Maven Jobs

Job Groups

Job groups are a great tool to configure categories of jobs together at the same time. Below the example are some starting point job-groups but we recommend creating your own to ensure that the jobs configured reflect the project’s needs.

An example project:

- job-group:
    name: odl-maven-jobs

    jobs:
      - gerrit-maven-clm
      - gerrit-maven-merge
      - gerrit-maven-release
      - gerrit-maven-verify
      - gerrit-maven-verify-dependencies:
          build-timeout: 180

    mvn-version: mvn35

- project:
    name: aaa
    jobs:
      - odl-maven-jobs

In this example we are using the job-group to assign a list of common jobs to the aaa project. The job-group also hardcodes mvn-version to mvn35 and build-timeout to 180 for all projects using this job-group.

A benefit of this method is for example disabling entire category of jobs by modifying the job-group, insert disable-job: true parameter against the jobs to disable.

Below is a list of Maven job groups:

---
- job-group:
    name: "{project-name}-maven-jobs"

    # This job group contains all the recommended jobs that should be deployed
    # for a Java project in Gerrit that builds with maven.

    jobs:
      - gerrit-maven-clm
      - gerrit-maven-merge
      - gerrit-maven-stage
      - gerrit-maven-verify
      - gerrit-maven-verify-dependencies

- job-group:
    name: "{project-name}-github-maven-jobs"

    # This job group contains all the recommended jobs that should be deployed
    # for a Java project in Github that builds with maven.

    jobs:
      - github-maven-clm
      - github-maven-merge
      - github-maven-stage
      - github-maven-verify

- job-group:
    name: "{project-name}-gerrit-maven-docker-jobs"

    # This job group contains all the recommended jobs that should be deployed
    # for a Java project in Gerrit that builds with maven and docker.

    jobs:
      - gerrit-maven-clm
      - gerrit-maven-docker-merge
      - gerrit-maven-docker-stage
      - gerrit-maven-docker-verify

- job-group:
    name: "{project-name}-github-maven-docker-jobs"

    # This job group contains all the recommended jobs that should be deployed
    # for a Java project in Github that builds with maven and docker.

    jobs:
      - github-maven-clm
      - github-maven-docker-merge
      - github-maven-docker-stage
      - github-maven-docker-verify

- job-group:
    name: "{project-name}-maven-javadoc-jobs"

    # This job group contains all the recommended jobs that should be deployed
    # for a Java project in Gerrit that publishes javadoc with maven.

    jobs:
      - gerrit-maven-javadoc-publish
      - gerrit-maven-javadoc-verify

- job-group:
    name: "{project-name}-github-maven-javadoc-jobs"

    # This job group contains all the recommended jobs that should be deployed
    # for a Java project in Github that publishes javadoc with maven.

    jobs:
      - github-maven-javadoc-publish
      - github-maven-javadoc-verify

Macros

lf-infra-maven-sonar

Runs Sonar against a Maven project.

Required Parameters:
java-version:

Version of Java to execute Sonar with. (default: openjdk11)

mvn-version:

Version of Maven to execute Sonar with.

mvn-settings:

Maven settings.xml file containing credentials to use.

lf-infra-maven-sonarcloud

Runs Sonar against a Maven project and pushes results to SonarCloud.

Required Parameters:
java-version:

Version of Java to execute Maven build. (default: openjdk11)

mvn-version:

Version of Maven to execute Sonar with.

mvn-settings:

Maven settings.xml file containing credentials to use.

sonarcloud-project-key:

SonarCloud project key.

sonarcloud-project-organization:

SonarCloud project organization.

sonarcloud-java-version:

Version of Java to run the Sonar scan. (default: openjdk17)

sonarcloud-qualitygate-wait:

SonarCloud flag that forces the analysis step to wait for the quality gate result. (default: false)

lf-maven-build

Calls the maven build script to perform a maven build.

Required parameters:
mvn-goals:

The maven goals to perform for the build. (default: clean deploy)

lf-maven-common

Common Jenkins configuration for Maven jobs.

lf-maven-deploy

Calls the maven deploy script to push artifacts to Nexus.

lf-maven-versions-plugin

Conditionally calls Maven versions plugin to set, update and commit the maven versions:set.

