Skip to content

Commit

Permalink
prevent Jenkins builds on Dependabot PRs
Browse files Browse the repository at this point in the history
  • Loading branch information
@berezovskyi
berezovskyi authored Sep 21, 2024
1 parent 3a65310 commit dd32f16
Show file tree
Hide file tree
Showing 2 changed files with 159 additions and 147 deletions.
4 changes: 4 additions & 0 deletions .editorconfig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,7 @@ indent_size = 4
[*.{xml,html,js,yml,css}]
indent_style = space
indent_size = 2

[Jenkinsfile]
indent_style = space
indent_size = 2
302 changes: 155 additions & 147 deletions Jenkinsfile
View file
Original file line number Diff line number Diff line change
@@ -1,153 +1,161 @@
pipeline {
agent any
options {
timeout(time: 40, unit: 'MINUTES') // timeout on whole pipeline job
}
tools {
maven 'apache-maven-latest'
jdk 'temurin-jdk17-latest'
}
stages {
stage('SonarCloud') {
when {
triggeredBy 'SCMTrigger'
}
environment {
PROJECT_NAME = 'lyo'
}
steps {
withCredentials([string(credentialsId: 'sonarcloud-token', variable: 'SONARCLOUD_TOKEN')]) {
withSonarQubeEnv('SonarCloud.io') {
script {
def sonar_pr = ""
if(env.CHANGE_ID) {
sonar_pr += " -Dsonar.pullrequest.provider=GitHub -Dsonar.pullrequest.github.repository=eclipse/${env.PROJECT_NAME} -Dsonar.pullrequest.key=${env.CHANGE_ID} -Dsonar.pullrequest.branch=${env.CHANGE_BRANCH}"
}
sh '''
mvn clean verify -B org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
-Dsonar.projectKey=org.eclipse.lyo -Dsonar.organization=eclipse -Dsonar.host.url=${SONAR_HOST_URL} -Dsonar.token=${SONARCLOUD_TOKEN}''' + sonar_pr
}
}
}
}
}
stage('Publish (OSSRH)') {
when {
triggeredBy 'SCMTrigger'
anyOf {
branch 'master'
branch 'main'
branch 'maint-*'
}
}
steps {
withCredentials([file(credentialsId: 'secret-subkeys.asc', variable: 'KEYRING')]) {
sh 'gpg --batch --import "${KEYRING}"'
sh 'for fpr in $(gpg --list-keys --with-colons | awk -F: \'/fpr:/ {print $10}\' | sort -u); do echo -e "5\ny\n" | gpg --batch --command-fd 0 --expert --edit-key ${fpr} trust; done'
}
sh '''
mvn -B -fae clean install -DskipTests javadoc:aggregate \
-P dev,gpg-sign,!eclipse-deploy,ossrh-deploy
mvn -B deploy -DskipTests -Dmaven.install.skip=true \
-P dev,gpg-sign,!eclipse-deploy,ossrh-deploy
'''
}
}
stage('Publish (Javadocs)') {
when {
anyOf {
branch 'master'
branch 'main'
branch 'maint-*'
}
}
steps {
sshagent(['projects-storage.eclipse.org-bot-ssh']) {
sh '''
DOCS_HOME=/home/data/httpd/download.eclipse.org/lyo/docs/all
VERSION=$(mvn -q \
-Dexec.executable="echo" \
-Dexec.args='${project.version}' \
--non-recursive \
org.codehaus.mojo:exec-maven-plugin:1.3.1:exec | tail -n 1 | xargs)
# see https://github.com/eclipse/lyo.core/issues/135 for the tail/xargs temp fix
agent any
options {
timeout(time: 40, unit: 'MINUTES') // timeout on whole pipeline job
}
tools {
maven 'apache-maven-latest'
jdk 'temurin-jdk17-latest'
}
stages {
stage('SonarCloud') {
when {
allOf {
triggeredBy 'SCMTrigger'
not {
environment name: 'CHANGE_AUTHOR', value: 'dependabot[bot]'
}
not {
environment name: 'CHANGE_AUTHOR', value: 'dependabot-preview[bot]'
}
}
}
environment {
PROJECT_NAME = 'lyo'
}
steps {
withCredentials([string(credentialsId: 'sonarcloud-token', variable: 'SONARCLOUD_TOKEN')]) {
