Maven Jobs¶
Job Groups¶
Job groups are a great tool to configure categories of jobs together at the same time. Below the example are some starting point job-groups but we recommend creating your own to ensure that the jobs configured reflect the project’s needs.
An example project:
- job-group:
name: odl-maven-jobs
jobs:
- gerrit-maven-clm
- gerrit-maven-merge
- gerrit-maven-release
- gerrit-maven-verify
- gerrit-maven-verify-dependencies:
build-timeout: 180
mvn-version: mvn35
- project:
name: aaa
jobs:
- odl-maven-jobs
In this example we are using the job-group to assign a list of common jobs to
the aaa project. The job-group also hardcodes mvn-version
to mvn35 and
build-timeout
to 180 for all projects using this job-group.
A benefit of this method is for example disabling entire category of jobs by
modifying the job-group, insert disable-job: true
parameter
against the jobs to disable.
Below is a list of Maven job groups:
---
- job-group:
name: "{project-name}-maven-jobs"
# This job group contains all the recommended jobs that should be deployed
# for a Java project in Gerrit that builds with maven.
jobs:
- gerrit-maven-clm
- gerrit-maven-merge
- gerrit-maven-stage
- gerrit-maven-verify
- gerrit-maven-verify-dependencies
- job-group:
name: "{project-name}-github-maven-jobs"
# This job group contains all the recommended jobs that should be deployed
# for a Java project in Github that builds with maven.
jobs:
- github-maven-clm
- github-maven-merge
- github-maven-stage
- github-maven-verify
- job-group:
name: "{project-name}-gerrit-maven-docker-jobs"
# This job group contains all the recommended jobs that should be deployed
# for a Java project in Gerrit that builds with maven and docker.
jobs:
- gerrit-maven-clm
- gerrit-maven-docker-merge
- gerrit-maven-docker-stage
- gerrit-maven-docker-verify
- job-group:
name: "{project-name}-github-maven-docker-jobs"
# This job group contains all the recommended jobs that should be deployed
# for a Java project in Github that builds with maven and docker.
jobs:
- github-maven-clm
- github-maven-docker-merge
- github-maven-docker-stage
- github-maven-docker-verify
- job-group:
name: "{project-name}-maven-javadoc-jobs"
# This job group contains all the recommended jobs that should be deployed
# for a Java project in Gerrit that publishes javadoc with maven.
jobs:
- gerrit-maven-javadoc-publish
- gerrit-maven-javadoc-verify
- job-group:
name: "{project-name}-github-maven-javadoc-jobs"
# This job group contains all the recommended jobs that should be deployed
# for a Java project in Github that publishes javadoc with maven.
jobs:
- github-maven-javadoc-publish
- github-maven-javadoc-verify
Macros¶
lf-infra-maven-sonar¶
Runs Sonar against a Maven project.
- Required Parameters:
- java-version:
Version of Java to execute Sonar with. (default: openjdk11)
- mvn-version:
Version of Maven to execute Sonar with.
- mvn-settings:
Maven settings.xml file containing credentials to use.
lf-infra-maven-sonarcloud¶
Runs Sonar against a Maven project and pushes results to SonarCloud.
- Required Parameters:
- java-version:
Version of Java to execute Maven build. (default: openjdk11)
- mvn-version:
Version of Maven to execute Sonar with.
- mvn-settings:
Maven settings.xml file containing credentials to use.
- sonarcloud-project-key:
SonarCloud project key.
- sonarcloud-project-organization:
SonarCloud project organization.
- sonarcloud-java-version:
Version of Java to run the Sonar scan. (default: openjdk17)
- sonarcloud-qualitygate-wait:
SonarCloud flag that forces the analysis step to wait for the quality gate result. (default: false)
lf-maven-build¶
Calls the maven build script to perform a maven build.
- Required parameters:
- mvn-goals:
The maven goals to perform for the build. (default: clean deploy)
lf-maven-common¶
Common Jenkins configuration for Maven jobs.
lf-maven-deploy¶
Calls the maven deploy script to push artifacts to Nexus.
lf-maven-versions-plugin¶
Conditionally calls Maven versions plugin to set, update and commit the maven versions:set.
- Required Parameters:
- maven-versions-plugin:
Whether to call Maven versions plugin or not. (default: false)
- version-properties-file:
Name and path of the version properties file. (default: version.properties)
- mvn-version:
Version of Maven to execute Sonar with.
