forked from jenkins-infra/repository-permissions-updater
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Jenkinsfile
101 lines (89 loc) · 4.08 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
def props = [
buildDiscarder(logRotator(numToKeepStr: '10'))
]
def triggers = []
def dryRun = true
if (!env.CHANGE_ID && (!env.BRANCH_NAME || env.BRANCH_NAME == 'master')) {
if (infra.isTrusted()) {
// only on trusted.ci, running on master is not a dry-run
dryRun = false
// Check for code change every 5 minutes as there are no webhooks on trusted.ci.jenkins.io
// The goal is to run RPU as soon as possible for any code change
triggers += pollSCM('H/5 * * * *')
// Run every 3 hours
triggers += cron('H H/3 * * *')
} else {
// elsewhere, it still should get built periodically
// apparently this spikes load on Artifactory pretty badly, so don't run often
triggers += cron('H H * * *')
}
}
props += pipelineTriggers(triggers)
properties(props)
// Temporary until maven-21 agents are available on trusted.ci
node('maven-21 || (java&&linux)') {
// Temporary until maven-21 agents are available on trusted.ci
withEnv(['JAVA_HOME=/opt/jdk-21','PATH+JDK21=/opt/jdk-21/bin']) {
try {
stage ('Clean') {
deleteDir()
sh 'ls -lah'
}
stage ('Checkout') {
checkout scm
}
stage ('Build') {
sh "mvn -U -B -ntp clean verify"
}
stage ('Run') {
def javaArgs = ' -DdefinitionsDir=$PWD/permissions' +
' -DartifactoryApiTempDir=$PWD/json' +
' -DartifactoryUserNamesJsonListUrl=https://reports.jenkins.io/artifactory-ldap-users-report.json' +
' -Djava.util.logging.SimpleFormatter.format="%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS %4$s: %5$s%6$s%n"' +
' -jar target/repository-permissions-updater-*-bin/repository-permissions-updater-*.jar'
if (dryRun) {
try {
withCredentials([
usernamePassword(credentialsId: 'jiraUser', passwordVariable: 'JIRA_PASSWORD', usernameVariable: 'JIRA_USERNAME')
]) {
sh 'java -DdryRun=true' + javaArgs
}
} catch(ignored) {
if (fileExists('checks-title.txt')) {
def title = readFile file: 'checks-title.txt', encoding: 'utf-8'
def summary = readFile file:'checks-details.txt', encoding: 'utf-8'
publishChecks conclusion: 'ACTION_REQUIRED',
name: 'Validation',
summary: summary,
title: title
}
throw ignored
}
publishChecks conclusion: 'SUCCESS',
name: 'Validation',
title: 'All checks passed'
} else {
withCredentials([
usernamePassword(credentialsId: 'jiraUser', passwordVariable: 'JIRA_PASSWORD', usernameVariable: 'JIRA_USERNAME'),
string(credentialsId: 'artifactoryAdminToken', variable: 'ARTIFACTORY_TOKEN'),
usernamePassword(credentialsId: 'jenkins-infra-bot-github-token', passwordVariable: 'GITHUB_TOKEN', usernameVariable: 'GITHUB_USERNAME')
]) {
retry(conditions: [agent(), nonresumable()], count: 2) {
sh 'java ' + javaArgs
}
}
}
}
} finally {
stage ('Archive') {
archiveArtifacts 'permissions/*.yml'
archiveArtifacts 'json/*.json'
if (infra.isTrusted()) {
dir('json') {
publishReports ([ 'issues.index.json', 'maintainers.index.json', 'github.index.json' ])
}
}
}
}
}
}