diff options
Diffstat (limited to 'jjb')
-rw-r--r-- | jjb/securityscanning/opnfv-security-scan.yml | 109 |
1 files changed, 109 insertions, 0 deletions
diff --git a/jjb/securityscanning/opnfv-security-scan.yml b/jjb/securityscanning/opnfv-security-scan.yml new file mode 100644 index 000000000..6b7cd4747 --- /dev/null +++ b/jjb/securityscanning/opnfv-security-scan.yml @@ -0,0 +1,109 @@ +######################## +# Job configuration for opnfv-lint +######################## +- project: + + name: security-scan + + project: anteaterfw + + jobs: + - 'opnfv-security-scan-verify-{stream}' + + stream: + - master: + branch: '{stream}' + gs-pathname: '' + disabled: false + +######################## +# job templates +######################## +- job-template: + name: 'opnfv-security-scan-verify-{stream}' + + disabled: '{obj:disabled}' + + parameters: + - project-parameter: + project: $GERRIT_PROJECT + - gerrit-parameter: + branch: '{branch}' + + scm: + - gerrit-trigger-scm: + credentials-id: '{ssh-credentials}' + refspec: '$GERRIT_REFSPEC' + choosing-strategy: 'gerrit' + + triggers: + - gerrit: + server-name: 'gerrit.opnfv.org' + trigger-on: + - patchset-created-event: + exclude-drafts: 'false' + exclude-trivial-rebase: 'false' + exclude-no-code-change: 'false' + - draft-published-event + - comment-added-contains-event: + comment-contains-value: 'recheck' + - comment-added-contains-event: + comment-contains-value: 'reverify' + projects: + - project-compare-type: 'REG_EXP' + project-pattern: 'functest' + branches: + - branch-compare-type: 'ANT' + branch-pattern: '**/{branch}' + file-paths: + - compare-type: ANT + pattern: '**/*.py' + skip-vote: + successful: true + failed: true + unstable: true + notbuilt: true + + builders: + - security-scan-python-code + - report-security-scan-result-to-gerrit +######################## +# builder macros +######################## +- builder: + name: security-scan-python-code + builders: + - shell: | + #!/bin/bash + set -o errexit + set -o pipefail + set -o xtrace + export PATH=$PATH:/usr/local/bin/ + + # this is where the security/license scan script will be executed + echo "Hello World!" +- builder: + name: report-security-scan-result-to-gerrit + builders: + - shell: | + #!/bin/bash + set -o errexit + set -o pipefail + set -o xtrace + export PATH=$PATH:/usr/local/bin/ + + # If no violations were found, no lint log will exist. + if [[ -e securityscan.log ]] ; then + echo -e "\nposting security scan report to gerrit...\n" + + cat securityscan.log + echo + + ssh -p 29418 gerrit.opnfv.org \ + "gerrit review -p $GERRIT_PROJECT \ + -m \"$(cat securityscan.log)\" \ + $GERRIT_PATCHSET_REVISION \ + --notify NONE" + + exit 1 + fi |