X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=jjb%2Fci_gate_security%2Fopnfv-ci-gate-security.yml;h=e2f6ceb7b387f6a4130326075c5d71a9856ffa04;hb=469ea32285a0a6ac86b8e2b5f5054695de09bdf1;hp=937b76d15d417cdbc43ba7ce75365581370ff58f;hpb=7228a572ab291081b3fcc5115d06c6a6901b3fea;p=releng.git diff --git a/jjb/ci_gate_security/opnfv-ci-gate-security.yml b/jjb/ci_gate_security/opnfv-ci-gate-security.yml index 937b76d15..e2f6ceb7b 100644 --- a/jjb/ci_gate_security/opnfv-ci-gate-security.yml +++ b/jjb/ci_gate_security/opnfv-ci-gate-security.yml @@ -1,5 +1,6 @@ +# SPDX-license-identifier: Apache-2.0 ######################## -# Job configuration for opnfv-lint +# Job configuration for opnfv-anteater (security audit) ######################## - project: @@ -9,6 +10,7 @@ jobs: - 'opnfv-security-audit-verify-{stream}' + - 'opnfv-security-audit-weekly-{stream}' stream: - master: @@ -19,6 +21,26 @@ ######################## # job templates ######################## +- job-template: + name: 'opnfv-security-audit-weekly-{stream}' + + disabled: '{obj:disabled}' + + parameters: + - label: + name: SLAVE_LABEL + default: 'ericsson-build3' + description: 'Slave label on Jenkins' + - project-parameter: + project: releng + branch: '{branch}' + + triggers: + - timed: '@weekly' + + builders: + - anteater-security-audit-weekly + - job-template: name: 'opnfv-security-audit-verify-{stream}' @@ -27,11 +49,15 @@ parameters: - label: name: SLAVE_LABEL - default: 'lf-build2' + default: 'ericsson-build3' description: 'Slave label on Jenkins' - project-parameter: project: $GERRIT_PROJECT branch: '{branch}' + - string: + name: GIT_BASE + default: https://gerrit.opnfv.org/gerrit/$PROJECT + description: "Used for overriding the GIT URL coming from Global Jenkins configuration in case if the stuff is done on none-LF HW." scm: - git-scm-gerrit @@ -51,22 +77,22 @@ comment-contains-value: 'reverify' projects: - project-compare-type: 'REG_EXP' - project-pattern: 'sandbox' + project-pattern: 'apex|armband|bamboo|barometer|bottlenecks|calipso|compass4nfv|conductor|cooper|functest|octopus|pharos|releng|sandbox' branches: - branch-compare-type: 'ANT' branch-pattern: '**/{branch}' file-paths: - compare-type: ANT pattern: '**' - skip-vote: - successful: true - failed: true - unstable: true - notbuilt: true + skip-vote: + successful: true + failed: true + unstable: true + notbuilt: true builders: - anteater-security-audit -# - report-security-audit-result-to-gerrit + - report-security-audit-result-to-gerrit ######################## # builder macros ######################## @@ -79,25 +105,14 @@ - builder: name: report-security-audit-result-to-gerrit builders: - - shell: | - #!/bin/bash - set -o errexit - set -o pipefail - set -o xtrace - export PATH=$PATH:/usr/local/bin/ - - # If no violations were found, no lint log will exist. - if [[ -e securityaudit.log ]] ; then - echo -e "\nposting security audit report to gerrit...\n" - - cat securityaudit.log - echo - - ssh -p 29418 gerrit.opnfv.org \ - "gerrit review -p $GERRIT_PROJECT \ - -m \"$(cat securityaudit.log)\" \ - $GERRIT_PATCHSET_REVISION \ - --notify NONE" - - exit 1 - fi + - shell: + !include-raw: ./anteater-report-to-gerrit.sh + +- builder: + name: anteater-security-audit-weekly + builders: + - shell: + !include-raw: + - ./anteater-clone-all-repos.sh + - ./anteater-security-audit-weekly.sh +