--- # This file contains job templates for Docker projects. ########## # Macros # ########## - builder: name: lf-docker-get-container-tag builders: - inject: properties-content: | CONTAINER_TAG_METHOD={container-tag-method} CONTAINER_TAG_YAML_DIR={container-tag-yaml-dir} DOCKER_ROOT={docker-root} - shell: !include-raw-escape: "{docker-get-container-tag-script}" - inject: # Import the container tag set by this build step properties-file: "env_docker_inject.txt" - builder: name: lf-docker-build builders: - inject: properties-content: | DOCKER_ARGS={docker-build-args} DOCKER_NAME={docker-name} DOCKER_ROOT={docker-root} CONTAINER_PULL_REGISTRY={container-public-registry} CONTAINER_PUSH_REGISTRY={container-push-registry} - shell: !include-raw-escape: - ../shell/docker-build.sh - builder: name: lf-docker-push builders: - inject: properties-content: | CONTAINER_PUSH_REGISTRY={container-push-registry} - shell: !include-raw-escape: - ../shell/docker-push.sh #################### # COMMON FUNCTIONS # #################### - _lf_docker_common: &lf_docker_common name: lf-docker-common project-type: freestyle node: "{build-node}" ###################### # Default parameters # ###################### branch: master build-days-to-keep: 7 build-timeout: 60 submodule-disable: false submodule-recursive: true submodule-timeout: 10 pre_docker_build_script: "# pre docker build script goes here" post_docker_build_script: "# post docker build script goes here" disable-job: "false" docker-get-container-tag-script: "../shell/docker-get-container-tag.sh" docker-root: "$WORKSPACE" docker-build-args: "" git-url: "$GIT_URL/$PROJECT" container-tag-method: "latest" # TODO: how to interpolate value of {docker-root} parameter? container-tag-yaml-dir: "" ##################### # Job Configuration # ##################### disabled: "{disable-job}" properties: - lf-infra-properties: build-days-to-keep: "{build-days-to-keep}" parameters: - lf-infra-parameters: branch: "{branch}" project: "{project}" refspec: "refs/heads/{branch}" stream: "{stream}" wrappers: - lf-infra-wrappers: build-timeout: "{build-timeout}" jenkins-ssh-credential: "{jenkins-ssh-credential}" publishers: - lf-infra-publish - _docker_verify_common: &docker_verify_common name: docker-verify-common concurrent: true scm: - lf-infra-gerrit-scm: jenkins-ssh-credential: "{jenkins-ssh-credential}" git-url: "{git-url}" refspec: "$GERRIT_REFSPEC" branch: "$GERRIT_BRANCH" submodule-disable: "{submodule-disable}" submodule-recursive: "{submodule-recursive}" submodule-timeout: "{submodule-timeout}" choosing-strategy: gerrit gerrit_verify_triggers: - patchset-created-event: exclude-drafts: true exclude-trivial-rebase: false exclude-no-code-change: false - draft-published-event - comment-added-contains-event: comment-contains-value: '^Patch Set\s+\d+:\s+(recheck|reverify)\s*$' gerrit_trigger_file_paths: - compare-type: REG_EXP pattern: ".*" # github_included_regions MUST match gerrit_trigger_file_paths github_included_regions: - ".*" builders: - lf-infra-pre-build - lf-infra-docker-login: global-settings-file: "global-settings" settings-file: "{mvn-settings}" - shell: "{pre_docker_build_script}" - lf-docker-get-container-tag: container-tag-method: "{container-tag-method}" container-tag-yaml-dir: "{container-tag-yaml-dir}" docker-root: "{docker-root}" docker-get-container-tag-script: "{docker-get-container-tag-script}" - lf-docker-build: docker-build-args: "{docker-build-args}" docker-name: "{docker-name}" docker-root: "{docker-root}" container-public-registry: "{container-public-registry}" container-push-registry: "{container-push-registry}" - shell: "{post_docker_build_script}" - lf-provide-maven-settings-cleanup - _docker_merge_common: &docker_merge_common name: docker-merge-common cron: "@weekly" # check dependencies regularly scm: - lf-infra-gerrit-scm: jenkins-ssh-credential: "{jenkins-ssh-credential}" git-url: "{git-url}" refspec: "$GERRIT_REFSPEC" branch: "$GERRIT_BRANCH" submodule-disable: "{submodule-disable}" submodule-recursive: "{submodule-recursive}" submodule-timeout: "{submodule-timeout}" choosing-strategy: default gerrit_merge_triggers: - change-merged-event - comment-added-contains-event: comment-contains-value: '^Patch Set\s+\d+:\s+remerge\s*$' gerrit_trigger_file_paths: - compare-type: REG_EXP pattern: ".