- mvn-pom:
Location of pom.xml.
- mvn-settings:
Maven settings.xml file containing credentials to use.
lf-maven-stage¶
Calls the maven stage script to push artifacts to a Nexus staging repository.
- Required Parameters:
- mvn-global-settings:
The name of the Maven global settings to use for Maven configuration.
- mvn-settings:
The name of settings file containing credentials for the project.
lf-update-java-alternatives¶
Setup Java alternatives for the Distro.
- Required Parameters:
- java-version:
Version of Java to set as the default Java. Eg. openjdk11
lf-infra-sonatype-clm¶
Runs a Sonatype CLM scan against a Maven project and pushes results to Nexus IQ server.
- Optional parameters:
- mvn-goals:
The maven goals to perform for the build. (default: clean install)
lf-infra-snyk-cli-scanner¶
Downloads the latest Snyk CLI and triggers a code scan. It publishes a report into the Snyk dashboard.
- Optional parameters:
- mvn-goals:
The maven goals to perform for the build. (default: clean install)
lf-infra-maven-sbom-generator¶
Runs a specific version of SPDX SBOM Generator tool to generate a report. The calling job template sets the version to run in the SBOM_GENERATOR_VERSION parameter.
- Optional parameters:
- sbom-flags:
SBOM generator options. See https://github.com/opensbom-generator/spdx-sbom-generator
Job Templates¶
Maven CLM¶
Produces a CLM scan of the code into Nexus IQ Server.
- Template Names:
{project-name}-maven-clm-{stream}
gerrit-maven-clm
github-maven-clm
- Comment Trigger:
run-clm
- Required parameters:
- build-node:
The node to run build on.
- jenkins-ssh-credential:
Credential to use for SSH. (Generally configured in defaults.yaml)
- mvn-settings:
The name of settings file containing credentials for the project.
- Optional parameters:
- branch:
The branch to build against. (default: master)
- build-days-to-keep:
Days to keep build logs in Jenkins. (default: 7)
- build-timeout:
Timeout in minutes before aborting build. (default: 60)
- git-url:
URL clone project from. (default: $GIT_URL/$PROJECT)
- java-version:
Version of Java to use for the build. (default: openjdk11)
- mvn-global-settings:
The name of the Maven global settings to use for Maven configuration. (default: global-settings)
- mvn-goals:
The maven goals to perform for the build. (default: clean install)
- mvn-opts:
Sets MAVEN_OPTS to start up the JVM running Maven. (default: ‘’)
- mvn-params:
Parameters to pass to the mvn CLI. (default: ‘’)
- mvn-version:
Version of maven to use. (default: mvn35)
- nexus-iq-namespace:
Insert a namespace to project AppID for projects that share a Nexus IQ system to avoid project name collision. We recommend inserting a trailing - dash if using this parameter. For example ‘odl-’. (default: ‘’)
- nexus-iq-stage:
Sets the stage which the policy evaluation will run against on the Nexus IQ Server. (default: ‘build’)
- stream:
Keyword that represents a release code-name. Often the same as the branch. (default: master)
- submodule-recursive:
Whether to checkout submodules recursively. (default: true)
- submodule-timeout:
Timeout (in minutes) for checkout operation. (default: 10)
- submodule-disable:
Disable submodule checkout operation. (default: false)
- gerrit_merge_triggers:
Override Gerrit Triggers.
Maven SNYK CLI¶
Builds the code, downloads and runs a Snyk CLI scan of the code into the Snyk dashboard.
- Template Names:
{project-name}-maven-snyk-cli-{stream}
gerrit-maven-snyk-cli
github-maven-snyk-cli
- Comment Trigger:
run-snyk
- Required parameters:
- build-node:
The node to run build on.
- jenkins-ssh-credential:
Credential to use for SSH. (Generally configured in defaults.yaml)
- mvn-settings:
The name of settings file containing credentials for the project.
- snyk-token-credential-id:
Snyk API token to communicate with Jenkins.
- snyk-org-credential-id:
Snyk organization ID.
