BX CI (SchemaStore) JSON Schema

Type	object
File match	`/bxci.yaml` `/bxci.yml`
Schema URL	https://catalog.lintel.tools/schemas/schemastore/bx-ci/latest.json
Source	https://www.schemastore.org/bxci.schema-3.x.json

Versions

1.0 1.0.1 2.0.0 2.x 3.x

Validate with Lintel

npx @lintel/lintel check

Type: object

CI configuration for Amdocs Bill Experience projects

Properties

project object required

Project properties

3 nested properties

name string

Project's name (used by Jenkins, Docker and Sonar)

type enum

Project type

Default: "mvn"

Values: "npm" "maven" "mvn"

settings string

ID of a managed maven or npm Jenkins file

Examples: "bx-maven-settings", "bx-npm-settings"

config object

4 nested properties

jenkins_runtime object

1 nested properties

docker object required

Specifies how to build the Docker container (from an existing image or from a local Dockerfile)

2 nested properties

image string

Prebuilt Docker image (has precedence over dockerfile)

Examples: "remote-host.com/image-name:tag"

dockerfile string

Dockerfile path

branch object

Describes on which branch names a build will be run

2 nested properties

branch_pattern string

Regular expression for validating branch names

disable_validation boolean

Disables branch name validation

Default: false

build object

4 nested properties

clean_workspace_after_run boolean

Whether Jenkins workspace should be cleaned after the build

Default: true

commit_time_threshold integer | string

Commit age threshold. Disables automated builds older than this parameter. When 0, this feature is disabled

Default: false

Examples: 0, "2m", "30m", "1d", "30m", "10d"

checkmarx object

19 nested properties

enabled boolean

Sets whether the scan should be run

Default: false

branch_pattern string

Regular expression for validating branch names

groupId string

Fully qualified team name for the project

Default: "55"

preset string

Scan preset for the project

Default: "36"

sourceEncoding string

Language encoding ID associated to the source code character encoding (5: Multi-Language Scan)

Default: "5"

serverUrl string

Checkmarx Server URL or IP address

Default: "http://cxpbgmgmtserver/"

credentialsId string

Jenkins credentials ID

Default: "BB-Checkmarx"

isProxy boolean

Default: false

useOwnServerCredentials boolean

Enables the use of the default server credentials or disables and provides server and credentials that override the defaults

Default: true

projectName string

Unique project name. Will be inferred from the repository name if not provided

exclusionsSetting enum

Specifies which exclusions settings to use: global (Jenkins global settings) or job (current pipeline)

Default: "job"

Values: "job" "global"

excludeFolders string

Comma separated list of folders to be excluded from the CxSAST scan

Examples: "folder-1, folder-2, folder-3"

filterPattern string

Defines the include/exclude wildcard patterns. Does not have effect when "exclusionsSetting" is set to "global"

Examples: ""!**/_cvs/**/*, !**/.svn/**/*, !**/.hg/**/*, !**/.git/**/*""

hideDebugLogs boolean

Sets whether debug logs are visible in the job output

Default: true

waitForResultsEnabled boolean

Sets whether the scan should be executed synchronously (default). The Synchronous mode allows viewing scan results in Jenkins

Default: true

vulnerabilityThresholdEnabled boolean

Sets whether the scan should fail if the number of vulnerabilities is above the configured thresholds. This option is only available if the waitForResultsEnabled parameter is enabled

Default: true

highThreshold integer

Sets the maximum number of High vulnerabilities allowed

Default: 0

mediumThreshold integer

Sets the maximum number of Medium vulnerabilities allowed

Default: 10

lowThreshold integer

Sets the maximum number of Low vulnerabilities allowed

Default: null

static_analysis object

7 nested properties

enabled boolean

Default: true

breaks_build boolean

Waits for analysis result and breaks the build when the project fails for some quality gates

Default: false

branch_analysis boolean

Indicates whether sonnar server supports branch analysis, to provide dedicated parameters.

Default: true

branch_pattern string

Indicates on which branches static analysis will be performed.

Examples: "^master$|^release/.+$", "master"

image string

Prebuilt Docker image for running scan into it. If not specified, it will use the same image used for main build.

