maven-parameters:
          mvn-opts: "{mvn-opts}"
          mvn-params: "{mvn-params}"
          mvn-version: "{mvn-version}"
      - string:
          name: ARCHIVE_ARTIFACTS
          default: "{archive-artifacts}"
          description: Artifacts to archive to the logs server.

    wrappers:
      - lf-infra-wrappers:
          build-timeout: "{build-timeout}"
          jenkins-ssh-credential: "{jenkins-ssh-credential}"

    publishers:
      # TODO: Make email notification work.
      # - lf-infra-email-notify:
      #     email-recipients: '{email-recipients}'
      #     email-prefix: '[releng]'
      - lf-infra-publish

#############
# Maven CLM #
#############

- _lf_maven_clm: &lf_maven_clm
    name: lf-maven-clm

    ######################
    # Default parameters #
    ######################

    branch: master
    build-days-to-keep: 30 # 30 days for troubleshooting purposes
    build-timeout: 60
    disable-job: false
    git-url: "$GIT_URL/$PROJECT"
    github-url: "https://github.com"
    java-version: openjdk11
    mvn-global-settings: global-settings
    mvn-goals: clean install
    mvn-opts: ""
    mvn-params: ""
    mvn-version: mvn35
    nexus-iq-namespace: "" # Recommend a trailing dash when set. Example: odl-
    nexus-iq-stage: "build"
    stream: master
    submodule-recursive: true
    submodule-timeout: 10
    submodule-disable: false

    nexus_iq_scan_patterns:
      - "**/*.ear"
      - "**/*.jar"
      - "**/*.tar.gz"
      - "**/*.war"
      - "**/*.zip"

    gerrit_clm_triggers:
      - comment-added-contains-event:
          comment-contains-value: '^Patch Set\s+\d+:\s+run-clm\s*$'

    parameters:
      - lf-infra-parameters:
          project: "{project}"
          branch: "{branch}"
          stream: "{stream}"
      - lf-infra-maven-parameters:
          mvn-opts: "{mvn-opts}"
          mvn-params: "{mvn-params}"
          mvn-version: "{mvn-version}"
      - string:
          name: ARCHIVE_ARTIFACTS
          default: "{archive-artifacts}"
          description: Artifacts to archive to the logs server.
      - lf-clm-parameters:
          nexus-iq-stage: "{nexus-iq-stage}"

    #####################
    # Job Configuration #
    #####################

    disabled: "{disable-job}"

    builders:
      - lf-infra-pre-build
      - lf-maven-install:
          mvn-version: "{mvn-version}"
      - lf-update-java-alternatives:
          java-version: "{java-version}"
      - lf-provide-maven-settings:
          global-settings-file: "{mvn-global-settings}"
          settings-file: "{mvn-settings}"
      - lf-infra-sonatype-clm:
          mvn-goals: "{mvn-goals}"
      - lf-provide-maven-settings-cleanup
      - shell: 'find . -regex ".*karaf/target" | xargs rm -rf'
      - nexus-iq-policy-evaluator:
          stage: "{nexus-iq-stage}"
          application-type: "manual"
          application-id: "{nexus-iq-namespace}{project-name}"
          scan-patterns: "{obj:nexus_iq_scan_patterns}"
          fail-build-network-error: true

- builder:
    name: lf-infra-sonatype-clm
    # Run a CLM scan build with Maven
    builders:
      - inject:
          properties-content: |
            MAVEN_GOALS={mvn-goals}
      - shell: !include-raw-escape:
          - ../shell/common-variables.sh
          - ../shell/sonatype-clm.sh

- job-template:
    name: "{project-name}-maven-clm-{stream}"
    id: gerrit-maven-clm
    <<: *lf_maven_common
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_clm

    scm:
      - lf-infra-gerrit-scm:
          jenkins-ssh-credential: "{jenkins-ssh-credential}"
          git-url: "{git-url}"
          refspec: "$GERRIT_REFSPEC"
          branch: "$GERRIT_BRANCH"
          submodule-recursive: "{submodule-recursive}"
          submodule-timeout: "{submodule-timeout}"
          submodule-disable: "{submodule-disable}"
          choosing-strategy: default

    triggers:
      # Build weekly on Saturdays
      - timed: "H H * * 6"
      - gerrit:
          server-name: "{gerrit-server-name}"
          trigger-on: "{obj:gerrit_clm_triggers}"
          projects:
            - project-compare-type: ANT
              project-pattern: "{project}"
              branches:
                - branch-compare-type: ANT
                  branch-pattern: "**/{branch}"
          skip-vote:
            successful: true
            failed: true
            unstable: true
            notbuilt: true

- job-template:
    name: "{project-name}-maven-clm-{stream}"
    id: github-maven-clm
    <<: *lf_maven_common
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_clm

    properties:
      - lf-infra-properties:
          build-days-to-keep: "{build-days-to-keep}"
      - github:
          url: "{github-url}/{github-org}/{project}"

    scm:
      - lf-infra-github-scm:
          url: "{git-clone-url}{github-org}/{project}"
          refspec: ""
          branch: "refs/heads/{branch}"
          submodule-recursive: "{submodule-recursive}"
          submodule-timeout: "{submodule-timeout}"
          submodule-disable: "{submodule-disable}"
          choosing-strategy: default
          jenkins-ssh-credential: "{jenkins-ssh-credential}"

    triggers:
      # Build weekly on Saturdays
      - timed: "H H * * 6"
      - github-pull-request:
          trigger-phrase: "^run-clm$"
          only-trigger-phrase: true
          status-context: "CLM"
          permit-all: true
          github-hooks: true
          org-list:
            - "{github-org}"
          white-list: "{obj:github_pr_allowlist}"
          admin-list: "{obj:github_pr_admin_list}"
          white-list-target-branches:
            - "{branch}"

##################
# Maven Snyk CLI #
##################

- _lf_maven_snyk_cli: &lf_maven_snyk_cli
    name: lf-maven-snyk_cli

    ######################
    # Default parameters #
    ######################

    branch: master
    build-days-to-keep: 30 # 30 days for troubleshooting purposes
    build-timeout: 60
    disable-job: false
    git-url: "$GIT_URL/$PROJECT"
    github-url: "https://github.com"
    java-version: openjdk11
    mvn-global-settings: global-settings
    mvn-goals: clean install
    mvn-opts: ""
    mvn-params: ""
    mvn-version: mvn35
    snyk-cli-options: ""
    snyk-token-credential-id: snyk-token
    snyk-org-credential-id: snyk-org
    stream: master
    submodule-recursive: true
    submodule-timeout: 10
    submodule-disable: false

    gerrit_snyk_triggers:
      - comment-added-contains-event:
          comment-contains-value: '^Patch Set\s+\d+:\s+run-snyk\s*$'

    parameters:
      - lf-infra-parameters:
          project: "{project}"
          branch: "{branch}"
          stream: "{stream}"
      - lf-infra-maven-parameters:
          mvn-opts: "{mvn-opts}"
          mvn-params: "{mvn-params}"
          mvn-version: "{mvn-version}"
      - string:
          name: SNYK_CLI_OPTIONS
          default: "{snyk-cli-options}"
          description: Additional Snyk CLI commands and options
      - string:
          name: ARCHIVE_ARTIFACTS
          default: "{archive-artifacts}"
          description: Artifacts to archive to the logs server.

    wrappers:
      - credentials-binding:
          - text:
              credential-id: "{snyk-token-credential-id}"
              variable: SNYK_TOKEN
          - text:
              credential-id: "{snyk-org-credential-id}"
              variable: SNYK_ORG

    #####################
    # Job Configuration #
    #####################

    disabled: "{disable-job}"

    builders:
      - lf-infra-pre-build
      - lf-maven-install:
          mvn-version: "{mvn-version}"
      - lf-update-java-alternatives:
          java-version: "{java-version}"
      - lf-provide-maven-settings:
          global-settings-file: "{mvn-global-settings}"
          settings-file: "{mvn-settings}"
      - lf-maven-build:
          mvn-goals: "{mvn-goals}"
      - lf-infra-snyk-cli-scanner
      - lf-provide-maven-settings-cleanup
      - shell: 'find . -regex ".*karaf/target" | xargs rm -rf'

- builder:
    name: lf-infra-snyk-cli-scanner
    # Download and run the Snyk CLI scanner
    builders:
      - shell: !include-raw-escape:
          - ../shell/snyk-cli-scanner-run.sh

- job-template:
    name: "{project-name}-maven-snyk-cli-{stream}"
    id: gerrit-maven-snyk-cli
    <<: *lf_maven_common
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_snyk_cli

    scm:
      - lf-infra-gerrit-scm:
          jenkins-ssh-credential: "{jenkins-ssh-credential}"
          git-url: "{git-url}"
          refspec: "$GERRIT_REFSPEC"
          branch: "$GERRIT_BRANCH"
          submodule-recursive: "{submodule-recursive}"
          submodule-timeout: "{submodule-timeout}"
          submodule-disable: "{submodule-disable}"
          choosing-strategy: default

    triggers:
      # Build weekly on Saturdays
      - timed: "H H * * 6"
      - gerrit:
          server-name: "{gerrit-server-name}"
          trigger-on: "{obj:gerrit_snyk_triggers}"
          projects:
            - project-compare-type: ANT
              project-pattern: "{project}"
              branches:
                - branch-compare-type: ANT
                  branch-pattern: "**/{branch}"
          skip-vote:
            successful: true
            failed: true
            unstable: true
            notbuilt: true

- job-template:
    name: "{project-name}-maven-snyk-cli-{stream}"
    id: github-maven-snyk-cli
    <<: *lf_maven_common
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_snyk_cli

    properties:
      - lf-infra-properties:
          build-days-to-keep: "{build-days-to-keep}"
      - github:
          url: "{github-url}/{github-org}/{project}"

    scm:
      - lf-infra-github-scm:
          url: "{git-clone-url}{github-org}/{project}"
          refspec: ""
          branch: "refs/heads/{branch}"
          submodule-recursive: "{submodule-recursive}"
          submodule-timeout: "{submodule-timeout}"
          submodule-disable: "{submodule-disable}"
          choosing-strategy: default
          jenkins-ssh-credential: "{jenkins-ssh-credential}"

    triggers:
      # Build weekly on Saturdays
      - timed: "H H * * 6"
      - github-pull-request:
          trigger-phrase: "^run-snyk$"
          only-trigger-phrase: true
          status-context: "SNYK scan"
          permit-all: true
          github-hooks: true
          org-list:
            - "{github-org}"
          white-list: "{obj:github_pr_allowlist}"
          admin-list: "{obj:github_pr_admin_list}"
          white-list-target-branches:
            - "{branch}"

#########################
# Maven Javadoc Publish #
#########################

- _lf_maven_javadoc_publish: &lf_maven_javadoc_publish
    name: lf-maven-javadoc-publish

    ######################
    # Default parameters #
    ######################

    branch: master
    build-days-to-keep: 30 # 30 days in case a release takes long to get approved.
    build-timeout: 60
    disable-job: false
    git-url: "$GIT_URL/$PROJECT"
    github-url: "https://github.com"
    java-version: openjdk11
    mvn-dir: "."
    mvn-global-settings: global-settings
    mvn-opts: ""
    mvn-params: ""
    mvn-version: mvn35
    stream: master
    submodule-recursive: true
    submodule-timeout: 10
    submodule-disable: false

    gerrit_merge_triggers:
      - change-merged-event
      - comment-added-contains-event:
          comment-contains-value: '^Patch Set\s+\d+:\s+remerge\s*$'

    #####################
    # Job Configuration #
    #####################

    disabled: "{disable-job}"

    builders:
      - lf-infra-pre-build
      - lf-maven-install:
          mvn-version: "{mvn-version}"
      - lf-update-java-alternatives:
          java-version: "{java-version}"
      - lf-provide-maven-settings:
          global-settings-file: "{mvn-global-settings}"
          settings-file: "{mvn-settings}"
      - lf-infra-create-netrc:
          server-id: "{mvn-site-id}"
      - inject:
          properties-content: |
            DEPLOY_PATH={javadoc-path}
            MAVEN_DIR={mvn-dir}
      - shell: !include-raw-escape:
          - ../shell/common-variables.sh
          - ../shell/maven-javadoc-generate.sh
          - ../shell/maven-javadoc-publish.sh
      - lf-provide-maven-settings-cleanup

- job-template:
    name: "{project-name}-maven-javadoc-publish-{stream}-{java-version}"
    id: gerrit-maven-javadoc-publish
    <<: *lf_maven_common
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_javadoc_publish

    git-url: "$GIT_URL/$GERRIT_PROJECT"

    scm:
      - lf-infra-gerrit-scm:
          git-url: "{git-url}"
          refspec: ""
          branch: "{branch}"
          submodule-recursive: "{submodule-recursive}"
          submodule-timeout: "{submodule-timeout}"
          submodule-disable: "{submodule-disable}"
          choosing-strategy: default
          jenkins-ssh-credential: "{jenkins-ssh-credential}"

    triggers:
      - gerrit:
          server-name: "{gerrit-server-name}"
          trigger-on: "{obj:gerrit_merge_triggers}"
          projects:
            - project-compare-type: ANT
              project-pattern: "{project}"
              branches:
                - branch-compare-type: ANT
                  branch-pattern: "**/{branch}"

- job-template:
    name: "{project-name}-maven-javadoc-publish-{stream}-{java-version}"
    id: github-maven-javadoc-publish
    <<: *lf_maven_common
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_javadoc_publish

    properties:
      - lf-infra-properties:
          build-days-to-keep: "{build-days-to-keep}"
      - github:
          url: "{github-url}/{github-org}/{project}"

    scm:
      - lf-infra-github-scm:
          url: "{git-clone-url}{github-org}/{project}"
          refspec: ""
          branch: "{branch}"
          submodule-recursive: "{submodule-recursive}"
          submodule-timeout: "{submodule-timeout}"
          submodule-disable: "{submodule-disable}"
          choosing-strategy: default
          jenkins-ssh-credential: "{jenkins-ssh-credential}"

    triggers:
      - github
      - pollscm:
          cron: ""
      - github-pull-request:
          trigger-phrase: "^remerge$"
          only-trigger-phrase: true
          status-context: "Maven Javadoc Publish"
          permit-all: true
          github-hooks: true
          org-list:
            - "{github-org}"
          white-list: "{obj:github_pr_allowlist}"
          admin-list: "{obj:github_pr_admin_list}"
          white-list-target-branches:
            - "{branch}"

########################
# Maven Javadoc Verify #
########################

- _lf_maven_javadoc_verify: &lf_maven_javadoc_verify
    name: lf-maven-javadoc-verify

    ######################
    # Default parameters #
    ######################

    branch: master
    build-days-to-keep: 30 # 30 days in case a release takes long to get approved.
    build-timeout: 60
    disable-job: false
    git-url: "$GIT_URL/$PROJECT"
    github-url: "https://github.com"
    java-version: openjdk11
    mvn-dir: "."
    mvn-global-settings: global-settings
    mvn-opts: ""
    mvn-params: ""
    mvn-version: mvn35
    stream: master
    submodule-recursive: true
    submodule-timeout: 10
    submodule-disable: false

    gerrit_verify_triggers:
      - patchset-created-event:
          exclude-drafts: true
          exclude-trivial-rebase: false
          exclude-no-code-change: false
      - draft-published-event
      - comment-added-contains-event:
          comment-contains-value: '^Patch Set\s+\d+:\s+(recheck|reverify)\s*$'

