Remove Security Jobs

[releng.git] / jjb / global / releng-macros.yaml

---
# Releng macros
#
# NOTE: make sure macros are listed in execution ordered.
#
# 1. parameters/properties
# 2. scm
# 3. triggers
# 4. wrappers
# 5. prebuilders (maven only, configured like Builders)
# 6. builders (maven, freestyle, matrix, etc..)
# 7. postbuilders (maven only, configured like Builders)
# 8. publishers/reporters/notifications

- parameter:
    name: project-parameter
    parameters:
      - string:
          name: PROJECT
          default: '{project}'
          description: "JJB configured PROJECT parameter to identify an opnfv Gerrit project"
      - string:
          name: GS_BASE
          default: artifacts.opnfv.org/$PROJECT
          description: "URL to Google Storage."
      - string:
          name: GS_BASE_PROXY
          default: build.opnfv.org/artifacts.opnfv.org/$PROJECT
          description: "URL to Google Storage proxy"
      - string:
          name: BRANCH
          default: '{branch}'
          description: "JJB configured BRANCH parameter (e.g. master, stable/danube)"
      - string:
          name: GERRIT_BRANCH
          default: '{branch}'
          description: "JJB configured GERRIT_BRANCH parameter (deprecated)"
      - string:
          name: GERRIT_REFSPEC
          default: 'refs/heads/{branch}'
          description: "Default refspec needed for manually triggering."

##
# Reporting Deployment Results
#
# To report deployment results to
# http://testresults.opnfv.org/test/#/deployresults, add the following
# parameters, builders, and publishers to a deployment job:
#
#   parameters:
#    - testapi-parameter
#
#   builders:
#    - track-begin-timestamp
#
#   publishers:
#    - report-provision-result
#
# Note: The following string parameter must also exist, as they are used
#       when reporting the provision result:
#
#  * INSTALLER
#  * INSTALLER_VERSION
#  * DEPLOY_SCENARIO
#
# most installers include these but you should verify first before
# adding the publisher, otherwise the deployment build may be marked
# unstable.
#
##
- parameter:
    name: testapi-parameter
    parameters:
      - string:
          name: TESTAPI_URL
          default: 'http://testresults.opnfv.org/test/api/v1'
          description: "Default TestAPI URL, currently using v1"
      - string:
          name: INSTALLER_VERSION
          default: 'master'
          description: "Installer release version"
      - string:
          name: UPSTREAM_JOB_NAME
          default: ''
          description: "Parent job name in Jenkins"
      - string:
          name: UPSTREAM_BUILD_ID
          default: ''
          description: "Parent job build_id in Jenkins"

- property:
    name: logrotate-default
    properties:
      - build-discarder:
          days-to-keep: 60
          num-to-keep: 200
          artifact-days-to-keep: 60
          artifact-num-to-keep: 200

- scm:
    name: git-scm
    scm:
      - git: &git-scm-defaults
          credentials-id: 'd42411ac011ad6f3dd2e1fa34eaa5d87f910eb2e'
          url: '$GIT_BASE'
          branches:
            - 'origin/$BRANCH'
          timeout: 15
          per-build-tag: false
          skip-tag: true
          shallow-clone: false
          use-author: false
          ignore-notify: false
          wipe-workspace: true
          prune: false

- scm:
    name: git-scm-gerrit
    scm:
      - git:
          choosing-strategy: 'gerrit'
          refspec: '$GERRIT_REFSPEC'
          <<: *git-scm-defaults

- scm:
    name: git-scm-gerrit-with-submodules
    scm:
      - git:
          choosing-strategy: 'gerrit'
          refspec: '$GERRIT_REFSPEC'
          submodule:
            recursive: true
            timeout: 20
          <<: *git-scm-defaults
- scm:
    name: git-scm-with-submodules
    scm:
      - git:
          credentials-id: 'd42411ac011ad6f3dd2e1fa34eaa5d87f910eb2e'
          url: '$GIT_BASE'
          refspec: ''
          branches:
            - 'refs/heads/{branch}'
          per-build-tag: false
          skip-tag: true
          wipe-workspace: true
          submodule:
            recursive: true
            timeout: 20

