jjb/securityaudit/opnfv-security-audit.yml

   1 ########################
   2 # Job configuration for opnfv-lint
   3 ########################
   4 - project:
   5
   6     name: anteaterfw
   7
   8     project: anteaterfw
   9
  10     jobs:
  11         - 'opnfv-security-audit-verify-{stream}'
  12
  13     stream:
  14         - master:
  15             branch: '{stream}'
  16             gs-pathname: ''
  17             disabled: false
  18
  19 ########################
  20 # job templates
  21 ########################
  22 - job-template:
  23     name: 'opnfv-security-audit-verify-{stream}'
  24
  25     disabled: '{obj:disabled}'
  26
  27     parameters:
  28         - project-parameter:
  29             project: $GERRIT_PROJECT
  30             branch: '{branch}'
  31
  32     scm:
  33         - git-scm-gerrit
  34
  35     triggers:
  36         - gerrit:
  37             server-name: 'gerrit.opnfv.org'
  38             trigger-on:
  39                 - patchset-created-event:
  40                     exclude-drafts: 'false'
  41                     exclude-trivial-rebase: 'false'
  42                     exclude-no-code-change: 'false'
  43                 - draft-published-event
  44                 - comment-added-contains-event:
  45                     comment-contains-value: 'recheck'
  46                 - comment-added-contains-event:
  47                     comment-contains-value: 'reverify'
  48             projects:
  49               - project-compare-type: 'REG_EXP'
  50                 project-pattern: 'sandbox'
  51                 branches:
  52                   - branch-compare-type: 'ANT'
  53                     branch-pattern: '**/{branch}'
  54                 file-paths:
  55                   - compare-type: ANT
  56                     pattern: '**/*.py'
  57           skip-vote:
  58             successful: true
  59             failed: true
  60             unstable: true
  61             notbuilt: true
  62
  63     builders:
  64         - security-audit-python-code
  65         - report-security-audit-result-to-gerrit
  66 ########################
  67 # builder macros
  68 ########################
  69 - builder:
  70     name: security-audit-python-code
  71     builders:
  72         - shell: |
  73             #!/bin/bash
  74             set -o errexit
  75             set -o pipefail
  76             set -o xtrace
  77             export PATH=$PATH:/usr/local/bin/
  78
  79             # this is where the security/license audit script will be executed
  80             echo "Hello World!"
  81 - builder:
  82     name: report-security-audit-result-to-gerrit
  83     builders:
  84         - shell: |
  85             #!/bin/bash
  86             set -o errexit
  87             set -o pipefail
  88             set -o xtrace
  89             export PATH=$PATH:/usr/local/bin/
  90
  91             # If no violations were found, no lint log will exist.
  92             if [[ -e securityaudit.log ]] ; then
  93                 echo -e "\nposting security audit report to gerrit...\n"
  94
  95                 cat securityaudit.log
  96                 echo
  97
  98                 ssh -p 29418 gerrit.opnfv.org \
  99                     "gerrit review -p $GERRIT_PROJECT \
 100                      -m \"$(cat securityaudit.log)\" \
 101                      $GERRIT_PATCHSET_REVISION \
 102                      --notify NONE"
 103
 104                 exit 1
 105             fi