    #####################
    # Job Configuration #
    #####################

    concurrent: true
    disabled: "{disable-job}"

    builders:
      - lf-infra-pre-build
      - lf-maven-install:
          mvn-version: "{mvn-version}"
      - lf-update-java-alternatives:
          java-version: "{java-version}"
      - lf-provide-maven-settings:
          global-settings-file: "{mvn-global-settings}"
          settings-file: "{mvn-settings}"
      - inject:
          properties-content: |
            MAVEN_DIR={mvn-dir}
      - shell: !include-raw-escape:
          - ../shell/common-variables.sh
          - ../shell/maven-javadoc-generate.sh
      - lf-provide-maven-settings-cleanup

- job-template:
    name: "{project-name}-maven-javadoc-verify-{stream}-{java-version}"
    id: gerrit-maven-javadoc-verify
    <<: *lf_maven_common
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_javadoc_verify

    scm:
      - lf-infra-gerrit-scm:
          jenkins-ssh-credential: "{jenkins-ssh-credential}"
          git-url: "{git-url}"
          refspec: "$GERRIT_REFSPEC"
          branch: "$GERRIT_BRANCH"
          submodule-recursive: "{submodule-recursive}"
          submodule-timeout: "{submodule-timeout}"
          submodule-disable: "{submodule-disable}"
          choosing-strategy: gerrit

    triggers:
      - gerrit:
          server-name: "{gerrit-server-name}"
          trigger-on: "{obj:gerrit_verify_triggers}"
          projects:
            - project-compare-type: ANT
              project-pattern: "{project}"
              branches:
                - branch-compare-type: ANT
                  branch-pattern: "**/{branch}"

- job-template:
    name: "{project-name}-maven-javadoc-verify-{stream}-{java-version}"
    id: github-maven-javadoc-verify
    <<: *lf_maven_common
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_javadoc_verify

    properties:
      - lf-infra-properties:
          build-days-to-keep: "{build-days-to-keep}"
      - github:
          url: "{github-url}/{github-org}/{project}"

    scm:
      - lf-infra-github-scm:
          url: "{git-clone-url}{github-org}/{project}"
          refspec: "+refs/pull/*:refs/remotes/origin/pr/*"
          branch: "$sha1"
          submodule-recursive: "{submodule-recursive}"
          submodule-timeout: "{submodule-timeout}"
          submodule-disable: "{submodule-disable}"
          choosing-strategy: default
          jenkins-ssh-credential: "{jenkins-ssh-credential}"

    triggers:
      - github-pull-request:
          trigger-phrase: ^(recheck|reverify)$
          only-trigger-phrase: false
          status-context: "Maven Javadoc Verify"
          permit-all: true
          github-hooks: true
          white-list-target-branches:
            - "{branch}"

###############
# Maven Merge #
###############

- _lf_maven_merge: &lf_maven_merge
    name: lf-maven-merge

    ######################
    # Default parameters #
    ######################

    branch: master
    build-days-to-keep: 30 # 30 days in case we need to troubleshoot
    build-timeout: 60
    cron: "@daily"
    disable-job: false
    git-url: "$GIT_URL/$PROJECT"
    github-url: "https://github.com"
    jacoco-exclude-pattern: "**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**"
    java-version: openjdk11
    mvn-global-settings: global-settings
    mvn-goals: clean deploy
    mvn-opts: ""
    mvn-params: "-Dmerge"
    mvn-version: mvn35
    nexus-cut-dirs: 6 # Number of dirs in the Nexus path to remove for wget -r.
    pre-build-script: "# pre-build script goes here"
    post-build-script: "# post-build script goes here"
    stream: master
    submodule-recursive: true
    submodule-timeout: 10
    submodule-disable: false

    gerrit_merge_triggers:
      - change-merged-event
      - comment-added-contains-event:
          comment-contains-value: '^Patch Set\s+\d+:\s+remerge\s*$'

    gerrit_trigger_file_paths:
      - compare-type: REG_EXP
        pattern: ".*"

    # github_included_regions MUST match gerrit_trigger_file_paths
    github_included_regions:
      - ".*"

    post_build_trigger: ""

    #####################
    # Job Configuration #
    #####################

    disabled: "{disable-job}"

    builders:
      - lf-infra-pre-build
      - lf-jacoco-nojava-workaround
      - lf-maven-install:
          mvn-version: "{mvn-version}"
      - lf-update-java-alternatives:
          java-version: "{java-version}"
      - lf-provide-maven-settings:
          global-settings-file: "{mvn-global-settings}"
          settings-file: "{mvn-settings}"
      - lf-infra-create-netrc:
          server-id: "{mvn-snapshot-id}"
      - inject:
          properties-content: |
            NEXUS_CUT_DIRS={nexus-cut-dirs}
            NEXUS_REPO={nexus-snapshot-repo}
      - shell: !include-raw-escape: ../shell/maven-fetch-metadata.sh
      - shell: "{pre-build-script}"
      - lf-maven-build:
          mvn-goals: "{mvn-goals}"
      - shell: "{post-build-script}"
      - lf-maven-deploy
      - lf-provide-maven-settings-cleanup

    publishers:
      - findbugs
      - lf-jacoco-report:
          exclude-pattern: "{jacoco-exclude-pattern}"
      - lf-infra-publish
      - trigger-parameterized-builds: "{obj:post_build_trigger}"

- job-template:
    name: "{project-name}-maven-merge-{stream}"
    id: gerrit-maven-merge
    <<: *lf_maven_common
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_merge

    scm:
      - lf-infra-gerrit-scm:
          jenkins-ssh-credential: "{jenkins-ssh-credential}"
          git-url: "{git-url}"
          refspec: "$GERRIT_REFSPEC"
          branch: "$GERRIT_BRANCH"
          submodule-recursive: "{submodule-recursive}"
          submodule-timeout: "{submodule-timeout}"
          submodule-disable: "{submodule-disable}"
          choosing-strategy: default

    triggers:
      - timed: "{obj:cron}"
      - gerrit:
          server-name: "{gerrit-server-name}"
          trigger-on: "{obj:gerrit_merge_triggers}"
          projects:
            - project-compare-type: ANT
              project-pattern: "{project}"
              branches:
                - branch-compare-type: ANT
                  branch-pattern: "**/{branch}"
              file-paths: "{obj:gerrit_trigger_file_paths}"

- job-template:
    name: "{project-name}-maven-merge-{stream}"
    id: github-maven-merge
    <<: *lf_maven_common
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_merge

    properties:
      - lf-infra-properties:
          build-days-to-keep: "{build-days-to-keep}"
      - github:
          url: "{github-url}/{github-org}/{project}"

    scm:
      - lf-infra-github-scm:
          url: "{git-clone-url}{github-org}/{project}"
          refspec: ""
          branch: "refs/heads/{branch}"
          submodule-recursive: "{submodule-recursive}"
          submodule-timeout: "{submodule-timeout}"
          submodule-disable: "{submodule-disable}"
          choosing-strategy: default
          jenkins-ssh-credential: "{jenkins-ssh-credential}"

    triggers:
      - timed: "{obj:cron}"
      - github
      - pollscm:
          cron: ""
      - github-pull-request:
          trigger-phrase: "^remerge$"
          only-trigger-phrase: true
          status-context: "Maven Merge"
          permit-all: true
          github-hooks: true
          org-list:
            - "{github-org}"
          white-list: "{obj:github_pr_allowlist}"
          admin-list: "{obj:github_pr_admin_list}"
          white-list-target-branches:
            - "{branch}"
          included-regions: "{obj:github_included_regions}"

