summaryrefslogtreecommitdiffstats
path: root/jjb/ci_gate_security
diff options
context:
space:
mode:
Diffstat (limited to 'jjb/ci_gate_security')
-rw-r--r--jjb/ci_gate_security/anteater-report-to-gerrit.sh28
-rw-r--r--jjb/ci_gate_security/anteater-security-audit-weekly.sh50
-rw-r--r--jjb/ci_gate_security/anteater-security-audit.sh32
-rw-r--r--jjb/ci_gate_security/opnfv-ci-gate-security.yaml190
4 files changed, 0 insertions, 300 deletions
diff --git a/jjb/ci_gate_security/anteater-report-to-gerrit.sh b/jjb/ci_gate_security/anteater-report-to-gerrit.sh
deleted file mode 100644
index 51a8ac47b..000000000
--- a/jjb/ci_gate_security/anteater-report-to-gerrit.sh
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/bin/bash
-# SPDX-license-identifier: Apache-2.0
-set -o pipefail
-export PATH=$PATH:/usr/local/bin/
-EXITSTATUS=0
-
-# This Log should always exist
-if [[ -e securityaudit.log ]] ; then
-
- #check if log has errors
- if grep ERROR securityaudit.log; then
- EXITSTATUS=1
- fi
-
- grep 'ERROR' securityaudit.log | awk -F"ERROR - " '{ print $2 }' | tr -d "\'\"" > shortlog
-
- # Only report to Gerrit when there are errors to report.
- if [[ -s shortlog ]]; then
- echo -e "\nposting security audit report to gerrit...\n"
- ssh -p 29418 gerrit.opnfv.org \
- "gerrit review -p $GERRIT_PROJECT \
- -m \"$(cat shortlog)\" \
- $GERRIT_PATCHSET_REVISION \
- --notify NONE"
- fi
-
- exit $EXITSTATUS
-fi
diff --git a/jjb/ci_gate_security/anteater-security-audit-weekly.sh b/jjb/ci_gate_security/anteater-security-audit-weekly.sh
deleted file mode 100644
index 6caa13117..000000000
--- a/jjb/ci_gate_security/anteater-security-audit-weekly.sh
+++ /dev/null
@@ -1,50 +0,0 @@
-#!/bin/bash
-# SPDX-license-identifier: Apache-2.0
-##############################################################################
-# Copyright (c) 2017 The Linux Foundation and others.
-# All rights reserved. This program and the accompanying materials
-# are made available under the terms of the Apache License, Version 2.0
-# which accompanies this distribution, and is available at
-# http://www.apache.org/licenses/LICENSE-2.0
-##############################################################################
-
-ANTEATER_SCAN_PATCHSET="${ANTEATER_SCAN_PATCHSET:-true}"
-
-cd $WORKSPACE
-REPORTDIR='.reports'
-mkdir -p $REPORTDIR
-# Ensure any user can read the reports directory
-chmod 777 $REPORTDIR
-
-ANTEATER_FILES="--patchset /home/opnfv/anteater/$PROJECT/patchset"
-
-if [[ "$ANTEATER_SCAN_PATCHSET" == "true" ]]; then
- echo "Generating patchset file to list changed files"
- git diff HEAD^1 --name-only | sed "s#^#/home/opnfv/anteater/$PROJECT/#" > $WORKSPACE/patchset
- echo "Changed files are"
- echo "--------------------------------------------------------"
- cat $WORKSPACE/patchset
- echo "--------------------------------------------------------"
-else
- echo "Checking full project $PROJECT"
- ANTEATER_FILES="--path /home/opnfv/anteater/$PROJECT"
-fi
-
-vols="-v $WORKSPACE:/home/opnfv/anteater/$PROJECT -v $WORKSPACE/$REPORTDIR:/home/opnfv/anteater/$REPORTDIR"
-envs="-e PROJECT=$PROJECT"
-
-echo "Pulling releng-anteater docker image"
-echo "--------------------------------------------------------"
-docker pull opnfv/releng-anteater
-echo "--------------------------------------------------------"
-
-cmd="docker run -i $envs $vols --rm opnfv/releng-anteater \
-/home/opnfv/venv/bin/anteater --project $PROJECT $ANTEATER_FILES"
-echo "Running docker container"
-echo "$cmd"
-$cmd > $WORKSPACE/securityaudit.log 2>&1
-exit_code=$?
-echo "--------------------------------------------------------"
-echo "Docker container exited with code: $exit_code"
-echo "--------------------------------------------------------"
-exit 0
diff --git a/jjb/ci_gate_security/anteater-security-audit.sh b/jjb/ci_gate_security/anteater-security-audit.sh
deleted file mode 100644
index 8a170b044..000000000
--- a/jjb/ci_gate_security/anteater-security-audit.sh
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/bin/bash
-cd $WORKSPACE
-REPORTDIR='.reports'
-mkdir -p $REPORTDIR
-# Ensure any user can read the reports directory
-chmod 777 $REPORTDIR
-echo "Generating patchset file to list changed files"
-git diff HEAD^1 --name-only | sed "s#^#/home/opnfv/anteater/$PROJECT/#" > $WORKSPACE/patchset
-echo "Changed files are"
-echo "--------------------------------------------------------"
-cat $WORKSPACE/patchset
-echo "--------------------------------------------------------"
-
-vols="-v $WORKSPACE:/home/opnfv/anteater/$PROJECT -v $WORKSPACE/$REPORTDIR:/home/opnfv/anteater/$REPORTDIR"
-envs="-e PROJECT=$PROJECT"
-
-echo "Pulling releng-anteater docker image"
-echo "--------------------------------------------------------"
-docker pull opnfv/releng-anteater
-echo "--------------------------------------------------------"
-
-cmd="docker run -i $envs $vols --rm opnfv/releng-anteater \
-/home/opnfv/venv/bin/anteater --project $PROJECT --patchset /home/opnfv/anteater/$PROJECT/patchset"
-echo "Running docker container"
-echo "$cmd"
-$cmd > $WORKSPACE/securityaudit.log 2>&1
-exit_code=$?
