jjb/ci_gate_security/opnfv-ci-gate-security.yaml

   1 ---
   2 # SPDX-license-identifier: Apache-2.0
   3 ########################
   4 # Job configuration for opnfv-anteater (security audit)
   5 ########################
   6 - project:
   7
   8     name: anteaterfw
   9
  10     project: anteaterfw
  11
  12     repo:
  13       - apex
  14       - apex-os-net-config
  15       - apex-puppet-tripleo
  16       - apex-tripleo-heat-templates
  17       - armband
  18       - auto
  19       - availability
  20       - bamboo
  21       - barometer
  22       - bottlenecks
  23       - calipso
  24       - clover
  25       - compass-containers
  26       - compass4nfv
  27       - conductor
  28       - container4nfv
  29       - copper
  30       - cperf
  31       - daisy
  32       - doctor
  33       - domino
  34       - dovetail
  35       - dpacc
  36       - enfv
  37       - fds
  38       - fuel
  39       - functest
  40       - ipv6
  41       - joid
  42       - kvmfornfv
  43       - models
  44       - moon
  45       - netready
  46       - nfvbench
  47       - onosfw
  48       - opera
  49       - opnfvdocs
  50       - orchestra
  51       - ovn4nfv
  52       - ovno
  53       - ovsnfv
  54       - parser
  55       - pharos
  56       - pharos-tools
  57       - promise
  58       - qtip
  59       - releng
  60       - releng-anteater
  61       - releng-testresults
  62       - releng-utils
  63       - releng-xci
  64       - samplevnf
  65       - sdnvpn
  66       - securityscanning
  67       - sfc
  68       - snaps
  69       - stor4nfv
  70       - storperf
  71       - ves
  72       - vswitchperf
  73       - yardstick
  74
  75     jobs:
  76       - 'opnfv-security-audit-verify-{stream}'
  77       - 'opnfv-security-audit-{repo}-weekly-{stream}'
  78
  79     stream:
  80       - master:
  81           branch: '{stream}'
  82           gs-pathname: ''
  83           disabled: false
  84
  85 ########################
  86 # job templates
  87 ########################
  88 - job-template:
  89     name: 'opnfv-security-audit-{repo}-weekly-{stream}'
  90
  91     disabled: '{obj:disabled}'
  92
  93     parameters:
  94       - opnfv-build-defaults
  95       - string:
  96           name: ANTEATER_SCAN_PATCHSET
  97           default: "false"
  98           description: "Have anteater scan patchsets (true) or full project (false)"
  99       - project-parameter:
 100           project: '{repo}'
 101           branch: '{branch}'
 102
 103     scm:
 104       - git-scm-gerrit
 105
 106     triggers:
 107       - timed: '@weekly'
 108
 109     builders:
 110       - anteater-security-audit-weekly
 111
 112     publishers:
 113       # defined in jjb/global/releng-macros.yml
 114       - 'email-{repo}-ptl':
 115           subject: 'OPNFV Security Scan Result: {repo}'
 116       - workspace-cleanup:
 117           fail-build: false
 118
 119 - job-template:
 120     name: 'opnfv-security-audit-verify-{stream}'
 121
 122     disabled: '{obj:disabled}'
 123
 124     parameters:
 125       - label:
 126           name: SLAVE_LABEL
 127           default: 'opnfv-build'
 128           description: 'Slave label on Jenkins'
 129           all-nodes: false
 130           node-eligibility: 'ignore-offline'
 131       - project-parameter:
 132           project: $GERRIT_PROJECT
 133           branch: '{branch}'
 134       - string:
 135           name: GIT_BASE
 136           default: https://gerrit.opnfv.org/gerrit/$PROJECT
 137           # yamllint disable rule:line-length
 138           description: "Used for overriding the GIT URL coming from Global Jenkins configuration in case if the stuff is done on none-LF HW."
 139           # yamllint enable rule:line-length
 140
 141     scm:
 142       - git-scm-gerrit
 143
 144     # yamllint disable rule:line-length
 145     triggers:
 146       - gerrit:
 147           server-name: 'gerrit.opnfv.org'
 148           trigger-on:
 149             - patchset-created-event:
 150                 exclude-drafts: 'false'
 151                 exclude-trivial-rebase: 'false'
 152                 exclude-no-code-change: 'false'
 153             - draft-published-event
 154             - comment-added-contains-event:
 155                 comment-contains-value: 'recheck'
 156           projects:
 157             - project-compare-type: 'REG_EXP'
 158               project-pattern: 'apex|armband|bamboo|barometer|bottlenecks|calipso|compass4nfv|conductor|copper|cperf|daisy|doctor|dovetail|dpacc|enfv|fds|fuel|functest|pharos|releng|sandbox|yardstick|infra|ipv6|kvmfornfv|models|moon|netready'
 159               branches:
 160                 - branch-compare-type: 'ANT'
 161                   branch-pattern: '**/{branch}'
 162               file-paths:
 163                 - compare-type: ANT
 164                   pattern: '**'
 165           skip-vote:
 166             successful: true
 167             failed: true
 168             unstable: true
 169             notbuilt: true
 170     # yamllint enable rule:line-length
 171
 172     builders:
 173       - anteater-security-audit
 174       - report-security-audit-result-to-gerrit
 175     publishers:
 176       - archive-artifacts:
 177           artifacts: ".reports/*"
 178
 179 ########################
 180 # builder macros
 181 ########################
 182 - builder:
 183     name: anteater-security-audit
 184     builders:
 185       - shell:
 186           !include-raw: ./anteater-security-audit.sh
 187
 188 - builder:
 189     name: report-security-audit-result-to-gerrit
 190     builders:
 191       - shell:
 192           !include-raw: ./anteater-report-to-gerrit.sh
 193
 194 - builder:
 195     name: anteater-security-audit-weekly
 196     builders:
 197       - shell:
 198           !include-raw: ./anteater-security-audit-weekly.sh