##########################
# Maven Merge for Docker #
##########################

- _lf_maven_docker_merge: &lf_maven_docker_merge
    name: lf-maven-docker-merge

    builders:
      - lf-infra-pre-build
      - lf-jacoco-nojava-workaround
      - lf-maven-install:
          mvn-version: "{mvn-version}"
      - lf-infra-docker-login:
          global-settings-file: "{mvn-global-settings}"
          settings-file: "{mvn-settings}"
      - lf-update-java-alternatives:
          java-version: "{java-version}"
      # must provide maven settings AFTER docker due to its cleanup
      - lf-provide-maven-settings:
          global-settings-file: "{mvn-global-settings}"
          settings-file: "{mvn-settings}"
      - lf-infra-create-netrc:
          server-id: "{mvn-snapshot-id}"
      - inject:
          properties-content: |
            NEXUS_CUT_DIRS={nexus-cut-dirs}
            NEXUS_REPO={nexus-snapshot-repo}
            CONTAINER_PULL_REGISTRY={container-public-registry}
            CONTAINER_PUSH_REGISTRY={container-snapshot-registry}
      - shell: !include-raw-escape: ../shell/maven-fetch-metadata.sh
      - lf-maven-build:
          mvn-goals: "{mvn-goals}"
      # NO lf-maven-deploy
      - lf-provide-maven-settings-cleanup

- job-template:
    name: "{project-name}-maven-docker-merge-{stream}"
    id: gerrit-maven-docker-merge
    <<: *lf_maven_common
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_merge
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_docker_merge

    scm:
      - lf-infra-gerrit-scm:
          jenkins-ssh-credential: "{jenkins-ssh-credential}"
          git-url: "{git-url}"
          refspec: "$GERRIT_REFSPEC"
          branch: "$GERRIT_BRANCH"
          submodule-recursive: "{submodule-recursive}"
          submodule-timeout: "{submodule-timeout}"
          submodule-disable: "{submodule-disable}"
          choosing-strategy: default

    triggers:
      - gerrit:
          server-name: "{gerrit-server-name}"
          trigger-on: "{obj:gerrit_merge_triggers}"
          projects:
            - project-compare-type: ANT
              project-pattern: "{project}"
              branches:
                - branch-compare-type: ANT
                  branch-pattern: "**/{branch}"
              file-paths: "{obj:gerrit_trigger_file_paths}"

- job-template:
    name: "{project-name}-maven-docker-merge-{stream}"
    id: github-maven-docker-merge
    <<: *lf_maven_common
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_merge
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_docker_merge

    properties:
      - lf-infra-properties:
          build-days-to-keep: "{build-days-to-keep}"
      - github:
          url: "{github-url}/{github-org}/{project}"

    scm:
      - lf-infra-github-scm:
          url: "{git-clone-url}{github-org}/{project}"
          refspec: ""
          branch: "refs/heads/{branch}"
          submodule-recursive: "{submodule-recursive}"
          submodule-timeout: "{submodule-timeout}"
          submodule-disable: "{submodule-disable}"
          choosing-strategy: default
          jenkins-ssh-credential: "{jenkins-ssh-credential}"

    triggers:
      - github
      - pollscm:
          cron: ""
      - github-pull-request:
          trigger-phrase: "^remerge$"
          only-trigger-phrase: true
          status-context: "Maven Docker Merge"
          permit-all: true
          github-hooks: true
          org-list:
            - "{github-org}"
          white-list: "{obj:github_pr_allowlist}"
          admin-list: "{obj:github_pr_admin_list}"
          white-list-target-branches:
            - "{branch}"
          included-regions: "{obj:github_included_regions}"

###############
# Maven Stage #
###############

- _lf_maven_stage: &lf_maven_stage
    name: lf-maven-stage

    ######################
    # Default parameters #
    ######################

    branch: master
    build-days-to-keep: 30 # 30 days in case a release takes long to get approved.
    build-timeout: 60
    cron: ""
    disable-job: false
    git-url: "$GIT_URL/$PROJECT"
    github-url: "https://github.com"
    java-version: openjdk11
    maven-versions-plugin: false
    version-properties-file: version.properties
    mvn-central: false
    mvn-global-settings: global-settings
    mvn-goals: clean deploy
    mvn-opts: ""
    mvn-params: ""
    mvn-version: mvn35
    ossrh-profile-id: ""
    mvn-pom: ""
    sbom-flags: ""
    sbom-path: "$WORKSPACE"
    sbom-generator: false
    sbom-generator-version: "v0.0.15"
    sign-artifacts: false
    sign-mode: serial
    stream: master
    submodule-recursive: true
    submodule-timeout: 10
    submodule-disable: false

    gerrit_release_triggers:
      - comment-added-contains-event:
          comment-contains-value: '^Patch Set\s+\d+:\s+stage-(maven-)?release\s*$'

    gerrit_trigger_file_paths:
      - compare-type: ANT
        pattern: "**"

    # github_included_regions MUST match gerrit_trigger_file_paths
    github_included_regions:
      - ".*"

    #####################
    # Job Configuration #
    #####################

    disabled: "{disable-job}"

    parameters:
      - lf-infra-parameters:
          project: "{project}"
          branch: "{branch}"
          stream: "{stream}"
      - lf-infra-maven-parameters:
          mvn-opts: "{mvn-opts}"
          mvn-params: "{mvn-params}"
          mvn-version: "{mvn-version}"
          staging-profile-id: "{staging-profile-id}"
      - bool:
          name: MAVEN_VERSIONS_PLUGIN
          default: "{maven-versions-plugin}"
          description: Use maven-versions-plugin to update pom versions.
      - string:
          name: ARCHIVE_ARTIFACTS
          default: "{archive-artifacts}"
          description: Artifacts to archive to the logs server.
      - string:
          name: STAGING_PROFILE_ID
          default: "{staging-profile-id}"
          description: Nexus staging profile ID.
      - string:
          name: SBOM_GENERATOR_VERSION
          default: "{sbom-generator-version}"
          description: SBOM generator version to download and run.
      - string:
          name: SBOM_PATH
          default: "{sbom-path}"
          description: path where SBOM needs to be executed.

    builders:
      - lf-infra-pre-build
      - lf-jacoco-nojava-workaround
      - lf-maven-install:
          mvn-version: "{mvn-version}"
      - lf-update-java-alternatives:
          java-version: "{java-version}"
      - lf-provide-maven-settings:
          global-settings-file: "{mvn-global-settings}"
          settings-file: "{mvn-settings}"
      - lf-maven-versions-plugin:
          maven-versions-plugin: "{maven-versions-plugin}"
          version-properties-file: "{version-properties-file}"
          mvn-version: "{mvn-version}"
          mvn-pom: "{mvn-pom}"
          mvn-settings: "{mvn-settings}"
      - shell: !include-raw-escape: ../shell/maven-patch-release.sh
      - lf-maven-build:
          mvn-goals: "{mvn-goals}"
      # With SBOM Generator
      - conditional-step:
          condition-kind: boolean-expression
          condition-expression: "{sbom-generator}"
          steps:
            - shell: echo 'Running SBOM Generator'
            - lf-infra-maven-sbom-generator:
                sbom-flags: "{sbom-flags}"
      - lf-sigul-sign-dir:
          sign-artifacts: "{sign-artifacts}"
          sign-dir: "$WORKSPACE/m2repo"
          sign-mode: "{sign-mode}"
      - lf-maven-stage:
          mvn-global-settings: "{mvn-global-settings}"
          mvn-settings: "{mvn-settings}"
          mvn-staging-id: "{mvn-staging-id}"
      - lf-maven-central:
          mvn-central: "{mvn-central}"
          mvn-global-settings: "{mvn-global-settings}"
          mvn-settings: "{mvn-settings}"
          ossrh-profile-id: "{ossrh-profile-id}"
      - lf-provide-maven-settings-cleanup

