Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/infra-neo/CICD/llms.txt

Use this file to discover all available pages before exploring further.

build-config.yml is the central configuration file read by Jenkins at the start of every pipeline run. It lives in the project root alongside the Jenkinsfile and controls all major pipeline behaviors — from which Java and Maven versions to use, to which application server receives deployments and whether security scanning is enabled. Changing a value here takes effect on the next pipeline execution without modifying any Groovy code.

Complete build-config.yml

The following is the full build-config.yml shipped with the project: 
---
# Build Configuration File
# This file defines the build settings for the project

# Java Configuration
java_version: 17

# Maven Configuration
maven_version: 3.9.2

# Build Settings
build:
  tool: maven  # Options: maven, mule-maven-plugin
  clean_install: true
  skip_tests: false
  packaging: war  # Options: jar, war, ear

# Test Configuration
test:
  enabled: true
  command: mvn test

# SonarQube Configuration
sonarqube:
  enabled: true
  host_url: http://sonarqube:9000
  project_key: ${env.JOB_NAME}
  project_name: ${env.JOB_NAME}
  security_scan: true  # Enable security vulnerability scanning

# Nexus Configuration
nexus:
  enabled: true
  url: http://nexus:8081
  repository:
    releases: maven-releases
    snapshots: maven-snapshots

# Application Server Configuration
appserver:
  type: wildfly  # Options: wildfly, jboss
  wildfly:
    url: http://wildfly:9990
    deployment_dir: /opt/jboss/wildfly/standalone/deployments
    admin_port: 9990
    http_port: 8090
  jboss:
    url: http://jboss:9990
    deployment_dir: /opt/jboss/wildfly/standalone/deployments
    admin_port: 9970
    http_port: 8070

# Environment Configuration
environments:
  - dev
  - staging
  - prod
  default: dev

# Security Configuration
security:
  password_scan: true  # Scan for hardcoded passwords
  mask_credentials: true  # Mask credentials in logs
  enforce_env_vars: true  # Enforce use of environment variables for secrets

# Versioning Configuration
versioning:
  enabled: true
  format: ${BUILD_NUMBER}-${TIMESTAMP}  # Options: semantic, timestamp, build_number
  store_properties: true  # Store versioned properties in Nexus

# Additional Maven Goals
maven:
  goals:
    - clean
    - install
    - test
    - sonar:sonar
    - deploy

Configuration Reference

Java and Maven

java_version
integer
required
The JDK version used for compilation and test execution. Corresponds to the JDK 17 tool installation in Jenkins. Example: 17
maven_version
string
required
The Maven version used for all build goals. Corresponds to the Maven 3.9.2 tool installation in Jenkins. Example: 3.9.2

Build Settings

KeyTypeDescription
build.toolstringmaven runs mvn clean install; mule-maven-plugin runs mvn clean package instead
build.clean_installbooleanWhen true, the pipeline runs a full clean install lifecycle
build.skip_testsbooleanWhen true, tests are skipped during the build phase (-DskipTests)
build.packagingstringArtifact packaging type: jar, war, or ear
build.tool
string
default:"maven"
Controls which Maven command is issued during the Build stage. Set to maven for standard Java/Jakarta EE projects, or mule-maven-plugin for MuleSoft applications.

Test Configuration

KeyTypeDescription
test.enabledbooleanMaster switch; when false the Test stage is bypassed entirely
test.commandstringMaven command executed by the Test stage, e.g. mvn test

SonarQube Configuration

KeyTypeDescription
sonarqube.enabledbooleanEnables or disables the SonarQube Analysis and Quality Gate stages
sonarqube.host_urlstringBase URL of the SonarQube server, e.g. http://sonarqube:9000
sonarqube.project_keystringSonarQube project key; defaults to ${env.JOB_NAME}
sonarqube.project_namestringHuman-readable project name shown in the SonarQube UI; defaults to ${env.JOB_NAME}
sonarqube.security_scanbooleanEnables SonarQube’s built-in security vulnerability rule set

