diff options
| -rwxr-xr-x | jjb/ci_gate_security/anteater-clone-all-repos.sh | 33 | ||||
| -rw-r--r-- | jjb/ci_gate_security/anteater-report-to-gerrit.sh | 2 | ||||
| -rw-r--r-- | jjb/ci_gate_security/anteater-security-audit-weekly.sh | 37 | ||||
| -rw-r--r-- | jjb/ci_gate_security/opnfv-ci-gate-security.yml | 30 | ||||
| -rw-r--r-- | jjb/compass4nfv/compass-ci-jobs.yml | 2 | ||||
| -rw-r--r-- | jjb/compass4nfv/compass-dovetail-jobs.yml | 2 | ||||
| -rw-r--r-- | jjb/compass4nfv/compass-verify-jobs.yml | 6 | ||||
| -rw-r--r-- | jjb/doctor/doctor.yml | 33 |
8 files changed, 139 insertions, 6 deletions
diff --git a/jjb/ci_gate_security/anteater-clone-all-repos.sh b/jjb/ci_gate_security/anteater-clone-all-repos.sh new file mode 100755 index 000000000..8a9e73d85 --- /dev/null +++ b/jjb/ci_gate_security/anteater-clone-all-repos.sh @@ -0,0 +1,33 @@ +#!/bin/bash +# SPDX-license-identifier: Apache-2.0 +set -o errexit +set -o pipefail +set -o nounset +export PATH=$PATH:/usr/local/bin/ + + +#WORKSPACE="$(pwd)" + +cd $WORKSPACE +if [ ! -d "$WORKSPACE/allrepos" ]; then + mkdir $WORKSPACE/allrepos +fi + +cd $WORKSPACE/allrepos + +declare -a PROJECT_LIST +EXCLUDE_PROJECTS="All-Projects|All-Users|securedlab" + +PROJECT_LIST=($(ssh gerrit.opnfv.org -p 29418 gerrit ls-projects | egrep -v $EXCLUDE_PROJECTS)) +echo "PROJECT_LIST=(${PROJECT_LIST[*]})" > $WORKSPACE/opnfv-projects.sh + +for PROJECT in ${PROJECT_LIST[@]}; do + echo "> Cloning $PROJECT" + if [ ! -d "$PROJECT" ]; then + git clone "https://gerrit.opnfv.org/gerrit/$PROJECT.git" + else + pushd "$PROJECT" > /dev/null + git pull -f + popd > /dev/null + fi +done diff --git a/jjb/ci_gate_security/anteater-report-to-gerrit.sh b/jjb/ci_gate_security/anteater-report-to-gerrit.sh index 71c5a0679..fc3018fb4 100644 --- a/jjb/ci_gate_security/anteater-report-to-gerrit.sh +++ b/jjb/ci_gate_security/anteater-report-to-gerrit.sh @@ -1,5 +1,5 @@ #!/bin/bash -set -o errexit +# SPDX-license-identifier: Apache-2.0 set -o pipefail export PATH=$PATH:/usr/local/bin/ EXITSTATUS=0 diff --git a/jjb/ci_gate_security/anteater-security-audit-weekly.sh b/jjb/ci_gate_security/anteater-security-audit-weekly.sh new file mode 100644 index 000000000..99f2820ec --- /dev/null +++ b/jjb/ci_gate_security/anteater-security-audit-weekly.sh @@ -0,0 +1,37 @@ +#!/bin/bash +# SPDX-license-identifier: Apache-2.0 + +echo "--------------------------------------------------------" +vols="-v $WORKSPACE/allrepos/:/home/opnfv/anteater/allrepos/" +echo "Pulling releng-anteater docker image" +echo "--------------------------------------------------------" +docker pull opnfv/releng-anteater +echo "--------------------------------------------------------" +cmd="docker run --user nobody -id $vols opnfv/releng-anteater /bin/bash" +echo "Running docker command $cmd" +container_id=$($cmd) +echo "Container ID is $container_id" +source $WORKSPACE/opnfv-projects.sh +for project in "${PROJECT_LIST[@]}" + +do + cmd="anteater --project testproj --path /home/opnfv/anteater/allrepos/$project" + echo "Executing command inside container" + echo "$cmd" + echo "--------------------------------------------------------" + docker exec $container_id $cmd > $WORKSPACE/"$project".securityaudit.log 2>&1 +done + +exit_code=$? +echo "--------------------------------------------------------" +echo "Stopping docker container with ID $container_id" +docker stop $container_id + + +#gsutil cp $WORKSPACE/securityaudit.log \ +# gs://$GS_URL/$PROJECT-securityaudit-weekly.log 2>&1 +# +#gsutil -m setmeta \ +# -h "Content-Type:text/html" \ +# -h "Cache-Control:private, max-age=0, no-transform" \ +# gs://$GS_URL/$PROJECT-securityaudit-weekly.log > /dev/null 2>&1 diff --git