Examples: "myrepo:port/my-awesome-image:1.2.3"

timeout integer

Timeout in seconds

exclusions string

Comma separated list of wildcard patterns defining files to be excluded from the SonarQube scan

Examples: "**/excluded-folder/**, **/example/*.html"

cache object

Cache configuration for projects built inside Docker containers

2 nested properties

repository object

Binary repository details

2 nested properties

address string required

Repository URL

format=uri

credentials string required

Jenkins credentials ID

items cacheItem[]

List of cache types

services enum[]

Additional services required by the project or application.

uniqueItems=true

environment object

Custom environment variables to be added to the pipeline

jenkinsEnvironment string[]

Jenkins environment variables that are passed to the Docker container

uniqueItems=true

stages object

Defines the stages and steps required to build the project.

output object

Describes artifacts generated after all the stages have been run

3 nested properties

package object

1 nested properties

publish packagePublishChannel[] required

docker object

3 nested properties

images outputDockerImage[] required

publish dockerReleaseChannel[]

multiArch object

2 nested properties

enabled boolean

Whether the multi-arch build should be enabled

Default: false

architectures string[]

helm object

2 nested properties

publish helmReleaseChannel[] required

charts outputHelmChart[]

archive array

List of artifacts to archive (wildcards allowed). Check out https://www.jenkins.io/doc/pipeline/steps/core/#archiveartifacts-archive-the-artifacts

Examples: "target/*.jar", "**/*.jar", "target/out.txt"

timeout integer

Timeout in seconds

Definitions

branchPattern string

Regular expression for validating branch names

timeout integer

Timeout in seconds

credentials string

Jenkins credentials ID

binaryRepository object

Binary repository details

address string required

Repository URL

format=uri

credentials string required

Jenkins credentials ID

checkmarx object

enabled boolean

Sets whether the scan should be run

Default: false

branch_pattern string

Regular expression for validating branch names

groupId string

Fully qualified team name for the project

Default: "55"

preset string

Scan preset for the project

Default: "36"

sourceEncoding string

Language encoding ID associated to the source code character encoding (5: Multi-Language Scan)

Default: "5"

serverUrl string

Checkmarx Server URL or IP address

Default: "http://cxpbgmgmtserver/"

credentialsId string

Jenkins credentials ID

Default: "BB-Checkmarx"

isProxy boolean

Default: false

useOwnServerCredentials boolean

Enables the use of the default server credentials or disables and provides server and credentials that override the defaults

Default: true

projectName string

Unique project name. Will be inferred from the repository name if not provided

exclusionsSetting enum

Specifies which exclusions settings to use: global (Jenkins global settings) or job (current pipeline)

Default: "job"

Values: "job" "global"

excludeFolders string

Comma separated list of folders to be excluded from the CxSAST scan

Examples: "folder-1, folder-2, folder-3"

filterPattern string

Defines the include/exclude wildcard patterns. Does not have effect when "exclusionsSetting" is set to "global"

Examples: ""!**/_cvs/**/*, !**/.svn/**/*, !**/.hg/**/*, !**/.git/**/*""

hideDebugLogs boolean

Sets whether debug logs are visible in the job output

Default: true

waitForResultsEnabled boolean

Sets whether the scan should be executed synchronously (default). The Synchronous mode allows viewing scan results in Jenkins

Default: true

vulnerabilityThresholdEnabled boolean

Sets whether the scan should fail if the number of vulnerabilities is above the configured thresholds. This option is only available if the waitForResultsEnabled parameter is enabled

Default: true

highThreshold integer

Sets the maximum number of High vulnerabilities allowed

Default: 0

mediumThreshold integer

Sets the maximum number of Medium vulnerabilities allowed

Default: 10

lowThreshold integer

Sets the maximum number of Low vulnerabilities allowed

Default: null

sonar object

enabled boolean

Default: true

breaks_build boolean

Waits for analysis result and breaks the build when the project fails for some quality gates

Default: false

branch_analysis boolean

Indicates whether sonnar server supports branch analysis, to provide dedicated parameters.

Default: true

branch_pattern string

Indicates on which branches static analysis will be performed.

Examples: "^master$|^release/.+$", "master"

image string

Prebuilt Docker image for running scan into it. If not specified, it will use the same image used for main build.