- Optional parameters:
- branch:
The branch to build against. (default: master)
- build-days-to-keep:
Days to keep build logs in Jenkins. (default: 7)
- build-timeout:
Timeout in minutes before aborting build. (default: 60)
- git-url:
URL clone project from. (default: $GIT_URL/$PROJECT)
- java-version:
Version of Java to use for the build. (default: openjdk11)
- mvn-global-settings:
The name of the Maven global settings to use for Maven configuration. (default: global-settings)
- mvn-goals:
The maven goals to perform for the build. (default: clean install)
- mvn-opts:
Sets MAVEN_OPTS to start up the JVM running Maven. (default: ‘’)
- mvn-params:
Parameters to pass to the mvn CLI. (default: ‘’)
- mvn-version:
Version of maven to use. (default: mvn35)
- snyk-cli-options:
Snyk CLI options. (default: ‘’)
- stream:
Keyword that represents a release code-name. Often the same as the branch. (default: master)
- submodule-recursive:
Whether to checkout submodules recursively. (default: true)
- submodule-timeout:
Timeout (in minutes) for checkout operation. (default: 10)
- submodule-disable:
Disable submodule checkout operation. (default: false)
- gerrit_snyk_triggers:
Override Gerrit Triggers.
Maven JavaDoc Publish¶
Produces and publishes javadocs for a Maven project.
Expects javadocs to be available in $WORKSPACE/target/site/apidocs
, but
overrideable with the mvn-dir
parameter. If set, will search for javadocs
in $WORKSPACE/{mvn-dir}/target/site/apidocs
.
- Template Names:
{project-name}-maven-javadoc-publish-{stream}-{java-version}
gerrit-maven-javadoc-publish
github-maven-javadoc-publish
- Comment Trigger:
remerge
- Required parameters:
- build-node:
The node to run build on.
- javadoc-path:
The path in Nexus to deploy javadoc to.
- jenkins-ssh-credential:
Credential to use for SSH. (Generally configured in defaults.yaml)
- mvn-settings:
The name of settings file containing credentials for the project.
- mvn-site-id:
Maven Server ID from settings.xml to pull credentials from. (Note: This setting is generally configured in
defaults.yaml
.)
- Optional parameters:
- branch:
The branch to build against. (default: master)
- build-days-to-keep:
Days to keep build logs in Jenkins. (default: 7)
- build-timeout:
Timeout in minutes before aborting build. (default: 60)
- git-url:
URL clone project from. (default: $GIT_URL/$PROJECT)
- java-version:
Version of Java to use for the build. (default: openjdk11)
- mvn-dir:
Directory supplied as argument to -f option (default: ‘.’)
- mvn-global-settings:
The name of the Maven global settings to use for Maven configuration. (default: global-settings)
- mvn-opts:
Sets MAVEN_OPTS to start up the JVM running Maven. (default: ‘’)
- mvn-params:
Parameters to pass to the mvn CLI. (default: ‘’) Must not include a “-f” option; see parameter mvn-dir.
- mvn-version:
Version of maven to use. (default: mvn35)
- stream:
Keyword that represents a release code-name. Often the same as the branch. (default: master)
- submodule-recursive:
Whether to checkout submodules recursively. (default: true)
- submodule-timeout:
Timeout (in minutes) for checkout operation. (default: 10)
- submodule-disable:
Disable submodule checkout operation. (default: false)
- gerrit_merge_triggers:
Override Gerrit Triggers.
Maven JavaDoc Verify¶
Produces javadocs for a Maven project.
Expects javadocs to be available in $WORKSPACE/target/site/apidocs
, but
overrideable with the mvn-dir
parameter. If set, will search for javadocs
in $WORKSPACE/{mvn-dir}/target/site/apidocs
.
- Template Names:
{project-name}-maven-javadoc-verify-{stream}-{java-version}
gerrit-maven-javadoc-verify
github-maven-javadoc-verify
- Comment Trigger:
recheck|reverify
- Required parameters:
- build-node:
The node to run build on.
- jenkins-ssh-credential:
Credential to use for SSH. (Generally configured in defaults.yaml)
- mvn-settings:
The name of settings file containing credentials for the project.
- Optional parameters:
- branch:
The branch to build against. (default: master)
- build-days-to-keep:
Days to keep build logs in Jenkins. (default: 7)
- build-timeout:
Timeout in minutes before aborting build. (default: 60)
- deploy-path:
The path in Nexus to deploy javadoc to. (default: $PROJECT/$STREAM)
- git-url:
URL clone project from. (default: $GIT_URL/$PROJECT)
- java-version:
Version of Java to use for the build. (default: openjdk11)
- mvn-dir:
Directory supplied as argument to -f option (default: ‘.’)
