jjb/ci_gate_security/opnfv-ci-gate-security.yml

   1 ---
   2 # SPDX-license-identifier: Apache-2.0
   3 ########################
   4 # Job configuration for opnfv-anteater (security audit)
   5 ########################
   6 - project:
   7
   8     name: anteaterfw
   9
  10     project: anteaterfw
  11
  12     repo:
  13       - apex
  14       - apex-os-net-config
  15       - apex-puppet-tripleo
  16       - apex-tripleo-heat-templates
  17       - armband
  18       - auto
  19       - availability
  20       - bamboo
  21       - barometer
  22       - bottlenecks
  23       - calipso
  24       - clover
  25       - compass-containers
  26       - compass4nfv
  27       - conductor
  28       - container4nfv
  29       - copper
  30       - cperf
  31       - daisy
  32       - doctor
  33       - domino
  34       - dovetail
  35       - dpacc
  36       - enfv
  37       - fastpathmetrics
  38       - fds
  39       - fuel
  40       - functest
  41       - ipv6
  42       - joid
  43       - kvmfornfv
  44       - models
  45       - moon
  46       - multisite
  47       - netready
  48       - nfvbench
  49       - octopus
  50       - onosfw
  51       - openretriever
  52       - opera
  53       - opnfvdocs
  54       - orchestra
  55       - ovn4nfv
  56       - ovno
  57       - ovsnfv
  58       - parser
  59       - pharos
  60       - pharos-tools
  61       - promise
  62       - qtip
  63       - releng
  64       - releng-anteater
  65       - releng-testresults
  66       - releng-utils
  67       - releng-xci
  68       - samplevnf
  69       - sdnvpn
  70       - securityscanning
  71       - sfc
  72       - snaps
  73       - stor4nfv
  74       - storperf
  75       - ves
  76       - vswitchperf
  77       - yardstick
  78
  79     jobs:
  80       - 'opnfv-security-audit-verify-{stream}'
  81       - 'opnfv-security-audit-{repo}-weekly-{stream}'
  82
  83     stream:
  84       - master:
  85           branch: '{stream}'
  86           gs-pathname: ''
  87           disabled: false
  88
  89 ########################
  90 # job templates
  91 ########################
  92 - job-template:
  93     name: 'opnfv-security-audit-{repo}-weekly-{stream}'
  94
  95     disabled: '{obj:disabled}'
  96
  97     parameters:
  98       - ericsson-build3-defaults
  99       - string:
 100           name: ANTEATER_SCAN_PATCHSET
 101           default: "false"
 102           description: "Have anteater scan patchsets (true) or full project (false)"
 103       - project-parameter:
 104           project: '{repo}'
 105           branch: '{branch}'
 106
 107     scm:
 108       - git-scm-gerrit
 109
 110     triggers:
 111       - timed: '@weekly'
 112
 113     builders:
 114       - anteater-security-audit-weekly
 115       - clean-workspace
 116
 117     publishers:
 118       # defined in jjb/global/releng-macros.yml
 119       - 'email-{repo}-ptl':
 120           subject: 'OPNFV Security Scan Result: {repo}'
 121
 122 - job-template:
 123     name: 'opnfv-security-audit-verify-{stream}'
 124
 125     disabled: '{obj:disabled}'
 126
 127     parameters:
 128       - label:
 129           name: SLAVE_LABEL
 130           default: 'opnfv-build'
 131           description: 'Slave label on Jenkins'
 132       - project-parameter:
 133           project: $GERRIT_PROJECT
 134           branch: '{branch}'
 135       - string:
 136           name: GIT_BASE
 137           default: https://gerrit.opnfv.org/gerrit/$PROJECT
 138           # yamllint disable rule:line-length
 139           description: "Used for overriding the GIT URL coming from Global Jenkins configuration in case if the stuff is done on none-LF HW."
 140           # yamllint enable rule:line-length
 141
 142     scm:
 143       - git-scm-gerrit
 144
 145     # yamllint disable rule:line-length
 146     triggers:
 147       - gerrit:
 148           server-name: 'gerrit.opnfv.org'
 149           trigger-on:
 150             - patchset-created-event:
 151                 exclude-drafts: 'false'
 152                 exclude-trivial-rebase: 'false'
 153                 exclude-no-code-change: 'false'
 154             - draft-published-event
 155             - comment-added-contains-event:
 156                 comment-contains-value: 'recheck'
 157             - comment-added-contains-event:
 158                 comment-contains-value: 'reverify'
 159           projects:
 160             - project-compare-type: 'REG_EXP'
 161               project-pattern: 'apex|armband|bamboo|barometer|bottlenecks|calipso|compass4nfv|conductor|cooper|cperf|daisy|doctor|dovetail|dpacc|enfv|escalator|fds|fuel|functest|octopus|pharos|releng|sandbox|yardstick|infra|ipv6|kvmfornfv|lsoapi|models|moon|multisite|netready'
 162               branches:
 163                 - branch-compare-type: 'ANT'
 164                   branch-pattern: '**/{branch}'
 165               file-paths:
 166                 - compare-type: ANT
 167                   pattern: '**'
 168           skip-vote:
 169             successful: true
 170             failed: true
 171             unstable: true
 172             notbuilt: true
 173     # yamllint enable rule:line-length
 174
 175     builders:
 176       - anteater-security-audit
 177       - report-security-audit-result-to-gerrit
 178     publishers:
 179       - archive-artifacts:
 180           artifacts: ".reports/*"
 181
 182 ########################
 183 # builder macros
 184 ########################
 185 - builder:
 186     name: anteater-security-audit
 187     builders:
 188       - shell:
 189           !include-raw: ./anteater-security-audit.sh
 190
 191 - builder:
 192     name: report-security-audit-result-to-gerrit
 193     builders:
 194       - shell:
 195           !include-raw: ./anteater-report-to-gerrit.sh
 196
 197 - builder:
 198     name: anteater-security-audit-weekly
 199     builders:
 200       - shell:
 201           !include-raw: ./anteater-security-audit-weekly.sh