from:
build_args:
branch: master
- slave: lf-pod4-2
- DASHBOARD_URL: http://172.30.12.85
+ slave: lf-pod4
+ DASHBOARD_URL: http://172.30.12.83
dependency: 3.14
- xena:
from:
volumes: '{volumes}'
env: '{env}'
network: '{network}'
+ uid: '{uid}'
+ gid: '{gid}'
+ published_ports: '{published_ports}'
DASHBOARD_URL: '{DASHBOARD_URL}'
- builder:
for i in $(eval echo {env} | tr -d '[]' |sed "s/, / /g" ); \
do env="-e $i $env"; done
fi
+ published_ports=;
+ if [ "{published_ports}" != "None" ]; then
+ for i in $(echo {published_ports} | tr -d '[]' |sed "s/, / /g" ); \
+ do published_ports="-p $i $published_ports"; done
+ fi
[ ! -z "$WORKSPACE" ] && sudo rm -rf $WORKSPACE/results || true
if [ "{repo}" = "_" ]; then
image={container}:{tag}
else
image={repo}:{port}/{container}:{tag}
fi
+ sudo mkdir -p $WORKSPACE/results
+ sudo chown {uid}:{gid} $WORKSPACE/results
sudo docker run --rm \
--privileged={privileged} \
--network={network} \
$volumes \
$env \
+ $published_ports \
-e S3_ENDPOINT_URL=https://storage.googleapis.com \
-e S3_DST_URL=s3://artifacts.opnfv.org/functest/$BUILD_TAG/$JOB_NAME-$BUILD_ID \
-e HTTP_DST_URL=http://artifacts.opnfv.org/functest/$BUILD_TAG/$JOB_NAME-$BUILD_ID \
- -v /home/opnfv/functest/.boto:/root/.boto \
+ -v /home/opnfv/functest/.boto:/etc/boto.cfg \
-e TEST_DB_URL=http://testresults.opnfv.org/test/api/v1/results \
-e TEST_DB_EXT_URL=http://testresults.opnfv.org/test/api/v1/results \
-e NODE_NAME=$slave \
- EXTERNAL_NETWORK=$EXTERNAL_NETWORK
- VOLUME_DEVICE_NAME=$VOLUME_DEVICE_NAME
- IMAGE_PROPERTIES=$IMAGE_PROPERTIES
+ published_ports:
container: 'functest-healthcheck'
test:
- connection_check
- tempest_horizon
privileged: 'false'
network: bridge
+ uid: 1000
+ gid: 1000
jobs:
- 'functest-opnfv-functest-healthcheck-{tag}-{test}-run'
- EXTERNAL_NETWORK=$EXTERNAL_NETWORK
- VOLUME_DEVICE_NAME=$VOLUME_DEVICE_NAME
- IMAGE_PROPERTIES=$IMAGE_PROPERTIES
+ published_ports:
container: 'functest-smoke'
test:
- tempest_neutron
- tempest_cyborg
privileged: 'false'
network: bridge
+ uid: 1000
+ gid: 1000
exclude:
- tag: latest
test: refstack_defcore
- EXTERNAL_NETWORK=$EXTERNAL_NETWORK
- VOLUME_DEVICE_NAME=$VOLUME_DEVICE_NAME
- IMAGE_PROPERTIES=$IMAGE_PROPERTIES
+ published_ports:
container: 'functest-smoke-cntt'
test:
- tempest_neutron_cntt
- tempest_slow_cntt
privileged: 'false'
network: bridge
+ uid: 1000
+ gid: 1000
jobs:
- 'functest-opnfv-functest-smoke-cntt-{tag}-{test}-run'
- EXTERNAL_NETWORK=$EXTERNAL_NETWORK
- VOLUME_DEVICE_NAME=$VOLUME_DEVICE_NAME
- IMAGE_PROPERTIES=$IMAGE_PROPERTIES
+ published_ports:
container: 'functest-benchmarking'
test:
- rally_full
- shaker
privileged: 'false'
network: bridge
+ uid: 1000
+ gid: 1000
jobs:
- 'functest-opnfv-functest-benchmarking-{tag}-{test}-run'
- EXTERNAL_NETWORK=$EXTERNAL_NETWORK
- VOLUME_DEVICE_NAME=$VOLUME_DEVICE_NAME
- IMAGE_PROPERTIES=$IMAGE_PROPERTIES
+ published_ports:
container: 'functest-benchmarking-cntt'
test:
- rally_full_cntt
- rally_jobs_cntt
privileged: 'false'
network: bridge
+ uid: 1000