- scm:
    name: git-scm-openstack
    scm:
      - git: &git-scm-openstack-defaults
          per-build-tag: false
          skip-tag: true
          url: '$GIT_BASE'
          branches:
            - 'origin/$BRANCH'
          timeout: 15

- trigger:
    name: 'daily-trigger-disabled'
    triggers:
      - timed: ''

- trigger:
    name: 'weekly-trigger-disabled'
    triggers:
      - timed: ''

- trigger:
    name: gerrit-trigger-patchset-created
    triggers:
      - gerrit:
          server-name: 'gerrit.opnfv.org'
          trigger-on:
            - patchset-created-event:
                exclude-drafts: 'false'
                exclude-trivial-rebase: 'false'
                exclude-no-code-change: 'false'
            - draft-published-event
            - comment-added-contains-event:
                comment-contains-value: 'recheck'
            - comment-added-contains-event:
                comment-contains-value: 'reverify'
          projects:
            - project-compare-type: 'ANT'
              project-pattern: '{project}'
              branches:
                - branch-compare-type: 'ANT'
                  branch-pattern: '**/{branch}'
              file-paths:
                - compare-type: 'ANT'
                  pattern: '{files}'
          skip-vote:
            successful: false
            failed: false
            unstable: false
            notbuilt: false

- trigger:
    name: gerrit-trigger-patchset-approved
    triggers:
      - gerrit:
          server-name: 'gerrit.opnfv.org'
          trigger-on:
            - comment-added-event:
                approval-category: 'CRVW'
                approval-value: 2
            - comment-added-contains-event:
                comment-contains-value: 'gate'
          projects:
            - project-compare-type: 'ANT'
              project-pattern: '{project}'
              branches:
                - branch-compare-type: 'ANT'
                  branch-pattern: '**/{branch}'
              file-paths:
                - compare-type: 'ANT'
                  pattern: '{files}'
          skip-vote:
            successful: false
            failed: false
            unstable: false
            notbuilt: false

- trigger:
    name: gerrit-trigger-change-merged
    triggers:
      - gerrit:
          server-name: 'gerrit.opnfv.org'
          trigger-on:
            - change-merged-event
            - comment-added-contains-event:
                comment-contains-value: 'remerge'
          projects:
            - project-compare-type: 'ANT'
              project-pattern: '{project}'
              branches:
                - branch-compare-type: 'ANT'
                  branch-pattern: '**/{branch}'
              file-paths:
                - compare-type: 'ANT'
                  pattern: '{files}'

- trigger:
    name: gerrit-trigger-tag-created
    triggers:
      - gerrit:
          server-name: 'gerrit.opnfv.org'
          trigger-on:
            - ref-updated-event
          projects:
            - project-compare-type: 'ANT'
              project-pattern: '{project}'
              branches:
                - branch-compare-type: 'ANT'
                  branch-pattern: 'refs/tags/**'

- trigger:
    name: 'experimental'
    triggers:
      - gerrit:
          server-name: 'gerrit.opnfv.org'
          trigger-on:
            - comment-added-contains-event:
                comment-contains-value: 'check-experimental'
          projects:
            - project-compare-type: 'ANT'
              project-pattern: '{project}'
              branches:
                - branch-compare-type: 'ANT'
                  branch-pattern: '**/{branch}'
              file-paths:
                - compare-type: 'ANT'
                  pattern: '{files}'
          skip-vote:
            successful: true
            failed: true
            unstable: true
            notbuilt: true

- wrapper:
    name: ssh-agent-wrapper
    wrappers:
      - ssh-agent-credentials:
          users:
            - 'd42411ac011ad6f3dd2e1fa34eaa5d87f910eb2e'

- wrapper:
    name: build-timeout
    wrappers:
      - timeout:
          timeout: '{timeout}'
          timeout-var: 'BUILD_TIMEOUT'
          fail: true

- wrapper:
    name: fix-workspace-permissions
    wrappers:
      - pre-scm-buildstep:
          - shell: |
             #!/bin/bash
             sudo chown -R $USER:$USER $WORKSPACE || exit 1

- builder:
    name: upload-under-review-docs-to-opnfv-artifacts
    builders:
      - shell: |
          #!/bin/bash
          set -o errexit
          set -o pipefail
          set -o xtrace
          export PATH=$PATH:/usr/local/bin/

