ci: demystify and update Jenkinsfile (#958)

Author: sebthom

Jenkinsfile

@@ -1,19 +1,33 @@
+// https://github.com/eclipse-cbi/jiro/wiki/CI-Best-Practices
+// https://github.com/eclipse-cbi/jiro/wiki/FAQ#how-do-i-run-a-javamaven-build-on-the-cluster-based-infrastructure
 pipeline {
 	agent {
-		label 'centos-latest'
+		// https://eclipse.dev/cbi/jiro-agent/
+		// https://github.com/eclipse-cbi/jiro-agents/
+		// https://github.com/eclipse-cbi/jiro-agents/tree/master/ubuntu
+		label 'ubuntu-latest'
 	}
 
+	// https://www.jenkins.io/doc/book/pipeline/syntax/#triggers
+	// https://www.jenkins.io/doc/pipeline/steps/params/pipelinetriggers/
 	triggers {
 		githubPush()
 	}
 
+	// https://www.jenkins.io/doc/book/pipeline/syntax/#options
 	options {
 		timeout(time: 20, unit: 'MINUTES')
 		buildDiscarder(logRotator(numToKeepStr: '10'))
 		disableConcurrentBuilds(abortPrevious: false)
 	}
 
 	tools {
+		// https://github.com/eclipse-cbi/jiro/wiki/Tools-(JDK,-Maven,-Ant)#apache-maven
+		// https://eclipse.dev/cbi/jiro/Tools/#apache-maven
+		maven 'apache-maven-latest'
+
+		// https://github.com/eclipse-cbi/jiro/wiki/Tools-(JDK,-Maven,-Ant)#eclipse-temurin
+		// https://eclipse.dev/cbi/jiro/Tools/#eclipse-temurin
 		jdk 'temurin-jdk21-latest'
 	}
 
@@ -60,23 +74,45 @@ pipeline {
 
 		stage('Build') {
 			steps {
-				wrap([$class: 'Xvnc', useXauthority: true]) {
+				// https://github.com/eclipse-cbi/jiro/wiki/FAQ#how-do-i-run-ui-tests-on-the-cluster-based-infrastructure
+				wrap([$class: 'Xvnc', takeScreenshot: false, useXauthority: true]) {
 					script {
-						if (env.BRANCH_NAME == 'main') {
-							withCredentials([string(credentialsId: 'gpg-passphrase', variable: 'KEYRING_PASSPHRASE')]) {
-								sh '''./mvnw clean deploy -B \
-									-t /tmp/toolchains.xml \
-									-Dmaven.test.failure.ignore=true \
-									-Dsurefire.rerunFailingTestsCount=3 \
-									-Psign -Dgpg.passphrase="${KEYRING_PASSPHRASE}"
-								'''
-							}
+						def maven_opts = (env.MAVEN_OPTS ?: '')
+
+						if (isUnix()) {
+							// https://www.baeldung.com/java-security-egd#bd-testing-the-effect-of-javasecurityegd
+							maven_opts += ' -Djava.security.egd=file:/dev/./urandom'
 						} else {
-							sh '''./mvnw clean verify -B \
-								-t /tmp/toolchains.xml \
-								-Dmaven.test.failure.ignore=true \
-								-Dsurefire.rerunFailingTestsCount=3
-							'''
+							// https://stackoverflow.com/questions/58991966/what-java-security-egd-option-is-for/59097932#59097932
+							maven_opts += ' -Djava.security.egd=file:/dev/urandom'
+						}
+
+						// https://stackoverflow.com/questions/5120470/how-to-time-the-different-stages-of-maven-execution/49494561#49494561
+						maven_opts += ' -Dorg.slf4j.simpleLogger.showDateTime=true -Dorg.slf4j.simpleLogger.dateTimeFormat=HH:mm:ss,SSS'
+
+						maven_opts += ' -Xmx1024m -Djava.awt.headless=true -Djava.net.preferIPv4Stack=true -Dhttps.protocols=TLSv1.3,TLSv1.2'
+
+						def maven_args = [
+							'--no-transfer-progress',
+							'--errors',
+							'--update-snapshots',
+							'--batch-mode',
+							'--show-version',
+							'-Declipse.p2.mirrors=false',
+							'-Dsurefire.rerunFailingTestsCount=3',
+							'-t /tmp/toolchains.xml'
+						].join(' ')
+
+						withEnv(["MAVEN_OPTS=${maven_opts}"]) {
+							echo "MAVEN_OPTS: ${env.MAVEN_OPTS}"
+
+							if (env.BRANCH_NAME == 'main') {
+								withCredentials([string(credentialsId: 'gpg-passphrase', variable: 'KEYRING_PASSPHRASE')]) {
+									sh "./mvnw ${maven_args} -Psign -Dgpg.passphrase="${KEYRING_PASSPHRASE}" clean deploy"
+								}
+							} else {
+								sh "./mvnw ${maven_args} clean verify"
+							}
 						}
 					}
 				}
@@ -94,6 +130,7 @@ pipeline {
 				branch 'main'
 			}
 			steps {
+				// https://github.com/eclipse-cbi/jiro/wiki/FAQ#how-do-i-deploy-artifacts-to-downloadeclipseorg
 				sshagent (['projects-storage.eclipse.org-bot-ssh']) {
 					sh '''
 						DOWNLOAD_AREA=/home/data/httpd/download.eclipse.org/tm4e/snapshots/
@@ -107,6 +144,5 @@ pipeline {
 				}
 			}
 		}
-
 	}
 }