+ gid: 1000
jobs:
- 'functest-opnfv-functest-benchmarking-cntt-{tag}-{test}-run'
- EXTERNAL_NETWORK=$EXTERNAL_NETWORK
- VOLUME_DEVICE_NAME=$VOLUME_DEVICE_NAME
- IMAGE_PROPERTIES=$IMAGE_PROPERTIES
+ published_ports:
container: 'functest-vnf'
test:
- cloudify
- juju_epc
privileged: 'false'
network: bridge
+ uid: 1000
+ gid: 1000
jobs:
- 'functest-opnfv-functest-vnf-{tag}-{test}-run'
for i in $(eval echo {env} | tr -d '[]' |sed "s/, / /g" ); \
do env="-e $i $env"; done
fi
+ published_ports=;
+ if [ "{published_ports}" != "None" ]; then
+ for i in $(echo {published_ports} | tr -d '[]' |sed "s/, / /g" ); \
+ do published_ports="-p $i $published_ports"; done
+ fi
[ ! -z "$WORKSPACE" ] && sudo rm -rf $WORKSPACE/results || true
if [ "{repo}" = "_" ]; then
image={container}:{tag}
else
image={repo}:{port}/{container}:{tag}
fi
+ sudo mkdir -p $WORKSPACE/results
+ sudo chown {uid}:{gid} $WORKSPACE/results
sudo docker run --rm \
$volumes \
$env \
+ $published_ports \
-e S3_ENDPOINT_URL=https://storage.googleapis.com \
-e S3_DST_URL=s3://artifacts.opnfv.org/functest \
-e HTTP_DST_URL=http://artifacts.opnfv.org/functest \
- -v /home/opnfv/functest/.boto:/root/.boto \
+ -v /home/opnfv/functest/.boto:/etc/boto.cfg \
-e TEST_DB_URL=http://testresults.opnfv.org/test/api/v1/results \
-e TEST_DB_EXT_URL=http://testresults.opnfv.org/test/api/v1/results \
-e BUILD_TAG=$BUILD_TAG \
<<: *functest-containers
volumes: '{volumes}'
env: '{env}'
+ uid: '{uid}'
+ gid: '{gid}'
+ published_ports: '{published_ports}'
- project:
name: 'functest-{tag}-zip'
- EXTERNAL_NETWORK=$EXTERNAL_NETWORK
- VOLUME_DEVICE_NAME=$VOLUME_DEVICE_NAME
- IMAGE_PROPERTIES=$IMAGE_PROPERTIES
+ published_ports:
container: 'functest-healthcheck'
+ uid: 1000
+ gid: 1000
jobs:
- 'functest-{tag}-zip'
sudo apt-get -o DPkg::Lock::Timeout=300 update && \
sudo DEBIAN_FRONTEND=noninteractive apt-get \
-o DPkg::Lock::Timeout=300 install \
+ python3.10 python3.10-dev python3.10-distutils \
python3.9 python3.9-dev python3.9-distutils \
python3.8 python3.8-dev python3.8-distutils \
python3.7 python3.7-dev python3.6 python3.6-dev \
else
image={repo}:{port}/{container}:{tag}
fi
- ./trivy --exit-code 1 $image
+ ./trivy image --exit-code 1 $image
- job-template:
name: 'functest-{repo}-{container}-{tag}-trivy'
- 'functest-{repo}-{container}-{tag}-trivy'
- builder:
- name: functest-docker-scan
+ name: functest-grype
builders:
- shell: |
- apt-get -o DPkg::Lock::Timeout=300 update && \
- DEBIAN_FRONTEND=noninteractive apt-get -o DPkg::Lock::Timeout=300 install \
- curl docker.io -y
-
- mkdir -p ~/.docker/cli-plugins && \
- curl https://github.com/docker/scan-cli-plugin/releases/latest/download/docker-scan_linux_amd64 \
- -L -s -S -o ~/.docker/cli-plugins/docker-scan &&\
- chmod +x ~/.docker/cli-plugins/docker-scan
+ sudo apt-get -o DPkg::Lock::Timeout=300 update && \
+ sudo DEBIAN_FRONTEND=noninteractive apt-get \
+ -o DPkg::Lock::Timeout=300 install curl -y
+
+ curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sudo sh -s -- -b .
