X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=jjb%2Fci_gate_security%2Fopnfv-ci-gate-security.yml;h=d54aebea481df871ba62331ec1fc524f55165ec9;hb=ce0ac57fa4adadb8a6a928d8899c27f99859afab;hp=e2f6ceb7b387f6a4130326075c5d71a9856ffa04;hpb=26f55bef14c2fec7a0422bc757517b115b7870c8;p=releng.git diff --git a/jjb/ci_gate_security/opnfv-ci-gate-security.yml b/jjb/ci_gate_security/opnfv-ci-gate-security.yml index e2f6ceb7b..d54aebea4 100644 --- a/jjb/ci_gate_security/opnfv-ci-gate-security.yml +++ b/jjb/ci_gate_security/opnfv-ci-gate-security.yml @@ -1,3 +1,4 @@ +--- # SPDX-license-identifier: Apache-2.0 ######################## # Job configuration for opnfv-anteater (security audit) @@ -8,38 +9,120 @@ project: anteaterfw + repo: + - apex + - apex-os-net-config + - apex-puppet-tripleo + - apex-tripleo-heat-templates + - armband + - auto + - availability + - bamboo + - barometer + - bottlenecks + - calipso + - clover + - compass-containers + - compass4nfv + - conductor + - container4nfv + - copper + - cperf + - daisy + - doctor + - domino + - dovetail + - dpacc + - enfv + - fastpathmetrics + - fds + - fuel + - functest + - ipv6 + - joid + - kvmfornfv + - models + - moon + - multisite + - netready + - nfvbench + - octopus + - onosfw + - openretriever + - opera + - opnfvdocs + - orchestra + - ovn4nfv + - ovno + - ovsnfv + - parser + - pharos + - pharos-tools + - promise + - qtip + - releng + - releng-anteater + - releng-testresults + - releng-utils + - releng-xci + - samplevnf + - sdnvpn + - securityscanning + - sfc + - snaps + - stor4nfv + - storperf + - ves + - vswitchperf + - yardstick + jobs: - - 'opnfv-security-audit-verify-{stream}' - - 'opnfv-security-audit-weekly-{stream}' + - 'opnfv-security-audit-verify-{stream}' + - 'opnfv-security-audit-{repo}-weekly-{stream}' stream: - - master: - branch: '{stream}' - gs-pathname: '' - disabled: false + - master: + branch: '{stream}' + gs-pathname: '' + disabled: false ######################## # job templates ######################## - job-template: - name: 'opnfv-security-audit-weekly-{stream}' + name: 'opnfv-security-audit-{repo}-weekly-{stream}' disabled: '{obj:disabled}' parameters: - - label: - name: SLAVE_LABEL - default: 'ericsson-build3' - description: 'Slave label on Jenkins' - - project-parameter: - project: releng - branch: '{branch}' + - ericsson-build3-defaults + - string: + name: ANTEATER_SCAN_PATCHSET + default: "false" + description: "Have anteater scan patchsets (true) or full project (false)" + - project-parameter: + project: '{repo}' + branch: '{branch}' + - string: + name: GERRIT_REFSPEC + default: 'refs/heads/{stream}' + description: "Default Gerrit ref git HEAD should point to" + + scm: + - git-scm-gerrit triggers: - - timed: '@weekly' + - timed: '@weekly' builders: - - anteater-security-audit-weekly + - anteater-security-audit-weekly + + publishers: + # defined in jjb/global/releng-macros.yml + - 'email-{repo}-ptl': + subject: 'OPNFV Security Scan Result: {repo}' + - workspace-cleanup: + fail-build: false - job-template: name: 'opnfv-security-audit-verify-{stream}' @@ -47,72 +130,77 @@ disabled: '{obj:disabled}' parameters: - - label: - name: SLAVE_LABEL - default: 'ericsson-build3' - description: 'Slave label on Jenkins' - - project-parameter: - project: $GERRIT_PROJECT - branch: '{branch}' - - string: - name: GIT_BASE - default: https://gerrit.opnfv.org/gerrit/$PROJECT - description: "Used for overriding the GIT URL coming from Global Jenkins configuration in case if the stuff is done on none-LF HW." + - label: + name: SLAVE_LABEL + default: 'opnfv-build' + description: 'Slave label on Jenkins' + - project-parameter: + project: $GERRIT_PROJECT + branch: '{branch}' + - string: + name: GIT_BASE + default: https://gerrit.opnfv.org/gerrit/$PROJECT + # yamllint disable rule:line-length + description: "Used for overriding the GIT URL coming from Global Jenkins configuration in case if the stuff is done on none-LF HW." + # yamllint enable rule:line-length scm: - - git-scm-gerrit + - git-scm-gerrit + # yamllint disable rule:line-length triggers: - - gerrit: - server-name: 'gerrit.opnfv.org' - trigger-on: - - patchset-created-event: - exclude-drafts: 'false' - exclude-trivial-rebase: 'false' - exclude-no-code-change: 'false' - - draft-published-event - - comment-added-contains-event: - comment-contains-value: 'recheck' - - comment-added-contains-event: - comment-contains-value: 'reverify' - projects: - - project-compare-type: 'REG_EXP' - project-pattern: 'apex|armband|bamboo|barometer|bottlenecks|calipso|compass4nfv|conductor|cooper|functest|octopus|pharos|releng|sandbox' - branches: - - branch-compare-type: 'ANT' - branch-pattern: '**/{branch}' - file-paths: - - compare-type: ANT - pattern: '**' - skip-vote: - successful: true - failed: true - unstable: true - notbuilt: true + - gerrit: + server-name: 'gerrit.opnfv.org' + trigger-on: + - patchset-created-event: + exclude-drafts: 'false' + exclude-trivial-rebase: 'false' + exclude-no-code-change: 'false' + - draft-published-event + - comment-added-contains-event: + comment-contains-value: 'recheck' + - comment-added-contains-event: + comment-contains-value: 'reverify' + projects: + - project-compare-type: 'REG_EXP' + project-pattern: 'apex|armband|bamboo|barometer|bottlenecks|calipso|compass4nfv|conductor|copper|cperf|daisy|doctor|dovetail|dpacc|enfv|escalator|fds|fuel|functest|octopus|pharos|releng|sandbox|yardstick|infra|ipv6|kvmfornfv|lsoapi|models|moon|multisite|netready' + branches: + - branch-compare-type: 'ANT' + branch-pattern: '**/{branch}' + file-paths: + - compare-type: ANT + pattern: '**' + skip-vote: + successful: true + failed: true + unstable: true + notbuilt: true + # yamllint enable rule:line-length builders: - - anteater-security-audit - - report-security-audit-result-to-gerrit + - anteater-security-audit + - report-security-audit-result-to-gerrit + publishers: + - archive-artifacts: + artifacts: ".reports/*" + ######################## # builder macros ######################## - builder: name: anteater-security-audit builders: - - shell: - !include-raw: ./anteater-security-audit.sh + - shell: + !include-raw: ./anteater-security-audit.sh - builder: name: report-security-audit-result-to-gerrit builders: - - shell: - !include-raw: ./anteater-report-to-gerrit.sh + - shell: + !include-raw: ./anteater-report-to-gerrit.sh - builder: name: anteater-security-audit-weekly builders: - - shell: - !include-raw: - - ./anteater-clone-all-repos.sh - - ./anteater-security-audit-weekly.sh - + - shell: + !include-raw: ./anteater-security-audit-weekly.sh