          [[ $GERRIT_CHANGE_NUMBER =~ .+ ]]
          [[ -d docs/_build/ ]] || exit 0

          echo
          echo "###########################"
          echo "UPLOADING DOCS UNDER REVIEW"
          echo "###########################"
          echo

          gs_base="artifacts.opnfv.org/$PROJECT/review"
          gs_path="$gs_base/$GERRIT_CHANGE_NUMBER"
          local_path="upload/$GERRIT_CHANGE_NUMBER"

          mkdir -p upload
          mv docs/_build/html/ "$local_path"
          gsutil -m cp -r "$local_path" "gs://$gs_base"

          gsutil -m setmeta \
              -h "Content-Type:text/html" \
              -h "Cache-Control:private, max-age=0, no-transform" \
              "gs://$gs_path"/**.html > /dev/null 2>&1

          echo "Document link(s):" >> gerrit_comment.txt
          find "$local_path" | grep -e 'index.html$' -e 'pdf$' | \
              sed -e "s|^$local_path|    http://$gs_path|" >> gerrit_comment.txt

# To take advantage of this macro, have your build write
# out the file 'gerrit_comment.txt' with information to post
# back to gerrit and include this macro in the list of builders.
- builder:
    name: report-build-result-to-gerrit
    builders:
      - shell: |
          #!/bin/bash
          set -o errexit
          set -o pipefail
          set -o xtrace
          export PATH=$PATH:/usr/local/bin/
          if [[ -e gerrit_comment.txt ]] ; then
              echo
              echo "posting review comment to gerrit..."
              echo
              cat gerrit_comment.txt
              echo
              ssh -p 29418 gerrit.opnfv.org \
                  "gerrit review -p $GERRIT_PROJECT \
                   -m '$(cat gerrit_comment.txt)' \
                   $GERRIT_PATCHSET_REVISION \
                   --notify NONE"
          fi

- builder:
    name: remove-old-docs-from-opnfv-artifacts
    builders:
      - shell: |
          #!/bin/bash
          set -o errexit
          set -o pipefail
          set -o xtrace
          export PATH=$PATH:/usr/local/bin/

          [[ $GERRIT_CHANGE_NUMBER =~ .+ ]]

          gs_path="artifacts.opnfv.org/$PROJECT/review/$GERRIT_CHANGE_NUMBER"

          if gsutil ls "gs://$gs_path" > /dev/null 2>&1 ; then
              echo
              echo "Deleting Out-of-dated Documents..."
              gsutil -m rm -r "gs://$gs_path"
          fi
          gs_path="artifacts.opnfv.org/review/$GERRIT_CHANGE_NUMBER"

          if gsutil ls "gs://$gs_path" > /dev/null 2>&1 ; then
              echo
              echo "Deleting Out-of-dated Documents..."
              gsutil -m rm -r "gs://$gs_path"
          fi

- builder:
    name: upload-review-docs
    builders:
      - upload-under-review-docs-to-opnfv-artifacts
      - report-build-result-to-gerrit

- builder:
    name: lint-init
    builders:
      - shell: |
          #!/bin/bash
          # Ensure we start with a clean environment
          rm -f bash-violation.log python-violation.log yaml-violation.log violation.log
          git --no-pager diff --diff-filter=MCRAT --name-only HEAD^1 > modified_files

- builder:
    name: lint-report
    builders:
      - shell: |
          #!/bin/bash
          if [[ -s violation.log ]]; then
              cat violation.log
              echo "Reporting lint result...."
              set -x
              msg="Found syntax error and/or coding style violation(s) in the files modified by your patchset."
              sed -i -e "1s#^#${msg}\n\n#" violation.log
              cmd="gerrit review -p $GERRIT_PROJECT -m \"$(cat violation.log)\" $GERRIT_PATCHSET_REVISION --notify NONE"
              ssh -p 29418 gerrit.opnfv.org "$cmd"

              # Make sure the caller job failed
              exit 1
          fi

- builder:
    name: lint-bash-code
    builders:
      - shell: |
          #!/bin/bash
          echo "Checking bash code..."
          for f in $(egrep '\.sh$' modified_files)
          do
              bash -n "$f" 2>> bash-violation.log
          done
          if [[ -s bash-violation.log ]]; then
              echo -e "Bash syntax error(s)\n---" >> violation.log
              sed -e 's/^/ /g' bash-violation.log >> violation.log
          fi

