Code Review / releng.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Fix 'copper' in Gerrit Trigger for Security Scan
[releng.git] / jjb / ci_gate_security / opnfv-ci-gate-security.yml
1 ---
2 # SPDX-license-identifier: Apache-2.0
3 ########################
4 # Job configuration for opnfv-anteater (security audit)
5 ########################
6 - project:
7
8     name: anteaterfw
9
10     project: anteaterfw
11
12     repo:
13       - apex
14       - apex-os-net-config
15       - apex-puppet-tripleo
16       - apex-tripleo-heat-templates
17       - armband
18       - auto
19       - availability
20       - bamboo
21       - barometer
22       - bottlenecks
23       - calipso
24       - clover
25       - compass-containers
26       - compass4nfv
27       - conductor
28       - container4nfv
29       - copper
30       - cperf
31       - daisy
32       - doctor
33       - domino
34       - dovetail
35       - dpacc
36       - enfv
37       - fastpathmetrics
38       - fds
39       - fuel
40       - functest
41       - ipv6
42       - joid
43       - kvmfornfv
44       - models
45       - moon
46       - multisite
47       - netready
48       - nfvbench
49       - octopus
50       - onosfw
51       - openretriever
52       - opera
53       - opnfvdocs
54       - orchestra
55       - ovn4nfv
56       - ovno
57       - ovsnfv
58       - parser
59       - pharos
60       - pharos-tools
61       - promise
62       - qtip
63       - releng
64       - releng-anteater
65       - releng-testresults
66       - releng-utils
67       - releng-xci
68       - samplevnf
69       - sdnvpn
70       - securityscanning
71       - sfc
72       - snaps
73       - stor4nfv
74       - storperf
75       - ves
76       - vswitchperf
77       - yardstick
78
79     jobs:
80       - 'opnfv-security-audit-verify-{stream}'
81       - 'opnfv-security-audit-{repo}-weekly-{stream}'
82
83     stream:
84       - master:
85           branch: '{stream}'
86           gs-pathname: ''
87           disabled: false
88
89 ########################
90 # job templates
91 ########################
92 - job-template:
93     name: 'opnfv-security-audit-{repo}-weekly-{stream}'
94
95     disabled: '{obj:disabled}'
96
97     parameters:
98       - ericsson-build3-defaults
99       - string:
100           name: ANTEATER_SCAN_PATCHSET
101           default: "false"
102           description: "Have anteater scan patchsets (true) or full project (false)"
103       - project-parameter:
104           project: '{repo}'
105           branch: '{branch}'
106       - string:
107           name: GERRIT_REFSPEC
108           default: 'refs/heads/{stream}'
109           description: "Default Gerrit ref git HEAD should point to"
110
111     scm:
112       - git-scm-gerrit
113
114     triggers:
115       - timed: '@weekly'
116
117     builders:
118       - anteater-security-audit-weekly
119
120     publishers:
121       # defined in jjb/global/releng-macros.yml
122       - 'email-{repo}-ptl':
123           subject: 'OPNFV Security Scan Result: {repo}'
124       - workspace-cleanup:
125           fail-build: false
126
127 - job-template:
128     name: 'opnfv-security-audit-verify-{stream}'
129
130     disabled: '{obj:disabled}'
131
132     parameters:
133       - label:
134           name: SLAVE_LABEL
135           default: 'opnfv-build'
136           description: 'Slave label on Jenkins'
137       - project-parameter:
138           project: $GERRIT_PROJECT
139           branch: '{branch}'
140       - string:
141           name: GIT_BASE
142           default: https://gerrit.opnfv.org/gerrit/$PROJECT
143           # yamllint disable rule:line-length
144           description: "Used for overriding the GIT URL coming from Global Jenkins configuration in case if the stuff is done on none-LF HW."
145           # yamllint enable rule:line-length
146
147     scm:
148       - git-scm-gerrit
149
150     # yamllint disable rule:line-length
151     triggers:
152       - gerrit:
153           server-name: 'gerrit.opnfv.org'
154           trigger-on:
155             - patchset-created-event:
156                 exclude-drafts: 'false'
157                 exclude-trivial-rebase: 'false'
158                 exclude-no-code-change: 'false'
159             - draft-published-event
160             - comment-added-contains-event:
161                 comment-contains-value: 'recheck'
162             - comment-added-contains-event:
163                 comment-contains-value: 'reverify'
164           projects:
165             - project-compare-type: 'REG_EXP'
166               project-pattern: 'apex|armband|bamboo|barometer|bottlenecks|calipso|compass4nfv|conductor|copper|cperf|daisy|doctor|dovetail|dpacc|enfv|escalator|fds|fuel|functest|octopus|pharos|releng|sandbox|yardstick|infra|ipv6|kvmfornfv|lsoapi|models|moon|multisite|netready'
167               branches:
168                 - branch-compare-type: 'ANT'
169                   branch-pattern: '**/{branch}'
170               file-paths:
171                 - compare-type: ANT
172                   pattern: '**'
173           skip-vote:
174             successful: true
175             failed: true
176             unstable: true
177             notbuilt: true
178     # yamllint enable rule:line-length
179
180     builders:
181       - anteater-security-audit
182       - report-security-audit-result-to-gerrit
183     publishers:
184       - archive-artifacts:
185           artifacts: ".reports/*"
186
187 ########################
188 # builder macros
189 ########################
190 - builder:
191     name: anteater-security-audit
192     builders:
193       - shell:
194           !include-raw: ./anteater-security-audit.sh
195
196 - builder:
197     name: report-security-audit-result-to-gerrit
198     builders:
199       - shell:
200           !include-raw: ./anteater-report-to-gerrit.sh
201
202 - builder:
203     name: anteater-security-audit-weekly
204     builders:
205       - shell:
206           !include-raw: ./anteater-security-audit-weekly.sh