X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;ds=sidebyside;f=jjb%2Fci_gate_security%2Fopnfv-ci-gate-security.yml;h=33179537c22fcae5bbe511fab25cbd3a4f98157b;hb=f51249c644d7535999eef5ec5f0e6f4ecb780d66;hp=e2ad03eaed61d2f0447e7d61333f41bb60154fc8;hpb=abbf19fc005ef6df0dcbba28d4bc8bd2a3365a41;p=releng.git diff --git a/jjb/ci_gate_security/opnfv-ci-gate-security.yml b/jjb/ci_gate_security/opnfv-ci-gate-security.yml index e2ad03eae..33179537c 100644 --- a/jjb/ci_gate_security/opnfv-ci-gate-security.yml +++ b/jjb/ci_gate_security/opnfv-ci-gate-security.yml @@ -1,3 +1,5 @@ +--- +# SPDX-license-identifier: Apache-2.0 ######################## # Job configuration for opnfv-anteater (security audit) ######################## @@ -8,80 +10,119 @@ project: anteaterfw jobs: - - 'opnfv-security-audit-verify-{stream}' + - 'opnfv-security-audit-verify-{stream}' + - 'opnfv-security-audit-weekly-{stream}' stream: - - master: - branch: '{stream}' - gs-pathname: '' - disabled: false + - master: + branch: '{stream}' + gs-pathname: '' + disabled: false ######################## # job templates ######################## +- job-template: + name: 'opnfv-security-audit-weekly-{stream}' + + disabled: '{obj:disabled}' + + parameters: + - label: + name: SLAVE_LABEL + default: 'ericsson-build3' + description: 'Slave label on Jenkins' + - project-parameter: + project: releng + branch: '{branch}' + + triggers: + - timed: '@weekly' + + builders: + - anteater-security-audit-weekly + - job-template: name: 'opnfv-security-audit-verify-{stream}' disabled: '{obj:disabled}' parameters: - - label: - name: SLAVE_LABEL - default: 'ericsson-build3' - description: 'Slave label on Jenkins' - - project-parameter: - project: $GERRIT_PROJECT - branch: '{branch}' - - string: - name: GIT_BASE - default: https://gerrit.opnfv.org/gerrit/$PROJECT - description: "Used for overriding the GIT URL coming from Global Jenkins configuration in case if the stuff is done on none-LF HW." + - label: + name: SLAVE_LABEL + default: 'ericsson-build3' + description: 'Slave label on Jenkins' + - project-parameter: + project: $GERRIT_PROJECT + branch: '{branch}' + - string: + name: GIT_BASE + default: https://gerrit.opnfv.org/gerrit/$PROJECT + # yamllint disable rule:line-length + description: "Used for overriding the GIT URL coming from Global Jenkins configuration in case if the stuff is done on none-LF HW." + # yamllint enable rule:line-length scm: - - git-scm-gerrit + - git-scm-gerrit + # yamllint disable rule:line-length triggers: - - gerrit: - server-name: 'gerrit.opnfv.org' - trigger-on: - - patchset-created-event: - exclude-drafts: 'false' - exclude-trivial-rebase: 'false' - exclude-no-code-change: 'false' - - draft-published-event - - comment-added-contains-event: - comment-contains-value: 'recheck' - - comment-added-contains-event: - comment-contains-value: 'reverify' - projects: - - project-compare-type: 'REG_EXP' - project-pattern: 'sandbox|releng' - branches: - - branch-compare-type: 'ANT' - branch-pattern: '**/{branch}' - file-paths: - - compare-type: ANT - pattern: '**' - skip-vote: - successful: true - failed: true - unstable: true - notbuilt: true + - gerrit: + server-name: 'gerrit.opnfv.org' + trigger-on: + - patchset-created-event: + exclude-drafts: 'false' + exclude-trivial-rebase: 'false' + exclude-no-code-change: 'false' + - draft-published-event + - comment-added-contains-event: + comment-contains-value: 'recheck' + - comment-added-contains-event: + comment-contains-value: 'reverify' + projects: + - project-compare-type: 'REG_EXP' + project-pattern: 'apex|armband|bamboo|barometer|bottlenecks|calipso|compass4nfv|conductor|cooper|cperf|daisy|doctor|dovetail|dpacc|enfv|escalator|fds|fuel|functest|octopus|pharos|releng|sandbox|yardstick' + branches: + - branch-compare-type: 'ANT' + branch-pattern: '**/{branch}' + file-paths: + - compare-type: ANT + pattern: '**' + skip-vote: + successful: true + failed: true + unstable: true + notbuilt: true + # yamllint enable rule:line-length builders: - - anteater-security-audit - - report-security-audit-result-to-gerrit + - anteater-security-audit + - report-security-audit-result-to-gerrit + publishers: + - archive-artifacts: + artifacts: ".reports/*" + ######################## # builder macros ######################## - builder: name: anteater-security-audit builders: - - shell: - !include-raw: ./anteater-security-audit.sh + - shell: + !include-raw: ./anteater-security-audit.sh - builder: name: report-security-audit-result-to-gerrit builders: - - shell: - !include-raw: ./anteater-report-to-gerrit.sh + - shell: + !include-raw: ./anteater-report-to-gerrit.sh + +# yamllint disable rule:indentation +- builder: + name: anteater-security-audit-weekly + builders: + - shell: + !include-raw: + - ./anteater-clone-all-repos.sh + - ./anteater-security-audit-weekly.sh +# yamllint enable rule:indentation