withSonarQubeEnv('SonarCloud.io') {
script {
def sonar_pr = ""
if(env.CHANGE_ID) {
sonar_pr += " -Dsonar.pullrequest.provider=GitHub -Dsonar.pullrequest.github.repository=eclipse/${env.PROJECT_NAME} -Dsonar.pullrequest.key=${env.CHANGE_ID} -Dsonar.pullrequest.branch=${env.CHANGE_BRANCH}"
}
sh '''
mvn clean verify -B org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
-Dsonar.projectKey=org.eclipse.lyo -Dsonar.organization=eclipse -Dsonar.host.url=${SONAR_HOST_URL} -Dsonar.token=${SONARCLOUD_TOKEN}''' + sonar_pr
}
}
}
}
}
stage('Publish (OSSRH)') {
when {
triggeredBy 'SCMTrigger'
anyOf {
branch 'master'
branch 'main'
branch 'maint-*'
}
}
steps {
withCredentials([file(credentialsId: 'secret-subkeys.asc', variable: 'KEYRING')]) {
sh 'gpg --batch --import "${KEYRING}"'
sh 'for fpr in $(gpg --list-keys --with-colons | awk -F: \'/fpr:/ {print $10}\' | sort -u); do echo -e "5\ny\n" | gpg --batch --command-fd 0 --expert --edit-key ${fpr} trust; done'
}
sh '''
mvn -B -fae clean install -DskipTests javadoc:aggregate \
-P dev,gpg-sign,!eclipse-deploy,ossrh-deploy
mvn -B deploy -DskipTests -Dmaven.install.skip=true \
-P dev,gpg-sign,!eclipse-deploy,ossrh-deploy
'''
}
}
stage('Publish (Javadocs)') {
when {
anyOf {
branch 'master'
branch 'main'
branch 'maint-*'
}
}
steps {
sshagent(['projects-storage.eclipse.org-bot-ssh']) {
sh '''
DOCS_HOME=/home/data/httpd/download.eclipse.org/lyo/docs/all
VERSION=$(mvn -q \
-Dexec.executable="echo" \
-Dexec.args='${project.version}' \
--non-recursive \
org.codehaus.mojo:exec-maven-plugin:1.3.1:exec | tail -n 1 | xargs)
# see https://github.com/eclipse/lyo.core/issues/135 for the tail/xargs temp fix
ssh genie.lyo@projects-storage.eclipse.org rm -rf $DOCS_HOME/$VERSION
ssh genie.lyo@projects-storage.eclipse.org mkdir -p $DOCS_HOME/$VERSION
scp -rp target/site/apidocs/ genie.lyo@projects-storage.eclipse.org:$DOCS_HOME/$VERSION
'''
}
}
}
stage('Publish (Eclipse)') {
when {
triggeredBy 'SCMTrigger'
anyOf {
branch 'master'
branch 'main'
branch 'maint-*'
}
}
steps {
sh '''
mvn -B deploy -DskipTests -Dmaven.install.skip=true \
-P dev,gpg-sign,eclipse-deploy
'''
// sh 'gpg --verify my-app/target/my-app-1.0-SNAPSHOT.jar.asc'
sshagent(['projects-storage.eclipse.org-bot-ssh']) {
sh '''
DOCS_HOME=/home/data/httpd/download.eclipse.org/lyo/docs/all
VERSION=$(mvn -q \
-Dexec.executable="echo" \
-Dexec.args='${project.version}' \
--non-recursive \
org.codehaus.mojo:exec-maven-plugin:1.3.1:exec | tail -n 1 | xargs)
# see https://github.com/eclipse/lyo.core/issues/135 for the tail/xargs temp fix
ssh genie.lyo@projects-storage.eclipse.org rm -rf $DOCS_HOME/$VERSION
ssh genie.lyo@projects-storage.eclipse.org mkdir -p $DOCS_HOME/$VERSION
scp -rp target/site/apidocs/ genie.lyo@projects-storage.eclipse.org:$DOCS_HOME/$VERSION
'''
}
}
}
stage('Publish (Eclipse)') {
when {
triggeredBy 'SCMTrigger'
anyOf {
branch 'master'
branch 'main'
branch 'maint-*'
}
}
steps {
sh '''
mvn -B deploy -DskipTests -Dmaven.install.skip=true \
-P dev,gpg-sign,eclipse-deploy
'''
// sh 'gpg --verify my-app/target/my-app-1.0-SNAPSHOT.jar.asc'
sshagent(['projects-storage.eclipse.org-bot-ssh']) {
sh '''
DOCS_HOME=/home/data/httpd/download.eclipse.org/lyo/docs/all
VERSION=$(mvn -q \
-Dexec.executable="echo" \
-Dexec.args='${project.version}' \