- job-template:
    name: "{project-name}-maven-stage-{stream}"
    id: gerrit-maven-stage
    <<: *lf_maven_common
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_stage

    scm:
      - lf-infra-gerrit-scm:
          jenkins-ssh-credential: "{jenkins-ssh-credential}"
          git-url: "{git-url}"
          refspec: "$GERRIT_REFSPEC"
          branch: "$GERRIT_BRANCH"
          submodule-recursive: "{submodule-recursive}"
          submodule-timeout: "{submodule-timeout}"
          submodule-disable: "{submodule-disable}"
          choosing-strategy: default

    triggers:
      - timed: "{obj:cron}"
      - gerrit:
          server-name: "{gerrit-server-name}"
          trigger-on: "{obj:gerrit_release_triggers}"
          projects:
            - project-compare-type: ANT
              project-pattern: "{project}"
              branches:
                - branch-compare-type: ANT
                  branch-pattern: "**/{branch}"
              file-paths: "{obj:gerrit_trigger_file_paths}"

- job-template:
    name: "{project-name}-maven-stage-{stream}"
    id: github-maven-stage
    <<: *lf_maven_common
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_stage

    properties:
      - lf-infra-properties:
          build-days-to-keep: "{build-days-to-keep}"
      - github:
          url: "{github-url}/{github-org}/{project}"

    scm:
      - lf-infra-github-scm:
          url: "{git-clone-url}{github-org}/{project}"
          refspec: "+refs/pull/*:refs/remotes/origin/pr/*"
          branch: "{branch}"
          submodule-recursive: "{submodule-recursive}"
          submodule-timeout: "{submodule-timeout}"
          submodule-disable: "{submodule-disable}"
          choosing-strategy: default
          jenkins-ssh-credential: "{jenkins-ssh-credential}"

    triggers:
      - timed: "{obj:cron}"
      - github-pull-request:
          trigger-phrase: "^stage-(maven-)?release$"
          only-trigger-phrase: true
          status-context: "Maven Release"
          permit-all: true
          github-hooks: true
          white-list-target-branches:
            - "{branch}"
          included-regions: "{obj:github_included_regions}"

##########################
# Maven Stage for Docker #
##########################

- _lf_maven_docker_stage: &lf_maven_docker_stage
    name: lf-maven-docker-stage

    builders:
      - lf-infra-pre-build
      - lf-jacoco-nojava-workaround
      - lf-maven-install:
          mvn-version: "{mvn-version}"
      - lf-update-java-alternatives:
          java-version: "{java-version}"
      - lf-infra-docker-login:
          global-settings-file: "{mvn-global-settings}"
          settings-file: "{mvn-settings}"
      # must provide maven settings AFTER docker-login due to its cleanup
      - lf-provide-maven-settings:
          global-settings-file: "{mvn-global-settings}"
          settings-file: "{mvn-settings}"
      - lf-maven-versions-plugin:
          maven-versions-plugin: "{maven-versions-plugin}"
          version-properties-file: "{version-properties-file}"
          mvn-version: "{mvn-version}"
          mvn-pom: "{mvn-pom}"
          mvn-settings: "{mvn-settings}"
      - shell: !include-raw-escape: ../shell/maven-patch-release.sh
      - inject:
          properties-content: |
            CONTAINER_PULL_REGISTRY={container-public-registry}
            CONTAINER_PUSH_REGISTRY={container-staging-registry}
      - lf-maven-build:
          mvn-goals: "{mvn-goals}"
      - lf-sigul-sign-dir:
          sign-artifacts: "{sign-artifacts}"
          sign-dir: "$WORKSPACE/m2repo"
          sign-mode: "{sign-mode}"
      # NO lf-maven-stage
      # NO lf-maven-central
      - lf-provide-maven-settings-cleanup

    gerrit_release_docker_triggers:
      - comment-added-contains-event:
          comment-contains-value: '^Patch Set\s+\d+:\s+stage-(docker-)?release\s*$'

- job-template:
    name: "{project-name}-maven-docker-stage-{stream}"
    id: gerrit-maven-docker-stage
    <<: *lf_maven_common
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_stage
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_docker_stage

    scm:
      - lf-infra-gerrit-scm:
          jenkins-ssh-credential: "{jenkins-ssh-credential}"
          git-url: "{git-url}"
          refspec: "$GERRIT_REFSPEC"
          branch: "$GERRIT_BRANCH"
          submodule-recursive: "{submodule-recursive}"
          submodule-timeout: "{submodule-timeout}"
          submodule-disable: "{submodule-disable}"
          choosing-strategy: default

    triggers:
      - timed: "{obj:cron}"
      - gerrit:
          server-name: "{gerrit-server-name}"
          trigger-on: "{obj:gerrit_release_docker_triggers}"
          projects:
            - project-compare-type: ANT
              project-pattern: "{project}"
              branches:
                - branch-compare-type: ANT
                  branch-pattern: "**/{branch}"
              file-paths: "{obj:gerrit_trigger_file_paths}"

- job-template:
    name: "{project-name}-maven-docker-stage-{stream}"
    id: github-maven-docker-stage
    <<: *lf_maven_common
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_stage
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_docker_stage

    properties:
      - lf-infra-properties:
          build-days-to-keep: "{build-days-to-keep}"
      - github:
          url: "{github-url}/{github-org}/{project}"

    scm:
      - lf-infra-github-scm:
          url: "{git-clone-url}{github-org}/{project}"
          refspec: "+refs/pull/*:refs/remotes/origin/pr/*"
          branch: "{branch}"
          submodule-recursive: "{submodule-recursive}"
          submodule-timeout: "{submodule-timeout}"
          submodule-disable: "{submodule-disable}"
          choosing-strategy: default
          jenkins-ssh-credential: "{jenkins-ssh-credential}"

    triggers:
      - timed: "{obj:cron}"
      - github-pull-request:
          trigger-phrase: "^stage-(docker-)?release$"
          only-trigger-phrase: true
          status-context: "Maven Release"
          permit-all: true
          github-hooks: true
          white-list-target-branches:
            - "{branch}"
          included-regions: "{obj:github_included_regions}"

###############
# Maven Sonar #
###############

- _lf_maven_sonar: &lf_maven_sonar
    name: lf-maven-sonar

    ######################
    # Default parameters #
    ######################

    branch: master # Sonar should always be run on master branch
    build-days-to-keep: 7
    build-timeout: 60
    cron: "H H * * 6" # run weekly
    disable-job: false
    git-url: "$GIT_URL/$PROJECT"
    github-url: "https://github.com"
    jacoco-exclude-pattern: "**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**"
    java-version: openjdk11
    java-opts: ""
    mvn-global-settings: global-settings
    mvn-goals: clean install
    mvn-opts: ""
    mvn-params: ""
    mvn-version: mvn35
    sonar-mvn-goal: "sonar:sonar"
    sonarcloud: false
    sonarcloud-project-key: ""
    sonarcloud-project-organization: ""
    sonarcloud-api-token-cred-id: sonarcloud-api-token
    sonarcloud-qualitygate-wait: false
    # SonarCloud scan using jdk8 will become deprecated by Oct, 2020
    # Projects not compatible with jdk11 can set java-version to something else
    sonarcloud-java-version: openjdk11
    stream: master
    submodule-recursive: true
    submodule-timeout: 10
    submodule-disable: false
    scan-dev-branch: false

    gerrit_sonar_triggers:
      - comment-added-contains-event:
          comment-contains-value: '^Patch Set\s+\d+:\s+run-sonar\s*$'