Required Parameters:
maven-versions-plugin:

Whether to call Maven versions plugin or not. (default: false)

version-properties-file:

Name and path of the version properties file. (default: version.properties)

mvn-version:

Version of Maven to execute Sonar with.

mvn-pom:

Location of pom.xml.

mvn-settings:

Maven settings.xml file containing credentials to use.

lf-maven-stage

Calls the maven stage script to push artifacts to a Nexus staging repository.

Required Parameters:
mvn-global-settings:

The name of the Maven global settings to use for Maven configuration.

mvn-settings:

The name of settings file containing credentials for the project.

lf-update-java-alternatives

Setup Java alternatives for the Distro.

Required Parameters:
java-version:

Version of Java to set as the default Java. Eg. openjdk11

lf-infra-sonatype-clm

Runs a Sonatype CLM scan against a Maven project and pushes results to Nexus IQ server.

Optional parameters:
mvn-goals:

The maven goals to perform for the build. (default: clean install)

lf-infra-snyk-cli-scanner

Downloads the latest Snyk CLI and triggers a code scan. It publishes a report into the Snyk dashboard.

Optional parameters:
mvn-goals:

The maven goals to perform for the build. (default: clean install)

lf-infra-maven-sbom-generator

Runs a specific version of SPDX SBOM Generator tool to generate a report. The calling job template sets the version to run in the SBOM_GENERATOR_VERSION parameter.

Optional parameters:
sbom-flags:

SBOM generator options. See https://github.com/opensbom-generator/spdx-sbom-generator

Job Templates

Maven CLM

Produces a CLM scan of the code into Nexus IQ Server.

Template Names:
  • {project-name}-maven-clm-{stream}

  • gerrit-maven-clm

  • github-maven-clm

Comment Trigger:

run-clm

Required parameters:
build-node:

The node to run build on.

jenkins-ssh-credential:

Credential to use for SSH. (Generally configured in defaults.yaml)

mvn-settings:

The name of settings file containing credentials for the project.

Optional parameters:
branch:

The branch to build against. (default: master)

build-days-to-keep:

Days to keep build logs in Jenkins. (default: 7)

build-timeout:

Timeout in minutes before aborting build. (default: 60)

git-url:

URL clone project from. (default: $GIT_URL/$PROJECT)

java-version:

Version of Java to use for the build. (default: openjdk11)

mvn-global-settings:

The name of the Maven global settings to use for Maven configuration. (default: global-settings)

mvn-goals:

The maven goals to perform for the build. (default: clean install)

mvn-opts:

Sets MAVEN_OPTS to start up the JVM running Maven. (default: ‘’)

mvn-params:

Parameters to pass to the mvn CLI. (default: ‘’)

mvn-version:

Version of maven to use. (default: mvn35)

nexus-iq-namespace:

Insert a namespace to project AppID for projects that share a Nexus IQ system to avoid project name collision. We recommend inserting a trailing - dash if using this parameter. For example ‘odl-’. (default: ‘’)

nexus-iq-stage:

Sets the stage which the policy evaluation will run against on the Nexus IQ Server. (default: ‘build’)

stream:

Keyword that represents a release code-name. Often the same as the branch. (default: master)

submodule-recursive:

Whether to checkout submodules recursively. (default: true)

submodule-timeout:

Timeout (in minutes) for checkout operation. (default: 10)

submodule-disable:

Disable submodule checkout operation. (default: false)

gerrit_merge_triggers:

Override Gerrit Triggers.

Maven SNYK CLI

Builds the code, downloads and runs a Snyk CLI scan of the code into the Snyk dashboard.

Template Names:
  • {project-name}-maven-snyk-cli-{stream}

  • gerrit-maven-snyk-cli

  • github-maven-snyk-cli

Comment Trigger:

run-snyk

Required parameters:
build-node:

The node to run build on.

jenkins-ssh-credential:

Credential to use for SSH. (Generally configured in defaults.yaml)

mvn-settings:

The name of settings file containing credentials for the project.

snyk-token-credential-id:

Snyk API token to communicate with Jenkins.

snyk-org-credential-id:

Snyk organization ID.

