Feat: add CLM job that supports Golang

Issue: RELENG-5667 Signed-off-by: Kevin Sandi <[email protected]> Change-Id: I937774a1d7d0c0bfb52fc8b97b4379802b77c9d1
lfit · Jan 9, 2025 · 8f94bfd · 8f94bfd
1 parent efef6e2
commit 8f94bfd
Show file tree

Hide file tree

Showing 4 changed files with 250 additions and 0 deletions.
diff --git a/docs/jjb/lf-go-jobs.rst b/docs/jjb/lf-go-jobs.rst
@@ -14,6 +14,24 @@ Calls go-test.sh script against a Go project.
 
     :go-root: Path to the Go project root directory.
 
+lf-infra-nexus-iq-go-cli
+------------------------
+
+Calls nexus-iq-go-cli.sh to CLM scan a Go project.
+
+:Required Parameters:
+
+    :NEXUS_IQ_PROJECT_NAME: Nexus IQ project name that will receive the CLM scan results.
+
+install-golang
+--------------
+
+Installs the specified Golang version throuhg a plug-in.
+
+:Required Parameters:
+
+    :version: Golang version number to install.
+
 lf-go-common
 ------------
 
@@ -97,3 +115,44 @@ Job which runs go test ./... to verify a Go project.
     :gerrit_verify_triggers: Override Gerrit Triggers.
     :gerrit_trigger_file_paths: Override file paths to filter which file
         modifications will trigger a build.
+
+Go CLM
+------
+
+Job which runs a CLM scan over a Golang project.
+
+:Template Names:
+
+    - {project-name}-nexus-iq-go-clm
+    - gerrit-nexus-iq-go-clm
+
+:Comment Trigger: run-clm
+
+:Required parameters:
+
+    :build-node: The node to run build on.
+    :golang-version: Golang version you want to use for the CLM scan. (default: 1.23)
+
+:Optional parameters:
+
+    :jenkins-ssh-credential: Credential to use for SSH. (Generally configured in defaults.yaml)
+    :branch: Git branch to fetch for the build. (default: master)
+    :build-days-to-keep: Days to keep build logs in Jenkins. (default: 7)
+    :build-timeout: Timeout in minutes before aborting build. (default: 15)
+    :cron: cronjob frequency to run the job. (default: @weekly)
+    :disable-job: boolean flag to enable/disable the job (default: false)
+    :git-url: URL clone project from. (default: $GIT_URL/$PROJECT)
+    :java-version: Java version to run the Nexus scanner (default: openjdk17)
+    :nexus-iq-cli-version: version of the Nexus CLI scanner (default: 1.185.0-01)
+    :nexus-iq-namespace: prefix to append to the Nexus project name.
+        Recommend using a trailing dash when set. Example: "onap-". (default: "")
+    :nexus-target-build: file to use for the Nexus CLM scan (default: go.sum)
+    :pre-build-script: optional pre-build script.
+    :stream: Keyword that represents a release code-name.
+        Often the same as the branch. (default: master)
+    :submodule-recursive: Whether to checkout submodules recursively.
+        (default: true)
+    :submodule-timeout: Timeout (in minutes) for checkout operation.
+        (default: 10)
+    :submodule-disable: Disable submodule checkout operation.
+        (default: false)
diff --git a/jjb/lf-go-jobs.yaml b/jjb/lf-go-jobs.yaml
@@ -9,6 +9,27 @@
           properties-content: "GO_ROOT={go-root}"
       - shell: !include-raw-escape: ../shell/go-test.sh
 
