jjb/ci_gate_security/opnfv-ci-gate-security.yaml

   1 ---
   2 # SPDX-license-identifier: Apache-2.0
   3 ########################
   4 # Job configuration for opnfv-anteater (security audit)
   5 ########################
   6 - project:
   7
   8     name: anteaterfw
   9
  10     project: anteaterfw
  11
  12     repo:
  13       - apex
  14       - apex-os-net-config
  15       - apex-puppet-tripleo
  16       - apex-tripleo-heat-templates
  17       - armband
  18       - auto
  19       - availability
  20       - bamboo
  21       - barometer
  22       - bottlenecks
  23       - calipso
  24       - clover
  25       - conductor
  26       - container4nfv
  27       - cperf
  28       - daisy
  29       - doctor
  30       - domino
  31       - dovetail
  32       - dpacc
  33       - enfv
  34       - fds
  35       - fuel
  36       - ipv6
  37       - joid
  38       - kvmfornfv
  39       - models
  40       - moon
  41       - nfvbench
  42       - onosfw
  43       - opera
  44       - opnfvdocs
  45       - orchestra
  46       - ovn4nfv
  47       - ovno
  48       - ovsnfv
  49       - parser
  50       - pharos
  51       - promise
  52       - qtip
  53       - releng
  54       - releng-anteater
  55       - releng-testresults
  56       - releng-utils
  57       - releng-xci
  58       - samplevnf
  59       - sdnvpn
  60       - securityscanning
  61       - sfc
  62       - snaps
  63       - stor4nfv
  64       - storperf
  65       - ves
  66       - vswitchperf
  67       - yardstick
  68
  69     jobs:
  70       - 'opnfv-security-audit-verify-{stream}'
  71       - 'opnfv-security-audit-{repo}-weekly-{stream}'
  72
  73     stream:
  74       - master:
  75           branch: '{stream}'
  76           gs-pathname: ''
  77           disabled: false
  78
  79 ########################
  80 # job templates
  81 ########################
  82 - job-template:
  83     name: 'opnfv-security-audit-{repo}-weekly-{stream}'
  84
  85     disabled: '{obj:disabled}'
  86
  87     parameters:
  88       - opnfv-build-defaults
  89       - string:
  90           name: ANTEATER_SCAN_PATCHSET
  91           default: "false"
  92           description: "Have anteater scan patchsets (true) or full project (false)"
  93       - project-parameter:
  94           project: '{repo}'
  95           branch: '{branch}'
  96
  97     scm:
  98       - git-scm-gerrit
  99
 100     triggers:
 101       - timed: '@weekly'
 102
 103     builders:
 104       - anteater-security-audit-weekly
 105
 106     publishers:
 107       # defined in jjb/global/releng-macros.yml
 108       - 'email-{repo}-ptl':
 109           subject: 'OPNFV Security Scan Result: {repo}'
 110       - workspace-cleanup:
 111           fail-build: false
 112
 113 - job-template:
 114     name: 'opnfv-security-audit-verify-{stream}'
 115
 116     disabled: '{obj:disabled}'
 117
 118     parameters:
 119       - label:
 120           name: SLAVE_LABEL
 121           default: 'opnfv-build'
 122           description: 'Slave label on Jenkins'
 123           all-nodes: false
 124           node-eligibility: 'ignore-offline'
 125       - project-parameter:
 126           project: $GERRIT_PROJECT
 127           branch: '{branch}'
 128       - string:
 129           name: GIT_BASE
 130           default: https://gerrit.opnfv.org/gerrit/$PROJECT
 131           # yamllint disable rule:line-length
 132           description: "Used for overriding the GIT URL coming from Global Jenkins configuration in case if the stuff is done on none-LF HW."
 133           # yamllint enable rule:line-length
 134
 135     scm:
 136       - git-scm-gerrit
 137
 138     # yamllint disable rule:line-length
 139     triggers:
 140       - gerrit:
 141           server-name: 'gerrit.opnfv.org'
 142           trigger-on:
 143             - patchset-created-event:
 144                 exclude-drafts: 'false'
 145                 exclude-trivial-rebase: 'false'
 146                 exclude-no-code-change: 'false'
 147             - draft-published-event
 148             - comment-added-contains-event:
 149                 comment-contains-value: 'recheck'
 150           projects:
 151             - project-compare-type: 'REG_EXP'
 152               project-pattern: 'apex|armband|bamboo|barometer|bottlenecks|calipso|conductor|cperf|daisy|doctor|dovetail|dpacc|enfv|fds|fuel|pharos|releng|sandbox|yardstick|infra|ipv6|kvmfornfv|models|moon'
 153               branches:
 154                 - branch-compare-type: 'ANT'
 155                   branch-pattern: '**/{branch}'
 156               file-paths:
 157                 - compare-type: ANT
 158                   pattern: '**'
 159           skip-vote:
 160             successful: true
 161             failed: true
 162             unstable: true
 163             notbuilt: true
 164     # yamllint enable rule:line-length
 165
 166     builders:
 167       - anteater-security-audit
 168       - report-security-audit-result-to-gerrit
 169     publishers:
 170       - archive-artifacts:
 171           artifacts: ".reports/*"
 172
 173 ########################
 174 # builder macros
 175 ########################
 176 - builder:
 177     name: anteater-security-audit
 178     builders:
 179       - shell:
 180           !include-raw: ./anteater-security-audit.sh
 181
 182 - builder:
 183     name: report-security-audit-result-to-gerrit
 184     builders:
 185       - shell:
 186           !include-raw: ./anteater-report-to-gerrit.sh
 187
 188 - builder:
 189     name: anteater-security-audit-weekly
 190     builders:
 191       - shell:
 192           !include-raw: ./anteater-security-audit-weekly.sh