Optional parameters:
branch:

The branch to build against. (default: master)

build-days-to-keep:

Days to keep build logs in Jenkins. (default: 7)

build-timeout:

Timeout in minutes before aborting build. (default: 60)

git-url:

URL clone project from. (default: $GIT_URL/$PROJECT)

java-version:

Version of Java to use for the build. (default: openjdk11)

mvn-global-settings:

The name of the Maven global settings to use for Maven configuration. (default: global-settings)

mvn-goals:

The maven goals to perform for the build. (default: clean install)

mvn-opts:

Sets MAVEN_OPTS to start up the JVM running Maven. (default: ‘’)

mvn-params:

Parameters to pass to the mvn CLI. (default: ‘’)

mvn-version:

Version of maven to use. (default: mvn35)

snyk-cli-options:

Snyk CLI options. (default: ‘’)

stream:

Keyword that represents a release code-name. Often the same as the branch. (default: master)

submodule-recursive:

Whether to checkout submodules recursively. (default: true)

submodule-timeout:

Timeout (in minutes) for checkout operation. (default: 10)

submodule-disable:

Disable submodule checkout operation. (default: false)

gerrit_snyk_triggers:

Override Gerrit Triggers.

Maven JavaDoc Publish

Produces and publishes javadocs for a Maven project.

Expects javadocs to be available in $WORKSPACE/target/site/apidocs, but overrideable with the mvn-dir parameter. If set, will search for javadocs in $WORKSPACE/{mvn-dir}/target/site/apidocs.

Template Names:
  • {project-name}-maven-javadoc-publish-{stream}-{java-version}

  • gerrit-maven-javadoc-publish

  • github-maven-javadoc-publish

Comment Trigger:

remerge

Required parameters:
build-node:

The node to run build on.

javadoc-path:

The path in Nexus to deploy javadoc to.

jenkins-ssh-credential:

Credential to use for SSH. (Generally configured in defaults.yaml)

mvn-settings:

The name of settings file containing credentials for the project.

mvn-site-id:

Maven Server ID from settings.xml to pull credentials from. (Note: This setting is generally configured in defaults.yaml.)

Optional parameters:
branch:

The branch to build against. (default: master)

build-days-to-keep:

Days to keep build logs in Jenkins. (default: 7)

build-timeout:

Timeout in minutes before aborting build. (default: 60)

git-url:

URL clone project from. (default: $GIT_URL/$PROJECT)

java-version:

Version of Java to use for the build. (default: openjdk11)

mvn-dir:

Directory supplied as argument to -f option (default: ‘.’)

mvn-global-settings:

The name of the Maven global settings to use for Maven configuration. (default: global-settings)

mvn-opts:

Sets MAVEN_OPTS to start up the JVM running Maven. (default: ‘’)

mvn-params:

Parameters to pass to the mvn CLI. (default: ‘’) Must not include a “-f” option; see parameter mvn-dir.

mvn-version:

Version of maven to use. (default: mvn35)

stream:

Keyword that represents a release code-name. Often the same as the branch. (default: master)

submodule-recursive:

Whether to checkout submodules recursively. (default: true)

submodule-timeout:

Timeout (in minutes) for checkout operation. (default: 10)

submodule-disable:

Disable submodule checkout operation. (default: false)

gerrit_merge_triggers:

Override Gerrit Triggers.

Maven JavaDoc Verify

Produces javadocs for a Maven project.

Expects javadocs to be available in $WORKSPACE/target/site/apidocs, but overrideable with the mvn-dir parameter. If set, will search for javadocs in $WORKSPACE/{mvn-dir}/target/site/apidocs.

Template Names:
  • {project-name}-maven-javadoc-verify-{stream}-{java-version}

  • gerrit-maven-javadoc-verify

  • github-maven-javadoc-verify

Comment Trigger:

recheck|reverify

Required parameters:
build-node:

The node to run build on.

jenkins-ssh-credential:

Credential to use for SSH. (Generally configured in defaults.yaml)

mvn-settings:

The name of settings file containing credentials for the project.

