summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--jjb/ci_gate_security/anteater-security-audit.sh33
-rw-r--r--jjb/ci_gate_security/opnfv-ci-gate-security.yml18
2 files changed, 39 insertions, 12 deletions
diff --git a/jjb/ci_gate_security/anteater-security-audit.sh b/jjb/ci_gate_security/anteater-security-audit.sh
new file mode 100644
index 000000000..1ac558208
--- /dev/null
+++ b/jjb/ci_gate_security/anteater-security-audit.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+set -o pipefail
+
+cd $WORKSPACE
+echo "Generating patchset file to list changed files"
+git diff HEAD^1 --name-only | sed "s#^#/home/opnfv/anteater/$PROJECT/#" > $WORKSPACE/patchset
+echo "Changed files are"
+echo "--------------------------------------------------------"
+cat $WORKSPACE/patchset
+echo "--------------------------------------------------------"
+
+vols="-v $WORKSPACE:/home/opnfv/anteater/$PROJECT"
+envs="-e PROJECT=$PROJECT"
+
+echo "Pulling releng-anteater docker image"
+echo "--------------------------------------------------------"
+docker pull opnfv/releng-anteater
+echo "--------------------------------------------------------"
+
+cmd="docker run --user $JENKINS_USER -id $envs $vols --rm opnfv/releng-anteater /bin/bash"
+echo "Running docker command $cmd"
+container_id=$($cmd)
+echo "Container ID is $container_id"
+cmd="anteater --project $PROJECT --patchset /home/opnfv/anteater/$PROJECT/patchset"
+echo "Executing command inside container"
+echo "$cmd"
+echo "--------------------------------------------------------"
+docker exec $container_id $cmd
+exit_code=$?
+echo "--------------------------------------------------------"
+echo "Stopping docker container with ID $container_id"
+docker stop $container_id
+exit $exit_code
diff --git a/jjb/ci_gate_security/opnfv-ci-gate-security.yml b/jjb/ci_gate_security/opnfv-ci-gate-security.yml
index 732df8925..8ca0983c0 100644
--- a/jjb/ci_gate_security/opnfv-ci-gate-security.yml
+++ b/jjb/ci_gate_security/opnfv-ci-gate-security.yml
@@ -53,7 +53,7 @@
branch-pattern: '**/{branch}'
file-paths:
- compare-type: ANT
- pattern: '**/*.py'
+ pattern: '**'
skip-vote:
successful: true
failed: true
@@ -61,23 +61,17 @@
notbuilt: true
builders:
- - security-audit-python-code
- - report-security-audit-result-to-gerrit
+ - anteater-security-audit
+# - report-security-audit-result-to-gerrit
########################
# builder macros
########################
- builder:
- name: security-audit-python-code
+ name: anteater-security-audit
builders:
- - shell: |
- #!/bin/bash
- set -o errexit
- set -o pipefail
- set -o xtrace
- export PATH=$PATH:/usr/local/bin/
+ - shell:
+ !include-raw: ./anteater-security-audit.sh
- # this is where the security/license audit script will be executed
- echo "Hello World!"
- builder:
name: report-security-audit-result-to-gerrit
builders: