Code Review / releng.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Add missing sudo calls in Docker scans
[releng.git] / jjb / functest / functest-kubernetes-ng.yaml
1 ---
2 - functest-kubernetes-ng-containers: &functest-kubernetes-ng-containers
3     name: 'functest-kubernetes-ng-containers'
4     repo: '{repo}'
5     port: '{port}'
6     container: '{container}'
7     tag: '{tag}'
8
9 - functest-kubernetes-ng-params: &functest-kubernetes-ng-params
10     name: 'functest-kubernetes-ng-params'
11     repo: 'opnfv'
12     port:
13     tag:
14       - v1.20:
15           build_args:
16           branch: stable/leguer
17           slave: lf-virtual1
18           dependency: 3.12
19           from: s/:leguer$/:v1.20/g
20       - v1.19:
21           build_args:
22           branch: stable/kali
23           slave: lf-virtual1
24           dependency: 3.11
25           from: s/:kali$/:v1.19/g
26       - v1.18:
27           branch: stable/kali
28           slave: lf-virtual1
29           dependency: 3.11
30           build_args:
31             - K8S_TAG=1.18
32           from: s/:kali$/:v1.18/g
33
34 - functest-kubernetes-ng-jobs: &functest-kubernetes-ng-jobs
35     name: 'functest-kubernetes-ng-jobs'
36     current-parameters: true
37
38 - parameter:
39     name: functest-kubernetes-ng-slave
40     parameters:
41       - label:
42           name: slave
43           default: '{slave}'
44
45 - functest-kubernetes-ng-build-containers: &functest-kubernetes-ng-build-containers
46     name: 'functest-kubernetes-ng-build-containers'
47     <<: *functest-kubernetes-ng-containers
48     ref_arg: '{ref_arg}'
49     path: '{path}'
50     build_args: '{build_args}'
51     from: '{from}'
52
53 - builder:
54     name: functest-kubernetes-ng-build-containers
55     builders:
56       - shell: |
57           set +x
58           if [ "{repo}" = "_" ]; then
59             image={container}:{tag}
60           elif [ "{port}" = "None" ]; then
61             image={repo}/{container}:{tag}
62           else
63             image={repo}:{port}/{container}:{tag}
64           fi
65           build_args=""
66           if [ "{build_args}" != "None" ]; then
67             for i in $(echo {build_args} | tr -d '[]' |sed "s/, / /g" ); \
68               do build_args="--build-arg $i $build_args"; done
69           fi
70           if [ "{ref_arg}" != "None" ]; then
71             build_args="$build_args --build-arg {ref_arg}={ref}"
72           fi
73           cd {path}
74           if [ "{from}" != "None" ]; then
75               sed -i {from} Dockerfile
76           fi
77           sudo docker build $build_args \
78             --pull=false --no-cache --force-rm=true \
79             -t $image .