a/jjb/ci_gate_security/opnfv-ci-gate-security.yml b/jjb/ci_gate_security/opnfv-ci-gate-security.yml index e2ad03eae..2cbb5cd99 100644 --- a/jjb/ci_gate_security/opnfv-ci-gate-security.yml +++ b/jjb/ci_gate_security/opnfv-ci-gate-security.yml @@ -1,3 +1,4 @@ +# SPDX-license-identifier: Apache-2.0 ######################## # Job configuration for opnfv-anteater (security audit) ######################## @@ -9,6 +10,7 @@ jobs: - 'opnfv-security-audit-verify-{stream}' + - 'opnfv-security-audit-weekly-{stream}' stream: - master: @@ -20,6 +22,26 @@ # job templates ######################## - job-template: + name: 'opnfv-security-audit-weekly-{stream}' + + disabled: '{obj:disabled}' + + parameters: + - label: + name: SLAVE_LABEL + default: 'ericsson-build3' + description: 'Slave label on Jenkins' + - project-parameter: + project: releng + branch: '{branch}' + + triggers: + - timed: '0 H/6 * * *' + + builders: + - anteater-security-audit-weekly + +- job-template: name: 'opnfv-security-audit-verify-{stream}' disabled: '{obj:disabled}' @@ -85,3 +107,11 @@ builders: - shell: !include-raw: ./anteater-report-to-gerrit.sh + +- builder: + name: anteater-security-audit-weekly + builders: + - shell: + !include-raw: + - ./anteater-clone-all-repos.sh + - ./anteater-security-audit-weekly.sh diff --git a/jjb/compass4nfv/compass-ci-jobs.yml b/jjb/compass4nfv/compass-ci-jobs.yml index 0c9f64d9a..f4f49b666 100644 --- a/jjb/compass4nfv/compass-ci-jobs.yml +++ b/jjb/compass4nfv/compass-ci-jobs.yml @@ -205,7 +205,7 @@ - build-name: name: '$BUILD_NUMBER - Scenario: $DEPLOY_SCENARIO' - timeout: - timeout: 150 + timeout: 240 abort: true - fix-workspace-permissions diff --git a/jjb/compass4nfv/compass-dovetail-jobs.yml b/jjb/compass4nfv/compass-dovetail-jobs.yml index b46c73221..67d1e4eee 100644 --- a/jjb/compass4nfv/compass-dovetail-jobs.yml +++ b/jjb/compass4nfv/compass-dovetail-jobs.yml @@ -136,7 +136,7 @@ - build-name: name: '$BUILD_NUMBER - Scenario: $DEPLOY_SCENARIO' - timeout: - timeout: 150 + timeout: 240 abort: true - fix-workspace-permissions diff --git a/jjb/compass4nfv/compass-verify-jobs.yml b/jjb/compass4nfv/compass-verify-jobs.yml index 258315844..e43f976b5 100644 --- a/jjb/compass4nfv/compass-verify-jobs.yml +++ b/jjb/compass4nfv/compass-verify-jobs.yml @@ -74,7 +74,7 @@ wrappers: - ssh-agent-wrapper - timeout: - timeout: 150 + timeout: 240 fail: true - fix-workspace-permissions @@ -197,7 +197,7 @@ wrappers: - ssh-agent-wrapper - timeout: - timeout: 150 + timeout: 240 fail: true - fix-workspace-permissions @@ -297,7 +297,7 @@ wrappers: - ssh-agent-wrapper - timeout: - timeout: 150 + timeout: 240 fail: true - fix-workspace-permissions diff --git a/jjb/doctor/doctor.yml b/jjb/doctor/doctor.yml index 807d436da..eb230b59d 100644 --- a/jjb/doctor/doctor.yml +++ b/jjb/doctor/doctor.yml @@ -38,8 +38,15 @@ profiler: 'poc' auto-trigger-name: 'experimental' + pod: + - arm-pod2: + slave-label: '{pod}' + - arm-pod3: + slave-label: '{pod}' + jobs: - 'doctor-verify-{stream}' + - 'doctor-{task}-{installer}-{inspector}-{pod}-{stream}' - 'doctor-{task}-{installer}-{inspector}-{stream}' - job-template: @@ -83,6 +90,32 @@ - shell: "[ -e tests/run.sh ] && bash -n ./tests/run.sh" - job-template: + name: 'doctor-{task}-{installer}-{inspector}-{pod}-{stream}' + + node: '{slave-label}' + + disabled: '{obj:disabled}' + + parameters: + - project-parameter: + project: '{project}' + branch: '{branch}' + - 'opnfv-build-ubuntu-defaults' + + scm: + - git-scm-gerrit + + + triggers: + - '{auto-trigger-name}': + project: '{project}' + branch: '{branch}' + + builders: + - shell: "[ -e tests/run.sh ] && bash -n ./tests/run.sh" + + +- job-template: name: 'doctor-{task}-{installer}-{inspector}-{stream}' node: '{slave-label}' |