summaryrefslogtreecommitdiffstats
path: root/jjb/ci_gate_security/anteater-security-audit.sh
diff options
context:
space:
mode:
Diffstat (limited to 'jjb/ci_gate_security/anteater-security-audit.sh')
-rw-r--r--jjb/ci_gate_security/anteater-security-audit.sh33
1 files changed, 33 insertions, 0 deletions
diff --git a/jjb/ci_gate_security/anteater-security-audit.sh b/jjb/ci_gate_security/anteater-security-audit.sh
new file mode 100644
index 000000000..1ac558208
--- /dev/null
+++ b/jjb/ci_gate_security/anteater-security-audit.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+set -o pipefail
+
+cd $WORKSPACE
+echo "Generating patchset file to list changed files"
+git diff HEAD^1 --name-only | sed "s#^#/home/opnfv/anteater/$PROJECT/#" > $WORKSPACE/patchset
+echo "Changed files are"
+echo "--------------------------------------------------------"
+cat $WORKSPACE/patchset
+echo "--------------------------------------------------------"
+
+vols="-v $WORKSPACE:/home/opnfv/anteater/$PROJECT"
+envs="-e PROJECT=$PROJECT"
+
+echo "Pulling releng-anteater docker image"
+echo "--------------------------------------------------------"
+docker pull opnfv/releng-anteater
+echo "--------------------------------------------------------"
+
+cmd="docker run --user $JENKINS_USER -id $envs $vols --rm opnfv/releng-anteater /bin/bash"
+echo "Running docker command $cmd"
+container_id=$($cmd)
+echo "Container ID is $container_id"
+cmd="anteater --project $PROJECT --patchset /home/opnfv/anteater/$PROJECT/patchset"
+echo "Executing command inside container"
+echo "$cmd"
+echo "--------------------------------------------------------"
+docker exec $container_id $cmd
+exit_code=$?
+echo "--------------------------------------------------------"
+echo "Stopping docker container with ID $container_id"
+docker stop $container_id
+exit $exit_code