Merge "prototypes: xci: Add 'ansible-hardening' role to the requirements file"
[releng.git] / jjb / ci_gate_security / anteater-security-audit.sh
1 #!/bin/bash
2 cd $WORKSPACE
3 echo "Generating patchset file to list changed files"
4 git diff HEAD^1 --name-only | sed "s#^#/home/opnfv/anteater/$PROJECT/#" > $WORKSPACE/patchset
5 echo "Changed files are"
6 echo "--------------------------------------------------------"
7 cat $WORKSPACE/patchset
8 echo "--------------------------------------------------------"
9
10 vols="-v $WORKSPACE:/home/opnfv/anteater/$PROJECT"
11 envs="-e PROJECT=$PROJECT"
12
13 echo "Pulling releng-anteater docker image"
14 echo "--------------------------------------------------------"
15 docker pull opnfv/releng-anteater
16 echo "--------------------------------------------------------"
17
18 cmd="sudo docker run --privileged=true -id $envs $vols opnfv/releng-anteater /bin/bash"
19 echo "Running docker command $cmd"
20 container_id=$($cmd)
21 echo "Container ID is $container_id"
22 cmd="anteater --project $PROJECT --patchset /home/opnfv/anteater/$PROJECT/patchset"
23 echo "Executing command inside container"
24 echo "$cmd"
25 echo "--------------------------------------------------------"
26 docker exec $container_id $cmd > $WORKSPACE/securityaudit.log 2>&1
27 exit_code=$?
28 echo "--------------------------------------------------------"
29 echo "Stopping docker container with ID $container_id"
30 docker stop $container_id
31 cat securityaudit.log
32 exit 0