- mvn-global-settings:
The name of the Maven global settings to use for Maven configuration. (default: global-settings)
- mvn-opts:
Sets MAVEN_OPTS to start up the JVM running Maven. (default: ‘’)
- mvn-params:
Parameters to pass to the mvn CLI. (default: ‘’) Must not include a “-f” option; see parameter mvn-dir.
- mvn-version:
Version of maven to use. (default: mvn35)
- stream:
Keyword that represents a release code-name. Often the same as the branch. (default: master)
- submodule-recursive:
Whether to checkout submodules recursively. (default: true)
- submodule-timeout:
Timeout (in minutes) for checkout operation. (default: 10)
- submodule-disable:
Disable submodule checkout operation. (default: false)
- gerrit_verify_triggers:
Override Gerrit Triggers.
Maven Merge¶
Merge job which runs mvn clean deploy to build a project.
This job pushes files to Nexus using cURL instead of allowing the Maven deploy
goal to push the upload. This is to get around the issue that Maven deploy does
not properly support uploading files at the end of the build and instead pushes
as it goes. There exists a -Ddeploy-at-end
feature but it does not work
with extensions.
This job uses the following strategy to deploy jobs to Nexus:
wget -r
to fetch maven-metadata.xml from Nexusmvn deploy -DaltDeploymentRepository
to prepare files for uploadRemoves untouched maven-metadata.xml files before upload
Use lftools (cURL) upload script to push artifacts to Nexus
- Template Names:
{project-name}-maven-merge-{stream}
gerrit-maven-merge
github-maven-merge
- Comment Trigger:
remerge
- Required parameters:
- build-node:
The node to run build on.
- jenkins-ssh-credential:
Credential to use for SSH. (Generally configured in defaults.yaml)
- mvn-settings:
The name of settings file containing credentials for the project.
- mvn-snapshot-id:
Maven Server ID from settings.xml to pull credentials from. (Note: This setting is generally configured in
defaults.yaml
.)- nexus-snapshot-repo:
The repository id of the Nexus snapshot repo to deploy to.
- Optional parameters:
- branch:
Git branch to fetch for the build. (default: master)
- build-days-to-keep:
Days to keep build logs in Jenkins. (default: 7)
- build-timeout:
Timeout in minutes before aborting build. (default: 60)
- cron:
Cron schedule when to trigger the job. This parameter also supports multiline input via YAML pipe | character in cases where one may want to provide more than 1 cron timer. (default: ‘H H * * 0’ to run weekly)
- git-url:
URL clone project from. (default: $GIT_URL/$PROJECT)
- jacoco-exclude-pattern:
Ant-style patterns to exclude from Jacoco coverage report. (default:
"**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**"
)- java-version:
Version of Java to use for the build. (default: openjdk11)
- mvn-global-settings:
The name of the Maven global settings to use for Maven configuration. (default: global-settings)
- mvn-opts:
Sets MAVEN_OPTS to start up the JVM running Maven. (default: ‘’)
- mvn-params:
Parameters to pass to the mvn CLI. (default: ‘’)
- mvn-version:
Version of maven to use. (default: mvn35)
- nexus-cut-dirs:
Number of directories to cut from file path for wget -r.
- pre-build-script:
Shell script to run before maven build. (default: a string with a shell comment)
- post-build-script:
Shell script to run after maven build. (default: a string with a shell comment)
- stream:
Keyword that represents a release code-name. Often the same as the branch. (default: master)
- submodule-recursive:
Whether to checkout submodules recursively. (default: true)
- submodule-timeout:
Timeout (in minutes) for checkout operation. (default: 10)
- submodule-disable:
Disable submodule checkout operation. (default: false)
- gerrit_merge_triggers:
Override Gerrit Triggers.
- gerrit_trigger_file_paths:
Override file paths to filter which file modifications will trigger a build.
Maven Merge for Docker¶
Produces a snapshot docker image in a Nexus registry. Appropriate for Java projects that do not need to deploy any POM or JAR files.
Like the Maven Merge job as described above but logs in to Docker
registries first and skips the lf-maven-deploy builder. The project
POM file should invoke a plugin to build and push a Docker image.
This pulls the base image from the registry in the environment
variable CONTAINER_PULL_REGISTRY
and pushes new image into the
registry in the environment variable CONTAINER_PUSH_REGISTRY
.
- Template Names:
{project-name}-maven-docker-merge-{stream}
gerrit-maven-docker-merge
github-maven-docker-merge
- Required parameters:
- container-public-registry:
Docker registry source with base images.