--non-recursive \
org.codehaus.mojo:exec-maven-plugin:1.3.1:exec | tail -n 1 | xargs)
# see https://github.com/eclipse/lyo.core/issues/135 for the tail/xargs temp fix
ssh genie.lyo@projects-storage.eclipse.org rm -rf $DOCS_HOME/$VERSION
ssh genie.lyo@projects-storage.eclipse.org mkdir -p $DOCS_HOME/$VERSION
scp -rp target/site/apidocs/ genie.lyo@projects-storage.eclipse.org:$DOCS_HOME/$VERSION
'''
}
}
}
stage('Publish HEAD Javadocs') {
when {
triggeredBy 'SCMTrigger'
branch 'master'
}
steps {
sshagent(['projects-storage.eclipse.org-bot-ssh']) {
sh '''
DOCS_HOME=/home/data/httpd/download.eclipse.org/lyo/docs/all
VERSION=$(mvn -q \
-Dexec.executable="echo" \
-Dexec.args='${project.version}' \
--non-recursive \
org.codehaus.mojo:exec-maven-plugin:1.3.1:exec | tail -n 1 | xargs)
# see https://github.com/eclipse/lyo.core/issues/135 for the tail/xargs temp fix
ssh genie.lyo@projects-storage.eclipse.org rm -rf $DOCS_HOME/$VERSION
ssh genie.lyo@projects-storage.eclipse.org mkdir -p $DOCS_HOME/$VERSION
scp -rp target/site/apidocs/ genie.lyo@projects-storage.eclipse.org:$DOCS_HOME/$VERSION
'''
}
}
}
stage('Publish HEAD Javadocs') {
when {
triggeredBy 'SCMTrigger'
branch 'master'
}
steps {
sshagent(['projects-storage.eclipse.org-bot-ssh']) {
sh '''
DOCS_HOME=/home/data/httpd/download.eclipse.org/lyo/docs/all
VERSION=$(mvn -q \
-Dexec.executable="echo" \
-Dexec.args='${project.version}' \
--non-recursive \
org.codehaus.mojo:exec-maven-plugin:1.3.1:exec | tail -n 1 | xargs)
# see https://github.com/eclipse/lyo.core/issues/135 for the tail/xargs temp fix
ssh genie.lyo@projects-storage.eclipse.org rm -rf $DOCS_HOME/latest
ssh genie.lyo@projects-storage.eclipse.org mkdir -p $DOCS_HOME/latest
scp -rp target/site/apidocs/ genie.lyo@projects-storage.eclipse.org:$DOCS_HOME/latest
'''
}
}
ssh genie.lyo@projects-storage.eclipse.org rm -rf $DOCS_HOME/latest
ssh genie.lyo@projects-storage.eclipse.org mkdir -p $DOCS_HOME/latest
scp -rp target/site/apidocs/ genie.lyo@projects-storage.eclipse.org:$DOCS_HOME/latest
'''
}
}
post {
// send a mail on unsuccessful and fixed builds
unsuccessful { // means unstable || failure || aborted
emailext subject: 'Build $BUILD_STATUS $PROJECT_NAME #$BUILD_NUMBER!',
body: '''Check console output at $BUILD_URL to view the results.''',
recipientProviders: [culprits(), requestor()],
to: 'andrew+ham@berezovskyi.me'
}
fixed { // back to normal
emailext subject: 'Build $BUILD_STATUS $PROJECT_NAME #$BUILD_NUMBER!',
body: '''Check console output at $BUILD_URL to view the results.''',
recipientProviders: [culprits(), requestor()],
to: 'andrew+ham@berezovskyi.me'
}
}
}
}
}
post {
// send a mail on unsuccessful and fixed builds
unsuccessful { // means unstable || failure || aborted
emailext subject: 'Build $BUILD_STATUS $PROJECT_NAME #$BUILD_NUMBER!',
body: '''Check console output at $BUILD_URL to view the results.''',
recipientProviders: [culprits(), requestor()],
to: 'andrew+ham@berezovskyi.me'
}
fixed { // back to normal
emailext subject: 'Build $BUILD_STATUS $PROJECT_NAME #$BUILD_NUMBER!',
body: '''Check console output at $BUILD_URL to view the results.''',
recipientProviders: [culprits(), requestor()],
to: 'andrew+ham@berezovskyi.me'
}
}
}

0 comments on commit dd32f16

Please sign in to comment.