diff options
-rw-r--r-- | jjb/ci_gate_security/anteater-security-audit.sh | 33 | ||||
-rw-r--r-- | jjb/ci_gate_security/opnfv-ci-gate-security.yml | 18 |
2 files changed, 39 insertions, 12 deletions
diff --git a/jjb/ci_gate_security/anteater-security-audit.sh b/jjb/ci_gate_security/anteater-security-audit.sh new file mode 100644 index 000000000..1ac558208 --- /dev/null +++ b/jjb/ci_gate_security/anteater-security-audit.sh @@ -0,0 +1,33 @@ +#!/bin/bash +set -o pipefail + +cd $WORKSPACE +echo "Generating patchset file to list changed files" +git diff HEAD^1 --name-only | sed "s#^#/home/opnfv/anteater/$PROJECT/#" > $WORKSPACE/patchset +echo "Changed files are" +echo "--------------------------------------------------------" +cat $WORKSPACE/patchset +echo "--------------------------------------------------------" + +vols="-v $WORKSPACE:/home/opnfv/anteater/$PROJECT" +envs="-e PROJECT=$PROJECT" + +echo "Pulling releng-anteater docker image" +echo "--------------------------------------------------------" +docker pull opnfv/releng-anteater +echo "--------------------------------------------------------" + +cmd="docker run --user $JENKINS_USER -id $envs $vols --rm opnfv/releng-anteater /bin/bash" +echo "Running docker command $cmd" +container_id=$($cmd) +echo "Container ID is $container_id" +cmd="anteater --project $PROJECT --patchset /home/opnfv/anteater/$PROJECT/patchset" +echo "Executing command inside container" +echo "$cmd" +echo "--------------------------------------------------------" +docker exec $container_id $cmd +exit_code=$? +echo "--------------------------------------------------------" +echo "Stopping docker container with ID $container_id" +docker stop $container_id +exit $exit_code diff --git a/jjb/ci_gate_security/opnfv-ci-gate-security.yml b/jjb/ci_gate_security/opnfv-ci-gate-security.yml index 732df8925..8ca0983c0 100644 --- a/jjb/ci_gate_security/opnfv-ci-gate-security.yml +++ b/jjb/ci_gate_security/opnfv-ci-gate-security.yml @@ -53,7 +53,7 @@ branch-pattern: '**/{branch}' file-paths: - compare-type: ANT - pattern: '**/*.py' + pattern: '**' skip-vote: successful: true failed: true @@ -61,23 +61,17 @@ notbuilt: true builders: - - security-audit-python-code - - report-security-audit-result-to-gerrit + - anteater-security-audit +# - report-security-audit-result-to-gerrit ######################## # builder macros ######################## - builder: - name: security-audit-python-code + name: anteater-security-audit builders: - - shell: | - #!/bin/bash - set -o errexit - set -o pipefail - set -o xtrace - export PATH=$PATH:/usr/local/bin/ + - shell: + !include-raw: ./anteater-security-audit.sh - # this is where the security/license audit script will be executed - echo "Hello World!" - builder: name: report-security-audit-result-to-gerrit builders: |