diff options
Diffstat (limited to 'jjb/ci_gate_security')
-rw-r--r-- | jjb/ci_gate_security/anteater-report-to-gerrit.sh | 28 | ||||
-rw-r--r-- | jjb/ci_gate_security/anteater-security-audit-weekly.sh | 50 | ||||
-rw-r--r-- | jjb/ci_gate_security/anteater-security-audit.sh | 32 | ||||
-rw-r--r-- | jjb/ci_gate_security/opnfv-ci-gate-security.yaml | 190 |
4 files changed, 0 insertions, 300 deletions
diff --git a/jjb/ci_gate_security/anteater-report-to-gerrit.sh b/jjb/ci_gate_security/anteater-report-to-gerrit.sh deleted file mode 100644 index 51a8ac47b..000000000 --- a/jjb/ci_gate_security/anteater-report-to-gerrit.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -# SPDX-license-identifier: Apache-2.0 -set -o pipefail -export PATH=$PATH:/usr/local/bin/ -EXITSTATUS=0 - -# This Log should always exist -if [[ -e securityaudit.log ]] ; then - - #check if log has errors - if grep ERROR securityaudit.log; then - EXITSTATUS=1 - fi - - grep 'ERROR' securityaudit.log | awk -F"ERROR - " '{ print $2 }' | tr -d "\'\"" > shortlog - - # Only report to Gerrit when there are errors to report. - if [[ -s shortlog ]]; then - echo -e "\nposting security audit report to gerrit...\n" - ssh -p 29418 gerrit.opnfv.org \ - "gerrit review -p $GERRIT_PROJECT \ - -m \"$(cat shortlog)\" \ - $GERRIT_PATCHSET_REVISION \ - --notify NONE" - fi - - exit $EXITSTATUS -fi diff --git a/jjb/ci_gate_security/anteater-security-audit-weekly.sh b/jjb/ci_gate_security/anteater-security-audit-weekly.sh deleted file mode 100644 index 6caa13117..000000000 --- a/jjb/ci_gate_security/anteater-security-audit-weekly.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash -# SPDX-license-identifier: Apache-2.0 -############################################################################## -# Copyright (c) 2017 The Linux Foundation and others. -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -ANTEATER_SCAN_PATCHSET="${ANTEATER_SCAN_PATCHSET:-true}" - -cd $WORKSPACE -REPORTDIR='.reports' -mkdir -p $REPORTDIR -# Ensure any user can read the reports directory -chmod 777 $REPORTDIR - -ANTEATER_FILES="--patchset /home/opnfv/anteater/$PROJECT/patchset" - -if [[ "$ANTEATER_SCAN_PATCHSET" == "true" ]]; then - echo "Generating patchset file to list changed files" - git diff HEAD^1 --name-only | sed "s#^#/home/opnfv/anteater/$PROJECT/#" > $WORKSPACE/patchset - echo "Changed files are" - echo "--------------------------------------------------------" - cat $WORKSPACE/patchset - echo "--------------------------------------------------------" -else - echo "Checking full project $PROJECT" - ANTEATER_FILES="--path /home/opnfv/anteater/$PROJECT" -fi - -vols="-v $WORKSPACE:/home/opnfv/anteater/$PROJECT -v $WORKSPACE/$REPORTDIR:/home/opnfv/anteater/$REPORTDIR" -envs="-e PROJECT=$PROJECT" - -echo "Pulling releng-anteater docker image" -echo "--------------------------------------------------------" -docker pull opnfv/releng-anteater -echo "--------------------------------------------------------" - -cmd="docker run -i $envs $vols --rm opnfv/releng-anteater \ -/home/opnfv/venv/bin/anteater --project $PROJECT $ANTEATER_FILES" -echo "Running docker container" -echo "$cmd" -$cmd > $WORKSPACE/securityaudit.log 2>&1 -exit_code=$? -echo "--------------------------------------------------------" -echo "Docker container exited with code: $exit_code" -echo "--------------------------------------------------------" -exit 0 diff --git a/jjb/ci_gate_security/anteater-security-audit.sh b/jjb/ci_gate_security/anteater-security-audit.sh deleted file mode 100644 index 8a170b044..000000000 --- a/jjb/ci_gate_security/anteater-security-audit.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -cd $WORKSPACE -REPORTDIR='.reports' -mkdir -p $REPORTDIR -# Ensure any user can read the reports directory -chmod 777 $REPORTDIR -echo "Generating patchset file to list changed files" -git diff HEAD^1 --name-only | sed "s#^#/home/opnfv/anteater/$PROJECT/#" > $WORKSPACE/patchset -echo "Changed files are" -echo "--------------------------------------------------------" -cat $WORKSPACE/patchset -echo "--------------------------------------------------------" - -vols="-v $WORKSPACE:/home/opnfv/anteater/$PROJECT -v $WORKSPACE/$REPORTDIR:/home/opnfv/anteater/$REPORTDIR" -envs="-e PROJECT=$PROJECT" - -echo "Pulling releng-anteater docker image" -echo "--------------------------------------------------------" -docker pull opnfv/releng-anteater -echo "--------------------------------------------------------" - -cmd="docker run -i $envs $vols --rm