80
81 - scm:
82     name: functest-kubernetes-ng-scm
83     scm:
84       - git:
85           url: 'https://gerrit.opnfv.org/gerrit/functest-kubernetes'
86           refspec: '+refs/heads/*:refs/remotes/origin/* +refs/changes/*:refs/changes/*'
87           branches:
88             - '{ref}'
89
90 - functest-kubernetes-ng-dep: &functest-kubernetes-ng-dep
91     name: 'functest-kubernetes-ng-containers'
92     repo: '{repo}'
93     port: '{port}'
94     tag: '{tag}'
95     dependency: '{dependency}'
96
97 - builder:
98     name: functest-kubernetes-ng-pull-dep-images
99     builders:
100       - shell: |
101           set +x
102           if [ "_" = "_" ]; then
103             image=alpine:{dependency}
104           elif [ "None" = "None" ]; then
105             image=_/alpine:{dependency}
106           else
107             image=_:/alpine:{dependency}
108           fi
109           sudo docker pull $image || true
110
111 - builder:
112     name: functest-kubernetes-ng-remove-dep-images
113     builders:
114       - shell: |
115           set +x
116           if [ "_" = "_" ]; then
117             image=alpine:{dependency}
118           elif [ "" = "None" ]; then
119             image=_/alpine:{dependency}
120           else
121             image=_:/alpine:{dependency}
122           fi
123           sudo docker rmi $image || true
124
125 - job-template:
126     name: 'functest-kubernetes-ng-{repo}-{tag}-dep-pull'
127     parameters:
128       - functest-kubernetes-ng-slave:
129           slave: '{slave}'
130     builders:
131       - functest-kubernetes-ng-pull-dep-images:
132           <<: *functest-kubernetes-ng-dep
133
134 - project:
135     name: 'functest-kubernetes-ng-{repo}-{tag}-dep-pull'
136     <<: *functest-kubernetes-ng-params
137     jobs:
138       - 'functest-kubernetes-ng-{repo}-{tag}-dep-pull'
139
140 - job-template:
141     name: 'functest-kubernetes-ng-{repo}-{tag}-dep-rmi'
142     parameters:
143       - functest-kubernetes-ng-slave:
144           slave: '{slave}'
145     builders:
146       - functest-kubernetes-ng-remove-dep-images:
147           <<: *functest-kubernetes-ng-dep
148
149 - project:
150     name: 'functest-kubernetes-ng-{repo}-{tag}-dep-rmi'
151     <<: *functest-kubernetes-ng-params
152     jobs:
153       - 'functest-kubernetes-ng-{repo}-{tag}-dep-rmi'
154
155 - builder:
156     name: functest-kubernetes-ng-push-containers
157     builders:
158       - shell: |
159           set +x
160           if [ "{repo}" = "_" ]; then
161             image={container}:{tag}
162           elif [ "{port}" = "None" ]; then
163             image={repo}/{container}:{tag}
164           else
165             image={repo}:{port}/{container}:{tag}
166           fi
167           sudo docker push $image
168
169 - trigger:
170     name: functest-kubernetes-ng-commit
171     triggers:
172       - pollscm:
173           cron: "*/30 * * * *"
174
175 - job-template:
176     name: 'functest-kubernetes-ng-{repo}-{container}-{tag}-build'
177     parameters:
178       - functest-kubernetes-ng-slave:
179           slave: '{slave}'
180     scm:
181       - functest-kubernetes-ng-scm:
182           ref: '{branch}'
183     builders:
184       - functest-kubernetes-ng-build-containers:
185           <<: *functest-kubernetes-ng-build-containers
186           ref: '{branch}'
187           build_args: '{build_args}'
188       - functest-kubernetes-ng-push-containers:
189           <<: *functest-kubernetes-ng-build-containers
190           ref: '{branch}'
191
192 - project:
193     name: functest-kubernetes-ng-opnfv-functest-kubernetes-core-{tag}-build
194     <<: *functest-kubernetes-ng-params
195     container: functest-kubernetes-core
196     ref_arg: BRANCH
197     path: docker/core
198     jobs:
199       - 'functest-kubernetes-ng-{repo}-{container}-{tag}-build'
200
201 - project:
202     name: functest-kubernetes-ng-opnfv-functest-kubernetes-healthcheck-{tag}-build
203     <<: *functest-kubernetes-ng-params
204     container: functest-kubernetes-healthcheck
205     ref_arg:
206     path: docker/healthcheck
207     jobs:
208       - 'functest-kubernetes-ng-{repo}-{container}-{tag}-build'
209
210 - project:
