jjb/ci_gate_security/opnfv-ci-gate-security.yaml

   1 ---
   2 # SPDX-license-identifier: Apache-2.0
   3 ########################
   4 # Job configuration for opnfv-anteater (security audit)
   5 ########################
   6 - project:
   7
   8     name: anteaterfw
   9
  10     project: anteaterfw
  11
  12     repo:
  13       - apex
  14       - apex-os-net-config
  15       - apex-puppet-tripleo
  16       - apex-tripleo-heat-templates
  17       - armband
  18       - auto
  19       - availability
  20       - bamboo
  21       - barometer
  22       - bottlenecks
  23       - calipso
  24       - clover
  25       - compass-containers
  26       - compass4nfv
  27       - conductor
  28       - container4nfv
  29       - cperf
  30       - daisy
  31       - doctor
  32       - domino
  33       - dovetail
  34       - dpacc
  35       - enfv
  36       - fds
  37       - fuel
  38       - functest
  39       - ipv6
  40       - joid
  41       - kvmfornfv
  42       - models
  43       - moon
  44       - netready
  45       - nfvbench
  46       - onosfw
  47       - opera
  48       - opnfvdocs
  49       - orchestra
  50       - ovn4nfv
  51       - ovno
  52       - ovsnfv
  53       - parser
  54       - pharos
  55       - pharos-tools
  56       - promise
  57       - qtip
  58       - releng
  59       - releng-anteater
  60       - releng-testresults
  61       - releng-utils
  62       - releng-xci
  63       - samplevnf
  64       - sdnvpn
  65       - securityscanning
  66       - sfc
  67       - snaps
  68       - stor4nfv
  69       - storperf
  70       - ves
  71       - vswitchperf
  72       - yardstick
  73
  74     jobs:
  75       - 'opnfv-security-audit-verify-{stream}'
  76       - 'opnfv-security-audit-{repo}-weekly-{stream}'
  77
  78     stream:
  79       - master:
  80           branch: '{stream}'
  81           gs-pathname: ''
  82           disabled: false
  83
  84 ########################
  85 # job templates
  86 ########################
  87 - job-template:
  88     name: 'opnfv-security-audit-{repo}-weekly-{stream}'
  89
  90     disabled: '{obj:disabled}'
  91
  92     parameters:
  93       - opnfv-build-defaults
  94       - string:
  95           name: ANTEATER_SCAN_PATCHSET
  96           default: "false"
  97           description: "Have anteater scan patchsets (true) or full project (false)"
  98       - project-parameter:
  99           project: '{repo}'
 100           branch: '{branch}'
 101
 102     scm:
 103       - git-scm-gerrit
 104
 105     triggers:
 106       - timed: '@weekly'
 107
 108     builders:
 109       - anteater-security-audit-weekly
 110
 111     publishers:
 112       # defined in jjb/global/releng-macros.yml
 113       - 'email-{repo}-ptl':
 114           subject: 'OPNFV Security Scan Result: {repo}'
 115       - workspace-cleanup:
 116           fail-build: false
 117
 118 - job-template:
 119     name: 'opnfv-security-audit-verify-{stream}'
 120
 121     disabled: '{obj:disabled}'
 122
 123     parameters:
 124       - label:
 125           name: SLAVE_LABEL
 126           default: 'opnfv-build'
 127           description: 'Slave label on Jenkins'
 128           all-nodes: false
 129           node-eligibility: 'ignore-offline'
 130       - project-parameter:
 131           project: $GERRIT_PROJECT
 132           branch: '{branch}'
 133       - string:
 134           name: GIT_BASE
 135           default: https://gerrit.opnfv.org/gerrit/$PROJECT
 136           # yamllint disable rule:line-length
 137           description: "Used for overriding the GIT URL coming from Global Jenkins configuration in case if the stuff is done on none-LF HW."
 138           # yamllint enable rule:line-length
 139
 140     scm:
 141       - git-scm-gerrit
 142
 143     # yamllint disable rule:line-length
 144     triggers:
 145       - gerrit:
 146           server-name: 'gerrit.opnfv.org'
 147           trigger-on:
 148             - patchset-created-event:
 149                 exclude-drafts: 'false'
 150                 exclude-trivial-rebase: 'false'
 151                 exclude-no-code-change: 'false'
 152             - draft-published-event
 153             - comment-added-contains-event:
 154                 comment-contains-value: 'recheck'
 155           projects:
 156             - project-compare-type: 'REG_EXP'
 157               project-pattern: 'apex|armband|bamboo|barometer|bottlenecks|calipso|compass4nfv|conductor|cperf|daisy|doctor|dovetail|dpacc|enfv|fds|fuel|functest|pharos|releng|sandbox|yardstick|infra|ipv6|kvmfornfv|models|moon|netready'
 158               branches:
 159                 - branch-compare-type: 'ANT'
 160                   branch-pattern: '**/{branch}'
 161               file-paths:
 162                 - compare-type: ANT
 163                   pattern: '**'
 164           skip-vote:
 165             successful: true
 166             failed: true
 167             unstable: true
 168             notbuilt: true
 169     # yamllint enable rule:line-length
 170
 171     builders:
 172       - anteater-security-audit
 173       - report-security-audit-result-to-gerrit
 174     publishers:
 175       - archive-artifacts:
 176           artifacts: ".reports/*"
 177
 178 ########################
 179 # builder macros
 180 ########################
 181 - builder:
 182     name: anteater-security-audit
 183     builders:
 184       - shell:
 185           !include-raw: ./anteater-security-audit.sh
 186
 187 - builder:
 188     name: report-security-audit-result-to-gerrit
 189     builders:
 190       - shell:
 191           !include-raw: ./anteater-report-to-gerrit.sh
 192
 193 - builder:
 194     name: anteater-security-audit-weekly
 195     builders:
 196       - shell:
 197           !include-raw: ./anteater-security-audit-weekly.sh