3 files changed, 76 insertions, 38 deletions
diff --git a/jjb/ci_gate_security/anteater-report-to-gerrit.sh b/jjb/ci_gate_security/anteater-report-to-gerrit.sh
new file mode 100644
index 000000000..c0bf9fa5b
--- /dev/null
+++ b/jjb/ci_gate_security/anteater-report-to-gerrit.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+set -o errexit
+set -o pipefail
+export PATH=$PATH:/usr/local/bin/
+EXITSTATUS=0
+
+# If no violations were found, no lint log will exist.
+if [[ -e securityaudit.log ]] ; then
+    echo -e "\nposting security audit report to gerrit...\n"
+
+if grep ERROR securityaudit.log; then 
+EXITSTATUS=1
+fi
+
+    cat securityaudit.log  | awk -F"ERROR -\ " '{print $2}' > shortlog
+
+    ssh -p 29418 gerrit.opnfv.org \
+        "gerrit review -p $GERRIT_PROJECT \
+         -m \"$(cat shortlog)\" \
+         $GERRIT_PATCHSET_REVISION \
+         --notify NONE"
+
+    exit $EXITSTATUS
+fi
diff --git a/jjb/ci_gate_security/anteater-security-audit.sh b/jjb/ci_gate_security/anteater-security-audit.sh
new file mode 100644
index 000000000..d5c0e407c
--- /dev/null
+++ b/jjb/ci_gate_security/anteater-security-audit.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+cd $WORKSPACE
+echo "Generating patchset file to list changed files"
+git diff HEAD^1 --name-only | sed "s#^#/home/opnfv/anteater/$PROJECT/#" > $WORKSPACE/patchset
+echo "Changed files are"
+echo "--------------------------------------------------------"
+cat $WORKSPACE/patchset
+echo "--------------------------------------------------------"
+
+vols="-v $WORKSPACE:/home/opnfv/anteater/$PROJECT"
+envs="-e PROJECT=$PROJECT"
+
+echo "Pulling releng-anteater docker image"
+echo "--------------------------------------------------------"
+docker pull opnfv/releng-anteater
+echo "--------------------------------------------------------"
+
+cmd="sudo docker run --privileged=true -id $envs $vols opnfv/releng-anteater /bin/bash"
+echo "Running docker command $cmd"
+container_id=$($cmd)
+echo "Container ID is $container_id"
+cmd="anteater --project $PROJECT --patchset /home/opnfv/anteater/$PROJECT/patchset"
+echo "Executing command inside container"
+echo "$cmd"
+echo "--------------------------------------------------------"
+docker exec $container_id $cmd > $WORKSPACE/securityaudit.log 2>&1
+exit_code=$?
+echo "--------------------------------------------------------"
+echo "Stopping docker container with ID $container_id"
+docker stop $container_id
+cat securityaudit.log
+exit 0
diff --git a/jjb/ci_gate_security/opnfv-ci-gate-security.yml b/jjb/ci_gate_security/opnfv-ci-gate-security.yml
index 732df8925..2270124e7 100644
--- a/jjb/ci_gate_security/opnfv-ci-gate-security.yml
+++ b/jjb/ci_gate_security/opnfv-ci-gate-security.yml
@@ -25,9 +25,17 @@
     disabled: '{obj:disabled}'
 
     parameters:
+        - label:
+            name: SLAVE_LABEL
+            default: 'ericsson-build3'
+            description: 'Slave label on Jenkins'
         - project-parameter:
             project: $GERRIT_PROJECT
             branch: '{branch}'
+        - string:
+            name: GIT_BASE
+            default: https://gerrit.opnfv.org/gerrit/$PROJECT
+            description: "Used for overriding the GIT URL coming from Global Jenkins configuration in case if the stuff is done on none-LF HW."
 
     scm:
         - git-scm-gerrit
@@ -53,53 +61,27 @@
                     branch-pattern: '**/{branch}'
                 file-paths:
                   - compare-type: ANT
-                    pattern: '**/*.py'
-          skip-vote:
-            successful: true
-            failed: true
-            unstable: true
-            notbuilt: true
+                    pattern: '**'
+            skip-vote:
+                successful: true
+                failed: true
+                unstable: true
+                notbuilt: true
 
     builders:
-        - security-audit-python-code
+        - anteater-security-audit
         - report-security-audit-result-to-gerrit
 ########################
 # builder macros
 ########################
 - builder:
-    name: security-audit-python-code
+    name: anteater-security-audit
     builders:
-        - shell: |
-            #!/bin/bash
-            set -o errexit
-            set -o pipefail
-            set -o xtrace
-            export PATH=$PATH:/usr/local/bin/
+        - shell:
+            !include-raw: ./anteater-security-audit.sh
 
-            # this is where the security/license audit script will be executed
-            echo "Hello World!"
 - builder:
     name: report-security-audit-result-to-gerrit
     builders:
-        - shell: |
-            #!/bin/bash
-            set -o errexit
-            set -o pipefail
-            set -o xtrace
-            export PATH=$PATH:/usr/local/bin/
-
-            # If no violations were found, no lint log will exist.
-            if [[ -e securityaudit.log ]] ; then
-                echo -e "\nposting security audit report to gerrit...\n"
-
-                cat securityaudit.log
-                echo
-
-                ssh -p 29418 gerrit.opnfv.org \
-                    "gerrit review -p $GERRIT_PROJECT \
-                     -m \"$(cat securityaudit.log)\" \
-                     $GERRIT_PATCHSET_REVISION \
-                     --notify NONE"
-
-                exit 1
-            fi
+        - shell:
+            !include-raw: ./anteater-report-to-gerrit.sh