211     name: functest-kubernetes-ng-opnfv-functest-kubernetes-cnf-{tag}-build
212     <<: *functest-kubernetes-ng-params
213     container: functest-kubernetes-cnf
214     ref_arg: BRANCH
215     path: docker/cnf
216     jobs:
217       - 'functest-kubernetes-ng-{repo}-{container}-{tag}-build'
218
219 - project:
220     name: functest-kubernetes-ng-opnfv-functest-kubernetes-security-{tag}-build
221     <<: *functest-kubernetes-ng-params
222     container: functest-kubernetes-security
223     ref_arg: BRANCH
224     path: docker/security
225     jobs:
226       - 'functest-kubernetes-ng-{repo}-{container}-{tag}-build'
227
228 - project:
229     name: functest-kubernetes-ng-opnfv-functest-kubernetes-smoke-{tag}-build
230     <<: *functest-kubernetes-ng-params
231     container: functest-kubernetes-smoke
232     ref_arg:
233     path: docker/smoke
234     jobs:
235       - 'functest-kubernetes-ng-{repo}-{container}-{tag}-build'
236
237 - project:
238     name: functest-kubernetes-ng-opnfv-functest-kubernetes-benchmarking-{tag}-build
239     <<: *functest-kubernetes-ng-params
240     container: functest-kubernetes-benchmarking
241     ref_arg:
242     path: docker/benchmarking
243     jobs:
244       - 'functest-kubernetes-ng-{repo}-{container}-{tag}-build'
245
246 - job-template:
247     name: 'functest-kubernetes-ng-{tag}-docker'
248     project-type: multijob
249     triggers:
250       - functest-kubernetes-ng-commit
251     scm:
252       - functest-kubernetes-ng-scm:
253           ref: '{branch}'
254     parameters:
255       - functest-kubernetes-ng-slave:
256           slave: '{slave}'
257     # PyYAML and yamllint differ here
258     # see https://github.com/yaml/pyyaml/issues/234
259     # yamllint disable rule:indentation
260     properties:
261       - build-blocker:
262           blocking-jobs:
263           - ^functest-kubernetes-ng-{tag}-(daily|docker|review)$
264     # yamllint enable rule:indentation
265     builders:
266       - multijob:
267           name: remove dependency
268           projects:
269             - name: 'functest-kubernetes-ng-{repo}-{tag}-dep-rmi'
270               <<: *functest-kubernetes-ng-jobs
271       - multijob:
272           name: pull dependency
273           projects:
274             - name: 'functest-kubernetes-ng-{repo}-{tag}-dep-pull'
275               <<: *functest-kubernetes-ng-jobs
276       - multijob:
277           name: build opnfv/functest-kubernetes-core
278           projects:
279             - name: 'functest-kubernetes-ng-opnfv-functest-kubernetes-core-{tag}-build'
280               <<: *functest-kubernetes-ng-jobs
281       - multijob:
282           name: build containers
283           projects:
284             - name: 'functest-kubernetes-ng-opnfv-functest-kubernetes-healthcheck-{tag}-build'
285               <<: *functest-kubernetes-ng-jobs
286             - name: 'functest-kubernetes-ng-opnfv-functest-kubernetes-cnf-{tag}-build'
287               <<: *functest-kubernetes-ng-jobs
288             - name: 'functest-kubernetes-ng-opnfv-functest-kubernetes-security-{tag}-build'
289               <<: *functest-kubernetes-ng-jobs
290       - multijob:
291           name: build opnfv/functest-kubernetes-smoke
292           projects:
293             - name: 'functest-kubernetes-ng-opnfv-functest-kubernetes-smoke-{tag}-build'
294               <<: *functest-kubernetes-ng-jobs
295       - multijob:
296           name: build opnfv/functest-kubernetes-benchmarking
297           projects:
298             - name: 'functest-kubernetes-ng-opnfv-functest-kubernetes-benchmarking-{tag}-build'
299               <<: *functest-kubernetes-ng-jobs
300     publishers:
301       - email-ext:
302           failure: false
303           first-failure: true
304           fixed: true
305           recipients: cedric.ollivier@orange.com
306
307 - builder:
308     name: functest-kubernetes-ng-trivy
309     builders:
310       - shell: |
311           sudo apt-get -o DPkg::Lock::Timeout=300 update && \
312           sudo DEBIAN_FRONTEND=noninteractive apt-get \
313             -o DPkg::Lock::Timeout=300 install curl -y
314
315           curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sudo sh -s -- -b .