Optional parameters:
branch:

The branch to build against. (default: master)

build-days-to-keep:

Days to keep build logs in Jenkins. (default: 7)

build-timeout:

Timeout in minutes before aborting build. (default: 60)

deploy-path:

The path in Nexus to deploy javadoc to. (default: $PROJECT/$STREAM)

git-url:

URL clone project from. (default: $GIT_URL/$PROJECT)

java-version:

Version of Java to use for the build. (default: openjdk11)

mvn-dir:

Directory supplied as argument to -f option (default: ‘.’)

mvn-global-settings:

The name of the Maven global settings to use for Maven configuration. (default: global-settings)

mvn-opts:

Sets MAVEN_OPTS to start up the JVM running Maven. (default: ‘’)

mvn-params:

Parameters to pass to the mvn CLI. (default: ‘’) Must not include a “-f” option; see parameter mvn-dir.

mvn-version:

Version of maven to use. (default: mvn35)

stream:

Keyword that represents a release code-name. Often the same as the branch. (default: master)

submodule-recursive:

Whether to checkout submodules recursively. (default: true)

submodule-timeout:

Timeout (in minutes) for checkout operation. (default: 10)

submodule-disable:

Disable submodule checkout operation. (default: false)

gerrit_verify_triggers:

Override Gerrit Triggers.

Maven Merge

Merge job which runs mvn clean deploy to build a project.

This job pushes files to Nexus using cURL instead of allowing the Maven deploy goal to push the upload. This is to get around the issue that Maven deploy does not properly support uploading files at the end of the build and instead pushes as it goes. There exists a -Ddeploy-at-end feature but it does not work with extensions.

This job uses the following strategy to deploy jobs to Nexus:

  1. wget -r to fetch maven-metadata.xml from Nexus

  2. mvn deploy -DaltDeploymentRepository to prepare files for upload

  3. Removes untouched maven-metadata.xml files before upload

  4. Use lftools (cURL) upload script to push artifacts to Nexus

Template Names:
  • {project-name}-maven-merge-{stream}

  • gerrit-maven-merge

  • github-maven-merge

Comment Trigger:

remerge

Required parameters:
build-node:

The node to run build on.

jenkins-ssh-credential:

Credential to use for SSH. (Generally configured in defaults.yaml)

mvn-settings:

The name of settings file containing credentials for the project.

mvn-snapshot-id:

Maven Server ID from settings.xml to pull credentials from. (Note: This setting is generally configured in defaults.yaml.)

nexus-snapshot-repo:

The repository id of the Nexus snapshot repo to deploy to.

Optional parameters:
branch:

Git branch to fetch for the build. (default: master)

build-days-to-keep:

Days to keep build logs in Jenkins. (default: 7)

build-timeout:

Timeout in minutes before aborting build. (default: 60)

cron:

Cron schedule when to trigger the job. This parameter also supports multiline input via YAML pipe | character in cases where one may want to provide more than 1 cron timer. (default: ‘H H * * 0’ to run weekly)

git-url:

URL clone project from. (default: $GIT_URL/$PROJECT)

jacoco-exclude-pattern:

Ant-style patterns to exclude from Jacoco coverage report. (default: "**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**")

java-version:

Version of Java to use for the build. (default: openjdk11)

mvn-global-settings:

The name of the Maven global settings to use for Maven configuration. (default: global-settings)

mvn-opts:

Sets MAVEN_OPTS to start up the JVM running Maven. (default: ‘’)

mvn-params:

Parameters to pass to the mvn CLI. (default: ‘’)

mvn-version:

Version of maven to use. (default: mvn35)

nexus-cut-dirs:

Number of directories to cut from file path for wget -r.

pre-build-script:

Shell script to run before maven build. (default: a string with a shell comment)

post-build-script:

Shell script to run after maven build. (default: a string with a shell comment)

stream:

Keyword that represents a release code-name. Often the same as the branch. (default: master)

submodule-recursive:

Whether to checkout submodules recursively. (default: true)

submodule-timeout:

Timeout (in minutes) for checkout operation. (default: 10)

submodule-disable:

Disable submodule checkout operation. (default: false)

gerrit_merge_triggers:

Override Gerrit Triggers.

gerrit_trigger_file_paths:

Override file paths to filter which file modifications will trigger a build.

Maven Merge for Docker

Produces a snapshot docker image in a Nexus registry. Appropriate for Java projects that do not need to deploy any POM or JAR files.

Like the Maven Merge job as described above but logs in to Docker registries first and skips the lf-maven-deploy builder. The project POM file should invoke a plugin to build and push a Docker image. This pulls the base image from the registry in the environment variable CONTAINER_PULL_REGISTRY and pushes new image into the registry in the environment variable CONTAINER_PUSH_REGISTRY.

Template Names:
  • {project-name}-maven-docker-merge-{stream}

  • gerrit-maven-docker-merge

  • github-maven-docker-merge

Required parameters:
container-public-registry:

Docker registry source with base images.

container-snapshot-registry:

Docker registry target for the deploy action.

