jjb/ci_gate_security/opnfv-ci-gate-security.yml

   1 ---
   2 # SPDX-license-identifier: Apache-2.0
   3 ########################
   4 # Job configuration for opnfv-anteater (security audit)
   5 ########################
   6 - project:
   7
   8     name: anteaterfw
   9
  10     project: anteaterfw
  11
  12     repo:
  13       - apex
  14       - apex-os-net-config
  15       - apex-puppet-tripleo
  16       - apex-tripleo-heat-templates
  17       - armband
  18       - auto
  19       - availability
  20       - bamboo
  21       - barometer
  22       - bottlenecks
  23       - calipso
  24       - clover
  25       - compass-containers
  26       - compass4nfv
  27       - conductor
  28       - container4nfv
  29       - copper
  30       - cperf
  31       - daisy
  32       - doctor
  33       - domino
  34       - dovetail
  35       - dpacc
  36       - enfv
  37       - fastpathmetrics
  38       - fds
  39       - fuel
  40       - functest
  41       - ipv6
  42       - joid
  43       - kvmfornfv
  44       - models
  45       - moon
  46       - multisite
  47       - netready
  48       - nfvbench
  49       - octopus
  50       - onosfw
  51       - openretriever
  52       - opera
  53       - opnfvdocs
  54       - orchestra
  55       - ovn4nfv
  56       - ovno
  57       - ovsnfv
  58       - parser
  59       - pharos
  60       - pharos-tools
  61       - promise
  62       - qtip
  63       - releng
  64       - releng-anteater
  65       - releng-testresults
  66       - releng-utils
  67       - releng-xci
  68       - samplevnf
  69       - sdnvpn
  70       - securityscanning
  71       - sfc
  72       - snaps
  73       - stor4nfv
  74       - storperf
  75       - ves
  76       - vswitchperf
  77       - yardstick
  78
  79     jobs:
  80       - 'opnfv-security-audit-verify-{stream}'
  81       - 'opnfv-security-audit-{repo}-weekly-{stream}'
  82
  83     stream:
  84       - master:
  85           branch: '{stream}'
  86           gs-pathname: ''
  87           disabled: false
  88
  89 ########################
  90 # job templates
  91 ########################
  92 - job-template:
  93     name: 'opnfv-security-audit-{repo}-weekly-{stream}'
  94
  95     disabled: '{obj:disabled}'
  96
  97     parameters:
  98       - ericsson-build3-defaults
  99       - string:
 100           name: ANTEATER_SCAN_PATCHSET
 101           default: "false"
 102           description: "Have anteater scan patchsets (true) or full project (false)"
 103       - project-parameter:
 104           project: '{repo}'
 105           branch: '{branch}'
 106
 107     scm:
 108       - git-scm-gerrit
 109
 110     triggers:
 111       - timed: '@weekly'
 112
 113     builders:
 114       - anteater-security-audit-weekly
 115
 116     publishers:
 117       # defined in jjb/global/releng-macros.yml
 118       - 'email-{repo}-ptl':
 119           subject: 'OPNFV Security Scan Result: {repo}'
 120       - workspace-cleanup:
 121           fail-build: false
 122
 123 - job-template:
 124     name: 'opnfv-security-audit-verify-{stream}'
 125
 126     disabled: '{obj:disabled}'
 127
 128     parameters:
 129       - label:
 130           name: SLAVE_LABEL
 131           default: 'opnfv-build'
 132           description: 'Slave label on Jenkins'
 133       - project-parameter:
 134           project: $GERRIT_PROJECT
 135           branch: '{branch}'
 136       - string:
 137           name: GIT_BASE
 138           default: https://gerrit.opnfv.org/gerrit/$PROJECT
 139           # yamllint disable rule:line-length
 140           description: "Used for overriding the GIT URL coming from Global Jenkins configuration in case if the stuff is done on none-LF HW."
 141           # yamllint enable rule:line-length
 142
 143     scm:
 144       - git-scm-gerrit
 145
 146     # yamllint disable rule:line-length
 147     triggers:
 148       - gerrit:
 149           server-name: 'gerrit.opnfv.org'
 150           trigger-on:
 151             - patchset-created-event:
 152                 exclude-drafts: 'false'
 153                 exclude-trivial-rebase: 'false'
 154                 exclude-no-code-change: 'false'
 155             - draft-published-event
 156             - comment-added-contains-event:
 157                 comment-contains-value: 'recheck'
 158             - comment-added-contains-event:
 159                 comment-contains-value: 'reverify'
 160           projects:
 161             - project-compare-type: 'REG_EXP'
 162               project-pattern: 'apex|armband|bamboo|barometer|bottlenecks|calipso|compass4nfv|conductor|copper|cperf|daisy|doctor|dovetail|dpacc|enfv|escalator|fds|fuel|functest|octopus|pharos|releng|sandbox|yardstick|infra|ipv6|kvmfornfv|lsoapi|models|moon|multisite|netready'
 163               branches:
 164                 - branch-compare-type: 'ANT'
 165                   branch-pattern: '**/{branch}'
 166               file-paths:
 167                 - compare-type: ANT
 168                   pattern: '**'
 169           skip-vote:
 170             successful: true
 171             failed: true
 172             unstable: true
 173             notbuilt: true
 174     # yamllint enable rule:line-length
 175
 176     builders:
 177       - anteater-security-audit
 178       - report-security-audit-result-to-gerrit
 179     publishers:
 180       - archive-artifacts:
 181           artifacts: ".reports/*"
 182
 183 ########################
 184 # builder macros
 185 ########################
 186 - builder:
 187     name: anteater-security-audit
 188     builders:
 189       - shell:
 190           !include-raw: ./anteater-security-audit.sh
 191
 192 - builder:
 193     name: report-security-audit-result-to-gerrit
 194     builders:
 195       - shell:
 196           !include-raw: ./anteater-report-to-gerrit.sh
 197
 198 - builder:
 199     name: anteater-security-audit-weekly
 200     builders:
 201       - shell:
 202           !include-raw: ./anteater-security-audit-weekly.sh