316           if [ "{repo}" = "_" ]; then
317             image={container}:{tag}
318           elif [ "{port}" = "None" ]; then
319             image={repo}/{container}:{tag}
320           else
321             image={repo}:{port}/{container}:{tag}
322           fi
323           ./trivy --exit-code 1 $image
324
325 - job-template:
326     name: 'functest-kubernetes-ng-{repo}-{container}-{tag}-trivy'
327     triggers:
328       - timed: '@daily'
329     parameters:
330       - functest-kubernetes-ng-slave:
331           slave: '{slave}'
332     builders:
333       - functest-kubernetes-ng-trivy:
334           <<: *functest-kubernetes-ng-containers
335     publishers:
336       - email-ext:
337           failure: false
338           first-failure: true
339           fixed: true
340           recipients: cedric.ollivier@orange.com
341
342 - project:
343     name: 'functest-kubernetes-ng-opnfv-functest-kubernetes-core-trivy'
344     <<: *functest-kubernetes-ng-params
345     container: 'functest-kubernetes-core'
346     jobs:
347       - 'functest-kubernetes-ng-{repo}-{container}-{tag}-trivy'
348
349 - project:
350     name: 'functest-kubernetes-ng-opnfv-functest-kubernetes-healthcheck-trivy'
351     <<: *functest-kubernetes-ng-params
352     container: 'functest-kubernetes-healthcheck'
353     jobs:
354       - 'functest-kubernetes-ng-{repo}-{container}-{tag}-trivy'
355
356 - project:
357     name: 'functest-kubernetes-ng-opnfv-functest-kubernetes-cnf-trivy'
358     <<: *functest-kubernetes-ng-params
359     container: 'functest-kubernetes-cnf'
360     jobs:
361       - 'functest-kubernetes-ng-{repo}-{container}-{tag}-trivy'
362
363 - project:
364     name: 'functest-kubernetes-ng-opnfv-functest-kubernetes-security-trivy'
365     <<: *functest-kubernetes-ng-params
366     container: 'functest-kubernetes-security'
367     jobs:
368       - 'functest-kubernetes-ng-{repo}-{container}-{tag}-trivy'
369
370 - project:
371     name: 'functest-kubernetes-ng-opnfv-functest-kubernetes-smoke-trivy'
372     <<: *functest-kubernetes-ng-params
373     container: 'functest-kubernetes-smoke'
374     jobs:
375       - 'functest-kubernetes-ng-{repo}-{container}-{tag}-trivy'
376
377 - project:
378     name: 'functest-kubernetes-ng-opnfv-functest-kubernetes-benchmarking-trivy'
379     <<: *functest-kubernetes-ng-params
380     container: 'functest-kubernetes-benchmarking'
381     jobs:
382       - 'functest-kubernetes-ng-{repo}-{container}-{tag}-trivy'
383
384 - builder:
385     name: functest-kubernetes-ng-docker-scan
386     builders:
387       - shell: |
388           sudo apt-get -o DPkg::Lock::Timeout=300 update && \
389           sudo DEBIAN_FRONTEND=noninteractive apt-get \
390             -o DPkg::Lock::Timeout=300 install curl docker.io -y
391
392           mkdir -p ~/.docker/cli-plugins && \
393           curl https://github.com/docker/scan-cli-plugin/releases/latest/download/docker-scan_linux_amd64 \
394             -L -s -S -o ~/.docker/cli-plugins/docker-scan &&\
395           chmod +x ~/.docker/cli-plugins/docker-scan
396           if [ "{repo}" = "_" ]; then
397             image={container}:{tag}
398           elif [ "{port}" = "None" ]; then
399             image={repo}/{container}:{tag}
400           else
401             image={repo}:{port}/{container}:{tag}
402           fi