*" # github_included_regions MUST match gerrit_trigger_file_paths github_included_regions: - ".*" builders: - lf-infra-pre-build - lf-infra-docker-login: global-settings-file: "global-settings" settings-file: "{mvn-settings}" - shell: "{pre_docker_build_script}" - lf-docker-get-container-tag: container-tag-method: "{container-tag-method}" container-tag-yaml-dir: "{container-tag-yaml-dir}" docker-root: "{docker-root}" docker-get-container-tag-script: "{docker-get-container-tag-script}" - lf-docker-build: docker-build-args: "{docker-build-args}" docker-name: "{docker-name}" docker-root: "{docker-root}" container-public-registry: "{container-public-registry}" container-push-registry: "{container-push-registry}" - shell: "{post_docker_build_script}" # Provided all steps have already passed, push the docker image - lf-docker-push: container-push-registry: "{container-push-registry}" - lf-provide-maven-settings-cleanup ################# # Docker Verify # ################# - job-template: name: "{project-name}-docker-verify-{stream}" id: gerrit-docker-verify # Job template for Docker verify jobs # # The purpose of this job template is to run a docker build, and potentially # test validation of the docker image <<: *lf_docker_common # yamllint disable-line rule:key-duplicates <<: *docker_verify_common triggers: - gerrit: server-name: "{gerrit-server-name}" trigger-on: "{obj:gerrit_verify_triggers}" projects: - project-compare-type: ANT project-pattern: "{project}" branches: - branch-compare-type: ANT branch-pattern: "**/{branch}" file-paths: "{obj:gerrit_trigger_file_paths}" - job-template: name: "{project-name}-docker-verify-{stream}" id: github-docker-verify # Job template for Docker verify jobs # # The purpose of this job template is to run a docker build, and potentially # test validation of the docker image <<: *lf_docker_common # yamllint disable-line rule:key-duplicates <<: *docker_verify_common properties: - lf-infra-properties: build-days-to-keep: "{build-days-to-keep}" - github: url: "{github-url}/{github-org}/{project}" scm: - lf-infra-github-scm: url: "{git-clone-url}{github-org}/{project}" refspec: "+refs/pull/*:refs/remotes/origin/pr/*" branch: "$sha1" submodule-recursive: "{submodule-recursive}" submodule-timeout: "{submodule-timeout}" submodule-disable: "{submodule-disable}" choosing-strategy: default jenkins-ssh-credential: "{jenkins-ssh-credential}" triggers: - github-pull-request: trigger-phrase: "^(recheck|reverify)$" only-trigger-phrase: false status-context: "Docker Verify" permit-all: true github-hooks: true white-list-target-branches: - "{branch}" included-regions: "{obj:github_included_regions}" ################ # Docker Merge # ################ - job-template: name: "{project-name}-docker-merge-{stream}" id: gerrit-docker-merge # Job template for Docker merge jobs # # The purpose of this job template is to run a docker build, and potentially # test validation of the docker image <<: *lf_docker_common # yamllint disable-line rule:key-duplicates <<: *docker_merge_common triggers: - timed: "{obj:cron}" - gerrit: server-name: "{gerrit-server-name}" trigger-on: "{obj:gerrit_merge_triggers}" projects: - project-compare-type: ANT project-pattern: "{project}" branches: - branch-compare-type: ANT branch-pattern: "**/{branch}" file-paths: "{obj:gerrit_trigger_file_paths}" - job-template: name: "{project-name}-docker-merge-{stream}" id: github-docker-merge # Job template for Docker merge jobs # # The purpose of this job template is to run a docker build, and potentially # test validation of the docker image <<: *lf_docker_common # yamllint disable-line rule:key-duplicates <<: *docker_merge_common properties: - lf-infra-properties: build-days-to-keep: "{build-days-to-keep}" - github: url: "{github-url}/{github-org}/{project}" scm: - lf-infra-github-scm: url: "{git-clone-url}{github-org}/{project}" refspec: "" branch: "refs/heads/{branch}" submodule-recursive: "{submodule-recursive}" submodule-timeout: "{submodule-timeout}" submodule-disable: "{submodule-disable}" choosing-strategy: default jenkins-ssh-credential: "{jenkins-ssh-credential}" triggers: - timed: "{obj:cron}" - github - pollscm: cron: "" - github-pull-request: trigger-phrase: "^remerge$" only-trigger-phrase: true status-context: "Docker Merge" permit-all: true github-hooks: true org-list: - "{github-org}" white-list: "{obj:github_pr_allowlist}" admin-list: "{obj:github_pr_admin_list}" white-list-target-branches: - "{branch}" included-regions: "{obj:github_included_regions}" ################## # Docker Snyk CLI # ################## - _lf_docker_snyk_cli: &lf_docker_snyk_cli name: lf-docker-snyk_cli ###################### # Default parameters # ###################### branch: master build-days-to-keep: 30 # 30 days for troubleshooting purposes build-timeout: 60 container-tag-method: "latest" container-tag-yaml-dir: "" disable-job: false docker-get-container-tag-script: "../shell/docker-get-container-tag.sh" docker-root: "$WORKSPACE" docker-build-args: "" git-url: "$GIT_URL/$PROJECT" github-url: "https://github.com" pre_docker_build_script: "# pre docker build script goes here" post_docker_build_script: "# post docker build script goes here" snyk-cli-options: "" snyk-token-credential-id: snyk-token snyk-org-credential-id: snyk-org stream: master submodule-recursive: true submodule-timeout: 10 submodule-disable: false gerrit_snyk_triggers: - comment-added-contains-event: comment-contains-value: '^Patch Set\s+\d+:\s+run-snyk\s*$' parameters: - lf-infra-parameters: project: "{project}" branch: "{branch}" stream: "{stream}" - string: name: SNYK_CLI_OPTIONS default: "{snyk-cli-options}" description: Additional Snyk CLI commands and options wrappers: - credentials-binding: - text: credential-id: "{snyk-token-credential-id}" variable: SNYK_TOKEN - text: credential-id: "{snyk-org-credential-id}" variable: SNYK_ORG ##################### # Job Configuration # ##################### disabled: "{disable-job}" builders: - lf-infra-pre-build - lf-infra-docker-login: global-settings-file: "global-settings" settings-file: "{mvn-settings}" - shell: "{pre_docker_build_script}" - lf-docker-get-container-tag: container-tag-method: "{container-tag-method}" container-tag-yaml-dir: "{container-tag-yaml-dir}" docker-root: "{docker-root}" docker-get-container-tag-script: "{docker-get-container-tag-script}" - lf-docker-build: docker-build-args: "{docker-build-args}" docker-name: "{docker-name}" docker-root: "{docker-root}" container-public-registry: "{container-public-registry}" container-push-registry: "{container-push-registry}" - shell: "{post_docker_build_script}" - lf-infra-snyk-cli-scanner - lf-provide-maven-settings-cleanup - shell: 'find . -regex ".*karaf/target" | xargs rm -rf' - job-template: name: "{project-name}-docker-snyk-cli-{stream}" id: gerrit-docker-snyk-cli <<: *lf_docker_common # yamllint disable-line rule:key-duplicates <<: *lf_docker_snyk_cli scm: - lf-infra-gerrit-scm: jenkins-ssh-credential: "{jenkins-ssh-credential}" git-url: "{git-url}" refspec: "$GERRIT_REFSPEC" branch: "$GERRIT_BRANCH" submodule-recursive: "{submodule-recursive}" submodule-timeout: "{submodule-timeout}" submodule-disable: "{submodule-disable}" choosing-strategy: default triggers: # Build weekly on Saturdays - timed: "H H * * 6" - gerrit: server-name: "{gerrit-server-name}" trigger-on: "{obj:gerrit_snyk_triggers}" projects: - project-compare-type: ANT project-pattern: "{project}" branches: - branch-compare-type: ANT branch-pattern: "**/{branch}" skip-vote: successful: true failed: true unstable: true notbuilt: true - job-template: name: "{project-name}-docker-snyk-cli-{stream}" id: github-docker-snyk-cli <<: *lf_docker_common # yamllint disable-line rule:key-duplicates <<: *lf_docker_snyk_cli properties: - lf-infra-properties: build-days-to-keep: "{build-days-to-keep}" - github: url: "{github-url}/{github-org}/{project}" scm: - lf-infra-github-scm: url: "{git-clone-url}{github-org}/{project}" refspec: "" branch: "refs/heads/{branch}" submodule-recursive: "{submodule-recursive}" submodule-timeout: "{submodule-timeout}" submodule-disable: "{submodule-disable}" choosing-strategy: default jenkins-ssh-credential: "{jenkins-ssh-credential}" triggers: # Build weekly on Saturdays - timed: "H H * * 6" - github-pull-request: trigger-phrase: "^run-snyk$" only-trigger-phrase: true status-context: "SNYK scan" permit-all: true github-hooks: true org-list: - "{github-org}" white-list: "{obj:github_pr_allowlist}" admin-list: "{obj:github_pr_admin_list}" white-list-target-branches: - "{branch}"