Jenkinsfile 9.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246
  1. def projectProperties = [
  2. [$class: 'BuildDiscarderProperty',
  3. strategy: [$class: 'LogRotator', numToKeepStr: '5']],
  4. pipelineTriggers([cron('@daily')])
  5. ]
  6. properties(projectProperties)
  7. def SUCCESS = hudson.model.Result.SUCCESS.toString()
  8. currentBuild.result = SUCCESS
  9. def GRADLE_ENTERPRISE_CACHE_USER = usernamePassword(credentialsId: 'gradle_enterprise_cache_user',
  10. passwordVariable: 'GRADLE_ENTERPRISE_CACHE_PASSWORD',
  11. usernameVariable: 'GRADLE_ENTERPRISE_CACHE_USERNAME')
  12. def GRADLE_ENTERPRISE_SECRET_ACCESS_KEY = string(credentialsId: 'gradle_enterprise_secret_access_key',
  13. variable: 'GRADLE_ENTERPRISE_ACCESS_KEY')
  14. def SPRING_SIGNING_SECRING = file(credentialsId: 'spring-signing-secring.gpg', variable: 'SIGNING_KEYRING_FILE')
  15. def SPRING_GPG_PASSPHRASE = string(credentialsId: 'spring-gpg-passphrase', variable: 'SIGNING_PASSWORD')
  16. def OSSRH_S01_CREDENTIALS = usernamePassword(credentialsId: 'oss-s01-token', passwordVariable: 'OSSRH_S01_TOKEN_PASSWORD', usernameVariable: 'OSSRH_S01_TOKEN_USERNAME')
  17. def ARTIFACTORY_CREDENTIALS = usernamePassword(credentialsId: '02bd1690-b54f-4c9f-819d-a77cb7a9822c', usernameVariable: 'ARTIFACTORY_USERNAME', passwordVariable: 'ARTIFACTORY_PASSWORD')
  18. def JENKINS_PRIVATE_SSH_KEY = file(credentialsId: 'docs.spring.io-jenkins_private_ssh_key', variable: 'DEPLOY_SSH_KEY')
  19. def SONAR_LOGIN_CREDENTIALS = string(credentialsId: 'spring-sonar.login', variable: 'SONAR_LOGIN')
  20. def JENKINS_USER='-Duser.name="spring-builds+jenkins"'
  21. def jdkEnv(String jdk = 'jdk8') {
  22. def jdkTool = tool(jdk)
  23. return "JAVA_HOME=${ jdkTool }"
  24. }
  25. try {
  26. parallel check: {
  27. stage('Check') {
  28. node {
  29. checkout scm
  30. sh "git clean -dfx"
  31. try {
  32. withCredentials([GRADLE_ENTERPRISE_CACHE_USER,
  33. GRADLE_ENTERPRISE_SECRET_ACCESS_KEY,
  34. ARTIFACTORY_CREDENTIALS]) {
  35. withEnv([jdkEnv(),
  36. "GRADLE_ENTERPRISE_CACHE_USERNAME=${GRADLE_ENTERPRISE_CACHE_USERNAME}",
  37. "GRADLE_ENTERPRISE_CACHE_PASSWORD=${GRADLE_ENTERPRISE_CACHE_PASSWORD}",
  38. "GRADLE_ENTERPRISE_ACCESS_KEY=${GRADLE_ENTERPRISE_ACCESS_KEY}"]) {
  39. sh "./gradlew check $JENKINS_USER -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD --stacktrace"
  40. }
  41. }
  42. } catch(Exception e) {
  43. currentBuild.result = 'FAILED: check'
  44. throw e
  45. } finally {
  46. junit '**/build/test-results/*/*.xml'
  47. }
  48. }
  49. }
  50. },
  51. sonar: {
  52. stage('Sonar') {
  53. node {
  54. checkout scm
  55. sh "git clean -dfx"
  56. withCredentials([SONAR_LOGIN_CREDENTIALS,
  57. GRADLE_ENTERPRISE_CACHE_USER,
  58. GRADLE_ENTERPRISE_SECRET_ACCESS_KEY,
  59. ARTIFACTORY_CREDENTIALS]) {
  60. try {
  61. withEnv([jdkEnv(),
  62. "GRADLE_ENTERPRISE_CACHE_USERNAME=${GRADLE_ENTERPRISE_CACHE_USERNAME}",
  63. "GRADLE_ENTERPRISE_CACHE_PASSWORD=${GRADLE_ENTERPRISE_CACHE_PASSWORD}",
  64. "GRADLE_ENTERPRISE_ACCESS_KEY=${GRADLE_ENTERPRISE_ACCESS_KEY}"]) {
  65. if ("master" == env.BRANCH_NAME) {
  66. sh "./gradlew $JENKINS_USER sonarqube -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD -PexcludeProjects='**/samples/**' -Dsonar.host.url=$SPRING_SONAR_HOST_URL -Dsonar.login=$SONAR_LOGIN --stacktrace"
  67. } else {