403           sudo docker scan $image
404
405 - job-template:
406     name: 'functest-kubernetes-ng-{repo}-{container}-{tag}-docker-scan'
407     triggers:
408       - timed: '@daily'
409     parameters:
410       - functest-kubernetes-ng-slave:
411           slave: '{slave}'
412     builders:
413       - functest-kubernetes-ng-docker-scan:
414           <<: *functest-kubernetes-ng-containers
415     publishers:
416       - email-ext:
417           failure: false
418           first-failure: true
419           fixed: true
420           recipients: cedric.ollivier@orange.com
421
422 - project:
423     name: 'functest-kubernetes-ng-opnfv-functest-kubernetes-core-docker-scan'
424     <<: *functest-kubernetes-ng-params
425     container: 'functest-kubernetes-core'
426     jobs:
427       - 'functest-kubernetes-ng-{repo}-{container}-{tag}-docker-scan'
428
429 - project:
430     name: 'functest-kubernetes-ng-opnfv-functest-kubernetes-healthcheck-docker-scan'
431     <<: *functest-kubernetes-ng-params
432     container: 'functest-kubernetes-healthcheck'
433     jobs:
434       - 'functest-kubernetes-ng-{repo}-{container}-{tag}-docker-scan'
435
436 - project:
437     name: 'functest-kubernetes-ng-opnfv-functest-kubernetes-cnf-docker-scan'
438     <<: *functest-kubernetes-ng-params
439     container: 'functest-kubernetes-cnf'
440     jobs:
441       - 'functest-kubernetes-ng-{repo}-{container}-{tag}-docker-scan'
442
443 - project:
444     name: 'functest-kubernetes-ng-opnfv-functest-kubernetes-security-docker-scan'
445     <<: *functest-kubernetes-ng-params
446     container: 'functest-kubernetes-security'
447     jobs:
448       - 'functest-kubernetes-ng-{repo}-{container}-{tag}-docker-scan'
449
450 - project:
451     name: 'functest-kubernetes-ng-opnfv-functest-kubernetes-smoke-docker-scan'
452     <<: *functest-kubernetes-ng-params
453     container: 'functest-kubernetes-smoke'
454     jobs:
455       - 'functest-kubernetes-ng-{repo}-{container}-{tag}-docker-scan'
456
457 - project:
458     name: 'functest-kubernetes-ng-opnfv-functest-kubernetes-benchmarking-docker-scan'
459     <<: *functest-kubernetes-ng-params
460     container: 'functest-kubernetes-benchmarking'
461     jobs:
462       - 'functest-kubernetes-ng-{repo}-{container}-{tag}-docker-scan'
463
464 - project:
465     name: 'functest-kubernetes-ng'
466     <<: *functest-kubernetes-ng-params
467     jobs:
468       - 'functest-kubernetes-ng-{tag}-docker'
469
470 - view:
471     name: functest-kubernetes-ng-docker
472     view-type: list
473     columns:
474       - status
475       - weather
476       - job
477       - last-success
478       - last-failure
479       - last-duration
480     regex: ^functest-kubernetes-ng-[a-z0-9.]+-docker$
481
482 - view:
483     name: functest-kubernetes-ng-trivy
484     view-type: list
485     columns:
486       - status
487       - weather
488       - job
489       - last-success
490       - last-failure
491       - last-duration
492     regex: ^functest-kubernetes-ng-[a-z0-9-.]+-trivy$
493
494 - view:
495     name: functest-kubernetes-ng-docker-scan
496     view-type: list
497     columns:
498       - status
499       - weather
500       - job
501       - last-success
502       - last-failure
503       - last-duration
504     regex: ^functest-kubernetes-ng-[a-z0-9.]+-docker-scan$