Skip to Content

Changes for page Jenkins Shared Library

Last modified by Boris Folgmann on 2025/11/03 09:41
From version 6.10
edited by Boris Folgmann
on 2025/11/03 09:14
Change comment: There is no comment for this version
To version 3.1
edited by Boris Folgmann
on 2025/07/09 16:16
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -26,9 +26,8 @@
26 26  1. Checking out the source code from git.
27 27  1. If a pom.xml is found your favorite JDK is selected, by default jdk11. Then a maven build is done.
28 28  1. If there's no pom.xml but a package.json is found a nodejs build is done.
29 -1. If there is no pom.xml or package.json but a go.mod file, a go build is done.
30 30  1. Then the following stages are executed in parallel
31 -11. Analysis: For maven projects the Java source code is checked by checkstyle, pmd and spotbugs. Furthermore the job output will be checked for any warnings generated by maven, javac or javadoc. If Python modules (.py files) exist in the git repository they will be analyzed using pylint and flake8. If pylint or flake8 are not available on the Jenkins agent the steps will be skipped. Python files that are generated or downloaded into the workspace will not be checked. The results will be displayed on the classical Jenkins build page after the build. For Go projects, the Go test tool is used to run all tests and produce a coverage output file for SonarQube. Additionally, the gotestsum tool is used to produce a report which is picked up by Jenkins.</dd>
30 +11. Analysis: For maven projects the Java source code is checked by checkstyle, pmd and spotbugs. Furthermore the job output will be checked for any warnings generated by maven, javac or javadoc. If Python modules (.py files) exist in the git repository they will be analyzed using pylint and flake8. If pylint or flake8 are not available on the Jenkins agent the steps will be skipped. Python files that are generated or downloaded into the workspace will not be checked. The results will be displayed on the classical Jenkins build page after the build.
32 32  11. Security: If it's not a feature or bugfix branch a dependency check is done which checks if e.g. libraries are used which have known vulnerabilities. The results will be displayed in Jenkins after the build.
33 33  11. Docker: this will also work for projects which are neither maven or nodejs. A Dockerfile is enough to trigger this part of the pipeline.
34 34  111. If a Dockerfile is found a docker image is built.
... ... @@ -126,14 +126,8 @@
126 126  )))|(((
127 127  'npm install && npm run build ~-~-prod'
128 128  )))|(((
129 -npm command to execute for building Node.JS projects.
128 +npm command to execute for building Node.JS projects.
130 130  )))
131 -|= |go|'go'|Golang version to use.
132 -Refers to a symbolic name of a go tool configuration in Jenkins.
133 -|= |goBuildCommand|(((
134 -'go build -o app cmd/server/main.go'
135 -)))|go build run. Should be overridden for your project.
136 -|= |goTestCommand|'gotestsum ~-~-format pkgname ~-~-junitfile report.xml ~-~- -failfast -race -coverprofile=coverage.out -tags=test ./...'|Runs gotestsum tool which in turn calls 'go test' for all packages in the project. Should be overridden for your project. The gotestsum tool is available out-of-the-box and produces a report file which is picked up by Jenkins automatically.
137 137  |=(% rowspan="10" %)(((
138 138  Docker build
139 139  )))|(((
... ... @@ -312,11 +312,9 @@
312 312  |(((
313 313  helmRegistry
314 314  )))|(((
315 -Helm registry of your DOaaS instance, which is usally 'https:~/~/registry-CUSTOMER.devops.t-systems.net/chartrepo/PROJECTKEY'
308 +Nexus registry of your DOaaS instance
316 316  )))|(((
317 -Helm registry to which the packaged Helm chart is uploaded.
318 -
319 -
310 +Name of registry to which the packaged Helm chart is uploaded.
320 320  )))
321 321  |(((
322 322  helmRegistryCredentialsId
... ... @@ -355,7 +355,7 @@
355 355  )))|(((
356 356  Id of the Jenkins Credentials for signers private keyfile.
357 357  )))
358 -|=(% colspan="1" rowspan="13" %)(((
349 +|=(% colspan="1" rowspan="12" %)(((
359 359  Static Source Code Analysis
360 360  )))|(((
361 361  checkstyleConfig
... ... @@ -388,13 +388,10 @@
388 388  )))|(((
389 389  Defines which named dependency-check tool should be used.
