jjb/ci_gate_security/opnfv-ci-gate-security.yml

   1 # SPDX-license-identifier: Apache-2.0
   2 ########################
   3 # Job configuration for opnfv-anteater (security audit)
   4 ########################
   5 - project:
   6
   7     name: anteaterfw
   8
   9     project: anteaterfw
  10
  11     jobs:
  12         - 'opnfv-security-audit-verify-{stream}'
  13         - 'opnfv-security-audit-weekly-{stream}'
  14
  15     stream:
  16         - master:
  17             branch: '{stream}'
  18             gs-pathname: ''
  19             disabled: false
  20
  21 ########################
  22 # job templates
  23 ########################
  24 - job-template:
  25     name: 'opnfv-security-audit-weekly-{stream}'
  26
  27     disabled: '{obj:disabled}'
  28
  29     parameters:
  30         - label:
  31             name: SLAVE_LABEL
  32             default: 'ericsson-build3'
  33             description: 'Slave label on Jenkins'
  34         - project-parameter:
  35             project: releng
  36             branch: '{branch}'
  37
  38     triggers:
  39         - timed: '@weekly'
  40
  41     builders:
  42         - anteater-security-audit-weekly
  43
  44 - job-template:
  45     name: 'opnfv-security-audit-verify-{stream}'
  46
  47     disabled: '{obj:disabled}'
  48
  49     parameters:
  50         - label:
  51             name: SLAVE_LABEL
  52             default: 'ericsson-build3'
  53             description: 'Slave label on Jenkins'
  54         - project-parameter:
  55             project: $GERRIT_PROJECT
  56             branch: '{branch}'
  57         - string:
  58             name: GIT_BASE
  59             default: https://gerrit.opnfv.org/gerrit/$PROJECT
  60             description: "Used for overriding the GIT URL coming from Global Jenkins configuration in case if the stuff is done on none-LF HW."
  61
  62     scm:
  63         - git-scm-gerrit
  64
  65     triggers:
  66         - gerrit:
  67             server-name: 'gerrit.opnfv.org'
  68             trigger-on:
  69                 - patchset-created-event:
  70                     exclude-drafts: 'false'
  71                     exclude-trivial-rebase: 'false'
  72                     exclude-no-code-change: 'false'
  73                 - draft-published-event
  74                 - comment-added-contains-event:
  75                     comment-contains-value: 'recheck'
  76                 - comment-added-contains-event:
  77                     comment-contains-value: 'reverify'
  78             projects:
  79               - project-compare-type: 'REG_EXP'
  80                 project-pattern: 'apex|armband|bamboo|barometer|bottlenecks|calipso|compass4nfv|conductor|cooper|functest|octopus|pharos|releng|sandbox'
  81                 branches:
  82                   - branch-compare-type: 'ANT'
  83                     branch-pattern: '**/{branch}'
  84                 file-paths:
  85                   - compare-type: ANT
  86                     pattern: '**'
  87             skip-vote:
  88                 successful: true
  89                 failed: true
  90                 unstable: true
  91                 notbuilt: true
  92
  93     builders:
  94         - anteater-security-audit
  95         - report-security-audit-result-to-gerrit
  96 ########################
  97 # builder macros
  98 ########################
  99 - builder:
 100     name: anteater-security-audit
 101     builders:
 102         - shell:
 103             !include-raw: ./anteater-security-audit.sh
 104
 105 - builder:
 106     name: report-security-audit-result-to-gerrit
 107     builders:
 108         - shell:
 109             !include-raw: ./anteater-report-to-gerrit.sh
 110
 111 - builder:
 112     name: anteater-security-audit-weekly
 113     builders:
 114         - shell:
 115             !include-raw:
 116                 - ./anteater-clone-all-repos.sh
 117                 - ./anteater-security-audit-weekly.sh
 118