All other required and optional parameters are identical to the Maven Merge job described above.

Maven Stage

Produces a release candidate by creating a staging repo in Nexus.

The staging repo name is in the format PROJECT-NUMBER for example “aaa-1234”, “autorelease-2000”, “odlparent-1201”, etc…

This job runs a Maven build and deploys to $WORKSPACE/m2repo directory. This directory is then used later to deploy to Nexus.

Template Names:
  • {project-name}-maven-stage-{stream}

  • gerrit-maven-stage

  • github-maven-stage

Comment Trigger:

“stage-release” or “stage-maven-release”

Required parameters:
build-node:

The node to run build on.

jenkins-ssh-credential:

Credential to use for SSH. (Generally configured in defaults.yaml)

mvn-settings:

The name of settings file containing credentials for the project.

mvn-staging-id:

Maven Server ID from settings.xml to pull credentials from. (Note: This setting is generally configured in defaults.yaml.)

staging-profile-id:

Profile ID of the project’s Nexus staging profile.

Optional parameters:
archive-artifacts:

Artifacts to archive to the logs server (default: ‘’).

branch:

The branch to build against. (default: master)

build-days-to-keep:

Days to keep build logs in Jenkins. (default: 7)

build-timeout:

Timeout in minutes before aborting build. (default: 60)

cron:

Cron schedule when to trigger the job. This parameter also supports multiline input via YAML pipe | character in cases where one may want to provide more than 1 cron timer. (default: ‘’)

deploy-path:

The path in Nexus to deploy javadoc to. (default: $PROJECT/$STREAM)

git-url:

URL clone project from. (default: $GIT_URL/$PROJECT)

java-version:

Version of Java to use for the build. (default: openjdk11)

mvn-central:

Set to true to also stage to OSSRH. This is for projects that want to release to Maven Central. If set, then also set the parameter ossrh-profile-id. (default: false)

maven-versions-plugin:

Whether to call Maven versions plugin or not. (default: false)

mvn-global-settings:

The name of the Maven global settings to use for Maven configuration. (default: global-settings)

mvn-opts:

Sets MAVEN_OPTS to start up the JVM running Maven. (default: ‘’)

mvn-params:

Parameters to pass to the mvn CLI. (default: ‘’)

mvn-version:

Version of maven to use. (default: mvn35)

ossrh-profile-id:

Profile ID for project as provided by OSSRH. (default: ‘’)

sbom-flags:

SBOM generator options if using sbom-generator. See https://github.com/opensbom-generator/spdx-sbom-generator

sbom-generator:

Calls lf-infra-maven-sbom-generator to run the SPDX SBOM generator tool. (default: false)

sbom-generator-version:

SBOM generator version to download and run if using sbom-generator. (default: v0.0.10)

sbom-path:

SBOM execution path. (default: $WORKSPACE)

sign-artifacts:

Sign artifacts with Sigul. (default: false)

stream:

Keyword that represents a release code-name. Often the same as the branch. (default: master)

submodule-recursive:

Whether to checkout submodules recursively. (default: true)

submodule-timeout:

Timeout (in minutes) for checkout operation. (default: 10)

submodule-disable:

Disable submodule checkout operation. (default: false)

version-properties-file:

Name and path of the version properties file. (default: version.properties)

gerrit_release_triggers:

Override Gerrit Triggers.

gerrit_trigger_file_paths:

Override file paths to filter which file modifications will trigger a build.

Maven Stage for Docker

Produces a release candidate docker image in a Nexus registry. Appropriate for Java projects that do not need to deploy any POM or JAR files.

Like the Maven Stage job as described above but logs in to Docker registries first and skips the lf-maven-deploy builder. The project POM file should invoke a plugin to build and push a Docker image. This pulls the base image from the registry in the environment variable CONTAINER_PULL_REGISTRY and pushes new image into the registry in the environment variable CONTAINER_PUSH_REGISTRY.

Template Names:
  • {project-name}-maven-docker-stage-{stream}

  • gerrit-maven-docker-stage

  • github-maven-docker-stage

Comment Trigger:

“stage-release” or “stage-docker-release”

Required parameters:
container-public-registry:

Docker registry source with base images.

container-staging-registry:

Docker registry target for the deploy action.

Optional parameters:
gerrit_release_docker_triggers:

Override Gerrit Triggers.