  68. sh "./gradlew $JENKINS_USER sonarqube -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD -PexcludeProjects='**/samples/**' -Dsonar.projectKey='spring-security-${env.BRANCH_NAME}' -Dsonar.projectName='spring-security-${env.BRANCH_NAME}' -Dsonar.host.url=$SPRING_SONAR_HOST_URL -Dsonar.login=$SONAR_LOGIN --stacktrace"
  69. }
  70. }
  71. } catch(Exception e) {
  72. currentBuild.result = 'FAILED: sonar'
  73. throw e
  74. }
  75. }
  76. }
  77. }
  78. },
  79. snapshots: {
  80. stage('Snapshot Tests') {
  81. node {
  82. checkout scm
  83. sh "git clean -dfx"
  84. try {
  85. withCredentials([GRADLE_ENTERPRISE_CACHE_USER,
  86. GRADLE_ENTERPRISE_SECRET_ACCESS_KEY,
  87. ARTIFACTORY_CREDENTIALS]) {
  88. withEnv([jdkEnv(),
  89. "GRADLE_ENTERPRISE_CACHE_USERNAME=${GRADLE_ENTERPRISE_CACHE_USERNAME}",
  90. "GRADLE_ENTERPRISE_CACHE_PASSWORD=${GRADLE_ENTERPRISE_CACHE_PASSWORD}",
  91. "GRADLE_ENTERPRISE_ACCESS_KEY=${GRADLE_ENTERPRISE_ACCESS_KEY}"]) {
  92. sh "./gradlew $JENKINS_USER test -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD -PforceMavenRepositories=snapshot -PspringVersion='5.2.+' -PreactorVersion=Dysprosium-BUILD-SNAPSHOT -PspringDataVersion=Lovelace-BUILD-SNAPSHOT -PlocksDisabled --refresh-dependencies --no-daemon --stacktrace"
  93. }
  94. }
  95. } catch(Exception e) {
  96. currentBuild.result = 'FAILED: snapshots'
  97. throw e
  98. }
  99. }
  100. }
  101. },
  102. jdk11: {
  103. stage('JDK 11') {
  104. node {
  105. checkout scm
  106. sh "git clean -dfx"
  107. try {
  108. withCredentials([GRADLE_ENTERPRISE_CACHE_USER,
  109. GRADLE_ENTERPRISE_SECRET_ACCESS_KEY,
  110. ARTIFACTORY_CREDENTIALS]) {
  111. withEnv([jdkEnv("jdk11"),
  112. "GRADLE_ENTERPRISE_CACHE_USERNAME=${GRADLE_ENTERPRISE_CACHE_USERNAME}",
  113. "GRADLE_ENTERPRISE_CACHE_PASSWORD=${GRADLE_ENTERPRISE_CACHE_PASSWORD}",
  114. "GRADLE_ENTERPRISE_ACCESS_KEY=${GRADLE_ENTERPRISE_ACCESS_KEY}"]) {
  115. sh "./gradlew $JENKINS_USER test -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD --stacktrace"
  116. }
  117. }
  118. } catch(Exception e) {
  119. currentBuild.result = 'FAILED: jdk11'
  120. throw e
  121. }
  122. }
  123. }
  124. },
  125. jdk12: {
  126. stage('JDK 12') {
  127. node {
  128. checkout scm
  129. sh "git clean -dfx"
  130. try {
  131. withCredentials([GRADLE_ENTERPRISE_CACHE_USER,
  132. GRADLE_ENTERPRISE_SECRET_ACCESS_KEY,
  133. ARTIFACTORY_CREDENTIALS]) {
  134. withEnv([jdkEnv("openjdk12"),
  135. "GRADLE_ENTERPRISE_CACHE_USERNAME=${GRADLE_ENTERPRISE_CACHE_USERNAME}",
  136. "GRADLE_ENTERPRISE_CACHE_PASSWORD=${GRADLE_ENTERPRISE_CACHE_PASSWORD}",
  137. "GRADLE_ENTERPRISE_ACCESS_KEY=${GRADLE_ENTERPRISE_ACCESS_KEY}"]) {
  138. sh "./gradlew $JENKINS_USER test -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD --stacktrace"
  139. }
  140. }
  141. } catch(Exception e) {
  142. currentBuild.result = 'FAILED: jdk12'
  143. throw e
  144. }
  145. }
  146. }
  147. }
  148. if(currentBuild.result == 'SUCCESS') {
  149. parallel artifacts: {
  150. stage('Deploy Artifacts') {
  151. node {
  152. checkout scm
  153. sh "git clean -dfx"
  154. withCredentials([SPRING_SIGNING_SECRING,
  155. SPRING_GPG_PASSPHRASE,
  156. OSSRH_S01_CREDENTIALS,
  157. ARTIFACTORY_CREDENTIALS,
  158. GRADLE_ENTERPRISE_CACHE_USER,
  159. GRADLE_ENTERPRISE_SECRET_ACCESS_KEY]) {
  160. withEnv([jdkEnv(),
  161. "GRADLE_ENTERPRISE_CACHE_USERNAME=${GRADLE_ENTERPRISE_CACHE_USERNAME}",
  162. "GRADLE_ENTERPRISE_CACHE_PASSWORD=${GRADLE_ENTERPRISE_CACHE_PASSWORD}",