Examples: "myrepo:port/my-awesome-image:1.2.3"

timeout integer

Timeout in seconds

exclusions string

Comma separated list of wildcard patterns defining files to be excluded from the SonarQube scan

Examples: "**/excluded-folder/**, **/example/*.html"

when object

Condition that should be met to run this step

branch string

Regular expression for validating branch names

steps array

List of steps to run

singleStage object

steps array required

List of steps to run

when object

Condition that should be met to run this step

1 nested properties

branch string

Regular expression for validating branch names

failFast boolean

Forces parallel stages to all be aborted when one of them fails

parallelStage object

parallel object required

List of stages to be executed in parallel

when object

Condition that should be met to run this step

1 nested properties

branch string

Regular expression for validating branch names

fail_fast boolean

Forces parallel stages to all be aborted when one of them fails

Default: false

stage object

when object

Condition that should be met to run this step

1 nested properties

branch string

Regular expression for validating branch names

steps array

List of steps to run

fail_fast boolean

Forces parallel stages to all be aborted when one of them fails

Default: false

parallel object

releaseChannel string

Release channel name

releaseChannelBranch string

Regular expression for validating branch names

dockerfile string

Dockerfile path

context string

Dockerfile context. If not set defaults to dockerfile file path (parent folder)

outputDockerImage object

name string required

Docker image name

dockerfile string

Dockerfile path

context string

Dockerfile context. If not set defaults to dockerfile file path (parent folder)

args outputDockerBuildArgs[]

List of build args (--build-arg) to pass in docker build

vulnerability_scan object

Configuration for running vulnerability scans on published Docker images

1 nested properties

enabled boolean

Whether the vulnerability scan step should be run

Default: true

outputDocker object

images outputDockerImage[] required

publish dockerReleaseChannel[]

multiArch object

2 nested properties

enabled boolean

Whether the multi-arch build should be enabled

Default: false

architectures string[]

outputDockerPublish dockerReleaseChannel[]

outputDockerBuildArgs object

key string

ARG name

env string

Environment variable whose value will be used to set the ARG

pattern=^[A-Za-z_][A-Za-z0-9_]*$

value string

Value of the ARG

dockerReleaseChannel object

channel string required

Release channel name

branch branchPattern required

Indicates on which branches the artifact will be published

registry string required

Docker registry. Must include protocol (http|https) and port

format=uri

credentials string required

Jenkins credentials ID

outputHelmChart object

path string required

Path to the Helm chart directory

updates outputHelmUpdates[]

List of files to update

outputHelm object

publish helmReleaseChannel[] required

charts outputHelmChart[]

outputHelmUpdates object

file string required

Name (including path from Helm object path) of the file to be updated. Only supports yaml files

properties outputHelmUpdatesProperties[] required

A list of properties to update. It can be updated with a fixed value or environment variable

outputHelmUpdatesProperties object

outputHelmPublish helmReleaseChannel[]

helmReleaseChannel object

channel string required

Release channel name

branch branchPattern required

Indicates on which branches the artifact will be published

repository string required

Helm chart repository. Must include protocol, host, port (if needed) and path

format=uri

credentials string required

Jenkins credentials ID

outputPackage object

publish packagePublishChannel[] required

outputPackagePublish packagePublishChannel[]

packagePublishChannel object

channel string required

Release channel name

branch branchPattern required

Indicates on which branches the artifact will be published

registry string

NPM registry (env variable or registry URL)

Examples: "NPM_PUBLISH_REGISTRY", "NPM_SNAPSHOT_REGISTRY", "https://registry.npmjs.org"

credentials string

Jenkins credentials ID

maven_releases_repo string

Maven repository for deploying releases

maven_snapshots_repo string

Maven repository for deploying snapshots

params string

Optional params for npm publish or mvn deploy command.

Examples: "--tag latest", "-Dmaven.test.skip=true"

cacheItem object

type enum required

Cache type

Default: "maven"

Values: "maven" "npm" "local"

enabled boolean required

Sets whether this cache type is enabled

Default: false

source string

Location of the cache in the Jenkins workspace

Default: ".ci-cache/<type>"

target string

Location of the cache directory inside the Docker container

Default: "/container-path/directory"