jjb/ci_gate_security/opnfv-ci-gate-security.yaml

   1 ---
   2 # SPDX-license-identifier: Apache-2.0
   3 ########################
   4 # Job configuration for opnfv-anteater (security audit)
   5 ########################
   6 - project:
   7
   8     name: anteaterfw
   9
  10     project: anteaterfw
  11
  12     repo:
  13       - apex
  14       - apex-os-net-config
  15       - apex-puppet-tripleo
  16       - apex-tripleo-heat-templates
  17       - armband
  18       - auto
  19       - availability
  20       - bamboo
  21       - barometer
  22       - bottlenecks
  23       - calipso
  24       - clover
  25       - compass-containers
  26       - compass4nfv
  27       - conductor
  28       - container4nfv
  29       - cperf
  30       - daisy
  31       - doctor
  32       - domino
  33       - dovetail
  34       - dpacc
  35       - enfv
  36       - fds
  37       - fuel
  38       - ipv6
  39       - joid
  40       - kvmfornfv
  41       - models
  42       - moon
  43       - nfvbench
  44       - onosfw
  45       - opera
  46       - opnfvdocs
  47       - orchestra
  48       - ovn4nfv
  49       - ovno
  50       - ovsnfv
  51       - parser
  52       - pharos
  53       - pharos-tools
  54       - promise
  55       - qtip
  56       - releng
  57       - releng-anteater
  58       - releng-testresults
  59       - releng-utils
  60       - releng-xci
  61       - samplevnf
  62       - sdnvpn
  63       - securityscanning
  64       - sfc
  65       - snaps
  66       - stor4nfv
  67       - storperf
  68       - ves
  69       - vswitchperf
  70       - yardstick
  71
  72     jobs:
  73       - 'opnfv-security-audit-verify-{stream}'
  74       - 'opnfv-security-audit-{repo}-weekly-{stream}'
  75
  76     stream:
  77       - master:
  78           branch: '{stream}'
  79           gs-pathname: ''
  80           disabled: false
  81
  82 ########################
  83 # job templates
  84 ########################
  85 - job-template:
  86     name: 'opnfv-security-audit-{repo}-weekly-{stream}'
  87
  88     disabled: '{obj:disabled}'
  89
  90     parameters:
  91       - opnfv-build-defaults
  92       - string:
  93           name: ANTEATER_SCAN_PATCHSET
  94           default: "false"
  95           description: "Have anteater scan patchsets (true) or full project (false)"
  96       - project-parameter:
  97           project: '{repo}'
  98           branch: '{branch}'
  99
 100     scm:
 101       - git-scm-gerrit
 102
 103     triggers:
 104       - timed: '@weekly'
 105
 106     builders:
 107       - anteater-security-audit-weekly
 108
 109     publishers:
 110       # defined in jjb/global/releng-macros.yml
 111       - 'email-{repo}-ptl':
 112           subject: 'OPNFV Security Scan Result: {repo}'
 113       - workspace-cleanup:
 114           fail-build: false
 115
 116 - job-template:
 117     name: 'opnfv-security-audit-verify-{stream}'
 118
 119     disabled: '{obj:disabled}'
 120
 121     parameters:
 122       - label:
 123           name: SLAVE_LABEL
 124           default: 'opnfv-build'
 125           description: 'Slave label on Jenkins'
 126           all-nodes: false
 127           node-eligibility: 'ignore-offline'
 128       - project-parameter:
 129           project: $GERRIT_PROJECT
 130           branch: '{branch}'
 131       - string:
 132           name: GIT_BASE
 133           default: https://gerrit.opnfv.org/gerrit/$PROJECT
 134           # yamllint disable rule:line-length
 135           description: "Used for overriding the GIT URL coming from Global Jenkins configuration in case if the stuff is done on none-LF HW."
 136           # yamllint enable rule:line-length
 137
 138     scm:
 139       - git-scm-gerrit
 140
 141     # yamllint disable rule:line-length
 142     triggers:
 143       - gerrit:
 144           server-name: 'gerrit.opnfv.org'
 145           trigger-on:
 146             - patchset-created-event:
 147                 exclude-drafts: 'false'
 148                 exclude-trivial-rebase: 'false'
 149                 exclude-no-code-change: 'false'
 150             - draft-published-event
 151             - comment-added-contains-event:
 152                 comment-contains-value: 'recheck'
 153           projects:
 154             - project-compare-type: 'REG_EXP'
 155               project-pattern: 'apex|armband|bamboo|barometer|bottlenecks|calipso|compass4nfv|conductor|cperf|daisy|doctor|dovetail|dpacc|enfv|fds|fuel|pharos|releng|sandbox|yardstick|infra|ipv6|kvmfornfv|models|moon'
 156               branches:
 157                 - branch-compare-type: 'ANT'
 158                   branch-pattern: '**/{branch}'
 159               file-paths:
 160                 - compare-type: ANT
 161                   pattern: '**'
 162           skip-vote:
 163             successful: true
 164             failed: true
 165             unstable: true
 166             notbuilt: true
 167     # yamllint enable rule:line-length
 168
 169     builders:
 170       - anteater-security-audit
 171       - report-security-audit-result-to-gerrit
 172     publishers:
 173       - archive-artifacts:
 174           artifacts: ".reports/*"
 175
 176 ########################
 177 # builder macros
 178 ########################
 179 - builder:
 180     name: anteater-security-audit
 181     builders:
 182       - shell:
 183           !include-raw: ./anteater-security-audit.sh
 184
 185 - builder:
 186     name: report-security-audit-result-to-gerrit
 187     builders:
 188       - shell:
 189           !include-raw: ./anteater-report-to-gerrit.sh
 190
 191 - builder:
 192     name: anteater-security-audit-weekly
 193     builders:
 194       - shell:
 195           !include-raw: ./anteater-security-audit-weekly.sh