All other required and optional parameters are identical to the Maven Stage job described above.

Maven Sonar

Sonar job which runs mvn clean install then publishes to Sonar.

This job purposely runs on the master branch and does not support multi-branch configuration.

Template Names:
  • {project-name}-sonar

  • gerrit-maven-sonar

  • github-maven-sonar

  • {project-name}-sonar-prescan-script

  • gerrit-maven-sonar-prescan-script

  • github-maven-sonar-prescan-script

Comment Trigger:

run-sonar

Required parameters:
build-node:

The node to run build on.

jenkins-ssh-credential:

Credential to use for SSH. (Generally configured in defaults.yaml)

mvn-settings:

The name of settings file containing credentials for the project.

sonar-prescan-script:

(maven-sonar-prescan-script jobs) A shell script to run before sonar scans.

Optional parameters:
build-days-to-keep:

Days to keep build logs in Jenkins. (default: 7)

build-timeout:

Timeout in minutes before aborting build. (default: 60)

cron:

Cron schedule when to trigger the job. This parameter also supports multiline input via YAML pipe | character in cases where one may want to provide more than 1 cron timer. (default: ‘H H * * 6’ to run weekly)

git-url:

URL clone project from. (default: $GIT_URL/$PROJECT)

java-version:

Version of Java to use for the Maven build. (default: openjdk11)

mvn-global-settings:

The name of the Maven global settings to use for Maven configuration. (default: global-settings)

mvn-goals:

The maven goals to perform for the build. (default: clean install)

mvn-opts:

Sets MAVEN_OPTS to start up the JVM running Maven. (default: ‘’)

mvn-params:

Parameters to pass to the mvn CLI. (default: ‘’)

mvn-version:

Version of maven to use. (default: mvn35)

sonar-mvn-goals:

Maven goals to run for sonar analysis. (default: sonar:sonar)

sonarcloud:

Set to true to use SonarCloud true|false. (default: false)

sonarcloud-project-key:

SonarCloud project key. (default: ‘’)

sonarcloud-project-organization:

SonarCloud project organization. (default: ‘’)

sonarcloud-api-token-cred-id:

Jenkins credential ID which has the SonarCloud API Token. This one SHOULDN’T be overwritten as we are standarizing the credential ID for all projects (default: ‘sonarcloud-api-token’)

sonarcloud-java-version:

Version of Java to use for the Sonar scan. (default: openjdk17)

stream:

Keyword that represents a release code-name. Often the same as the branch. (default: master)

submodule-recursive:

Whether to checkout submodules recursively. (default: true)

submodule-timeout:

Timeout (in minutes) for checkout operation. (default: 10)

submodule-disable:

Disable submodule checkout operation. (default: false)

scan-dev-branch:

Run the scan on a developer branch. (default: false)

gerrit_sonar_triggers:

Override Gerrit Triggers.

SonarCloud Example:

---
- project:
    name: example-sonarcloud
    jobs:
      - gerrit-maven-sonar

    project: "sonarcloud"
    project-name: "sonarcloud"
    branch: "master"
    mvn-settings: "sonarcloud-settings"
    mvn-opts: "-Xmx1024m"
    sonarcloud: true
    sonarcloud-project-key: KEY
    sonarcloud-project-organization: ORGANIZATION
    sonarcloud-api-token-cred-id: TOKEN
    scan-dev-branch: false
    sonarcloud-qualitygate-wait: false

- project:
    name: example-sonarcloud-with-prescan-script
    jobs:
      - gerrit-maven-sonar-prescan-script

    project: "sonarcloud"
    project-name: "sonarcloud"
    branch: "master"
    mvn-settings: "sonarcloud-settings"
    mvn-opts: "-Xmx1024m"
    sonarcloud: true
    sonarcloud-project-key: KEY
    sonarcloud-project-organization: ORGANIZATION
    sonarcloud-api-token-cred-id: TOKEN
    sonar-prescan-script: |
      echo "Run script at start of job."
    scan-dev-branch: false
    sonarcloud-qualitygate-wait: false

- project:
    name: example-sonarcloud-verify
    jobs:
      - gerrit-maven-sonar-verify

    project: "sonarcloud"
    project-name: "sonarcloud"
    branch: "master"
    mvn-settings: "sonarcloud-settings"
    mvn-opts: "-Xmx1024m"
    sonarcloud: true
    sonarcloud-project-key: KEY
    sonarcloud-project-organization: ORGANIZATION
    sonarcloud-api-token-cred-id: TOKEN
    scan-dev-branch: true
    sonarcloud-qualitygate-wait: true

Maven Sonar Verify

Sonar job which runs mvn clean install then publishes to Sonar.