+- builder:
+    name: lf-infra-nexus-iq-go-cli
+    builders:
+      - inject:
+          properties-content: |
+            NEXUS_IQ_PROJECT_NAME={nexus-iq-project-name}
+      - shell: !include-raw-escape: ../shell/nexus-iq-go-cli.sh
+
+############
+# WRAPPERS #
+############
+
+- wrapper:
+    name: install-golang
+    wrappers:
+      - raw:
+          xml: |
+            <org.jenkinsci.plugins.golang.GolangBuildWrapper plugin="golang">
+            <goVersion>Golang {version}</goVersion>
+            </org.jenkinsci.plugins.golang.GolangBuildWrapper>
+
 ####################
 # COMMON FUNCTIONS #
 ####################
@@ -303,3 +324,122 @@
           admin-list: "{obj:github_pr_admin_list}"
           white-list-target-branches:
             - "{branch}"
+
+#######################
+# Nexus IQ Golang CLM #
+#######################
+
+- _lf_nexus_iq_go_clm: &lf_nexus_iq_go_clm
+    name: lf-nexus-iq-go-clm
+
+    ######################
+    # Default parameters #
+    ######################
+
+    branch: master
+    build-days-to-keep: 7
+    build-timeout: 15
+    cron: "@weekly"
+    disable-job: false
+    git-url: "$GIT_URL/$PROJECT"
+    github-url: "https://github.com"
+    java-version: openjdk17 # Scanner is a jar
+    nexus-iq-cli-version: 1.185.0-01
+    nexus-iq-namespace: "" # Recommend a trailing dash when set. Example: odl-
+    nexus-target-build: "go.sum"
+    pre-build-script: "# pre-build script goes here"
+    stream: master
+    submodule-recursive: true
+    submodule-timeout: 10
+    submodule-disable: false
+    golang-version: "1.23"
+
+    #####################
+    # Job Configuration #
+    #####################
+
+    disabled: "{disable-job}"
+
+    parameters:
+      - lf-infra-parameters:
+          project: "{project}"
+          branch: "{branch}"
+          stream: "{stream}"
+      - string:
+          name: ARCHIVE_ARTIFACTS
+          default: "{archive-artifacts}"
+          description: Artifacts to archive to the logs server.
+      - string:
+          name: NEXUS_IQ_CLI_VERSION
+          default: "{nexus-iq-cli-version}"
+          description: Nexus IQ CLI jar to download and run.
+      - string:
+          name: NEXUS_TARGET_BUILD
+          default: "{nexus-target-build}"
+          description: File or dir to scan by Nexus CLI.
+
+    wrappers:
+      - lf-infra-wrappers:
+          build-timeout: "{build-timeout}"
+          jenkins-ssh-credential: "{jenkins-ssh-credential}"
+      - credentials-binding:
+          - username-password-separated:
+              credential-id: onap-nexus-clm
+              username: NEXUS_IQ_USER
+              password: NEXUS_IQ_PASSWORD
+      - install-golang:
+          version: "{golang-version}"
+
+    builders:
+      - lf-infra-pre-build
+      - lf-update-java-alternatives:
+          java-version: "{java-version}"
+      - shell: "{pre-build-script}"
+      - lf-infra-nexus-iq-go-cli:
+          nexus-iq-project-name: "{nexus-iq-namespace}{project-name}"
+
+- job-template:
+    name: "{project-name}-nexus-iq-go-clm"
+    id: gerrit-nexus-iq-go-clm
+    <<: *lf_go_common
+    <<: *lf_nexus_iq_go_clm
+
+    ######################
+    # Default parameters #
+    ######################
+
+    gerrit_nexus_iq_triggers:
+      - comment-added-contains-event:
+          comment-contains-value: '^Patch Set\s+\d+:\s+run-clm\s*$'
+
+    #####################
+    # Job Configuration #
+    #####################
+
+    scm:
+      - lf-infra-gerrit-scm:
+          jenkins-ssh-credential: "{jenkins-ssh-credential}"
+          git-url: "{git-url}"
+          refspec: "$GERRIT_REFSPEC"
+          branch: "$GERRIT_BRANCH"
+          submodule-recursive: "{submodule-recursive}"
+          submodule-timeout: "{submodule-timeout}"
+          submodule-disable: "{submodule-disable}"
+          choosing-strategy: default
+
+    triggers:
+      - timed: "{obj:cron}"
+      - gerrit:
+          server-name: "{gerrit-server-name}"
+          trigger-on: "{obj:gerrit_nexus_iq_triggers}"
+          projects:
+            - project-compare-type: ANT
+              project-pattern: "{project}"
+              branches:
+                - branch-compare-type: ANT
+                  branch-pattern: "**/{branch}"
+          skip-vote:
+            successful: true
+            failed: true
+            unstable: true
+            notbuilt: true
diff --git a/releasenotes/notes/add-go-clm-job-2c13b2e6f5220f40.yaml b/releasenotes/notes/add-go-clm-job-2c13b2e6f5220f40.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Add CLM job that scans Golang projects. This includes a new builder,
+    new macros and new template.
diff --git a/shell/nexus-iq-go-cli.sh b/shell/nexus-iq-go-cli.sh
@@ -0,0 +1,46 @@
+#!/bin/bash
+# SPDX-License-Identifier: EPL-1.0
+##############################################################################
+# Copyright (c) 2024 The Linux Foundation and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+##############################################################################
+echo "---> nexus-iq-go-cli.sh"
+# This script downloads the specified version of the nexus-iq-cli jar, uses it
+# to analyze the Go project dependencies then publishes the result to an LF
+# server using the specified credentials.
+
+# stop on error or unbound variable
+set -eu
+# do not print commands, credentials should not be logged
+set +x
+
+# shellcheck disable=SC1090
+. ~/lf-env.sh
+
+go version
+go mod tidy
+
+CLI_LOCATION="/tmp/nexus-iq-cli-${NEXUS_IQ_CLI_VERSION}.jar"
+echo "INFO: downloading nexus-iq-cli version $NEXUS_IQ_CLI_VERSION"
+wget -nv "https://download.sonatype.com/clm/scanner/nexus-iq-cli-${NEXUS_IQ_CLI_VERSION}.jar" -O "${CLI_LOCATION}"
+echo "-a" > cli-auth.txt
+echo "${NEXUS_IQ_USER}:${NEXUS_IQ_PASSWORD}" >> cli-auth.txt
+if [ -z "${NEXUS_TARGET_BUILD}" ]; then
+    echo "WARN: NEXUS_TARGET_BUILD has not been set"
+fi
+echo "INFO: running nexus-iq-cli on project $NEXUS_IQ_PROJECT_NAME and target: ${NEXUS_TARGET_BUILD}"
+
+# result.json is a mystery
+# Do NOT double-quote ${NEXUS_TARGET_BUILD} below; causes breakage
+# shellcheck disable=SC2086
+java -jar "${CLI_LOCATION}" @cli-auth.txt \
+    -s https://nexus-iq.wl.linuxfoundation.org -i "${NEXUS_IQ_PROJECT_NAME}" \
+    -t build -r result.json ${NEXUS_TARGET_BUILD}
+rm cli-auth.txt
+rm "${CLI_LOCATION}"
+
+echo "---> nexus-iq-go-cli.sh ends"