jjb/ci_gate_security/opnfv-ci-gate-security.yml

   1 ########################
   2 # Job configuration for opnfv-lint
   3 ########################
   4 - project:
   5
   6     name: anteaterfw
   7
   8     project: anteaterfw
   9
  10     jobs:
  11         - 'opnfv-security-audit-verify-{stream}'
  12
  13     stream:
  14         - master:
  15             branch: '{stream}'
  16             gs-pathname: ''
  17             disabled: false
  18
  19 ########################
  20 # job templates
  21 ########################
  22 - job-template:
  23     name: 'opnfv-security-audit-verify-{stream}'
  24
  25     disabled: '{obj:disabled}'
  26
  27     parameters:
  28         - label:
  29             name: SLAVE_LABEL
  30             default: 'lf-build2'
  31             description: 'Slave label on Jenkins'
  32         - project-parameter:
  33             project: $GERRIT_PROJECT
  34             branch: '{branch}'
  35
  36     scm:
  37         - git-scm-gerrit
  38
  39     triggers:
  40         - gerrit:
  41             server-name: 'gerrit.opnfv.org'
  42             trigger-on:
  43                 - patchset-created-event:
  44                     exclude-drafts: 'false'
  45                     exclude-trivial-rebase: 'false'
  46                     exclude-no-code-change: 'false'
  47                 - draft-published-event
  48                 - comment-added-contains-event:
  49                     comment-contains-value: 'recheck'
  50                 - comment-added-contains-event:
  51                     comment-contains-value: 'reverify'
  52             projects:
  53               - project-compare-type: 'REG_EXP'
  54                 project-pattern: 'sandbox'
  55                 branches:
  56                   - branch-compare-type: 'ANT'
  57                     branch-pattern: '**/{branch}'
  58                 file-paths:
  59                   - compare-type: ANT
  60                     pattern: '**'
  61           skip-vote:
  62             successful: true
  63             failed: true
  64             unstable: true
  65             notbuilt: true
  66
  67     builders:
  68         - anteater-security-audit
  69 #        - report-security-audit-result-to-gerrit
  70 ########################
  71 # builder macros
  72 ########################
  73 - builder:
  74     name: anteater-security-audit
  75     builders:
  76         - shell:
  77             !include-raw: ./anteater-security-audit.sh
  78
  79 - builder:
  80     name: report-security-audit-result-to-gerrit
  81     builders:
  82         - shell: |
  83             #!/bin/bash
  84             set -o errexit
  85             set -o pipefail
  86             set -o xtrace
  87             export PATH=$PATH:/usr/local/bin/
  88
  89             # If no violations were found, no lint log will exist.
  90             if [[ -e securityaudit.log ]] ; then
  91                 echo -e "\nposting security audit report to gerrit...\n"
  92
  93                 cat securityaudit.log
  94                 echo
  95
  96                 ssh -p 29418 gerrit.opnfv.org \
  97                     "gerrit review -p $GERRIT_PROJECT \
  98                      -m \"$(cat securityaudit.log)\" \
  99                      $GERRIT_PATCHSET_REVISION \
 100                      --notify NONE"
 101
 102                 exit 1
 103             fi