This job runs on dev branches and its triggered on new patchsets.

Template Names:
  • {project-name}-sonar-verify

  • gerrit-maven-sonar-verify

Comment Trigger:

recheck|reverify

Required parameters:
build-node:

The node to run build on.

jenkins-ssh-credential:

Credential to use for SSH. (Generally configured in defaults.yaml)

mvn-settings:

The name of settings file containing credentials for the project.

Optional parameters:
build-days-to-keep:

Days to keep build logs in Jenkins. (default: 7)

build-timeout:

Timeout in minutes before aborting build. (default: 60)

git-url:

URL clone project from. (default: $GIT_URL/$PROJECT)

java-version:

Version of Java to use for the Maven build. (default: openjdk11)

mvn-global-settings:

The name of the Maven global settings to use for Maven configuration. (default: global-settings)

mvn-goals:

The maven goals to perform for the build. (default: clean install)

mvn-opts:

Sets MAVEN_OPTS to start up the JVM running Maven. (default: ‘’)

mvn-params:

Parameters to pass to the mvn CLI. (default: ‘’)

mvn-version:

Version of maven to use. (default: mvn35)

pre-build-script:

Shell script to run before maven build. (default: a string with a shell comment)

post-build-script:

Shell script to run after maven build. (default: a string with a shell comment)

sonar-mvn-goal:

Maven goals to run for sonar analysis. (default: sonar:sonar)

sonarcloud:

Set to true to use SonarCloud true|false. (default: true)

sonarcloud-project-key:

SonarCloud project key. (default: ‘’)

sonarcloud-project-organization:

SonarCloud project organization. (default: ‘’)

sonarcloud-api-token-cred-id:

Jenkins credential ID which has the SonarCloud API Token. This one SHOULDN’T be overwritten as we are standarizing the credential ID for all projects (default: ‘sonarcloud-api-token’)

sonarcloud-java-version:

Version of Java to use for the Sonar scan. (default: openjdk17)

sonarcloud-qualitygate-wait:

SonarCloud flag that forces the analysis step to wait for the quality gate result. (default: false)

stream:

Keyword that represents a release code-name. Often the same as the branch. (default: master)

submodule-recursive:

Whether to checkout submodules recursively. (default: true)

submodule-timeout:

Timeout (in minutes) for checkout operation. (default: 10)

submodule-disable:

Disable submodule checkout operation. (default: false)

scan-dev-branch:

Run the scan on a developer branch. (default: true)

gerrit_sonar_triggers:

Override Gerrit Triggers.

SonarCloud Example:

---
- project:
    name: example-sonarcloud
    jobs:
      - gerrit-maven-sonar

    project: "sonarcloud"
    project-name: "sonarcloud"
    branch: "master"
    mvn-settings: "sonarcloud-settings"
    mvn-opts: "-Xmx1024m"
    sonarcloud: true
    sonarcloud-project-key: KEY
    sonarcloud-project-organization: ORGANIZATION
    sonarcloud-api-token-cred-id: TOKEN
    scan-dev-branch: false
    sonarcloud-qualitygate-wait: false

- project:
    name: example-sonarcloud-with-prescan-script
    jobs:
      - gerrit-maven-sonar-prescan-script

    project: "sonarcloud"
    project-name: "sonarcloud"
    branch: "master"
    mvn-settings: "sonarcloud-settings"
    mvn-opts: "-Xmx1024m"
    sonarcloud: true
    sonarcloud-project-key: KEY
    sonarcloud-project-organization: ORGANIZATION
    sonarcloud-api-token-cred-id: TOKEN
    sonar-prescan-script: |
      echo "Run script at start of job."
    scan-dev-branch: false
    sonarcloud-qualitygate-wait: false

- project:
    name: example-sonarcloud-verify
    jobs:
      - gerrit-maven-sonar-verify

    project: "sonarcloud"
    project-name: "sonarcloud"
    branch: "master"
    mvn-settings: "sonarcloud-settings"
    mvn-opts: "-Xmx1024m"
    sonarcloud: true
    sonarcloud-project-key: KEY
    sonarcloud-project-organization: ORGANIZATION
    sonarcloud-api-token-cred-id: TOKEN
    scan-dev-branch: true
    sonarcloud-qualitygate-wait: true

Maven Verify

Verify job which runs mvn clean install to test a project build..