    #####################
    # Job Configuration #
    #####################

    disabled: "{disable-job}"

    parameters:
      - lf-infra-parameters:
          project: "{project}"
          branch: "{branch}"
          stream: "{stream}"
      - lf-infra-maven-parameters:
          mvn-opts: "{mvn-opts}"
          mvn-params: "{mvn-params}"
          mvn-version: "{mvn-version}"
      - string:
          name: ARCHIVE_ARTIFACTS
          default: "{archive-artifacts}"
          description: Artifacts to archive to the logs server.
      - string:
          name: JAVA_OPTS
          default: "{java-opts}"
          description: |
            Java options. Example: -Xmx1024m
      - string:
          name: SONAR_MAVEN_GOAL
          default: "{sonar-mvn-goal}"
          description: |
            Maven goals to pass to the Sonar call. Typically sonar:sonar
            however to use a specific version of the sonar-maven-plugin we
            can call "org.codehaus.mojo:sonar-maven-plugin:3.3.0.603:sonar".

    wrappers:
      - credentials-binding:
          - text:
              credential-id: "{sonarcloud-api-token-cred-id}"
              variable: API_TOKEN

    triggers:
      - timed: "{obj:cron}"
      - gerrit:
          server-name: "{gerrit-server-name}"
          trigger-on: "{obj:gerrit_sonar_triggers}"
          projects:
            - project-compare-type: "ANT"
              project-pattern: "{project}"
              branches:
                - branch-compare-type: "ANT"
                  branch-pattern: "**/master"
          skip-vote:
            successful: true
            failed: true
            unstable: true
            notbuilt: true

    publishers:
      - lf-jacoco-report:
          exclude-pattern: "{jacoco-exclude-pattern}"
      - findbugs
      - lf-infra-publish

- _mvn_sonar_builders: &mvn_sonar_builders
    name: mvn-sonar-builders
    builders:
      - lf-infra-pre-build
      # With SonarCloud
      - conditional-step:
          condition-kind: boolean-expression
          condition-expression: "{sonarcloud}"
          steps:
            - shell: echo 'Using SonarCloud'
            - lf-infra-maven-sonarcloud:
                java-version: "{java-version}"
                mvn-goals: "{mvn-goals}"
                mvn-settings: "{mvn-settings}"
                mvn-version: "{mvn-version}"
                sonarcloud-project-key: "{sonarcloud-project-key}"
                sonarcloud-project-organization: "{sonarcloud-project-organization}"
                sonarcloud-java-version: "{sonarcloud-java-version}"
                sonarcloud-qualitygate-wait: "{sonarcloud-qualitygate-wait}"
                scan-dev-branch: "{scan-dev-branch}"
      # With SonarQube
      - conditional-step:
          condition-kind: not
          condition-operand:
            condition-kind: boolean-expression
            condition-expression: "{sonarcloud}"
          steps:
            - shell: echo 'Using SonarQube'
            - lf-infra-maven-sonar:
                java-version: "{java-version}"
                mvn-goals: "{mvn-goals}"
                mvn-settings: "{mvn-settings}"
                mvn-version: "{mvn-version}"

- _mvn_sonar_builders_prescan_script: &mvn_sonar_builders_prescan_script
    name: mvn-sonar-builders-prescan-script
    builders:
      - shell: "{sonar-prescan-script}"
      - lf-infra-pre-build
      # With SonarCloud
      - conditional-step:
          condition-kind: boolean-expression
          condition-expression: "{sonarcloud}"
          steps:
            - shell: echo 'Using SonarCloud'
            - lf-infra-maven-sonarcloud:
                java-version: "{java-version}"
                mvn-goals: "{mvn-goals}"
                mvn-settings: "{mvn-settings}"
                mvn-version: "{mvn-version}"
                sonarcloud-project-key: "{sonarcloud-project-key}"
                sonarcloud-project-organization: "{sonarcloud-project-organization}"
                sonarcloud-java-version: "{sonarcloud-java-version}"
                sonarcloud-qualitygate-wait: "{sonarcloud-qualitygate-wait}"
                scan-dev-branch: "{scan-dev-branch}"
      # With SonarQube
      - conditional-step:
          condition-kind: not
          condition-operand:
            condition-kind: boolean-expression
            condition-expression: "{sonarcloud}"
          steps:
            - shell: echo 'Using SonarQube'
            - lf-infra-maven-sonar:
                java-version: "{java-version}"
                mvn-goals: "{mvn-goals}"
                mvn-settings: "{mvn-settings}"
                mvn-version: "{mvn-version}"

- builder:
    name: lf-infra-maven-sbom-generator
    # Run Maven goals and trigger SPDX SBOM Generator tool
    builders:
      - inject:
          properties-content: |
            SBOM_FLAGS={sbom-flags}
      - shell: !include-raw-escape:
          - ../shell/sbom-generator.sh

- builder:
    name: lf-infra-maven-sonar
    # Run a Sonar build with Maven
    builders:
      - lf-maven-install:
          mvn-version: "{mvn-version}"
      - lf-update-java-alternatives:
          java-version: "{java-version}"
      - inject:
          # Switch this to the sonar wrapper when JJB 2.0 is available
          properties-content: |
            SONAR_HOST_URL=$SONAR_URL
            MAVEN_GOALS={mvn-goals}
      - lf-provide-maven-settings:
          global-settings-file: global-settings
          settings-file: "{mvn-settings}"
      - shell: !include-raw-escape:
          - ../shell/common-variables.sh
          - ../shell/maven-sonar.sh
      - lf-provide-maven-settings-cleanup

- builder:
    name: lf-infra-maven-sonarcloud
    # Run a Sonar build with Maven
    builders:
      - lf-maven-install:
          mvn-version: "{mvn-version}"
      - lf-update-java-alternatives:
          java-version: "{java-version}"
      - inject:
          # Switch this to the sonar wrapper when JJB 2.0 is available
          properties-content: |
            SONAR_HOST_URL=https://sonarcloud.io
            PROJECT_KEY={sonarcloud-project-key}
            PROJECT_ORGANIZATION={sonarcloud-project-organization}
            MAVEN_GOALS={mvn-goals}
            SONARCLOUD_JAVA_VERSION={sonarcloud-java-version}
            SCAN_DEV_BRANCH={scan-dev-branch}
            SONARCLOUD_QUALITYGATE_WAIT={sonarcloud-qualitygate-wait}
      - lf-provide-maven-settings:
          global-settings-file: global-settings
          settings-file: "{mvn-settings}"
      - shell: !include-raw-escape:
          - ../shell/common-variables.sh
          - ../shell/maven-sonar.sh
      - lf-provide-maven-settings-cleanup

- job-template:
    name: "{project-name}-sonar"
    id: gerrit-maven-sonar
    <<: *lf_maven_common
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_sonar
    <<: *mvn_sonar_builders

    scm:
      - lf-infra-gerrit-scm:
          jenkins-ssh-credential: "{jenkins-ssh-credential}"
          git-url: "{git-url}"
          refspec: $GERRIT_REFSPEC
          branch: $GERRIT_BRANCH
          submodule-recursive: "{submodule-recursive}"
          submodule-timeout: "{submodule-timeout}"
          submodule-disable: "{submodule-disable}"
          choosing-strategy: default