- container-snapshot-registry:
Docker registry target for the deploy action.
All other required and optional parameters are identical to the Maven Merge job described above.
Maven Stage¶
Produces a release candidate by creating a staging repo in Nexus.
The staging repo name is in the format PROJECT-NUMBER for example “aaa-1234”, “autorelease-2000”, “odlparent-1201”, etc…
This job runs a Maven build and deploys to $WORKSPACE/m2repo directory. This directory is then used later to deploy to Nexus.
- Template Names:
{project-name}-maven-stage-{stream}
gerrit-maven-stage
github-maven-stage
- Comment Trigger:
“stage-release” or “stage-maven-release”
- Required parameters:
- build-node:
The node to run build on.
- jenkins-ssh-credential:
Credential to use for SSH. (Generally configured in defaults.yaml)
- mvn-settings:
The name of settings file containing credentials for the project.
- mvn-staging-id:
Maven Server ID from settings.xml to pull credentials from. (Note: This setting is generally configured in
defaults.yaml
.)- staging-profile-id:
Profile ID of the project’s Nexus staging profile.
- Optional parameters:
- archive-artifacts:
Artifacts to archive to the logs server (default: ‘’).
- branch:
The branch to build against. (default: master)
- build-days-to-keep:
Days to keep build logs in Jenkins. (default: 7)
- build-timeout:
Timeout in minutes before aborting build. (default: 60)
- cron:
Cron schedule when to trigger the job. This parameter also supports multiline input via YAML pipe | character in cases where one may want to provide more than 1 cron timer. (default: ‘’)
- deploy-path:
The path in Nexus to deploy javadoc to. (default: $PROJECT/$STREAM)
- git-url:
URL clone project from. (default: $GIT_URL/$PROJECT)
- java-version:
Version of Java to use for the build. (default: openjdk11)
- mvn-central:
Set to
true
to also stage to OSSRH. This is for projects that want to release to Maven Central. If set, then also set the parameterossrh-profile-id
. (default: false)- maven-versions-plugin:
Whether to call Maven versions plugin or not. (default: false)
- mvn-global-settings:
The name of the Maven global settings to use for Maven configuration. (default: global-settings)
- mvn-opts:
Sets MAVEN_OPTS to start up the JVM running Maven. (default: ‘’)
- mvn-params:
Parameters to pass to the mvn CLI. (default: ‘’)
- mvn-version:
Version of maven to use. (default: mvn35)
- ossrh-profile-id:
Profile ID for project as provided by OSSRH. (default: ‘’)
- sbom-flags:
SBOM generator options if using sbom-generator. See https://github.com/opensbom-generator/spdx-sbom-generator
- sbom-generator:
Calls lf-infra-maven-sbom-generator to run the SPDX SBOM generator tool. (default: false)
- sbom-generator-version:
SBOM generator version to download and run if using sbom-generator. (default: v0.0.10)
- sbom-path:
SBOM execution path. (default: $WORKSPACE)
- sign-artifacts:
Sign artifacts with Sigul. (default: false)
- stream:
Keyword that represents a release code-name. Often the same as the branch. (default: master)
- submodule-recursive:
Whether to checkout submodules recursively. (default: true)
- submodule-timeout:
Timeout (in minutes) for checkout operation. (default: 10)
- submodule-disable:
Disable submodule checkout operation. (default: false)
- version-properties-file:
Name and path of the version properties file. (default: version.properties)
- gerrit_release_triggers:
Override Gerrit Triggers.
- gerrit_trigger_file_paths:
Override file paths to filter which file modifications will trigger a build.
Maven Stage for Docker¶
Produces a release candidate docker image in a Nexus registry. Appropriate for Java projects that do not need to deploy any POM or JAR files.
Like the Maven Stage job as described above but logs in to Docker
registries first and skips the lf-maven-deploy builder. The project
POM file should invoke a plugin to build and push a Docker image.
This pulls the base image from the registry in the environment
variable CONTAINER_PULL_REGISTRY
and pushes new image into the
registry in the environment variable CONTAINER_PUSH_REGISTRY
.
- Template Names:
{project-name}-maven-docker-stage-{stream}
gerrit-maven-docker-stage
github-maven-docker-stage
- Comment Trigger:
“stage-release” or “stage-docker-release”
- Required parameters:
- container-public-registry:
Docker registry source with base images.