Template Names:
  • {project-name}-maven-verify-{stream}-{mvn-version}-{java-version}

  • gerrit-maven-verify

  • github-maven-verify

Comment Trigger:

recheck|reverify

Required parameters:
build-node:

The node to run build on.

jenkins-ssh-credential:

Credential to use for SSH. (Generally configured in defaults.yaml)

mvn-settings:

The name of settings file containing credentials for the project.

Optional parameters:
branch:

Git branch to fetch for the build. (default: master)

build-days-to-keep:

Days to keep build logs in Jenkins. (default: 7)

build-timeout:

Timeout in minutes before aborting build. (default: 60)

git-url:

URL clone project from. (default: $GIT_URL/$PROJECT)

java-version:

Version of Java to use for the build. (default: openjdk11)

mvn-global-settings:

The name of the Maven global settings to use for Maven configuration. (default: global-settings)

mvn-opts:

Sets MAVEN_OPTS to start up the JVM running Maven. (default: ‘’)

mvn-params:

Parameters to pass to the mvn CLI. (default: ‘’)

mvn-version:

Version of maven to use. (default: mvn35)

stream:

Keyword that represents a release code-name. Often the same as the branch. (default: master)

submodule-recursive:

Whether to checkout submodules recursively. (default: true)

submodule-timeout:

Timeout (in minutes) for checkout operation. (default: 10)

submodule-disable:

Disable submodule checkout operation. (default: false)

gerrit_verify_triggers:

Override Gerrit Triggers.

gerrit_trigger_file_paths:

Override file paths to filter which file modifications will trigger a build.

Maven Verify for Docker

Like the Maven Verify job as described above but logs in to Docker registries first. The project POM file should invoke a plugin to build a Docker image. This pulls the base image from the registry in the environment variable CONTAINER_PULL_REGISTRY.

Template Names:
  • {project-name}-maven-docker-verify-{stream}-{mvn-version}-{java-version}

  • gerrit-maven-docker-verify

  • github-maven-docker-verify

Required parameters:
container-public-registry:

Docker registry source with base images.

All other required and optional parameters are identical to the Maven Verify job described above.

Maven Verify w/ Dependencies

Verify job which runs mvn clean install to test a project build /w deps

This job’s purpose is to verify a patch in conjunction to a list of upstream patches it depends on. The user of this job can provide a list of patches via comment trigger.

Template Names:
  • {project-name}-maven-verify-deps-{stream}-{mvn-version}-{java-version}

  • gerrit-maven-verify-dependencies

Comment Trigger:

recheck: SPACE_SEPARATED_LIST_OF_PATCHES

Required parameters:
build-node:

The node to run build on.

jenkins-ssh-credential:

Credential to use for SSH. (Generally configured in defaults.yaml)

mvn-settings:

The name of settings file containing credentials for the project.

Optional parameters:
branch:

Git branch to fetch for the build. (default: master)

build-days-to-keep:

Days to keep build logs in Jenkins. (default: 7)

build-timeout:

Timeout in minutes before aborting build. (default: 60)

git-url:

URL clone project from. (default: $GIT_URL/$PROJECT)

java-version:

Version of Java to use for the build. (default: openjdk11)

mvn-global-settings:

The name of the Maven global settings to use for Maven configuration. (default: global-settings)

mvn-opts:

Sets MAVEN_OPTS to start up the JVM running Maven. (default: ‘’)

mvn-params:

Parameters to pass to the mvn CLI. (default: ‘’)

mvn-version:

Version of maven to use. (default: mvn35)

stream:

Keyword that represents a release code-name. Often the same as the branch. (default: master)

submodule-recursive:

Whether to checkout submodules recursively. (default: true)

submodule-timeout:

Timeout (in minutes) for checkout operation. (default: 10)

submodule-disable:

Disable submodule checkout operation. (default: false)

gerrit_verify_triggers:

Override Gerrit Triggers.

gerrit_trigger_file_paths:

Override file paths to filter which file modifications will trigger a build.