kill-phase-on: FAILURE
abort-all-job: true
git-revision: true
-# - multijob:
-# name: functest-smoke
-# condition: SUCCESSFUL
-# projects:
-# - name: 'functest-apex-virtual-suite-{stream}'
-# current-parameters: false
-# predefined-parameters: |
-# DEPLOY_SCENARIO={verify-scenario}
-# FUNCTEST_SUITE_NAME=healthcheck
-# GERRIT_BRANCH=$GERRIT_BRANCH
-# GERRIT_REFSPEC=$GERRIT_REFSPEC
-# GERRIT_CHANGE_NUMBER=$GERRIT_CHANGE_NUMBER
-# GERRIT_CHANGE_COMMIT_MESSAGE=$GERRIT_CHANGE_COMMIT_MESSAGE
-# node-parameters: true
-# kill-phase-on: FAILURE
-# abort-all-job: true
-# git-revision: false
+ - multijob:
+ name: functest-smoke
+ condition: SUCCESSFUL
+ projects:
+ - name: 'functest-apex-virtual-suite-{stream}'
+ current-parameters: false
+ predefined-parameters: |
+ DEPLOY_SCENARIO={verify-scenario}
+ FUNCTEST_SUITE_NAME=healthcheck
+ GERRIT_BRANCH=$GERRIT_BRANCH
+ GERRIT_REFSPEC=$GERRIT_REFSPEC
+ GERRIT_CHANGE_NUMBER=$GERRIT_CHANGE_NUMBER
+ GERRIT_CHANGE_COMMIT_MESSAGE=$GERRIT_CHANGE_COMMIT_MESSAGE
+ node-parameters: true
+ kill-phase-on: NEVER
+ abort-all-job: true
+ git-revision: false
# Verify Scenario Gate
- job-template:
kill-phase-on: FAILURE
abort-all-job: true
git-revision: true
-# - multijob:
-# name: functest-smoke
-# condition: SUCCESSFUL
-# projects:
-# - name: 'functest-apex-virtual-suite-{stream}'
-# current-parameters: false
-# predefined-parameters: |
-# DEPLOY_SCENARIO={verify-scenario}
-# FUNCTEST_SUITE_NAME=healthcheck
-# GERRIT_BRANCH=$GERRIT_BRANCH
-# GERRIT_REFSPEC=$GERRIT_REFSPEC
-# GERRIT_CHANGE_NUMBER=$GERRIT_CHANGE_NUMBER
-# GERRIT_CHANGE_COMMIT_MESSAGE=$GERRIT_CHANGE_COMMIT_MESSAGE
-# node-parameters: true
-# kill-phase-on: FAILURE
-# abort-all-job: true
-# git-revision: false
+ - multijob:
+ name: functest-smoke
+ condition: SUCCESSFUL
+ projects:
+ - name: 'functest-apex-virtual-suite-{stream}'
+ current-parameters: false
+ predefined-parameters: |
+ DEPLOY_SCENARIO={verify-scenario}
+ FUNCTEST_SUITE_NAME=healthcheck
+ GERRIT_BRANCH=$GERRIT_BRANCH
+ GERRIT_REFSPEC=$GERRIT_REFSPEC
+ GERRIT_CHANGE_NUMBER=$GERRIT_CHANGE_NUMBER
+ GERRIT_CHANGE_COMMIT_MESSAGE=$GERRIT_CHANGE_COMMIT_MESSAGE
+ node-parameters: true
+ kill-phase-on: NEVER
+ abort-all-job: true
+ git-revision: false
- job-template:
name: 'apex-runner-cperf-{stream}'
kill-phase-on: FAILURE
abort-all-job: true
git-revision: true
-# - multijob:
-# name: functest-smoke
-# condition: SUCCESSFUL
-# projects:
-# - name: 'functest-apex-virtual-suite-{stream}'
-# current-parameters: false
-# predefined-parameters: |
-# DEPLOY_SCENARIO={verify-scenario}
-# FUNCTEST_SUITE_NAME=healthcheck
-# GERRIT_BRANCH=$GERRIT_BRANCH
-# GERRIT_REFSPEC=$GERRIT_REFSPEC
-# GERRIT_CHANGE_NUMBER=$GERRIT_CHANGE_NUMBER
-# GERRIT_CHANGE_COMMIT_MESSAGE=$GERRIT_CHANGE_COMMIT_MESSAGE
-# node-parameters: true
-# kill-phase-on: FAILURE
-# abort-all-job: true