- container-staging-registry:
Docker registry target for the deploy action.
- Optional parameters:
- gerrit_release_docker_triggers:
Override Gerrit Triggers.
All other required and optional parameters are identical to the Maven Stage job described above.
Maven Sonar¶
Sonar job which runs mvn clean install then publishes to Sonar.
This job purposely runs on the master
branch and does not support
multi-branch configuration.
- Template Names:
{project-name}-sonar
gerrit-maven-sonar
github-maven-sonar
{project-name}-sonar-prescan-script
gerrit-maven-sonar-prescan-script
github-maven-sonar-prescan-script
- Comment Trigger:
run-sonar
- Required parameters:
- build-node:
The node to run build on.
- jenkins-ssh-credential:
Credential to use for SSH. (Generally configured in defaults.yaml)
- mvn-settings:
The name of settings file containing credentials for the project.
- sonar-prescan-script:
(maven-sonar-prescan-script jobs) A shell script to run before sonar scans.
- Optional parameters:
- build-days-to-keep:
Days to keep build logs in Jenkins. (default: 7)
- build-timeout:
Timeout in minutes before aborting build. (default: 60)
- cron:
Cron schedule when to trigger the job. This parameter also supports multiline input via YAML pipe | character in cases where one may want to provide more than 1 cron timer. (default: ‘H H * * 6’ to run weekly)
- git-url:
URL clone project from. (default: $GIT_URL/$PROJECT)
- java-version:
Version of Java to use for the Maven build. (default: openjdk11)
- mvn-global-settings:
The name of the Maven global settings to use for Maven configuration. (default: global-settings)
- mvn-goals:
The maven goals to perform for the build. (default: clean install)
- mvn-opts:
Sets MAVEN_OPTS to start up the JVM running Maven. (default: ‘’)
- mvn-params:
Parameters to pass to the mvn CLI. (default: ‘’)
- mvn-version:
Version of maven to use. (default: mvn35)
- sonar-mvn-goals:
Maven goals to run for sonar analysis. (default: sonar:sonar)
- sonarcloud:
Set to
true
to use SonarCloudtrue|false
. (default: false)- sonarcloud-project-key:
SonarCloud project key. (default: ‘’)
- sonarcloud-project-organization:
SonarCloud project organization. (default: ‘’)
- sonarcloud-api-token-cred-id:
Jenkins credential ID which has the SonarCloud API Token. This one SHOULDN’T be overwritten as we are standarizing the credential ID for all projects (default: ‘sonarcloud-api-token’)
- sonarcloud-java-version:
Version of Java to use for the Sonar scan. (default: openjdk17)
- stream:
Keyword that represents a release code-name. Often the same as the branch. (default: master)
- submodule-recursive:
Whether to checkout submodules recursively. (default: true)
- submodule-timeout:
Timeout (in minutes) for checkout operation. (default: 10)
- submodule-disable:
Disable submodule checkout operation. (default: false)
- scan-dev-branch:
Run the scan on a developer branch. (default: false)
- gerrit_sonar_triggers:
Override Gerrit Triggers.
SonarCloud Example:
---
- project:
name: example-sonarcloud
jobs:
- gerrit-maven-sonar
project: "sonarcloud"
project-name: "sonarcloud"
branch: "master"
mvn-settings: "sonarcloud-settings"
mvn-opts: "-Xmx1024m"
sonarcloud: true
sonarcloud-project-key: KEY
sonarcloud-project-organization: ORGANIZATION
sonarcloud-api-token-cred-id: TOKEN
scan-dev-branch: false
sonarcloud-qualitygate-wait: false
- project:
name: example-sonarcloud-with-prescan-script
jobs:
- gerrit-maven-sonar-prescan-script
project: "sonarcloud"
project-name: "sonarcloud"
branch: "master"
mvn-settings: "sonarcloud-settings"
mvn-opts: "-Xmx1024m"
sonarcloud: true
sonarcloud-project-key: KEY
sonarcloud-project-organization: ORGANIZATION
sonarcloud-api-token-cred-id: TOKEN
sonar-prescan-script: |
echo "Run script at start of job."
scan-dev-branch: false
sonarcloud-qualitygate-wait: false
- project:
name: example-sonarcloud-verify
jobs:
- gerrit-maven-sonar-verify
project: "sonarcloud"
project-name: "sonarcloud"
branch: "master"
mvn-settings: "sonarcloud-settings"
mvn-opts: "-Xmx1024m"
sonarcloud: true
sonarcloud-project-key: KEY
sonarcloud-project-organization: ORGANIZATION
sonarcloud-api-token-cred-id: TOKEN
scan-dev-branch: true
sonarcloud-qualitygate-wait: true
Maven Sonar Verify¶
Sonar job which runs mvn clean install then publishes to Sonar.