Nexus Configuration

KeyTypeDescription
nexus.enabledbooleanEnables or disables artifact deployment to Nexus
nexus.urlstringBase URL of the Nexus instance, e.g. http://nexus:8081
nexus.repository.releasesstringRepository name for release artifacts, e.g. maven-releases
nexus.repository.snapshotsstringRepository name for snapshot artifacts, e.g. maven-snapshots

Application Server Configuration

appserver.type
string
default:"wildfly"
Selects the target application server for deployment. Accepted values are wildfly (HTTP port 8090, admin port 9990) and jboss (HTTP port 8070, admin port 9970). The enhanced pipeline reads this to pick the correct Docker container name and credentials.
KeyTypeDescription
appserver.wildfly.urlstringWildFly management URL, e.g. http://wildfly:9990
appserver.wildfly.deployment_dirstringPath inside the WildFly container where WARs are dropped
appserver.wildfly.admin_portintegerWildFly management port (9990)
appserver.wildfly.http_portintegerWildFly HTTP port (8090)
appserver.jboss.urlstringJBoss management URL, e.g. http://jboss:9990
appserver.jboss.deployment_dirstringPath inside the JBoss container where WARs are dropped
appserver.jboss.admin_portintegerJBoss management port (9970)
appserver.jboss.http_portintegerJBoss HTTP port (8070)

Environments

environments
array
List of named deployment targets. The enhanced pipeline exposes these as a choice parameter so operators can select the environment at build time. Default list: [dev, staging, prod].
environments.default
string
default:"dev"
The environment selected automatically when no explicit choice is made. Changing this to staging or prod raises the quality bar for all ad-hoc builds.

Security Configuration

KeyTypeDescription
security.password_scanbooleanEnables the grep-based hardcoded-secret scan in the Security Scan stage
security.mask_credentialsbooleanInstructs Jenkins to mask credential values in build logs
security.enforce_env_varsbooleanPipeline fails the build if secrets are not sourced from environment variables

Versioning Configuration

KeyTypeDescription
versioning.enabledbooleanEnables automatic artifact versioning
versioning.formatstringVersion string format; default is ${BUILD_NUMBER}-${TIMESTAMP}
versioning.store_propertiesbooleanPackages and uploads version.properties to Nexus after each build

Maven Goals

KeyTypeDescription
maven.goalslistOrdered list of Maven goals executed during the pipeline: clean, install, test, sonar:sonar, deploy

How the Pipeline Reads build-config.yml

Both the basic Jenkinsfile and Jenkinsfile.enhanced open with the same Read Build Config stage. The readYaml step parses the file and populates Jenkins environment variables that all subsequent stages can reference: 
stage('Read Build Config') {
    steps {
        script {
            echo "Reading build configuration from ${BUILD_CONFIG}"
            if (fileExists(BUILD_CONFIG)) {
                def config = readYaml file: BUILD_CONFIG
                env.JAVA_VERSION = config.java_version ?: '17'
                env.MAVEN_VERSION = config.maven_version ?: '3.9.2'
                env.BUILD_TOOL = config.build?.tool ?: 'maven'
                echo "Java Version: ${env.JAVA_VERSION}"
                echo "Maven Version: ${env.MAVEN_VERSION}"
                echo "Build Tool: ${env.BUILD_TOOL}"
            } else {
                echo "Warning: ${BUILD_CONFIG} not found. Using defaults."
            }
        }
    }
}
The ?: (Elvis) operator provides fallback defaults inline, so even a completely empty workspace proceeds with sensible values.
If build-config.yml is missing from the workspace, the pipeline falls back gracefully to its compiled-in defaults: Java 17, Maven 3.9.2, and build tool: maven. No manual intervention is required, but a warning is printed to the build log.

Build docs developers (and LLMs) love

Get started for freeTalk to us