-echo "--------------------------------------------------------"
-echo "Docker container exited with code: $exit_code"
-echo "--------------------------------------------------------"
-cat securityaudit.log
-exit 0
diff --git a/jjb/ci_gate_security/opnfv-ci-gate-security.yaml b/jjb/ci_gate_security/opnfv-ci-gate-security.yaml
deleted file mode 100644
index 1f75829a7..000000000
--- a/jjb/ci_gate_security/opnfv-ci-gate-security.yaml
+++ /dev/null
@@ -1,190 +0,0 @@
----
-# SPDX-license-identifier: Apache-2.0
-########################
-# Job configuration for opnfv-anteater (security audit)
-########################
-- project:
-
- name: anteaterfw
-
- project: anteaterfw
-
- repo:
- - apex
- - apex-os-net-config
- - apex-puppet-tripleo
- - apex-tripleo-heat-templates
- - armband
- - auto
- - availability
- - bamboo
- - barometer
- - bottlenecks
- - calipso
- - clover
- - container4nfv
- - cperf
- - daisy
- - doctor
- - domino
- - dovetail
- - dpacc
- - enfv
- - fds
- - fuel
- - ipv6
- - joid
- - kvmfornfv
- - models
- - moon
- - nfvbench
- - onosfw
- - opera
- - opnfvdocs
- - orchestra
- - ovn4nfv
- - ovno
- - ovsnfv
- - parser
- - pharos
- - qtip
- - releng
- - releng-anteater
- - releng-testresults
- - releng-utils
- - releng-xci
- - samplevnf
- - sdnvpn
- - securityscanning
- - sfc
- - snaps
- - stor4nfv
- - storperf
- - ves
- - vswitchperf
- - yardstick
-
- jobs:
- - 'opnfv-security-audit-verify-{stream}'
- - 'opnfv-security-audit-{repo}-weekly-{stream}'
-
- stream:
- - master:
- branch: '{stream}'
- gs-pathname: ''
- disabled: false
-
-########################
-# job templates
-########################
-- job-template:
- name: 'opnfv-security-audit-{repo}-weekly-{stream}'
-
- disabled: '{obj:disabled}'
-
- parameters:
- - opnfv-build-defaults
- - string:
- name: ANTEATER_SCAN_PATCHSET
- default: "false"
- description: "Have anteater scan patchsets (true) or full project (false)"
- - project-parameter:
- project: '{repo}'
- branch: '{branch}'
-
- scm:
- - git-scm-gerrit
-
- triggers:
- - timed: '@weekly'
-
- builders:
- - anteater-security-audit-weekly
-
- publishers:
- # defined in jjb/global/releng-macros.yml
- - 'email-{repo}-ptl':
- subject: 'OPNFV Security Scan Result: {repo}'
- - workspace-cleanup:
- fail-build: false
-
-- job-template:
- name: 'opnfv-security-audit-verify-{stream}'
-
- disabled: '{obj:disabled}'
-
- parameters:
- - label:
- name: SLAVE_LABEL
- default: 'opnfv-build'
- description: 'Slave label on Jenkins'
- all-nodes: false
- node-eligibility: 'ignore-offline'
- - project-parameter:
- project: $GERRIT_PROJECT
- branch: '{branch}'
- - string:
- name: GIT_BASE
- default: https://gerrit.opnfv.org/gerrit/$PROJECT
- # yamllint disable rule:line-length
- description: "Used for overriding the GIT URL coming from Global Jenkins configuration in case if the stuff is done on none-LF HW."
- # yamllint enable rule:line-length
-
- scm:
- - git-scm-gerrit
-
- # yamllint disable rule:line-length
- triggers:
- - gerrit:
- server-name: 'gerrit.opnfv.org'
- trigger-on:
- - patchset-created-event:
- exclude-drafts: 'false'
- exclude-trivial-rebase: 'false'
- exclude-no-code-change: 'false'
- - draft-published-event
- - comment-added-contains-event:
- comment-contains-value: 'recheck'
- projects:
- - project-compare-type: 'REG_EXP'
- project-pattern: 'apex|armband|bamboo|barometer|bottlenecks|calipso|cperf|daisy|doctor|dovetail|dpacc|enfv|fds|fuel|pharos|releng|sandbox|yardstick|infra|ipv6|kvmfornfv|models|moon'
- branches:
- - branch-compare-type: 'ANT'
- branch-pattern: '**/{branch}'
- file-paths:
- - compare-type: ANT
- pattern: '**'
- skip-vote:
- successful: true
- failed: true
- unstable: true
- notbuilt: true
- # yamllint enable rule:line-length
-
- builders:
- - anteater-security-audit
- - report-security-audit-result-to-gerrit
- publishers:
- - archive-artifacts:
- artifacts: ".reports/*"
-
-########################
-# builder macros
-########################
-- builder:
- name: anteater-security-audit
- builders:
- - shell:
- !include-raw: ./anteater-security-audit.sh
-
-- builder:
- name: report-security-audit-result-to-gerrit
- builders:
- - shell:
- !include-raw: ./anteater-report-to-gerrit.sh
-
-- builder:
- name: anteater-security-audit-weekly
- builders:
- - shell:
- !include-raw: ./anteater-security-audit-weekly.sh