390 390  )))
391 -|dependencyCheckMvnArgs|'-DassemblyAnalyzerEnabled=false'|Additional arguments which are be passed to dependency-check for maven projects.(((
392 -See [[Dependency Check Maven Configuration>>https://jeremylong.github.io/DependencyCheck/dependency-check-maven/configuration.html]] for more information.
393 -)))
394 394  |(((
395 395  dependencyCheckArgs
396 396  )))|(((
397 -'~-~-disableAssembly'
385 +'~-~-disableAssembly ~-~-nvdValidForHours 720'
398 398  )))|(((
399 399  Addtional arguments which are be passed to dependency-check. See [[Dependency>>url:https://jeremylong.github.io/DependencyCheck/dependency-check-cli/arguments.html||shape="rect"]][[ Check CLI Arguments>>url:https://jeremylong.github.io/DependencyCheck/dependency-check-cli/arguments.html||shape="rect"]] for more information.
400 400  )))
... ... @@ -456,23 +456,6 @@
456 456  |sonarQualityGate| |Sets the desired quality gate to use for the scan result in SonarQube.
457 457  If not specified, the quality gate is not changed.
458 458  As a default, SonarQube will use the quality gate "Sonar way" for new scan results.
459 -|=(% colspan="1" %)Dependency Check|skipDependencyCheck|false|Set to true to skip the dependency-check.
460 -|=(% colspan="1" %) |dependencyCheckTool|'dependency-check'|Defines which named dependency-check tool should be used.
461 -|=(% colspan="1" %) |dependencyCheckMvnArgs|'-DassemblyAnalyzerEnabled=false'|Additional arguments which are be passed to dependency-check for maven projects.(((
462 -See [[Dependency Check Maven Configuration>>https://jeremylong.github.io/DependencyCheck/dependency-check-maven/configuration.html]] for more information.
463 -)))
464 -|=(% colspan="1" %) |dependencyCheckArgs|'~-~-disableAssembly'|Addtional arguments which are be passed to dependency-check. See [[Dependency>>url:https://jeremylong.github.io/DependencyCheck/dependency-check-cli/arguments.html||shape="rect"]][[ Check CLI Arguments>>url:https://jeremylong.github.io/DependencyCheck/dependency-check-cli/arguments.html||shape="rect"]] for more information.
465 -|=(% colspan="1" %) |dependencyCheckNvdApiKeyCredentialsId|'dependency-check-nvdapikey'|If you have your own NVD API Key, set it as a credential of type text in Jenkins. Then specify the credential id using this argument. It will be automatically passed to dependency-check. There will be no error if no credential is found. Just the NVD download will be slower. Please note, on DevOps-as-a-Service a shared NVD API Key is automatically supplied for the default credential id.
466 -|=(% colspan="1" rowspan="2" %)Dependency Track|depTrackCredentialsId|'PROJECTKEY-deptrack-projectcreator'|(((
467 -Id of the Jenkins Credential which has to be used to authenticate to Dependency Track for publishing the SBOM.
468 -)))
469 -|depTrackClassifier|'application'|The component type (e.g. application, library, firmware, ...) that should be set in the SBOM file.
470 -Will be later shown as classifier for the project in Dependency Track.
471 -See [[CycloneDX Metadata Component Type>>https://cyclonedx.org/docs/1.6/json/#metadata_component_type]] for supported values.
472 -|=(% colspan="1" rowspan="2" %)Trivy|trivySeverity|'High'|String which sets the minimum severity of Trivy findings that has to be reached to mark the Trivy Results stage as unstable.
473 -Possible values are: "None", "Unknown", "Negligible", "Low", "Medium", "High", "Critical".
474 -|trivyBuildResult|'SUCCESS'|String which sets the overall build result when the result of the Trivy scan reaches trivyServerity.
475 -Possible values are: "SUCCESS", "UNSTABLE" or "FAILURE"
476 476  |=(% rowspan="7" %)(((
477 477  Deployment
478 478  )))|(((
© 2018-2025 T-Systems International GmbH