-# git-revision: false
+ - multijob:
+ name: functest-smoke
+ condition: SUCCESSFUL
+ projects:
+ - name: 'functest-apex-virtual-suite-{stream}'
+ current-parameters: false
+ predefined-parameters: |
+ DEPLOY_SCENARIO={verify-scenario}
+ FUNCTEST_SUITE_NAME=healthcheck
+ GERRIT_BRANCH=$GERRIT_BRANCH
+ GERRIT_REFSPEC=$GERRIT_REFSPEC
+ GERRIT_CHANGE_NUMBER=$GERRIT_CHANGE_NUMBER
+ GERRIT_CHANGE_COMMIT_MESSAGE=$GERRIT_CHANGE_COMMIT_MESSAGE
+ node-parameters: true
+ kill-phase-on: NEVER
+ abort-all-job: true
+ git-revision: false
# Verify Scenario Gate
- job-template:
kill-phase-on: FAILURE
abort-all-job: true
git-revision: true
-# - multijob:
-# name: functest-smoke
-# condition: SUCCESSFUL
-# projects:
-# - name: 'functest-apex-virtual-suite-{stream}'
-# current-parameters: false
-# predefined-parameters: |
-# DEPLOY_SCENARIO={verify-scenario}
-# FUNCTEST_SUITE_NAME=healthcheck
-# GERRIT_BRANCH=$GERRIT_BRANCH
-# GERRIT_REFSPEC=$GERRIT_REFSPEC
-# GERRIT_CHANGE_NUMBER=$GERRIT_CHANGE_NUMBER
-# GERRIT_CHANGE_COMMIT_MESSAGE=$GERRIT_CHANGE_COMMIT_MESSAGE
-# node-parameters: true
-# kill-phase-on: FAILURE
-# abort-all-job: true
-# git-revision: false
+ - multijob:
+ name: functest-smoke
+ condition: SUCCESSFUL
+ projects:
+ - name: 'functest-apex-virtual-suite-{stream}'
+ current-parameters: false
+ predefined-parameters: |
+ DEPLOY_SCENARIO={verify-scenario}
+ FUNCTEST_SUITE_NAME=healthcheck
+ GERRIT_BRANCH=$GERRIT_BRANCH
+ GERRIT_REFSPEC=$GERRIT_REFSPEC
+ GERRIT_CHANGE_NUMBER=$GERRIT_CHANGE_NUMBER
+ GERRIT_CHANGE_COMMIT_MESSAGE=$GERRIT_CHANGE_COMMIT_MESSAGE
+ node-parameters: true
+ kill-phase-on: NEVER
+ abort-all-job: true
+ git-revision: false
- job-template:
name: 'apex-runner-cperf-{stream}'
- trigger:
name: 'fuel-os-odl_l2-nofeature-ha-armband-baremetal-master-trigger'
triggers:
- - timed: '0 0 * * 1'
+ - timed: ''
- trigger:
name: 'fuel-os-nosdn-nofeature-ha-armband-baremetal-master-trigger'
triggers:
- - timed: '0 0 * * 2'
+ - timed: ''
- trigger:
name: 'fuel-os-odl_l3-nofeature-ha-armband-baremetal-master-trigger'
triggers:
- - timed: '0 0 * * 3'
+ - timed: ''
- trigger:
name: 'fuel-os-odl_l2-bgpvpn-ha-armband-baremetal-master-trigger'
triggers:
- - timed: '0 0 * * 4'
+ - timed: ''
- trigger:
name: 'fuel-os-odl_l2-nofeature-noha-armband-baremetal-master-trigger'
triggers:
- - timed: '0 0 * * 5'
+ - timed: ''
- trigger:
name: 'fuel-os-odl_l2-sfc-ha-armband-baremetal-master-trigger'
triggers:
- - timed: '0 0,20 * * 6'
+ - timed: ''
- trigger:
name: 'fuel-os-odl_l2-sfc-noha-armband-baremetal-master-trigger'
triggers:
- - timed: '0 0,20 * * 7'
+ - timed: ''
#----------------------------------------------------------------------
# Enea Armband CI Baremetal Triggers running against danube branch
- trigger:
name: 'fuel-os-odl_l2-nofeature-ha-armband-baremetal-danube-trigger'
triggers:
- - timed: '0 4 * * 1,2,3,4,5'
+ - timed: '0 0,16 * * 2,4'
- trigger:
name: 'fuel-os-nosdn-nofeature-ha-armband-baremetal-danube-trigger'
triggers:
- - timed: '0 8 * * 1,2,3,4,5'
+ - timed: '0 0 * * 1,5,7'
- trigger:
name: 'fuel-os-odl_l2-bgpvpn-ha-armband-baremetal-danube-trigger'
triggers:
- - timed: '0 12 * * 1,2,3,4,5'
+ - timed: '0 16 * * 1,5,7'
- trigger:
name: 'fuel-os-odl_l3-nofeature-ha-armband-baremetal-danube-trigger'
triggers:
- - timed: '0 16 * * 1,2,3,4,5'
+ - timed: '0 8 * * 2,4,6'
- trigger:
name: 'fuel-os-odl_l2-nofeature-noha-armband-baremetal-danube-trigger'
triggers:
- - timed: '0 20 * * 1,2,3,4,5'
+ - timed: '0 8 * * 1,3,5,7'
- trigger:
name: 'fuel-os-odl_l2-sfc-ha-armband-baremetal-danube-trigger'
triggers:
- - timed: '0 4,8 * * 6,7'
+ - timed: '0 0 * * 3,6'
- trigger:
name: 'fuel-os-odl_l2-sfc-noha-armband-baremetal-danube-trigger'
triggers:
- - timed: '0 12,16 * * 6,7'
+ - timed: '0 16 * * 3,6'
#---------------------------------------------------------------
# Enea Armband CI Virtual Triggers running against master branch
#---------------------------------------------------------------
--- /dev/null
+#!/bin/bash
+set -o errexit
+set -o pipefail
+export PATH=$PATH:/usr/local/bin/
+EXITSTATUS=0
+
+# This Log should always exist
+if [[ -e securityaudit.log ]] ; then
+ echo -e "\nposting security audit report to gerrit...\n"
+
+ #check if log has errors
+ if grep ERROR securityaudit.log; then
+ EXITSTATUS=1
+ fi
+
+ cat securityaudit.log | awk -F"ERROR - " '{print $2}' > shortlog
+
+ ssh -p 29418 gerrit.opnfv.org \
+ "gerrit review -p $GERRIT_PROJECT \
+ -m \"$(cat shortlog)\" \
+ $GERRIT_PATCHSET_REVISION \
+ --notify NONE"
+
+ exit $EXITSTATUS
+fi
--- /dev/null
+#!/bin/bash
+cd $WORKSPACE
+echo "Generating patchset file to list changed files"
+git diff HEAD^1 --name-only | sed "s#^#/home/opnfv/anteater/$PROJECT/#" > $WORKSPACE/patchset
+echo "Changed files are"
+echo "--------------------------------------------------------"
+cat $WORKSPACE/patchset
+echo "--------------------------------------------------------"
+
+vols="-v $WORKSPACE:/home/opnfv/anteater/$PROJECT"
+envs="-e PROJECT=$PROJECT"
+
+echo "Pulling releng-anteater docker image"
+echo "--------------------------------------------------------"
+docker pull opnfv/releng-anteater
+echo "--------------------------------------------------------"
+
+cmd="sudo docker run --privileged=true -id $envs $vols opnfv/releng-anteater /bin/bash"
+echo "Running docker command $cmd"
+container_id=$($cmd)
+echo "Container ID is $container_id"
+cmd="anteater --project $PROJECT --patchset /home/opnfv/anteater/$PROJECT/patchset"
+echo "Executing command inside container"
+echo "$cmd"
+echo "--------------------------------------------------------"
+docker exec $container_id $cmd > $WORKSPACE/securityaudit.log 2>&1
+exit_code=$?