- builder:
    name: lint-python-code
    builders:
      - shell: |
          #!/bin/bash
          # Install python package
          sudo -H pip install "flake8==2.6.2"

          echo "Checking python code..."
          for f in $(egrep '\.py$' modified_files)
          do
              flake8 "$f" >> python-violation.log
          done
          if [[ -s python-violation.log ]]; then
              echo -e "Python violation(s)\n---" >> violation.log
              sed -e 's/^/ /g' python-violation.log >> violation.log
          fi

- builder:
    name: lint-yaml-code
    builders:
      - shell: |
          #!/bin/bash
          # sudo Install python packages
          sudo -H pip install "yamllint==1.8.2"

          echo "Checking yaml file..."
          for f in $(egrep '\.ya?ml$' modified_files)
          do
              yamllint "$f" >> yaml-violation.log
          done
          if [[ -s yaml-violation.log ]]; then
              echo -e "YAML violation(s)\n---" >> violation.log
              sed -e 's/^/ /g' yaml-violation.log >> violation.log
          fi

- builder:
    name: lint-all-code
    builders:
      - lint-init
      - lint-bash-code
      - lint-python-code
      - lint-yaml-code
      - lint-report

- builder:
    name: clean-workspace
    builders:
      - shell: |
          #!/bin/bash
          set -o errexit
          set -o nounset
          set -o pipefail
          sudo /bin/rm -rf "$WORKSPACE"

- builder:
    name: clean-workspace-log
    builders:
      - shell: |
          find $WORKSPACE -type f -name '*.log' | xargs rm -f

- builder:
    name: track-begin-timestamp
    builders:
      - shell: |
          echo "export TIMESTAMP_START="\'`date '+%Y-%m-%d %H:%M:%S.%3N'`\' > $WORKSPACE/installer_track.sh

- publisher:
    name: archive-artifacts
    publishers:
      - archive:
          artifacts: '{artifacts}'
          allow-empty: true
          fingerprint: true
          latest-only: true

- publisher:
    name: publish-coverage
    publishers:
      - cobertura:
          report-file: "coverage.xml"
          only-stable: "true"
          health-auto-update: "false"
          stability-auto-update: "false"
          zoom-coverage-chart: "true"
          targets:
            - files:
                healthy: 10
                unhealthy: 20
                failing: 30
            - method:
                healthy: 50
                unhealthy: 40
                failing: 30

# The majority of the email-ext plugin options are set to the default
# for this macro so they can be managed through Jenkins' global
# settings.
- publisher:
    name: email-jenkins-admins-on-failure
    publishers:
      - email-ext:
          content-type: text
          attach-build-log: true
          compress-log: true
          always: false
          failure: true
          send-to:
            - recipients

- publisher:
    name: 'report-provision-result'
    publishers:
      - postbuildscript:
          builders:
            - role: BOTH
              build-on:
                - SUCCESS
              build-steps:
                - shell: |
                    echo "export PROVISION_RESULT=PASS" >> $WORKSPACE/installer_track.sh
                    echo "export INSTALLER=$INSTALLER_TYPE" >> $WORKSPACE/installer_track.sh
                    echo "export TIMESTAMP_END="\'`date '+%Y-%m-%d %H:%M:%S.%3N'`\' >> $WORKSPACE/installer_track.sh
                - shell:
                    !include-raw: installer-report.sh
          mark-unstable-if-failed: true
      - postbuildscript:
          builders:
            - role: BOTH
              build-on:
                - ABORTED
                - FAILURE
                - NOT_BUILT
                - UNSTABLE
              build-steps:
                - shell: |
                    echo "export PROVISION_RESULT=FAIL" >> $WORKSPACE/installer_track.sh
                    echo "export INSTALLER=$INSTALLER_TYPE" >> $WORKSPACE/installer_track.sh
                    echo "export TIMESTAMP_END="\'`date '+%Y-%m-%d %H:%M:%S.%3N'`\' >> $WORKSPACE/installer_track.sh
                - shell:
                    !include-raw: installer-report.sh
          mark-unstable-if-failed: true