This job runs on dev branches and its triggered on new patchsets.
- Template Names:
{project-name}-sonar-verify
gerrit-maven-sonar-verify
- Comment Trigger:
recheck|reverify
- Required parameters:
- build-node:
The node to run build on.
- jenkins-ssh-credential:
Credential to use for SSH. (Generally configured in defaults.yaml)
- mvn-settings:
The name of settings file containing credentials for the project.
- Optional parameters:
- build-days-to-keep:
Days to keep build logs in Jenkins. (default: 7)
- build-timeout:
Timeout in minutes before aborting build. (default: 60)
- git-url:
URL clone project from. (default: $GIT_URL/$PROJECT)
- java-version:
Version of Java to use for the Maven build. (default: openjdk11)
- mvn-global-settings:
The name of the Maven global settings to use for Maven configuration. (default: global-settings)
- mvn-goals:
The maven goals to perform for the build. (default: clean install)
- mvn-opts:
Sets MAVEN_OPTS to start up the JVM running Maven. (default: ‘’)
- mvn-params:
Parameters to pass to the mvn CLI. (default: ‘’)
- mvn-version:
Version of maven to use. (default: mvn35)
- pre-build-script:
Shell script to run before maven build. (default: a string with a shell comment)
- post-build-script:
Shell script to run after maven build. (default: a string with a shell comment)
- sonar-mvn-goal:
Maven goals to run for sonar analysis. (default: sonar:sonar)
- sonarcloud:
Set to
true
to use SonarCloudtrue|false
. (default: true)- sonarcloud-project-key:
SonarCloud project key. (default: ‘’)
- sonarcloud-project-organization:
SonarCloud project organization. (default: ‘’)
- sonarcloud-api-token-cred-id:
Jenkins credential ID which has the SonarCloud API Token. This one SHOULDN’T be overwritten as we are standarizing the credential ID for all projects (default: ‘sonarcloud-api-token’)
- sonarcloud-java-version:
Version of Java to use for the Sonar scan. (default: openjdk17)
- sonarcloud-qualitygate-wait:
SonarCloud flag that forces the analysis step to wait for the quality gate result. (default: false)
- stream:
Keyword that represents a release code-name. Often the same as the branch. (default: master)
- submodule-recursive:
Whether to checkout submodules recursively. (default: true)
- submodule-timeout:
Timeout (in minutes) for checkout operation. (default: 10)
- submodule-disable:
Disable submodule checkout operation. (default: false)
- scan-dev-branch:
Run the scan on a developer branch. (default: true)
- gerrit_sonar_triggers:
Override Gerrit Triggers.
SonarCloud Example:
---
- project:
name: example-sonarcloud
jobs:
- gerrit-maven-sonar
project: "sonarcloud"
project-name: "sonarcloud"
branch: "master"
mvn-settings: "sonarcloud-settings"
mvn-opts: "-Xmx1024m"
sonarcloud: true
sonarcloud-project-key: KEY
sonarcloud-project-organization: ORGANIZATION
sonarcloud-api-token-cred-id: TOKEN
scan-dev-branch: false
sonarcloud-qualitygate-wait: false
- project:
name: example-sonarcloud-with-prescan-script
jobs:
- gerrit-maven-sonar-prescan-script
project: "sonarcloud"
project-name: "sonarcloud"
branch: "master"
mvn-settings: "sonarcloud-settings"
mvn-opts: "-Xmx1024m"
sonarcloud: true
sonarcloud-project-key: KEY
sonarcloud-project-organization: ORGANIZATION
sonarcloud-api-token-cred-id: TOKEN
sonar-prescan-script: |
echo "Run script at start of job."
scan-dev-branch: false
sonarcloud-qualitygate-wait: false
- project:
name: example-sonarcloud-verify
jobs:
- gerrit-maven-sonar-verify
project: "sonarcloud"
project-name: "sonarcloud"
branch: "master"
mvn-settings: "sonarcloud-settings"
mvn-opts: "-Xmx1024m"
sonarcloud: true
sonarcloud-project-key: KEY
sonarcloud-project-organization: ORGANIZATION
sonarcloud-api-token-cred-id: TOKEN
scan-dev-branch: true
sonarcloud-qualitygate-wait: true
Maven Verify¶
Verify job which runs mvn clean install to test a project build..
