From 19bdd65c1aab39be019f5b52f6a66dad7ca4c4b6 Mon Sep 17 00:00:00 2001 From: Trevor Bramwell Date: Mon, 30 Nov 2020 14:06:44 -0800 Subject: [PATCH 1/1] Remove Security Jobs Reports from these jobs are not being acted on nor is the code maintained. Change-Id: I52d7881934e63fa1524833a28f997f4237c16545 Signed-off-by: Trevor Bramwell --- jjb/ci_gate_security/anteater-report-to-gerrit.sh | 28 -- .../anteater-security-audit-weekly.sh | 50 --- jjb/ci_gate_security/anteater-security-audit.sh | 32 -- jjb/ci_gate_security/opnfv-ci-gate-security.yaml | 190 --------- jjb/fuel/fuel-daily-jobs.yaml | 2 - jjb/fuel/fuel-docker-jobs.yaml | 3 - jjb/global/releng-macros.yaml | 424 --------------------- 7 files changed, 729 deletions(-) delete mode 100644 jjb/ci_gate_security/anteater-report-to-gerrit.sh delete mode 100644 jjb/ci_gate_security/anteater-security-audit-weekly.sh delete mode 100644 jjb/ci_gate_security/anteater-security-audit.sh delete mode 100644 jjb/ci_gate_security/opnfv-ci-gate-security.yaml diff --git a/jjb/ci_gate_security/anteater-report-to-gerrit.sh b/jjb/ci_gate_security/anteater-report-to-gerrit.sh deleted file mode 100644 index 51a8ac47b..000000000 --- a/jjb/ci_gate_security/anteater-report-to-gerrit.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -# SPDX-license-identifier: Apache-2.0 -set -o pipefail -export PATH=$PATH:/usr/local/bin/ -EXITSTATUS=0 - -# This Log should always exist -if [[ -e securityaudit.log ]] ; then - - #check if log has errors - if grep ERROR securityaudit.log; then - EXITSTATUS=1 - fi - - grep 'ERROR' securityaudit.log | awk -F"ERROR - " '{ print $2 }' | tr -d "\'\"" > shortlog - - # Only report to Gerrit when there are errors to report. - if [[ -s shortlog ]]; then - echo -e "\nposting security audit report to gerrit...\n" - ssh -p 29418 gerrit.opnfv.org \ - "gerrit review -p $GERRIT_PROJECT \ - -m \"$(cat shortlog)\" \ - $GERRIT_PATCHSET_REVISION \ - --notify NONE" - fi - - exit $EXITSTATUS -fi diff --git a/jjb/ci_gate_security/anteater-security-audit-weekly.sh b/jjb/ci_gate_security/anteater-security-audit-weekly.sh deleted file mode 100644 index 6caa13117..000000000 --- a/jjb/ci_gate_security/anteater-security-audit-weekly.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash -# SPDX-license-identifier: Apache-2.0 -############################################################################## -# Copyright (c) 2017 The Linux Foundation and others. -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -ANTEATER_SCAN_PATCHSET="${ANTEATER_SCAN_PATCHSET:-true}" - -cd $WORKSPACE -REPORTDIR='.reports' -mkdir -p $REPORTDIR -# Ensure any user can read the reports directory -chmod 777 $REPORTDIR - -ANTEATER_FILES="--patchset /home/opnfv/anteater/$PROJECT/patchset" - -if [[ "$ANTEATER_SCAN_PATCHSET" == "true" ]]; then - echo "Generating patchset file to list changed files" - git diff HEAD^1 --name-only | sed "s#^#/home/opnfv/anteater/$PROJECT/#" > $WORKSPACE/patchset - echo "Changed files are" - echo "--------------------------------------------------------" - cat $WORKSPACE/patchset - echo "--------------------------------------------------------" -else - echo "Checking full project $PROJECT" - ANTEATER_FILES="--path /home/opnfv/anteater/$PROJECT" -fi - -vols="-v $WORKSPACE:/home/opnfv/anteater/$PROJECT -v $WORKSPACE/$REPORTDIR:/home/opnfv/anteater/$REPORTDIR" -envs="-e PROJECT=$PROJECT" - -echo "Pulling releng-anteater docker image" -echo "--------------------------------------------------------" -docker pull opnfv/releng-anteater -echo "--------------------------------------------------------" - -cmd="docker run -i $envs $vols --rm opnfv/releng-anteater \ -/home/opnfv/venv/bin/anteater --project $PROJECT $ANTEATER_FILES" -echo "Running docker container" -echo "$cmd" -$cmd > $WORKSPACE/securityaudit.log 2>&1 -exit_code=$? -echo "--------------------------------------------------------" -echo "Docker container exited with code: $exit_code" -echo "--------------------------------------------------------" -exit 0 diff --git a/jjb/ci_gate_security/anteater-security-audit.sh b/jjb/ci_gate_security/anteater-security-audit.sh deleted file mode 100644 index 8a170b044..000000000 --- a/jjb/ci_gate_security/anteater-security-audit.