- job-template:
    name: "{project-name}-sonar-verify"
    id: gerrit-maven-sonar-verify
    <<: *lf_maven_common
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_sonar
    <<: *mvn_sonar_builders

    sonarcloud: true
    scan-dev-branch: true
    sonarcloud-qualitygate-wait: false

    gerrit_sonar_triggers:
      - patchset-created-event:
          exclude-drafts: true
          exclude-trivial-rebase: false
          exclude-no-code-change: false
      - draft-published-event
      - comment-added-contains-event:
          comment-contains-value: '^Patch Set\s+\d+:\s+(recheck|reverify)\s*$'

    gerrit_trigger_file_paths:
      - compare-type: REG_EXP
        pattern: ".*"

    triggers:
      - gerrit:
          server-name: "{gerrit-server-name}"
          trigger-on: "{obj:gerrit_sonar_triggers}"
          projects:
            - project-compare-type: "ANT"
              project-pattern: "{project}"
              branches:
                - branch-compare-type: "ANT"
                  branch-pattern: "**/{branch}"
              file-paths: "{obj:gerrit_trigger_file_paths}"

    scm:
      - lf-infra-gerrit-scm:
          jenkins-ssh-credential: "{jenkins-ssh-credential}"
          git-url: "{git-url}"
          refspec: $GERRIT_REFSPEC
          branch: $GERRIT_BRANCH
          submodule-recursive: "{submodule-recursive}"
          submodule-timeout: "{submodule-timeout}"
          submodule-disable: "{submodule-disable}"
          choosing-strategy: gerrit

- job-template:
    name: "{project-name}-sonar-prescan-script"
    id: gerrit-maven-sonar-prescan-script
    <<: *lf_maven_common
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_sonar
    <<: *mvn_sonar_builders_prescan_script

    scm:
      - lf-infra-gerrit-scm:
          jenkins-ssh-credential: "{jenkins-ssh-credential}"
          git-url: "{git-url}"
          refspec: $GERRIT_REFSPEC
          branch: $GERRIT_BRANCH
          submodule-recursive: "{submodule-recursive}"
          submodule-timeout: "{submodule-timeout}"
          submodule-disable: "{submodule-disable}"
          choosing-strategy: default

- job-template:
    name: "{project-name}-sonar"
    id: github-maven-sonar
    <<: *lf_maven_common
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_sonar

    properties:
      - lf-infra-properties:
          build-days-to-keep: "{build-days-to-keep}"
      - github:
          url: "{github-url}/{github-org}/{project}"

    scm:
      - lf-infra-github-scm:
          url: "{git-clone-url}{github-org}/{project}"
          refspec: "+refs/pull/*:refs/remotes/origin/pr/*"
          branch: "$sha1"
          submodule-recursive: "{submodule-recursive}"
          submodule-timeout: "{submodule-timeout}"
          submodule-disable: "{submodule-disable}"
          choosing-strategy: default
          jenkins-ssh-credential: "{jenkins-ssh-credential}"

    triggers:
      - timed: "{obj:cron}"
      - github-pull-request:
          trigger-phrase: "^run-sonar$"
          only-trigger-phrase: true
          status-context: "Maven Sonar"
          permit-all: true
          github-hooks: true
          org-list:
            - "{github-org}"
          white-list: "{obj:github_pr_allowlist}"
          admin-list: "{obj:github_pr_admin_list}"
          white-list-target-branches:
            - "{branch}"

- job-template:
    name: "{project-name}-sonar-prescan-script"
    id: github-maven-sonar-prescan-script
    <<: *lf_maven_common
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_sonar
    <<: *mvn_sonar_builders_prescan_script

    properties:
      - lf-infra-properties:
          build-days-to-keep: "{build-days-to-keep}"
      - github:
          url: "{github-url}/{github-org}/{project}"

    scm:
      - lf-infra-github-scm:
          url: "{git-clone-url}{github-org}/{project}"
          refspec: "+refs/pull/*:refs/remotes/origin/pr/*"
          branch: "$sha1"
          submodule-recursive: "{submodule-recursive}"
          submodule-timeout: "{submodule-timeout}"
          submodule-disable: "{submodule-disable}"
          choosing-strategy: default
          jenkins-ssh-credential: "{jenkins-ssh-credential}"

    triggers:
      - timed: "{obj:cron}"
      - github-pull-request:
          trigger-phrase: "^run-sonar$"
          only-trigger-phrase: true
          status-context: "Maven Sonar"
          permit-all: true
          github-hooks: true
          org-list:
            - "{github-org}"
          white-list: "{obj:github_pr_allowlist}"
          admin-list: "{obj:github_pr_admin_list}"
          white-list-target-branches:
            - "{branch}"

################
# Maven Verify #
################

- _lf_maven_verify: &lf_maven_verify
    name: lf-maven-verify

    ######################
    # Default parameters #
    ######################

    branch: master
    build-days-to-keep: 7
    build-timeout: 60
    disable-job: false
    git-url: "$GIT_URL/$PROJECT"
    github-url: "https://github.com"
    jacoco-exclude-pattern: "**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**"
    java-version: openjdk11
    mvn-global-settings: global-settings
    mvn-goals: clean deploy
    mvn-opts: ""
    mvn-params: "-Dstream=$STREAM -Dmaven.source.skip=true"
    mvn-version: mvn35
    pre-build-script: "# pre-build script goes here"
    post-build-script: "# post-build script goes here"
    stream: master
    submodule-recursive: true
    submodule-timeout: 10
    submodule-disable: false

    gerrit_verify_triggers:
      - patchset-created-event:
          exclude-drafts: true
          exclude-trivial-rebase: false
          exclude-no-code-change: false
      - draft-published-event
      - comment-added-contains-event:
          comment-contains-value: '^Patch Set\s+\d+:\s+(recheck|reverify)\s*$'

    gerrit_trigger_file_paths:
      - compare-type: REG_EXP
        pattern: ".*"

    # github_included_regions MUST match gerrit_trigger_file_paths
    github_included_regions:
      - ".*"

    #####################
    # Job Configuration #
    #####################

    concurrent: true
    disabled: "{disable-job}"

    builders:
      - lf-infra-pre-build
      - lf-jacoco-nojava-workaround
      - lf-maven-install:
          mvn-version: "{mvn-version}"
      - lf-update-java-alternatives:
          java-version: "{java-version}"
      - lf-provide-maven-settings:
          global-settings-file: "{mvn-global-settings}"
          settings-file: "{mvn-settings}"
      - shell: "{pre-build-script}"
      - lf-maven-build:
          mvn-goals: "{mvn-goals}"
      - shell: "{post-build-script}"
      - lf-provide-maven-settings-cleanup

    publishers:
      - findbugs
      - lf-jacoco-report:
          exclude-pattern: "{jacoco-exclude-pattern}"
      - lf-infra-publish

- job-template:
    name: "{project-name}-maven-verify-{stream}-{mvn-version}-{java-version}"
    id: gerrit-maven-verify
    <<: *lf_maven_common
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_verify

    scm:
      - lf-infra-gerrit-scm:
          jenkins-ssh-credential: "{jenkins-ssh-credential}"
          git-url: "{git-url}"
          refspec: "$GERRIT_REFSPEC"
          branch: "$GERRIT_BRANCH"
          submodule-recursive: "{submodule-recursive}"
          submodule-timeout: "{submodule-timeout}"
          submodule-disable: "{submodule-disable}"
          choosing-strategy: gerrit

    triggers:
      - gerrit:
          server-name: "{gerrit-server-name}"
          trigger-on: "{obj:gerrit_verify_triggers}"
          projects:
            - project-compare-type: ANT
              project-pattern: "{project}"
              branches:
                - branch-compare-type: ANT
                  branch-pattern: "**/{branch}"
              file-paths: "{obj:gerrit_trigger_file_paths}"

