X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=jjb%2Fci_gate_security%2Fopnfv-ci-gate-security.yml;h=d54aebea481df871ba62331ec1fc524f55165ec9;hb=ce0ac57fa4adadb8a6a928d8899c27f99859afab;hp=33179537c22fcae5bbe511fab25cbd3a4f98157b;hpb=c135fe6acd184633e34fa6235faa43e4c581dcc9;p=releng.git diff --git a/jjb/ci_gate_security/opnfv-ci-gate-security.yml b/jjb/ci_gate_security/opnfv-ci-gate-security.yml index 33179537c..d54aebea4 100644 --- a/jjb/ci_gate_security/opnfv-ci-gate-security.yml +++ b/jjb/ci_gate_security/opnfv-ci-gate-security.yml @@ -9,9 +9,76 @@ project: anteaterfw + repo: + - apex + - apex-os-net-config + - apex-puppet-tripleo + - apex-tripleo-heat-templates + - armband + - auto + - availability + - bamboo + - barometer + - bottlenecks + - calipso + - clover + - compass-containers + - compass4nfv + - conductor + - container4nfv + - copper + - cperf + - daisy + - doctor + - domino + - dovetail + - dpacc + - enfv + - fastpathmetrics + - fds + - fuel + - functest + - ipv6 + - joid + - kvmfornfv + - models + - moon + - multisite + - netready + - nfvbench + - octopus + - onosfw + - openretriever + - opera + - opnfvdocs + - orchestra + - ovn4nfv + - ovno + - ovsnfv + - parser + - pharos + - pharos-tools + - promise + - qtip + - releng + - releng-anteater + - releng-testresults + - releng-utils + - releng-xci + - samplevnf + - sdnvpn + - securityscanning + - sfc + - snaps + - stor4nfv + - storperf + - ves + - vswitchperf + - yardstick + jobs: - 'opnfv-security-audit-verify-{stream}' - - 'opnfv-security-audit-weekly-{stream}' + - 'opnfv-security-audit-{repo}-weekly-{stream}' stream: - master: @@ -23,18 +90,26 @@ # job templates ######################## - job-template: - name: 'opnfv-security-audit-weekly-{stream}' + name: 'opnfv-security-audit-{repo}-weekly-{stream}' disabled: '{obj:disabled}' parameters: - - label: - name: SLAVE_LABEL - default: 'ericsson-build3' - description: 'Slave label on Jenkins' + - ericsson-build3-defaults + - string: + name: ANTEATER_SCAN_PATCHSET + default: "false" + description: "Have anteater scan patchsets (true) or full project (false)" - project-parameter: - project: releng + project: '{repo}' branch: '{branch}' + - string: + name: GERRIT_REFSPEC + default: 'refs/heads/{stream}' + description: "Default Gerrit ref git HEAD should point to" + + scm: + - git-scm-gerrit triggers: - timed: '@weekly' @@ -42,6 +117,13 @@ builders: - anteater-security-audit-weekly + publishers: + # defined in jjb/global/releng-macros.yml + - 'email-{repo}-ptl': + subject: 'OPNFV Security Scan Result: {repo}' + - workspace-cleanup: + fail-build: false + - job-template: name: 'opnfv-security-audit-verify-{stream}' @@ -50,7 +132,7 @@ parameters: - label: name: SLAVE_LABEL - default: 'ericsson-build3' + default: 'opnfv-build' description: 'Slave label on Jenkins' - project-parameter: project: $GERRIT_PROJECT @@ -81,7 +163,7 @@ comment-contains-value: 'reverify' projects: - project-compare-type: 'REG_EXP' - project-pattern: 'apex|armband|bamboo|barometer|bottlenecks|calipso|compass4nfv|conductor|cooper|cperf|daisy|doctor|dovetail|dpacc|enfv|escalator|fds|fuel|functest|octopus|pharos|releng|sandbox|yardstick' + project-pattern: 'apex|armband|bamboo|barometer|bottlenecks|calipso|compass4nfv|conductor|copper|cperf|daisy|doctor|dovetail|dpacc|enfv|escalator|fds|fuel|functest|octopus|pharos|releng|sandbox|yardstick|infra|ipv6|kvmfornfv|lsoapi|models|moon|multisite|netready' branches: - branch-compare-type: 'ANT' branch-pattern: '**/{branch}' @@ -117,12 +199,8 @@ - shell: !include-raw: ./anteater-report-to-gerrit.sh -# yamllint disable rule:indentation - builder: name: anteater-security-audit-weekly builders: - shell: - !include-raw: - - ./anteater-clone-all-repos.sh - - ./anteater-security-audit-weekly.sh -# yamllint enable rule:indentation + !include-raw: ./anteater-security-audit-weekly.sh