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -cd $WORKSPACE -REPORTDIR='.reports' -mkdir -p $REPORTDIR -# Ensure any user can read the reports directory -chmod 777 $REPORTDIR -echo "Generating patchset file to list changed files" -git diff HEAD^1 --name-only | sed "s#^#/home/opnfv/anteater/$PROJECT/#" > $WORKSPACE/patchset -echo "Changed files are" -echo "--------------------------------------------------------" -cat $WORKSPACE/patchset -echo "--------------------------------------------------------" - -vols="-v $WORKSPACE:/home/opnfv/anteater/$PROJECT -v $WORKSPACE/$REPORTDIR:/home/opnfv/anteater/$REPORTDIR" -envs="-e PROJECT=$PROJECT" - -echo "Pulling releng-anteater docker image" -echo "--------------------------------------------------------" -docker pull opnfv/releng-anteater -echo "--------------------------------------------------------" - -cmd="docker run -i $envs $vols --rm opnfv/releng-anteater \ -/home/opnfv/venv/bin/anteater --project $PROJECT --patchset /home/opnfv/anteater/$PROJECT/patchset" -echo "Running docker container" -echo "$cmd" -$cmd > $WORKSPACE/securityaudit.log 2>&1 -exit_code=$? -echo "--------------------------------------------------------" -echo "Docker container exited with code: $exit_code" -echo "--------------------------------------------------------" -cat securityaudit.log -exit 0 diff --git a/jjb/ci_gate_security/opnfv-ci-gate-security.yaml b/jjb/ci_gate_security/opnfv-ci-gate-security.yaml deleted file mode 100644 index 1f75829a7..000000000 --- a/jjb/ci_gate_security/opnfv-ci-gate-security.yaml +++ /dev/null @@ -1,190 +0,0 @@ ---- -# SPDX-license-identifier: Apache-2.0 -######################## -# Job configuration for opnfv-anteater (security audit) -######################## -- project: - - name: anteaterfw - - project: anteaterfw - - repo: - - apex - - apex-os-net-config - - apex-puppet-tripleo - - apex-tripleo-heat-templates - - armband - - auto - - availability - - bamboo - - barometer - - bottlenecks - - calipso - - clover - - container4nfv - - cperf - - daisy - - doctor - - domino - - dovetail - - dpacc - - enfv - - fds - - fuel - - ipv6 - - joid - - kvmfornfv - - models - - moon - - nfvbench - - onosfw - - opera - - opnfvdocs - - orchestra - - ovn4nfv - - ovno - - ovsnfv - - parser - - pharos - - qtip - - releng - - releng-anteater - - releng-testresults - - releng-utils - - releng-xci - - samplevnf - - sdnvpn - - securityscanning - - sfc - - snaps - - stor4nfv - - storperf - - ves - - vswitchperf - - yardstick - - jobs: - - 'opnfv-security-audit-verify-{stream}' - - 'opnfv-security-audit-{repo}-weekly-{stream}' - - stream: - - master: - branch: '{stream}' - gs-pathname: '' - disabled: false - -######################## -# job templates -######################## -- job-template: - name: 'opnfv-security-audit-{repo}-weekly-{stream}' - - disabled: '{obj:disabled}' - - parameters: - - opnfv-build-defaults - - string: - name: ANTEATER_SCAN_PATCHSET - default: "false" - description: "Have anteater scan patchsets (true) or full project (false)" - - project-parameter: - project: '{repo}' - branch: '{branch}' - - scm: - - git-scm-gerrit - - triggers: - - timed: '@weekly' - - builders: - - anteater-security-audit-weekly - - publishers: - # defined in jjb/global/releng-macros.yml - - 'email-{repo}-ptl': - subject: 'OPNFV Security Scan Result: {repo}' - - workspace-cleanup: - fail-build: false - -- job-template: - name: 'opnfv-security-audit-verify-{stream}' - - disabled: '{obj:disabled}' - - parameters: - - label: - name: SLAVE_LABEL - default: 'opnfv-build' - description: 'Slave label on Jenkins' - all-nodes: false - node-eligibility: 'ignore-offline' - - project-parameter: - project: $GERRIT_PROJECT - branch: '{branch}' - - string: - name: GIT_BASE - default: https://gerrit.opnfv.org/gerrit/$PROJECT - # yamllint disable rule:line-length - description: "Used for overriding the GIT URL coming from Global Jenkins configuration in case if the stuff is done on none-LF HW." - # yamllint enable rule:line-length - - scm: - - git-scm-gerrit - - # yamllint disable rule:line-length - triggers: - - gerrit: - server-name: 'gerrit.opnfv.org' - trigger-on: - - patchset-created-event: - exclude-drafts: 'false' - exclude-trivial-rebase: 'false' - exclude-no-code-change: 'false' - - draft-published-event - - comment-added-contains-event: - comment-contains-value: 'recheck' - projects: - - project-compare-type: 'REG_EXP' - project-pattern: 