diff options
author | Trevor Bramwell <tbramwell@linuxfoundation.org> | 2017-11-16 15:51:38 -0800 |
---|---|---|
committer | Trevor Bramwell <tbramwell@linuxfoundation.org> | 2017-11-27 12:33:22 -0800 |
commit | 0f548e950248e1c35c7dcd8e922834b3228a79e4 (patch) | |
tree | 9572d46ee1b3a413986492f943f764413af5f72b /jjb/ci_gate_security/anteater-security-audit-weekly.sh | |
parent | 4245897311f394b2d4805337d85f28c0988320ae (diff) |
Email Weekly Anteater Reports to PTLs
Completely replaces the current weekly security scan job. Instead of
publishing weekly security scan reports they will be emailed to
individual project PTLs.
Uses a modified copy of 'anteater-security-audit.sh' to ensure the
security scan job is not affected in this change. A later change will be
made to merge the file back in and update the jobs. This is why
'anteater-parameters' are added to both jobs-templates.
Change-Id: Ia8ebffbfce7a2d4feb83ef68ff0ab0c7bb4d2104
Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
Diffstat (limited to 'jjb/ci_gate_security/anteater-security-audit-weekly.sh')
-rw-r--r-- | jjb/ci_gate_security/anteater-security-audit-weekly.sh | 68 |
1 files changed, 41 insertions, 27 deletions
diff --git a/jjb/ci_gate_security/anteater-security-audit-weekly.sh b/jjb/ci_gate_security/anteater-security-audit-weekly.sh index 11909636a..25850af28 100644 --- a/jjb/ci_gate_security/anteater-security-audit-weekly.sh +++ b/jjb/ci_gate_security/anteater-security-audit-weekly.sh @@ -1,37 +1,51 @@ #!/bin/bash # SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2017 The Linux Foundation and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +ANTEATER_SCAN_PATCHSET="${ANTEATER_SCAN_PATCHSET:-true}" + +cd $WORKSPACE +REPORTDIR='.reports' +mkdir -p $REPORTDIR +# Ensure any user can read the reports directory +chmod 777 $REPORTDIR + +ANTEATER_FILES="--patchset /home/opnfv/anteater/$PROJECT/patchset" + +if [[ "$ANTEATER_SCAN_PATCHSET" == "true" ]]; then + echo "Generating patchset file to list changed files" + git diff HEAD^1 --name-only | sed "s#^#/home/opnfv/anteater/$PROJECT/#" > $WORKSPACE/patchset + echo "Changed files are" + echo "--------------------------------------------------------" + cat $WORKSPACE/patchset + echo "--------------------------------------------------------" +else + echo "Checking full project $PROJECT" + ANTEATER_FILES="--path /home/opnfv/anteater/$PROJECT" +fi + +vols="-v $WORKSPACE:/home/opnfv/anteater/$PROJECT -v $WORKSPACE/$REPORTDIR:/home/opnfv/anteater/$REPORTDIR" +envs="-e PROJECT=$PROJECT" -echo "--------------------------------------------------------" -vols="-v $WORKSPACE/allrepos/:/home/opnfv/anteater/allrepos/" echo "Pulling releng-anteater docker image" echo "--------------------------------------------------------" docker pull opnfv/releng-anteater echo "--------------------------------------------------------" -cmd="docker run -id $vols opnfv/releng-anteater /bin/bash" -echo "Running docker command $cmd" -container_id=$($cmd) -echo "Container ID is $container_id" -source $WORKSPACE/opnfv-projects.sh -for project in "${PROJECT_LIST[@]}" - -do - cmd="/home/opnfv/venv/bin/anteater --project testproj --path /home/opnfv/anteater/allrepos/$project" - echo "Executing command inside container" - echo "$cmd" - echo "--------------------------------------------------------" - docker exec $container_id $cmd > $WORKSPACE/"$project".securityaudit.log 2>&1 -done +cmd="docker run -i $envs $vols --rm opnfv/releng-anteater \ +/home/opnfv/venv/bin/anteater --project $PROJECT $ANTEATER_FILES" +echo "Running docker container" +echo "$cmd" +$cmd > $WORKSPACE/securityaudit.log 2>&1 exit_code=$? echo "--------------------------------------------------------" -echo "Stopping docker container with ID $container_id" -docker stop $container_id - - -#gsutil cp $WORKSPACE/securityaudit.log \ -# gs://$GS_URL/$PROJECT-securityaudit-weekly.log 2>&1 -# -#gsutil -m setmeta \ -# -h "Content-Type:text/html" \ -# -h "Cache-Control:private, max-age=0, no-transform" \ -# gs://$GS_URL/$PROJECT-securityaudit-weekly.log > /dev/null 2>&1 +echo "Docker container exited with code: $exit_code" +echo "--------------------------------------------------------" +cat securityaudit.log +exit 0 |