jjb/securityscanning/opnfv-security-scan.yml

   1 ########################
   2 # Job configuration for opnfv-lint
   3 ########################
   4 - project:
   5
   6     name: anteaterfw
   7
   8     project: anteaterfw
   9
  10     jobs:
  11         - 'opnfv-security-scan-verify-{stream}'
  12
  13     stream:
  14         - master:
  15             branch: '{stream}'
  16             gs-pathname: ''
  17             disabled: false
  18
  19 ########################
  20 # job templates
  21 ########################
  22 - job-template:
  23     name: 'opnfv-security-scan-verify-{stream}'
  24
  25     disabled: '{obj:disabled}'
  26
  27     parameters:
  28         - project-parameter:
  29             project: $GERRIT_PROJECT
  30         - gerrit-parameter:
  31             branch: '{branch}'
  32
  33     scm:
  34         - git-scm-gerrit
  35
  36     triggers:
  37         - gerrit:
  38             server-name: 'gerrit.opnfv.org'
  39             trigger-on:
  40                 - patchset-created-event:
  41                     exclude-drafts: 'false'
  42                     exclude-trivial-rebase: 'false'
  43                     exclude-no-code-change: 'false'
  44                 - draft-published-event
  45                 - comment-added-contains-event:
  46                     comment-contains-value: 'recheck'
  47                 - comment-added-contains-event:
  48                     comment-contains-value: 'reverify'
  49             projects:
  50               - project-compare-type: 'REG_EXP'
  51                 project-pattern: 'sandbox'
  52                 branches:
  53                   - branch-compare-type: 'ANT'
  54                     branch-pattern: '**/{branch}'
  55                 file-paths:
  56                   - compare-type: ANT
  57                     pattern: '**/*.py'
  58           skip-vote:
  59             successful: true
  60             failed: true
  61             unstable: true
  62             notbuilt: true
  63
  64     builders:
  65         - security-scan-python-code
  66         - report-security-scan-result-to-gerrit
  67 ########################
  68 # builder macros
  69 ########################
  70 - builder:
  71     name: security-scan-python-code
  72     builders:
  73         - shell: |
  74             #!/bin/bash
  75             set -o errexit
  76             set -o pipefail
  77             set -o xtrace
  78             export PATH=$PATH:/usr/local/bin/
  79
  80             # this is where the security/license scan script will be executed
  81             echo "Hello World!"
  82 - builder:
  83     name: report-security-scan-result-to-gerrit
  84     builders:
  85         - shell: |
  86             #!/bin/bash
  87             set -o errexit
  88             set -o pipefail
  89             set -o xtrace
  90             export PATH=$PATH:/usr/local/bin/
  91
  92             # If no violations were found, no lint log will exist.
  93             if [[ -e securityscan.log ]] ; then
  94                 echo -e "\nposting security scan report to gerrit...\n"
  95
  96                 cat securityscan.log
  97                 echo
  98
  99                 ssh -p 29418 gerrit.opnfv.org \
 100                     "gerrit review -p $GERRIT_PROJECT \
 101                      -m \"$(cat securityscan.log)\" \
 102                      $GERRIT_PATCHSET_REVISION \
 103                      --notify NONE"
 104
 105                 exit 1
 106             fi