Code Review / releng.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
[barometer] Add Jerma jobs
[releng.git] / jjb / ci_gate_security / anteater-security-audit-weekly.sh
diff --git a/jjb/ci_gate_security/anteater-security-audit-weekly.sh b/jjb/ci_gate_security/anteater-security-audit-weekly.sh
index 99f2820..6caa131 100644 (file)
--- a/jjb/ci_gate_security/anteater-security-audit-weekly.sh
+++ b/jjb/ci_gate_security/anteater-security-audit-weekly.sh
@@ -1,37 +1,50 @@
 #!/bin/bash
 # SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2017 The Linux Foundation and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+ANTEATER_SCAN_PATCHSET="${ANTEATER_SCAN_PATCHSET:-true}"
+
+cd $WORKSPACE
+REPORTDIR='.reports'
+mkdir -p $REPORTDIR
+# Ensure any user can read the reports directory
+chmod 777 $REPORTDIR
+
+ANTEATER_FILES="--patchset /home/opnfv/anteater/$PROJECT/patchset"
+
+if [[ "$ANTEATER_SCAN_PATCHSET" == "true" ]]; then
+    echo "Generating patchset file to list changed files"
+    git diff HEAD^1 --name-only | sed "s#^#/home/opnfv/anteater/$PROJECT/#" > $WORKSPACE/patchset
+    echo "Changed files are"
+    echo "--------------------------------------------------------"
+    cat $WORKSPACE/patchset
+    echo "--------------------------------------------------------"
+else
+    echo "Checking full project $PROJECT"
+    ANTEATER_FILES="--path /home/opnfv/anteater/$PROJECT"
+fi
+
+vols="-v $WORKSPACE:/home/opnfv/anteater/$PROJECT -v $WORKSPACE/$REPORTDIR:/home/opnfv/anteater/$REPORTDIR"
+envs="-e PROJECT=$PROJECT"
 
-echo "--------------------------------------------------------"
-vols="-v $WORKSPACE/allrepos/:/home/opnfv/anteater/allrepos/"
 echo "Pulling releng-anteater docker image"
 echo "--------------------------------------------------------"
 docker pull opnfv/releng-anteater
 echo "--------------------------------------------------------"
-cmd="docker run --user nobody -id $vols opnfv/releng-anteater /bin/bash"
-echo "Running docker command $cmd"
-container_id=$($cmd)
-echo "Container ID is $container_id"
-source $WORKSPACE/opnfv-projects.sh
-for project in "${PROJECT_LIST[@]}"
-
-do
-  cmd="anteater --project testproj --path /home/opnfv/anteater/allrepos/$project"
-  echo "Executing command inside container"
-  echo "$cmd"
-  echo "--------------------------------------------------------"
-  docker exec $container_id $cmd > $WORKSPACE/"$project".securityaudit.log 2>&1
-done
 
+cmd="docker run -i $envs $vols --rm opnfv/releng-anteater \
+/home/opnfv/venv/bin/anteater --project $PROJECT $ANTEATER_FILES"
+echo "Running docker container"
+echo "$cmd"
+$cmd > $WORKSPACE/securityaudit.log 2>&1
 exit_code=$?
 echo "--------------------------------------------------------"
-echo "Stopping docker container with ID $container_id"
-docker stop $container_id
-
-
-#gsutil cp $WORKSPACE/securityaudit.log \
-#    gs://$GS_URL/$PROJECT-securityaudit-weekly.log 2>&1
-#
-#gsutil -m setmeta \
-#    -h "Content-Type:text/html" \
-#    -h "Cache-Control:private, max-age=0, no-transform" \
-#    gs://$GS_URL/$PROJECT-securityaudit-weekly.log > /dev/null 2>&1
+echo "Docker container exited with code: $exit_code"
+echo "--------------------------------------------------------"
+exit 0