jjb/ci_gate_security/opnfv-ci-gate-security.yaml

   1 ---
   2 # SPDX-license-identifier: Apache-2.0
   3 ########################
   4 # Job configuration for opnfv-anteater (security audit)
   5 ########################
   6 - project:
   7
   8     name: anteaterfw
   9
  10     project: anteaterfw
  11
  12     repo:
  13       - apex
  14       - apex-os-net-config
  15       - apex-puppet-tripleo
  16       - apex-tripleo-heat-templates
  17       - armband
  18       - auto
  19       - availability
  20       - bamboo
  21       - barometer
  22       - bottlenecks
  23       - calipso
  24       - clover
  25       - compass-containers
  26       - compass4nfv
  27       - conductor
  28       - container4nfv
  29       - cperf
  30       - daisy
  31       - doctor
  32       - domino
  33       - dovetail
  34       - dpacc
  35       - enfv
  36       - fds
  37       - fuel
  38       - ipv6
  39       - joid
  40       - kvmfornfv
  41       - models
  42       - moon
  43       - netready
  44       - nfvbench
  45       - onosfw
  46       - opera
  47       - opnfvdocs
  48       - orchestra
  49       - ovn4nfv
  50       - ovno
  51       - ovsnfv
  52       - parser
  53       - pharos
  54       - pharos-tools
  55       - promise
  56       - qtip
  57       - releng
  58       - releng-anteater
  59       - releng-testresults
  60       - releng-utils
  61       - releng-xci
  62       - samplevnf
  63       - sdnvpn
  64       - securityscanning
  65       - sfc
  66       - snaps
  67       - stor4nfv
  68       - storperf
  69       - ves
  70       - vswitchperf
  71       - yardstick
  72
  73     jobs:
  74       - 'opnfv-security-audit-verify-{stream}'
  75       - 'opnfv-security-audit-{repo}-weekly-{stream}'
  76
  77     stream:
  78       - master:
  79           branch: '{stream}'
  80           gs-pathname: ''
  81           disabled: false
  82
  83 ########################
  84 # job templates
  85 ########################
  86 - job-template:
  87     name: 'opnfv-security-audit-{repo}-weekly-{stream}'
  88
  89     disabled: '{obj:disabled}'
  90
  91     parameters:
  92       - opnfv-build-defaults
  93       - string:
  94           name: ANTEATER_SCAN_PATCHSET
  95           default: "false"
  96           description: "Have anteater scan patchsets (true) or full project (false)"
  97       - project-parameter:
  98           project: '{repo}'
  99           branch: '{branch}'
 100
 101     scm:
 102       - git-scm-gerrit
 103
 104     triggers:
 105       - timed: '@weekly'
 106
 107     builders:
 108       - anteater-security-audit-weekly
 109
 110     publishers:
 111       # defined in jjb/global/releng-macros.yml
 112       - 'email-{repo}-ptl':
 113           subject: 'OPNFV Security Scan Result: {repo}'
 114       - workspace-cleanup:
 115           fail-build: false
 116
 117 - job-template:
 118     name: 'opnfv-security-audit-verify-{stream}'
 119
 120     disabled: '{obj:disabled}'
 121
 122     parameters:
 123       - label:
 124           name: SLAVE_LABEL
 125           default: 'opnfv-build'
 126           description: 'Slave label on Jenkins'
 127           all-nodes: false
 128           node-eligibility: 'ignore-offline'
 129       - project-parameter:
 130           project: $GERRIT_PROJECT
 131           branch: '{branch}'
 132       - string:
 133           name: GIT_BASE
 134           default: https://gerrit.opnfv.org/gerrit/$PROJECT
 135           # yamllint disable rule:line-length
 136           description: "Used for overriding the GIT URL coming from Global Jenkins configuration in case if the stuff is done on none-LF HW."
 137           # yamllint enable rule:line-length
 138
 139     scm:
 140       - git-scm-gerrit
 141
 142     # yamllint disable rule:line-length
 143     triggers:
 144       - gerrit:
 145           server-name: 'gerrit.opnfv.org'
 146           trigger-on:
 147             - patchset-created-event:
 148                 exclude-drafts: 'false'
 149                 exclude-trivial-rebase: 'false'
 150                 exclude-no-code-change: 'false'
 151             - draft-published-event
 152             - comment-added-contains-event:
 153                 comment-contains-value: 'recheck'
 154           projects:
 155             - project-compare-type: 'REG_EXP'
 156               project-pattern: 'apex|armband|bamboo|barometer|bottlenecks|calipso|compass4nfv|conductor|cperf|daisy|doctor|dovetail|dpacc|enfv|fds|fuel|pharos|releng|sandbox|yardstick|infra|ipv6|kvmfornfv|models|moon|netready'
 157               branches:
 158                 - branch-compare-type: 'ANT'
 159                   branch-pattern: '**/{branch}'
 160               file-paths:
 161                 - compare-type: ANT
 162                   pattern: '**'
 163           skip-vote:
 164             successful: true
 165             failed: true
 166             unstable: true
 167             notbuilt: true
 168     # yamllint enable rule:line-length
 169
 170     builders:
 171       - anteater-security-audit
 172       - report-security-audit-result-to-gerrit
 173     publishers:
 174       - archive-artifacts:
 175           artifacts: ".reports/*"
 176
 177 ########################
 178 # builder macros
 179 ########################
 180 - builder:
 181     name: anteater-security-audit
 182     builders:
 183       - shell:
 184           !include-raw: ./anteater-security-audit.sh
 185
 186 - builder:
 187     name: report-security-audit-result-to-gerrit
 188     builders:
 189       - shell:
 190           !include-raw: ./anteater-report-to-gerrit.sh
 191
 192 - builder:
 193     name: anteater-security-audit-weekly
 194     builders:
 195       - shell:
 196           !include-raw: ./anteater-security-audit-weekly.sh