+echo "--------------------------------------------------------"
+echo "Stopping docker container with ID $container_id"
+docker stop $container_id
+cat securityaudit.log
+exit 0
########################
-# Job configuration for opnfv-lint
+# Job configuration for opnfv-anteater (security audit)
########################
- project:
disabled: '{obj:disabled}'
parameters:
+ - label:
+ name: SLAVE_LABEL
+ default: 'ericsson-build3'
+ description: 'Slave label on Jenkins'
- project-parameter:
project: $GERRIT_PROJECT
branch: '{branch}'
+ - string:
+ name: GIT_BASE
+ default: https://gerrit.opnfv.org/gerrit/$PROJECT
+ description: "Used for overriding the GIT URL coming from Global Jenkins configuration in case if the stuff is done on none-LF HW."
scm:
- git-scm-gerrit
comment-contains-value: 'reverify'
projects:
- project-compare-type: 'REG_EXP'
- project-pattern: 'sandbox'
+ project-pattern: 'sandbox|releng'
branches:
- branch-compare-type: 'ANT'
branch-pattern: '**/{branch}'
file-paths:
- compare-type: ANT
- pattern: '**/*.py'
- skip-vote:
- successful: true
- failed: true
- unstable: true
- notbuilt: true
+ pattern: '**'
+ skip-vote:
+ successful: true
+ failed: true
+ unstable: true
+ notbuilt: true
builders:
- - security-audit-python-code
+ - anteater-security-audit
- report-security-audit-result-to-gerrit
########################
# builder macros
########################
- builder:
- name: security-audit-python-code
+ name: anteater-security-audit
builders:
- - shell: |
- #!/bin/bash
- set -o errexit
- set -o pipefail
- set -o xtrace
- export PATH=$PATH:/usr/local/bin/
+ - shell:
+ !include-raw: ./anteater-security-audit.sh
- # this is where the security/license audit script will be executed
- echo "Hello World!"
- builder:
name: report-security-audit-result-to-gerrit
builders:
- - shell: |
- #!/bin/bash
- set -o errexit
- set -o pipefail
- set -o xtrace
- export PATH=$PATH:/usr/local/bin/
-
- # If no violations were found, no lint log will exist.
- if [[ -e securityaudit.log ]] ; then
- echo -e "\nposting security audit report to gerrit...\n"
-
- cat securityaudit.log
- echo
-
- ssh -p 29418 gerrit.opnfv.org \
- "gerrit review -p $GERRIT_PROJECT \
- -m \"$(cat securityaudit.log)\" \
- $GERRIT_PATCHSET_REVISION \
- --notify NONE"
-
- exit 1
- fi
+ - shell:
+ !include-raw: ./anteater-report-to-gerrit.sh
-paramiko==2.1.2
-mock==1.3.0
-requests==2.9.1
+paramiko>=2.0 # LGPLv2.1+
+mock>=2.0 # BSD
+requests!=2.12.2,>=2.10.0 # Apache-2.0
package_data={
},
url="https://www.opnfv.org",
- install_requires=["paramiko>=2.0.1",
- "mock==1.3.0",
- "nose==1.3.7",
- "coverage==4.1",
- "requests==2.9.1"]
+ install_requires=["paramiko>=2.0",
+ "mock>=2.0",
+ "requests!=2.12.2,>=2.10.0"],
+ test_requires=["nose",
+ "coverage>=4.0"]
)
-# The order of packages is significant, because pip processes them in the order
-# of appearance. Changing the order has an impact on the overall integration
-# process, which may cause wedges in the gate later.
-
-nose
-coverage
+nose # LGPL
+coverage>=4.0 # Apache-2.0
##############################################################################
# these versions are extracted based on the osa commit d9e1330c7ff9d72a604b6b4f3af765f66a01b30e on 04.04.2017
# https://review.openstack.org/gitweb?p=openstack/openstack-ansible.git;a=commit;h=d9e1330c7ff9d72a604b6b4f3af765f66a01b30e
+- name: ansible-hardening
+ scm: git
+ src: https://git.openstack.org/openstack/ansible-hardening
+ version: 051fe3195f59d1ee8db06fca5d2cce7a25e58861
- name: apt_package_pinning
scm: git
src: https://git.openstack.org/openstack/openstack-ansible-apt_package_pinning