'apex|armband|bamboo|barometer|bottlenecks|calipso|cperf|daisy|doctor|dovetail|dpacc|enfv|fds|fuel|pharos|releng|sandbox|yardstick|infra|ipv6|kvmfornfv|models|moon' - branches: - - branch-compare-type: 'ANT' - branch-pattern: '**/{branch}' - file-paths: - - compare-type: ANT - pattern: '**' - skip-vote: - successful: true - failed: true - unstable: true - notbuilt: true - # yamllint enable rule:line-length - - builders: - - anteater-security-audit - - report-security-audit-result-to-gerrit - publishers: - - archive-artifacts: - artifacts: ".reports/*" - -######################## -# builder macros -######################## -- builder: - name: anteater-security-audit - builders: - - shell: - !include-raw: ./anteater-security-audit.sh - -- builder: - name: report-security-audit-result-to-gerrit - builders: - - shell: - !include-raw: ./anteater-report-to-gerrit.sh - -- builder: - name: anteater-security-audit-weekly - builders: - - shell: - !include-raw: ./anteater-security-audit-weekly.sh diff --git a/jjb/fuel/fuel-daily-jobs.yaml b/jjb/fuel/fuel-daily-jobs.yaml index de7752334..ceb86c995 100644 --- a/jjb/fuel/fuel-daily-jobs.yaml +++ b/jjb/fuel/fuel-daily-jobs.yaml @@ -245,7 +245,6 @@ unstable-threshold: 'FAILURE' publishers: - - email-fuel-ptl - email-jenkins-admins-on-failure - job-template: @@ -296,7 +295,6 @@ !include-raw-escape: ./fuel-deploy.sh publishers: - - email-fuel-ptl - email-jenkins-admins-on-failure - report-provision-result diff --git a/jjb/fuel/fuel-docker-jobs.yaml b/jjb/fuel/fuel-docker-jobs.yaml index b90f95d1b..922ff5c53 100644 --- a/jjb/fuel/fuel-docker-jobs.yaml +++ b/jjb/fuel/fuel-docker-jobs.yaml @@ -102,9 +102,6 @@ - name: 'fuel-docker-manifest-{stream}' <<: *manifest-job-settings - publishers: - - email-fuel-ptl - - job-template: name: 'fuel-docker-build-{arch_tag}-{stream}' disabled: '{obj:disabled}' diff --git a/jjb/global/releng-macros.yaml b/jjb/global/releng-macros.yaml index ef37ef9b9..b82fbea95 100644 --- a/jjb/global/releng-macros.yaml +++ b/jjb/global/releng-macros.yaml @@ -550,430 +550,6 @@ send-to: - recipients -# Email PTL publishers -- email_ptl_defaults: &email_ptl_defaults - name: 'email_ptl_defaults' - content-type: text - attach-build-log: true - attachments: '*.log' - compress-log: true - always: true - subject: '{subject}' - -- publisher: &email_apex_ptl_defaults - name: 'email-apex-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - trozet@redhat.com -- publisher: - name: 'email-apex-os-net-config-ptl' - <<: *email_apex_ptl_defaults -- publisher: - name: 'email-apex-puppet-tripleo-ptl' - <<: *email_apex_ptl_defaults -- publisher: - name: 'email-apex-tripleo-heat-templates-ptl' - <<: *email_apex_ptl_defaults - -- publisher: - name: 'email-armband-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - bob.monkman@arm.com - -- publisher: - name: 'email-auto-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - tina.tsou@arm.com - -- publisher: - name: 'email-availability-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - fuqiao@chinamobile.com - -- publisher: - name: 'email-bamboo-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - donaldh@cisco.com - -- publisher: - name: 'email-barometer-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - aasmith@redhat.com - -- publisher: - name: 'email-bottlenecks-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - gabriel.yuyang@huawei.com - -- publisher: - name: 'email-calipso-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - korlev@cisco.com - -- publisher: - name: 'email-clover-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - stephen.wong1@huawei.com - -- publisher: - name: 'email-container4nfv-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - jiaxuan@chinamobile.com - -- publisher: - name: 'email-cperf-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - matt.welch@intel.com - -- publisher: - name: 'email-daisy-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - hu.zhijiang@zte.com.cn - -- publisher: - name: 'email-doctor-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - r-mibu@cq.jp.nec.com - -- publisher: - name: 'email-domino-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - ulas.kozat@huawei.com - -- publisher: - name: 'email-dovetail-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - georg.kunz@ericsson.com - -- publisher: - name: 'email-dpacc-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - denglingli@chinamobile.com - -- publisher: - name: 'email-enfv-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - JBuchanan@advaoptical.com - -- publisher: - name: 'email-fds-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - fbrockne@cisco.com - -- publisher: - name: 'email-fuel-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - Alexandru.Avadanii@enea.com - -- publisher: - name: 'email-functest-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - cedric.ollivier@orange.com - -- publisher: - name: 'email-ipv6-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - bh526r@att.com - -- publisher: - name: 'email-joid-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - artur.tyloch@canonical.com - -- publisher: - name: 'email-kvmfornfv-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - raghuveer.reddy@intel.com - -- publisher: - name: 'email-models-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - bs3131@att.com - -- publisher: - name: 'email-moon-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - ruan.he@orange.com - -- publisher: - name: 'email-nfvbench-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - ahothan@cisco.com - -- publisher: - name: 'email-onosfw-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - su.wei@huawei.com - -- publisher: - name: 'email-opera-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - Yingjun.li@huawei.com - -- publisher: - name: 'email-opnfvdocs-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - sofia.wallin@ericsson.com - -- publisher: - name: 'email-orchestra-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - giuseppe.carella@fokus.fraunhofer.de - -- publisher: - name: 'email-ovn4nfv-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - trinath.somanchi@gmail.com - -- publisher: - name: 'email-ovno-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - wsmackie@juniper.net - -- publisher: - name: 'email-ovsnfv-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - MarkD.Graymark.d.gray@intel.com - -- publisher: - name: 'email-parser-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - shang.xiaodong@zte.com.cn - -- publisher: &email_pharos_ptl_defaults - name: 'email-pharos-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - jack@jento.io - -- publisher: &email_laas_ptl_defaults - name: 'email-laas-ptl' - publishers: - - email-ext: - <<: *email_laas_ptl_defaults - recipients: > - pberberian@iol.unh.edu - -- publisher: - name: 'email-qtip-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - wu.zhihui1@zte.com.cn - -- publisher: &email_releng_ptl_defaults - name: 'email-releng-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - tbramwell@linuxfoundation.org -- publisher: - name: 'email-releng-anteater-ptl' - <<: *email_releng_ptl_defaults -- publisher: - name: 'email-releng-testresults-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - feng.xiaowei@zte.com.cn -- publisher: - name: 'email-releng-utils-ptl' - <<: *email_releng_ptl_defaults -- publisher: - name: 'email-releng-xci-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - fatih.degirmenci@ericsson.com - disable-publisher: true - -- publisher: - name: 'email-samplevnf-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - deepak.s@intel.com - -- publisher: - name: 'email-sdnvpn-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - tim.irnich@ericsson.com - -- publisher: - name: 'email-securityscanning-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - lhinds@redhat.com - -- publisher: - name: 'email-sfc-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - mbuil@suse.com - -- publisher: - name: 'email-snaps-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - s.pisarski@cablelabs.com - -- publisher: - name: 'email-stor4nfv-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - shane.wang@intel.com - -- publisher: - name: 'email-storperf-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - mark.beierl@emc.com - -- publisher: - name: 'email-ves-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - bryan.sullivan@att.com - -- publisher: - name: 'email-vswitchperf-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - sridhar.rao@spirent.com - -- publisher: - name: 'email-yardstick-ptl' - publishers: - - email-ext: - <<: *email_ptl_defaults - recipients: > - ross.b.brattain@intel.com - - publisher: name: 'report-provision-result' publishers: -- 2.16.6