summaryrefslogtreecommitdiffstats
path: root/jjb/ci_gate_security/opnfv-ci-gate-security.yml
diff options
context:
space:
mode:
Diffstat (limited to 'jjb/ci_gate_security/opnfv-ci-gate-security.yml')
-rw-r--r--jjb/ci_gate_security/opnfv-ci-gate-security.yml104
1 files changed, 91 insertions, 13 deletions
diff --git a/jjb/ci_gate_security/opnfv-ci-gate-security.yml b/jjb/ci_gate_security/opnfv-ci-gate-security.yml
index e09339a4b..d54aebea4 100644
--- a/jjb/ci_gate_security/opnfv-ci-gate-security.yml
+++ b/jjb/ci_gate_security/opnfv-ci-gate-security.yml
@@ -9,9 +9,76 @@
project: anteaterfw
+ repo:
+ - apex
+ - apex-os-net-config
+ - apex-puppet-tripleo
+ - apex-tripleo-heat-templates
+ - armband
+ - auto
+ - availability
+ - bamboo
+ - barometer
+ - bottlenecks
+ - calipso
+ - clover
+ - compass-containers
+ - compass4nfv
+ - conductor
+ - container4nfv
+ - copper
+ - cperf
+ - daisy
+ - doctor
+ - domino
+ - dovetail
+ - dpacc
+ - enfv
+ - fastpathmetrics
+ - fds
+ - fuel
+ - functest
+ - ipv6
+ - joid
+ - kvmfornfv
+ - models
+ - moon
+ - multisite
+ - netready
+ - nfvbench
+ - octopus
+ - onosfw
+ - openretriever
+ - opera
+ - opnfvdocs
+ - orchestra
+ - ovn4nfv
+ - ovno
+ - ovsnfv
+ - parser
+ - pharos
+ - pharos-tools
+ - promise
+ - qtip
+ - releng
+ - releng-anteater
+ - releng-testresults
+ - releng-utils
+ - releng-xci
+ - samplevnf
+ - sdnvpn
+ - securityscanning
+ - sfc
+ - snaps
+ - stor4nfv
+ - storperf
+ - ves
+ - vswitchperf
+ - yardstick
+
jobs:
- 'opnfv-security-audit-verify-{stream}'
- - 'opnfv-security-audit-weekly-{stream}'
+ - 'opnfv-security-audit-{repo}-weekly-{stream}'
stream:
- master:
@@ -23,18 +90,26 @@
# job templates
########################
- job-template:
- name: 'opnfv-security-audit-weekly-{stream}'
+ name: 'opnfv-security-audit-{repo}-weekly-{stream}'
disabled: '{obj:disabled}'
parameters:
- - label:
- name: SLAVE_LABEL
- default: 'ericsson-build3'
- description: 'Slave label on Jenkins'
+ - ericsson-build3-defaults
+ - string:
+ name: ANTEATER_SCAN_PATCHSET
+ default: "false"
+ description: "Have anteater scan patchsets (true) or full project (false)"
- project-parameter:
- project: releng
+ project: '{repo}'
branch: '{branch}'
+ - string:
+ name: GERRIT_REFSPEC
+ default: 'refs/heads/{stream}'
+ description: "Default Gerrit ref git HEAD should point to"
+
+ scm:
+ - git-scm-gerrit
triggers:
- timed: '@weekly'
@@ -42,6 +117,13 @@
builders:
- anteater-security-audit-weekly
+ publishers:
+ # defined in jjb/global/releng-macros.yml
+ - 'email-{repo}-ptl':
+ subject: 'OPNFV Security Scan Result: {repo}'
+ - workspace-cleanup:
+ fail-build: false
+
- job-template:
name: 'opnfv-security-audit-verify-{stream}'
@@ -81,7 +163,7 @@
comment-contains-value: 'reverify'
projects:
- project-compare-type: 'REG_EXP'
- project-pattern: 'apex|armband|bamboo|barometer|bottlenecks|calipso|compass4nfv|conductor|cooper|cperf|daisy|doctor|dovetail|dpacc|enfv|escalator|fds|fuel|functest|octopus|pharos|releng|sandbox|yardstick'
+ project-pattern: 'apex|armband|bamboo|barometer|bottlenecks|calipso|compass4nfv|conductor|copper|cperf|daisy|doctor|dovetail|dpacc|enfv|escalator|fds|fuel|functest|octopus|pharos|releng|sandbox|yardstick|infra|ipv6|kvmfornfv|lsoapi|models|moon|multisite|netready'
branches:
- branch-compare-type: 'ANT'
branch-pattern: '**/{branch}'
@@ -117,12 +199,8 @@
- shell:
!include-raw: ./anteater-report-to-gerrit.sh
-# yamllint disable rule:indentation
- builder:
name: anteater-security-audit-weekly
builders:
- shell:
- !include-raw:
- - ./anteater-clone-all-repos.sh
- - ./anteater-security-audit-weekly.sh
-# yamllint enable rule:indentation
+ !include-raw: ./anteater-security-audit-weekly.sh