- Template Names:
{project-name}-maven-verify-{stream}-{mvn-version}-{java-version}
gerrit-maven-verify
github-maven-verify
- Comment Trigger:
recheck|reverify
- Required parameters:
- build-node:
The node to run build on.
- jenkins-ssh-credential:
Credential to use for SSH. (Generally configured in defaults.yaml)
- mvn-settings:
The name of settings file containing credentials for the project.
- Optional parameters:
- branch:
Git branch to fetch for the build. (default: master)
- build-days-to-keep:
Days to keep build logs in Jenkins. (default: 7)
- build-timeout:
Timeout in minutes before aborting build. (default: 60)
- git-url:
URL clone project from. (default: $GIT_URL/$PROJECT)
- java-version:
Version of Java to use for the build. (default: openjdk11)
- mvn-global-settings:
The name of the Maven global settings to use for Maven configuration. (default: global-settings)
- mvn-opts:
Sets MAVEN_OPTS to start up the JVM running Maven. (default: ‘’)
- mvn-params:
Parameters to pass to the mvn CLI. (default: ‘’)
- mvn-version:
Version of maven to use. (default: mvn35)
- stream:
Keyword that represents a release code-name. Often the same as the branch. (default: master)
- submodule-recursive:
Whether to checkout submodules recursively. (default: true)
- submodule-timeout:
Timeout (in minutes) for checkout operation. (default: 10)
- submodule-disable:
Disable submodule checkout operation. (default: false)
- gerrit_verify_triggers:
Override Gerrit Triggers.
- gerrit_trigger_file_paths:
Override file paths to filter which file modifications will trigger a build.
Maven Verify for Docker¶
Like the Maven Verify job as described above but logs in to Docker
registries first. The project POM file should invoke a plugin to build
a Docker image. This pulls the base image from the registry in the environment
variable CONTAINER_PULL_REGISTRY
.
- Template Names:
{project-name}-maven-docker-verify-{stream}-{mvn-version}-{java-version}
gerrit-maven-docker-verify
github-maven-docker-verify
- Required parameters:
- container-public-registry:
Docker registry source with base images.
All other required and optional parameters are identical to the Maven Verify job described above.
Maven Verify w/ Dependencies¶
Verify job which runs mvn clean install to test a project build /w deps
This job’s purpose is to verify a patch in conjunction to a list of upstream patches it depends on. The user of this job can provide a list of patches via comment trigger.
- Template Names:
{project-name}-maven-verify-deps-{stream}-{mvn-version}-{java-version}
gerrit-maven-verify-dependencies
- Comment Trigger:
recheck: SPACE_SEPARATED_LIST_OF_PATCHES
- Required parameters:
- build-node:
The node to run build on.
- jenkins-ssh-credential:
Credential to use for SSH. (Generally configured in defaults.yaml)
- mvn-settings:
The name of settings file containing credentials for the project.
- Optional parameters:
- branch:
Git branch to fetch for the build. (default: master)
- build-days-to-keep:
Days to keep build logs in Jenkins. (default: 7)
- build-timeout:
Timeout in minutes before aborting build. (default: 60)
- git-url:
URL clone project from. (default: $GIT_URL/$PROJECT)
- java-version:
Version of Java to use for the build. (default: openjdk11)
- mvn-global-settings:
The name of the Maven global settings to use for Maven configuration. (default: global-settings)
- mvn-opts:
Sets MAVEN_OPTS to start up the JVM running Maven. (default: ‘’)
- mvn-params:
Parameters to pass to the mvn CLI. (default: ‘’)
- mvn-version:
Version of maven to use. (default: mvn35)
- stream:
Keyword that represents a release code-name. Often the same as the branch. (default: master)
- submodule-recursive:
Whether to checkout submodules recursively. (default: true)
- submodule-timeout:
Timeout (in minutes) for checkout operation. (default: 10)
- submodule-disable:
Disable submodule checkout operation. (default: false)
- gerrit_verify_triggers:
Override Gerrit Triggers.
- gerrit_trigger_file_paths:
Override file paths to filter which file modifications will trigger a build.