if [ "{repo}" = "_" ]; then
image={container}:{tag}
elif [ "{port}" = "None" ]; then
else
image={repo}:{port}/{container}:{tag}
fi
- docker-scan $image
+ ./grype -q $image
- job-template:
- name: 'functest-{repo}-{container}-{tag}-docker-scan'
+ name: 'functest-{repo}-{container}-{tag}-grype'
triggers:
- timed: '@weekly'
parameters:
- functest-slave:
slave: '{slave}'
builders:
- - functest-docker-scan:
+ - functest-grype:
<<: *functest-containers
publishers:
- email-ext:
recipients: cedric.ollivier@orange.com
- project:
- name: 'functest-opnfv-functest-core-docker-scan'
+ name: 'functest-opnfv-functest-core-grype'
<<: *functest-params
container: 'functest-core'
jobs:
- - 'functest-{repo}-{container}-{tag}-docker-scan'
+ - 'functest-{repo}-{container}-{tag}-grype'
- project:
- name: 'functest-opnfv-functest-tempest-docker-scan'
+ name: 'functest-opnfv-functest-tempest-grype'
<<: *functest-params
container: 'functest-tempest'
jobs:
- - 'functest-{repo}-{container}-{tag}-docker-scan'
+ - 'functest-{repo}-{container}-{tag}-grype'
- project:
- name: 'functest-opnfv-functest-healthcheck-docker-scan'
+ name: 'functest-opnfv-functest-healthcheck-grype'
<<: *functest-params
container: 'functest-healthcheck'
jobs:
- - 'functest-{repo}-{container}-{tag}-docker-scan'
+ - 'functest-{repo}-{container}-{tag}-grype'
- project:
- name: 'functest-opnfv-functest-smoke-docker-scan'
+ name: 'functest-opnfv-functest-smoke-grype'
<<: *functest-params
container: 'functest-smoke'
jobs:
- - 'functest-{repo}-{container}-{tag}-docker-scan'
+ - 'functest-{repo}-{container}-{tag}-grype'
- project:
- name: 'functest-opnfv-functest-benchmarking-docker-scan'
+ name: 'functest-opnfv-functest-benchmarking-grype'
<<: *functest-params
container: 'functest-benchmarking'
jobs:
- - 'functest-{repo}-{container}-{tag}-docker-scan'
+ - 'functest-{repo}-{container}-{tag}-grype'
- project:
- name: 'functest-opnfv-functest-vnf-docker-scan'
+ name: 'functest-opnfv-functest-vnf-grype'
<<: *functest-params
container: 'functest-vnf'
jobs:
- - 'functest-{repo}-{container}-{tag}-docker-scan'
+ - 'functest-{repo}-{container}-{tag}-grype'
- project:
- name: 'functest-opnfv-functest-smoke-cntt-docker-scan'
+ name: 'functest-opnfv-functest-smoke-cntt-grype'
<<: *functest-params
container: 'functest-smoke-cntt'
jobs:
- - 'functest-{repo}-{container}-{tag}-docker-scan'
+ - 'functest-{repo}-{container}-{tag}-grype'
- project:
- name: 'functest-opnfv-functest-benchmarking-cntt-docker-scan'
+ name: 'functest-opnfv-functest-benchmarking-cntt-grype'
<<: *functest-params
container: 'functest-benchmarking-cntt'
jobs:
- - 'functest-{repo}-{container}-{tag}-docker-scan'
+ - 'functest-{repo}-{container}-{tag}-grype'
- project:
name: 'functest'
regex: (?!functest-kubernetes)(?!functest-pi)^functest-[a-z-0-9.]+-trivy$
- view:
- name: functest-docker-scan
+ name: functest-grype
view-type: list
columns:
- status
- last-success
- last-failure
- last-duration
- regex: ^functest-[a-z0-9.]+-docker-scan$
+ regex: (?!functest-kubernetes)(?!functest-pi)^functest-[a-z-0-9.]+-grype$