jjb/ci_gate_security/opnfv-ci-gate-security.yaml

   1 ---
   2 # SPDX-license-identifier: Apache-2.0
   3 ########################
   4 # Job configuration for opnfv-anteater (security audit)
   5 ########################
   6 - project:
   7
   8     name: anteaterfw
   9
  10     project: anteaterfw
  11
  12     repo:
  13       - apex
  14       - apex-os-net-config
  15       - apex-puppet-tripleo
  16       - apex-tripleo-heat-templates
  17       - armband
  18       - auto
  19       - availability
  20       - bamboo
  21       - barometer
  22       - bottlenecks
  23       - calipso
  24       - clover
  25       - container4nfv
  26       - cperf
  27       - daisy
  28       - doctor
  29       - domino
  30       - dovetail
  31       - dpacc
  32       - enfv
  33       - fds
  34       - fuel
  35       - ipv6
  36       - joid
  37       - kvmfornfv
  38       - models
  39       - moon
  40       - nfvbench
  41       - onosfw
  42       - opera
  43       - opnfvdocs
  44       - orchestra
  45       - ovn4nfv
  46       - ovno
  47       - ovsnfv
  48       - parser
  49       - pharos
  50       - promise
  51       - qtip
  52       - releng
  53       - releng-anteater
  54       - releng-testresults
  55       - releng-utils
  56       - releng-xci
  57       - samplevnf
  58       - sdnvpn
  59       - securityscanning
  60       - sfc
  61       - snaps
  62       - stor4nfv
  63       - storperf
  64       - ves
  65       - vswitchperf
  66       - yardstick
  67
  68     jobs:
  69       - 'opnfv-security-audit-verify-{stream}'
  70       - 'opnfv-security-audit-{repo}-weekly-{stream}'
  71
  72     stream:
  73       - master:
  74           branch: '{stream}'
  75           gs-pathname: ''
  76           disabled: false
  77
  78 ########################
  79 # job templates
  80 ########################
  81 - job-template:
  82     name: 'opnfv-security-audit-{repo}-weekly-{stream}'
  83
  84     disabled: '{obj:disabled}'
  85
  86     parameters:
  87       - opnfv-build-defaults
  88       - string:
  89           name: ANTEATER_SCAN_PATCHSET
  90           default: "false"
  91           description: "Have anteater scan patchsets (true) or full project (false)"
  92       - project-parameter:
  93           project: '{repo}'
  94           branch: '{branch}'
  95
  96     scm:
  97       - git-scm-gerrit
  98
  99     triggers:
 100       - timed: '@weekly'
 101
 102     builders:
 103       - anteater-security-audit-weekly
 104
 105     publishers:
 106       # defined in jjb/global/releng-macros.yml
 107       - 'email-{repo}-ptl':
 108           subject: 'OPNFV Security Scan Result: {repo}'
 109       - workspace-cleanup:
 110           fail-build: false
 111
 112 - job-template:
 113     name: 'opnfv-security-audit-verify-{stream}'
 114
 115     disabled: '{obj:disabled}'
 116
 117     parameters:
 118       - label:
 119           name: SLAVE_LABEL
 120           default: 'opnfv-build'
 121           description: 'Slave label on Jenkins'
 122           all-nodes: false
 123           node-eligibility: 'ignore-offline'
 124       - project-parameter:
 125           project: $GERRIT_PROJECT
 126           branch: '{branch}'
 127       - string:
 128           name: GIT_BASE
 129           default: https://gerrit.opnfv.org/gerrit/$PROJECT
 130           # yamllint disable rule:line-length
 131           description: "Used for overriding the GIT URL coming from Global Jenkins configuration in case if the stuff is done on none-LF HW."
 132           # yamllint enable rule:line-length
 133
 134     scm:
 135       - git-scm-gerrit
 136
 137     # yamllint disable rule:line-length
 138     triggers:
 139       - gerrit:
 140           server-name: 'gerrit.opnfv.org'
 141           trigger-on:
 142             - patchset-created-event:
 143                 exclude-drafts: 'false'
 144                 exclude-trivial-rebase: 'false'
 145                 exclude-no-code-change: 'false'
 146             - draft-published-event
 147             - comment-added-contains-event:
 148                 comment-contains-value: 'recheck'
 149           projects:
 150             - project-compare-type: 'REG_EXP'
 151               project-pattern: 'apex|armband|bamboo|barometer|bottlenecks|calipso|cperf|daisy|doctor|dovetail|dpacc|enfv|fds|fuel|pharos|releng|sandbox|yardstick|infra|ipv6|kvmfornfv|models|moon'
 152               branches:
 153                 - branch-compare-type: 'ANT'
 154                   branch-pattern: '**/{branch}'
 155               file-paths:
 156                 - compare-type: ANT
 157                   pattern: '**'
 158           skip-vote:
 159             successful: true
 160             failed: true
 161             unstable: true
 162             notbuilt: true
 163     # yamllint enable rule:line-length
 164
 165     builders:
 166       - anteater-security-audit
 167       - report-security-audit-result-to-gerrit
 168     publishers:
 169       - archive-artifacts:
 170           artifacts: ".reports/*"
 171
 172 ########################
 173 # builder macros
 174 ########################
 175 - builder:
 176     name: anteater-security-audit
 177     builders:
 178       - shell:
 179           !include-raw: ./anteater-security-audit.sh
 180
 181 - builder:
 182     name: report-security-audit-result-to-gerrit
 183     builders:
 184       - shell:
 185           !include-raw: ./anteater-report-to-gerrit.sh
 186
 187 - builder:
 188     name: anteater-security-audit-weekly
 189     builders:
 190       - shell:
 191           !include-raw: ./anteater-security-audit-weekly.sh