@NonCPS
def getSlackMessage() {
    def message = "Build <${env.BUILD_URL}|#${env.BUILD_NUMBER}> of <https://git.eclipse.org/c/hawk/hawk.git/log/?h=${env.BRANCH_NAME}|${currentBuild.fullProjectName}> "
    
    message += (currentBuild.currentResult == "SUCCESS" ? "passed" : "failed") + " in ${currentBuild.durationString}\n\n"
    for (changeSet in currentBuild.changeSets) {
      for (entry in changeSet.items) {
        message += "`${entry.commitId.take(7)}` ${entry.msg} - ${entry.author}\n"
      }
    }
    return message
}

pipeline {
    agent {
      kubernetes {
        yaml """
apiVersion: v1
kind: Pod
spec:
  containers:
  - name: maven
    image: maven:3-jdk-11
    command:
    - cat
    tty: true
    resources:
      limits:
        memory: "4Gi"
        cpu: "1"
      requests:
        memory: "4Gi"
        cpu: "1"
    env:
    - name: "MAVEN_OPTS"
      value: "-Duser.home=/home/jenkins -Xmx512m -Xms256m"
    - name: "HOME"
      value: "/home/jenkins"
    volumeMounts:
    - name: jenkins-home
      mountPath: /home/jenkins
      readOnly: false
    - name: settings-xml
      mountPath: /home/jenkins/.m2/settings.xml
      subPath: settings.xml
      readOnly: true
    - name: settings-security-xml
      mountPath: /home/jenkins/.m2/settings-security.xml
      subPath: settings-security.xml
      readOnly: true
    - name: m2-repo
      mountPath: /home/jenkins/.m2/repository
    - name: volume-known-hosts
      mountPath: /home/jenkins/.ssh
  - name: jnlp
    volumeMounts:
    - name: volume-known-hosts
      mountPath: /home/jenkins/.ssh
  volumes:
  - name: jenkins-home
    emptyDir:
      medium: ""
  - name: settings-xml
    secret:
      secretName: m2-secret-dir
      items:
      - key: settings.xml
        path: settings.xml
  - name: settings-security-xml
    secret:
      secretName: m2-secret-dir
      items:
      - key: settings-security.xml
        path: settings-security.xml
  - name: m2-repo
    emptyDir: {}
  - name: volume-known-hosts
    configMap:
      name: known-hosts
"""
       }
    }
    stages {
        stage('Tycho') {
          when {
            anyOf {
              changeset 'core/**'
              changeset 'pom.xml'
              changeset 'pom-plain.xml'
              expression { return currentBuild.number == 1 }
              triggeredBy 'UserIdCause'
            }
          }
          steps {
            container('maven') {
              sh 'mvn --version'
              sh 'which java'
              sh 'echo $JAVA_HOME'
              sh 'cd core && mvn -B --quiet install -DfailIfNoTests=false -P jenkins,signjars --toolchains jenkins-toolchains.xml'
              triggeredBy 'UserIdCause'
            }
          }
          post { always { junit '**/TEST-*.xml' } }
        }
        stage('Plain Maven') {
          steps {
            container('maven') {
              sh 'mvn -B -f pom-plain.xml verify -P signjars --toolchains core/jenkins-toolchains.xml'
            }
          }
        }
        stage('Deploy to OSSRH') {
          when { branch 'master' }
          steps {
            container('maven') {
              sh 'echo deploying to OSSRH: pwd is $(pwd) and home is $HOME'
              withCredentials([file(credentialsId: 'secret-subkeys.asc', variable: 'KEYRING')]) {
                sh '''
gpg --batch --import "${KEYRING}"
for fpr in $(gpg --list-keys --with-colons  | awk -F: '/fpr:/ {print $10}' | sort -u);
do
  echo -e "5\ny\n" |  gpg --batch --command-fd 0 --expert --edit-key $fpr trust;
done
                '''
                lock('ossrh') {
                  sh 'mvn -B -f pom-plain.xml deploy -P signjars,gpg --toolchains core/jenkins-toolchains.xml'
                }
              }
            }
          }
        }
        stage('Downloads') {
          when {
            allOf {
              branch 'master'
              anyOf {
                changeset 'core/**'
                changeset 'pom.xml'
                changeset 'pom-plain.xml'
                expression { return currentBuild.number == 1 }
                triggeredBy 'UserIdCause'
              }
            }
          }
          steps {
            lock('download-area') {
              sshagent (['projects-storage.eclipse.org-bot-ssh']) {
                sh 'core/deploy-downloads.sh'
              }
            }
          }
        }
    }
    post {
      success{
        slackSend (channel: '#ci-notifications', botUser: true, color: '#00FF00', message: getSlackMessage())
      }
      failure {
        slackSend (channel: '#ci-notifications', botUser: true, color: '#FF0000', message: getSlackMessage())
      }
      changed {
        emailext(body: "${currentBuild.currentResult}: Job ${env.JOB_NAME} build ${env.BUILD_NUMBER}\n More info at: ${env.BUILD_URL}",
                 recipientProviders: [[
                   $class: "DevelopersRecipientProvider",
                   $class: "RequesterRecipientProvider"
                 ]],
                 subject: "Jenkins Build ${currentBuild.currentResult}: Job ${env.JOB_NAME}")
      }
    }
}