- job-template:
    name: "{project-name}-maven-verify-{stream}-{mvn-version}-{java-version}"
    id: github-maven-verify
    <<: *lf_maven_common
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_verify

    properties:
      - lf-infra-properties:
          build-days-to-keep: "{build-days-to-keep}"
      - github:
          url: "{github-url}/{github-org}/{project}"

    scm:
      - lf-infra-github-scm:
          url: "{git-clone-url}{github-org}/{project}"
          refspec: "+refs/pull/*:refs/remotes/origin/pr/*"
          branch: "$sha1"
          submodule-recursive: "{submodule-recursive}"
          submodule-timeout: "{submodule-timeout}"
          submodule-disable: "{submodule-disable}"
          choosing-strategy: default
          jenkins-ssh-credential: "{jenkins-ssh-credential}"

    triggers:
      - github-pull-request:
          trigger-phrase: "^(recheck|reverify)$"
          only-trigger-phrase: false
          status-context: "Maven Verify {mvn-version}-{java-version}"
          permit-all: true
          github-hooks: true
          white-list-target-branches:
            - "{branch}"
          included-regions: "{obj:github_included_regions}"

###########################
# Maven Verify for Docker #
###########################

- _lf_maven_docker_verify: &lf_maven_docker_verify
    name: lf-maven-docker-verify

    # image push not allowed during verification
    mvn-goals: clean install

    builders:
      - lf-infra-pre-build
      - lf-jacoco-nojava-workaround
      - lf-maven-install:
          mvn-version: "{mvn-version}"
      - lf-update-java-alternatives:
          java-version: "{java-version}"
      - lf-infra-docker-login:
          global-settings-file: "{mvn-global-settings}"
          settings-file: "{mvn-settings}"
      # must provide maven settings AFTER docker due to its cleanup
      - lf-provide-maven-settings:
          global-settings-file: "{mvn-global-settings}"
          settings-file: "{mvn-settings}"
      - inject:
          properties-content: |
            CONTAINER_PULL_REGISTRY={container-public-registry}
      - lf-maven-build:
          mvn-goals: "{mvn-goals}"
      - lf-provide-maven-settings-cleanup

- job-template:
    name: "{project-name}-maven-docker-verify-{stream}-{mvn-version}-{java-version}"
    id: gerrit-maven-docker-verify
    <<: *lf_maven_common
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_verify
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_docker_verify

    scm:
      - lf-infra-gerrit-scm:
          jenkins-ssh-credential: "{jenkins-ssh-credential}"
          git-url: "{git-url}"
          refspec: "$GERRIT_REFSPEC"
          branch: "$GERRIT_BRANCH"
          submodule-recursive: "{submodule-recursive}"
          submodule-timeout: "{submodule-timeout}"
          submodule-disable: "{submodule-disable}"
          choosing-strategy: gerrit

    triggers:
      - gerrit:
          server-name: "{gerrit-server-name}"
          trigger-on: "{obj:gerrit_verify_triggers}"
          projects:
            - project-compare-type: ANT
              project-pattern: "{project}"
              branches:
                - branch-compare-type: ANT
                  branch-pattern: "**/{branch}"
              file-paths: "{obj:gerrit_trigger_file_paths}"

- job-template:
    name: "{project-name}-maven-docker-verify-{stream}-{mvn-version}-{java-version}"
    id: github-maven-docker-verify
    <<: *lf_maven_common
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_verify
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_docker_verify

    properties:
      - lf-infra-properties:
          build-days-to-keep: "{build-days-to-keep}"
      - github:
          url: "{github-url}/{github-org}/{project}"

    scm:
      - lf-infra-github-scm:
          url: "{git-clone-url}{github-org}/{project}"
          refspec: "+refs/pull/*:refs/remotes/origin/pr/*"
          branch: "$sha1"
          submodule-recursive: "{submodule-recursive}"
          submodule-timeout: "{submodule-timeout}"
          submodule-disable: "{submodule-disable}"
          choosing-strategy: default
          jenkins-ssh-credential: "{jenkins-ssh-credential}"

    triggers:
      - github-pull-request:
          trigger-phrase: "^(recheck|reverify)$"
          only-trigger-phrase: false
          status-context: "Maven Docker Verify {mvn-version}-{java-version}"
          permit-all: true
          github-hooks: true
          white-list-target-branches:
            - "{branch}"
          included-regions: "{obj:github_included_regions}"

#############################
# Maven Verify Dependencies #
#############################

- _lf_maven_verify_dependencies: &lf_maven_verify_dependencies
    name: lf-maven-verify-dependencies

    ######################
    # Default parameters #
    ######################

    branch: master
    build-days-to-keep: 7
    build-timeout: 60
    disable-job: false
    git-url: "$GIT_URL/$PROJECT"
    github-url: "https://github.com"
    jacoco-exclude-pattern: "**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**"
    java-version: openjdk11
    mvn-global-settings: global-settings
    mvn-goals: clean deploy
    mvn-opts: ""
    mvn-params: "-Dstream=$STREAM"
    mvn-version: mvn35
    stream: master
    submodule-recursive: true
    submodule-timeout: 10
    submodule-disable: false

    gerrit_verify_triggers:
      - comment-added-contains-event:
          comment-contains-value: "recheck: [0-9 ]+"
    gerrit_trigger_file_paths:
      - compare-type: ANT
        pattern: "**"

    #####################
    # Job Configuration #
    #####################

    concurrent: true
    disabled: "{disable-job}"

    builders:
      - lf-infra-pre-build
      - lf-jacoco-nojava-workaround
      - lf-maven-install:
          mvn-version: "{mvn-version}"
      - lf-update-java-alternatives:
          java-version: "{java-version}"
      - lf-provide-maven-settings:
          global-settings-file: "{mvn-global-settings}"
          settings-file: "{mvn-settings}"
      - lf-fetch-dependent-patches
      - shell: !include-raw-escape:
          - ../shell/common-variables.sh
          - ../shell/maven-build-deps.sh
      - lf-maven-build:
          mvn-goals: "{mvn-goals}"
      - lf-provide-maven-settings-cleanup

    publishers:
      - findbugs
      - lf-jacoco-report:
          exclude-pattern: "{jacoco-exclude-pattern}"
      - lf-infra-publish

- job-template:
    name: "{project-name}-maven-verify-deps-{stream}-{mvn-version}-{java-version}"
    id: gerrit-maven-verify-dependencies
    <<: *lf_maven_common
    # yamllint disable-line rule:key-duplicates
    <<: *lf_maven_verify_dependencies

    scm:
      - lf-infra-gerrit-scm:
          jenkins-ssh-credential: "{jenkins-ssh-credential}"
          git-url: "{git-url}"
          refspec: "$GERRIT_REFSPEC"
          branch: "$GERRIT_BRANCH"
          submodule-recursive: "{submodule-recursive}"
          submodule-timeout: "{submodule-timeout}"
          submodule-disable: "{submodule-disable}"
          choosing-strategy: gerrit

    triggers:
      - gerrit:
          server-name: "{gerrit-server-name}"
          trigger-on: "{obj:gerrit_verify_triggers}"
          projects:
            - project-compare-type: ANT
              project-pattern: "{project}"
              branches:
                - branch-compare-type: ANT
                  branch-pattern: "**/{branch}"
              file-paths: "{obj:gerrit_trigger_file_paths}"
          comment-text-parameter-mode: PLAIN