--- /dev/null
+#!/bin/bash
+# SPDX-license-identifier: Apache-2.0
+set -o errexit
+set -o pipefail
+set -o nounset
+export PATH=$PATH:/usr/local/bin/
+
+
+#WORKSPACE="$(pwd)"
+
+cd $WORKSPACE
+if [ ! -d "$WORKSPACE/allrepos" ]; then
+ mkdir $WORKSPACE/allrepos
+fi
+
+cd $WORKSPACE/allrepos
+
+declare -a PROJECT_LIST
+EXCLUDE_PROJECTS="All-Projects|All-Users|securedlab"
+
+PROJECT_LIST=($(ssh gerrit.opnfv.org -p 29418 gerrit ls-projects | egrep -v $EXCLUDE_PROJECTS))
+echo "PROJECT_LIST=(${PROJECT_LIST[*]})" > $WORKSPACE/opnfv-projects.sh
+
+for PROJECT in ${PROJECT_LIST[@]}; do
+ echo "> Cloning $PROJECT"
+ if [ ! -d "$PROJECT" ]; then
+ git clone "https://gerrit.opnfv.org/gerrit/$PROJECT.git"
+ else
+ pushd "$PROJECT" > /dev/null
+ git pull -f
+ popd > /dev/null
+ fi
+done
#!/bin/bash
-set -o errexit
+# SPDX-license-identifier: Apache-2.0
set -o pipefail
export PATH=$PATH:/usr/local/bin/
EXITSTATUS=0
-# If no violations were found, no lint log will exist.
+# This Log should always exist
if [[ -e securityaudit.log ]] ; then
echo -e "\nposting security audit report to gerrit...\n"
-if grep ERROR securityaudit.log; then
-EXITSTATUS=1
-fi
-
- cat securityaudit.log | awk -F"ERROR -\ " '{print $2}' > shortlog
-
+ #check if log has errors
+ if grep ERROR securityaudit.log; then
+ EXITSTATUS=1
+ fi
+
+ cat securityaudit.log | awk -F"ERROR - " '{print $2}' > shortlog
+
ssh -p 29418 gerrit.opnfv.org \
"gerrit review -p $GERRIT_PROJECT \
- -m \"$(cat shortlog)\" \
- $GERRIT_PATCHSET_REVISION \
- --notify NONE"
-
+ -m \"$(cat shortlog)\" \
+ $GERRIT_PATCHSET_REVISION \
+ --notify NONE"
+
exit $EXITSTATUS
fi
--- /dev/null
+#!/bin/bash
+# SPDX-license-identifier: Apache-2.0
+
+echo "--------------------------------------------------------"
+vols="-v $WORKSPACE/allrepos/:/home/opnfv/anteater/allrepos/"
+echo "Pulling releng-anteater docker image"
+echo "--------------------------------------------------------"
+docker pull opnfv/releng-anteater
+echo "--------------------------------------------------------"
+cmd="docker run --user nobody -id $vols opnfv/releng-anteater /bin/bash"
+echo "Running docker command $cmd"
+container_id=$($cmd)
+echo "Container ID is $container_id"
+source $WORKSPACE/opnfv-projects.sh
+for project in "${PROJECT_LIST[@]}"
+
+do
+ cmd="anteater --project testproj --path /home/opnfv/anteater/allrepos/$project"
+ echo "Executing command inside container"
+ echo "$cmd"
+ echo "--------------------------------------------------------"
+ docker exec $container_id $cmd > $WORKSPACE/"$project".securityaudit.log 2>&1
+done
+
+exit_code=$?
+echo "--------------------------------------------------------"
+echo "Stopping docker container with ID $container_id"
+docker stop $container_id
+
+
+#gsutil cp $WORKSPACE/securityaudit.log \
+# gs://$GS_URL/$PROJECT-securityaudit-weekly.log 2>&1
+#
+#gsutil -m setmeta \
+# -h "Content-Type:text/html" \
+# -h "Cache-Control:private, max-age=0, no-transform" \
+# gs://$GS_URL/$PROJECT-securityaudit-weekly.log > /dev/null 2>&1
+# SPDX-license-identifier: Apache-2.0
########################
-# Job configuration for opnfv-lint
+# Job configuration for opnfv-anteater (security audit)
########################
- project:
jobs:
- 'opnfv-security-audit-verify-{stream}'
+ - 'opnfv-security-audit-weekly-{stream}'
stream:
- master:
########################
# job templates
########################
+- job-template:
+ name: 'opnfv-security-audit-weekly-{stream}'
+
+ disabled: '{obj:disabled}'
+
+ parameters:
+ - label:
+ name: SLAVE_LABEL
+ default: 'ericsson-build3'
+ description: 'Slave label on Jenkins'
+ - project-parameter:
+ project: releng
+ branch: '{branch}'
+
+ triggers:
+ - timed: '0 H/6 * * *'
+
+ builders:
+ - anteater-security-audit-weekly
+
- job-template:
name: 'opnfv-security-audit-verify-{stream}'
comment-contains-value: 'reverify'
projects:
- project-compare-type: 'REG_EXP'
- project-pattern: 'sandbox'
+ project-pattern: 'sandbox|releng'
branches:
- branch-compare-type: 'ANT'
branch-pattern: '**/{branch}'
builders:
- shell:
!include-raw: ./anteater-report-to-gerrit.sh
+
+- builder:
+ name: anteater-security-audit-weekly
+ builders:
+ - shell:
+ !include-raw:
+ - ./anteater-clone-all-repos.sh
+ - ./anteater-security-audit-weekly.sh
Code Review / releng.git / commitdiff