opnfv/releng-anteater \ -/home/opnfv/venv/bin/anteater --project $PROJECT --patchset /home/opnfv/anteater/$PROJECT/patchset" -echo "Running docker container" -echo "$cmd" -$cmd > $WORKSPACE/securityaudit.log 2>&1 -exit_code=$? -echo "--------------------------------------------------------" -echo "Docker container exited with code: $exit_code" -echo "--------------------------------------------------------" -cat securityaudit.log -exit 0 diff --git a/jjb/ci_gate_security/opnfv-ci-gate-security.yaml b/jjb/ci_gate_security/opnfv-ci-gate-security.yaml deleted file mode 100644 index 1f75829a7..000000000 --- a/jjb/ci_gate_security/opnfv-ci-gate-security.yaml +++ /dev/null @@ -1,190 +0,0 @@ ---- -# SPDX-license-identifier: Apache-2.0 -######################## -# Job configuration for opnfv-anteater (security audit) -######################## -- project: - - name: anteaterfw - - project: anteaterfw - - repo: - - apex - - apex-os-net-config - - apex-puppet-tripleo - - apex-tripleo-heat-templates - - armband - - auto - - availability - - bamboo - - barometer - - bottlenecks - - calipso - - clover - - container4nfv - - cperf - - daisy - - doctor - - domino - - dovetail - - dpacc - - enfv - - fds - - fuel - - ipv6 - - joid - - kvmfornfv - - models - - moon - - nfvbench - - onosfw - - opera - - opnfvdocs - - orchestra - - ovn4nfv - - ovno - - ovsnfv - - parser - - pharos - - qtip - - releng - - releng-anteater - - releng-testresults - - releng-utils - - releng-xci - - samplevnf - - sdnvpn - - securityscanning - - sfc - - snaps - - stor4nfv - - storperf - - ves - - vswitchperf - - yardstick - - jobs: - - 'opnfv-security-audit-verify-{stream}' - - 'opnfv-security-audit-{repo}-weekly-{stream}' - - stream: - - master: - branch: '{stream}' - gs-pathname: '' - disabled: false - -######################## -# job templates -######################## -- job-template: - name: 'opnfv-security-audit-{repo}-weekly-{stream}' - - disabled: '{obj:disabled}' - - parameters: - - opnfv-build-defaults - - string: - name: ANTEATER_SCAN_PATCHSET - default: "false" - description: "Have anteater scan patchsets (true) or full project (false)" - - project-parameter: - project: '{repo}' - branch: '{branch}' - - scm: - - git-scm-gerrit - - triggers: - - timed: '@weekly' - - builders: - - anteater-security-audit-weekly - - publishers: - # defined in jjb/global/releng-macros.yml - - 'email-{repo}-ptl': - subject: 'OPNFV Security Scan Result: {repo}' - - workspace-cleanup: - fail-build: false - -- job-template: - name: 'opnfv-security-audit-verify-{stream}' - - disabled: '{obj:disabled}' - - parameters: - - label: - name: SLAVE_LABEL - default: 'opnfv-build' - description: 'Slave label on Jenkins' - all-nodes: false - node-eligibility: 'ignore-offline' - - project-parameter: - project: $GERRIT_PROJECT - branch: '{branch}' - - string: - name: GIT_BASE - default: https://gerrit.opnfv.org/gerrit/$PROJECT - # yamllint disable rule:line-length - description: "Used for overriding the GIT URL coming from Global Jenkins configuration in case if the stuff is done on none-LF HW." - # yamllint enable rule:line-length - - scm: - - git-scm-gerrit - - # yamllint disable rule:line-length - triggers: - - gerrit: - server-name: 'gerrit.opnfv.org' - trigger-on: - - patchset-created-event: - exclude-drafts: 'false' - exclude-trivial-rebase: 'false' - exclude-no-code-change: 'false' - - draft-published-event - - comment-added-contains-event: - comment-contains-value: 'recheck' - projects: - - project-compare-type: 'REG_EXP' - project-pattern: 'apex|armband|bamboo|barometer|bottlenecks|calipso|cperf|daisy|doctor|dovetail|dpacc|enfv|fds|fuel|pharos|releng|sandbox|yardstick|infra|ipv6|kvmfornfv|models|moon' - branches: - - branch-compare-type: 'ANT' - branch-pattern: '**/{branch}' - file-paths: - - compare-type: ANT - pattern: '**' - skip-vote: - successful: true - failed: true - unstable: true - notbuilt: true - # yamllint enable rule:line-length - - builders: - - anteater-security-audit - - report-security-audit-result-to-gerrit - publishers: - - archive-artifacts: - artifacts: ".reports/*" - -######################## -# builder macros -######################## -- builder: - name: anteater-security-audit - builders: - - shell: - !include-raw: ./anteater-security-audit.sh - -- builder: - name: report-security-audit-result-to-gerrit - builders: - - shell: - !include-raw: ./anteater-report-to-gerrit.sh - -- builder: - name: anteater-security-audit-weekly - builders: - - shell: - !include-raw: ./anteater-security-audit-weekly.sh |