--- /dev/null
+---
+# SPDX-license-identifier: Apache-2.0
+########################
+# Job configuration for opnfv-anteater (security audit)
+########################
+- project:
+
+ name: anteaterfw
+
+ project: anteaterfw
+
+ repo:
+ - apex
+ - apex-os-net-config
+ - apex-puppet-tripleo
+ - apex-tripleo-heat-templates
+ - armband
+ - auto
+ - availability
+ - bamboo
+ - barometer
+ - bottlenecks
+ - calipso
+ - clover
+ - compass-containers
+ - compass4nfv
+ - conductor
+ - container4nfv
+ - copper
+ - cperf
+ - daisy
+ - doctor
+ - domino
+ - dovetail
+ - dpacc
+ - enfv
+ - fds
+ - fuel
+ - functest
+ - ipv6
+ - joid
+ - kvmfornfv
+ - models
+ - moon
+ - netready
+ - nfvbench
+ - onosfw
+ - opera
+ - opnfvdocs
+ - orchestra
+ - ovn4nfv
+ - ovno
+ - ovsnfv
+ - parser
+ - pharos
+ - pharos-tools
+ - promise
+ - qtip
+ - releng
+ - releng-anteater
+ - releng-testresults
+ - releng-utils
+ - releng-xci
+ - samplevnf
+ - sdnvpn
+ - securityscanning
+ - sfc
+ - snaps
+ - stor4nfv
+ - storperf
+ - ves
+ - vswitchperf
+ - yardstick
+
+ jobs:
+ - 'opnfv-security-audit-verify-{stream}'
+ - 'opnfv-security-audit-{repo}-weekly-{stream}'
+
+ stream:
+ - master:
+ branch: '{stream}'
+ gs-pathname: ''
+ disabled: false
+
+########################
+# job templates
+########################
+- job-template:
+ name: 'opnfv-security-audit-{repo}-weekly-{stream}'
+
+ disabled: '{obj:disabled}'
+
+ parameters:
+ - ericsson-build3-defaults
+ - string:
+ name: ANTEATER_SCAN_PATCHSET
+ default: "false"
+ description: "Have anteater scan patchsets (true) or full project (false)"
+ - project-parameter:
+ project: '{repo}'
+ branch: '{branch}'
+
+ scm:
+ - git-scm-gerrit
+
+ triggers:
+ - timed: '@weekly'
+
+ builders:
+ - anteater-security-audit-weekly
+
+ publishers:
+ # defined in jjb/global/releng-macros.yml
+ - 'email-{repo}-ptl':
+ subject: 'OPNFV Security Scan Result: {repo}'
+ - workspace-cleanup:
+ fail-build: false
+
+- job-template:
+ name: 'opnfv-security-audit-verify-{stream}'
+
+ disabled: '{obj:disabled}'
+
+ parameters:
+ - label:
+ name: SLAVE_LABEL
+ default: 'opnfv-build'
+ description: 'Slave label on Jenkins'
+ - project-parameter:
+ project: $GERRIT_PROJECT
+ branch: '{branch}'
+ - string:
+ name: GIT_BASE
+ default: https://gerrit.opnfv.org/gerrit/$PROJECT
+ # yamllint disable rule:line-length
+ description: "Used for overriding the GIT URL coming from Global Jenkins configuration in case if the stuff is done on none-LF HW."
+ # yamllint enable rule:line-length
+
+ scm:
+ - git-scm-gerrit
+
+ # yamllint disable rule:line-length
+ triggers:
+ - gerrit:
+ server-name: 'gerrit.opnfv.org'
+ trigger-on:
+ - patchset-created-event:
+ exclude-drafts: 'false'
+ exclude-trivial-rebase: 'false'
+ exclude-no-code-change: 'false'
+ - draft-published-event
+ - comment-added-contains-event:
+ comment-contains-value: 'recheck'
+ - comment-added-contains-event:
+ comment-contains-value: 'reverify'
+ projects:
+ - project-compare-type: 'REG_EXP'
+ project-pattern: 'apex|armband|bamboo|barometer|bottlenecks|calipso|compass4nfv|conductor|copper|cperf|daisy|doctor|dovetail|dpacc|enfv|fds|fuel|functest|pharos|releng|sandbox|yardstick|infra|ipv6|kvmfornfv|models|moon|netready'
+ branches:
+ - branch-compare-type: 'ANT'
+ branch-pattern: '**/{branch}'
+ file-paths:
+ - compare-type: ANT
+ pattern: '**'
+ skip-vote:
+ successful: true
+ failed: true
+ unstable: true
+ notbuilt: true
+ # yamllint enable rule:line-length
+
+ builders:
+ - anteater-security-audit
+ - report-security-audit-result-to-gerrit
+ publishers:
+ - archive-artifacts:
+ artifacts: ".reports/*"
+
+########################
+# builder macros
+########################
+- builder:
+ name: anteater-security-audit
+ builders:
+ - shell:
+ !include-raw: ./anteater-security-audit.sh
+
+- builder:
+ name: report-security-audit-result-to-gerrit
+ builders:
+ - shell:
+ !include-raw: ./anteater-report-to-gerrit.sh
+
+- builder:
+ name: anteater-security-audit-weekly
+ builders:
+ - shell:
+ !include-raw: ./anteater-security-audit-weekly.sh
Code Review / releng.git / blobdiff