  163. "GRADLE_ENTERPRISE_ACCESS_KEY=${GRADLE_ENTERPRISE_ACCESS_KEY}"]) {
  164. sh "./gradlew $JENKINS_USER deployArtifacts -Psigning.secretKeyRingFile=$SIGNING_KEYRING_FILE -Psigning.keyId=$SPRING_SIGNING_KEYID -Psigning.password='$SIGNING_PASSWORD' -PossrhTokenUsername=$OSSRH_S01_TOKEN_USERNAME -PossrhTokenPassword=$OSSRH_S01_TOKEN_PASSWORD -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD --stacktrace --no-parallel"
  165. sh "./gradlew $JENKINS_USER finalizeDeployArtifacts -Psigning.secretKeyRingFile=$SIGNING_KEYRING_FILE -Psigning.keyId=$SPRING_SIGNING_KEYID -Psigning.password='$SIGNING_PASSWORD' -PossrhTokenUsername=$OSSRH_S01_TOKEN_USERNAME -PossrhTokenPassword=$OSSRH_S01_TOKEN_PASSWORD -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD --stacktrace --no-parallel"
  166. }
  167. }
  168. }
  169. }
  170. },
  171. docs: {
  172. stage('Deploy Docs') {
  173. node {
  174. checkout scm
  175. sh "git clean -dfx"
  176. withCredentials([JENKINS_PRIVATE_SSH_KEY,
  177. SPRING_GPG_PASSPHRASE,
  178. OSSRH_S01_CREDENTIALS,
  179. ARTIFACTORY_CREDENTIALS,
  180. GRADLE_ENTERPRISE_CACHE_USER,
  181. GRADLE_ENTERPRISE_SECRET_ACCESS_KEY]) {
  182. withEnv([jdkEnv(),
  183. "GRADLE_ENTERPRISE_CACHE_USERNAME=${GRADLE_ENTERPRISE_CACHE_USERNAME}",
  184. "GRADLE_ENTERPRISE_CACHE_PASSWORD=${GRADLE_ENTERPRISE_CACHE_PASSWORD}",
  185. "GRADLE_ENTERPRISE_ACCESS_KEY=${GRADLE_ENTERPRISE_ACCESS_KEY}"]) {
  186. sh "./gradlew $JENKINS_USER deployDocs -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD -PdeployDocsSshKeyPath=$DEPLOY_SSH_KEY -PdeployDocsSshUsername=$SPRING_DOCS_USERNAME --stacktrace"
  187. }
  188. }
  189. }
  190. }
  191. },
  192. schema: {
  193. stage('Deploy Schema') {
  194. node {
  195. checkout scm
  196. sh "git clean -dfx"
  197. withCredentials([JENKINS_PRIVATE_SSH_KEY,
  198. SPRING_GPG_PASSPHRASE,
  199. OSSRH_S01_CREDENTIALS,
  200. ARTIFACTORY_CREDENTIALS,
  201. GRADLE_ENTERPRISE_CACHE_USER,
  202. GRADLE_ENTERPRISE_SECRET_ACCESS_KEY]) {
  203. withEnv([jdkEnv(),
  204. "GRADLE_ENTERPRISE_CACHE_USERNAME=${GRADLE_ENTERPRISE_CACHE_USERNAME}",
  205. "GRADLE_ENTERPRISE_CACHE_PASSWORD=${GRADLE_ENTERPRISE_CACHE_PASSWORD}",
  206. "GRADLE_ENTERPRISE_ACCESS_KEY=${GRADLE_ENTERPRISE_ACCESS_KEY}"]) {
  207. sh "./gradlew $JENKINS_USER deploySchema -PartifactoryUsername=$ARTIFACTORY_USERNAME -PartifactoryPassword=$ARTIFACTORY_PASSWORD -PdeployDocsSshKeyPath=$DEPLOY_SSH_KEY -PdeployDocsSshUsername=$SPRING_DOCS_USERNAME --stacktrace"
  208. }
  209. }
  210. }
  211. }
  212. }
  213. }
  214. } catch(Exception e) {
  215. currentBuild.result = 'FAILED: deploys'
  216. throw e
  217. } finally {
  218. def buildStatus = currentBuild.result
  219. def buildNotSuccess = !SUCCESS.equals(buildStatus)
  220. def lastBuildNotSuccess = !SUCCESS.equals(currentBuild.previousBuild?.result)
  221. if(buildNotSuccess || lastBuildNotSuccess) {
  222. stage('Notifiy') {
  223. node {
  224. final def RECIPIENTS = [[$class: 'DevelopersRecipientProvider'], [$class: 'RequesterRecipientProvider']]
  225. def subject = "${buildStatus}: Build ${env.JOB_NAME} ${env.BUILD_NUMBER} status is now ${buildStatus}"
  226. def details = """The build status changed to ${buildStatus}. For details see ${env.BUILD_URL}"""
  227. emailext (
  228. subject: subject,
  229. body: details,
  230. recipientProviders: RECIPIENTS,
  231. to: "$SPRING_SECURITY_TEAM_EMAILS"
  232. )
  233. }
  234. }
  235. }
  236. }