summaryrefslogtreecommitdiffstats
path: root/jjb/ci_gate_security
AgeCommit message (Collapse)AuthorFilesLines
2017-09-21Run CI Security Gate Check on all OPNFV BuildersTrevor Bramwell1-1/+1
Enable the security gating check to run on all machines labled 'opnfv-build'. This will allow the job to run as long as one of these machines are online. JIRA: RELENG-313 Change-Id: Icc792f7732c6cc3ca49bd8db32027fc146f8b1cd Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
2017-09-21Change Anteater Report Directory PermissionsTrevor Bramwell1-0/+2
Setting this to allow all users to read/write the permissions enable the container to write to the volume mounted reports directory even though it is owned by the Jenkins user. JIRA: RELENG-313 Change-Id: Ib26e9b98cd17607c98a180888593c42376458f7f Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
2017-09-11Fix Yamllint Violations for jjb/ci_gate_securityTrevor Bramwell1-64/+70
JIRA: RELENG-254 Change-Id: If4bfdc2ddaadb4e17d0bc0dc2948780bcbbb10ae Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
2017-09-05fuel: Enable OPNFV CI gate securityAlexandru Avadanii1-1/+1
Fuel project was left out of the list of projects against which security audit jobs should run, so enable it. Change-Id: I6d59197f78dfaf381d634c9d1821a7383506276c Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-08-24Remove final ' placed at the end of each line by sedagardner1-1/+1
I dont think the ' does anything good, as it ends up in the output remove extraneous cat Change-Id: I4ca62672aa361d370275bd74864f0fc179da9f0b Signed-off-by: agardner <agardner@linuxfoundation.org>
2017-08-08Merge "export detailed logs for each project"Serena Feng2-1/+7
2017-07-16export detailed logs for each projectJulien2-1/+7
1. mapping .reports mapped into docker 2. export ./reports/* JIRA: RELENG-279 Change-Id: I4eef3b75589a9d8f36801931d1fd31b7e247c07a Signed-off-by: Julien <zhang.jun3g@zte.com.cn>
2017-07-16Fix anteater job failed because of quatation marksJulien1-4/+4
When quatation marks exist in 'gerrit review' comment, it will failed: just like: https://build.opnfv.org/ci/job/opnfv-security-audit-verify-master/877/console JIRA: RELENG-280 Change-Id: I3536873cb4b31290bae56fd127a00f3b27ba0b9f Signed-off-by: Julien <zhang.jun3g@zte.com.cn>
2017-07-11Update Path to Anteater for Weekly Security ScanTrevor Bramwell1-1/+1
This is a port from the patchset verify job and is needed due to changes in the docker container. Change-Id: I54626e4681ab25f6d947aaa2dcf969e5b2e0bab9 Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
2017-07-11Weekly Anteater Project Additionslukehinds1-1/+1
https://wiki.opnfv.org/display/INF/Project+Roll+Out+for+Anteater Week begining July the 10th Change-Id: Ifc6e59f2298ae8d83679a3817c82a2cc6ec4acd6 Signed-off-by: lukehinds <lhinds@redhat.com>
2017-07-03Weekly Anteater Project Additionslukehinds1-1/+2
https://wiki.opnfv.org/display/INF/Project+Roll+Out+for+Anteater Week begining July the 2nd Depends-on: I3610868930f0d6033e528548dceb09b3279b6b8d Change-Id: I541ab95f054e8159f41f16520083f71ea2dc5d1f Signed-off-by: lukehinds <lhinds@redhat.com>
2017-06-27Pass fully qualified anteater path to Docker runTrevor Bramwell1-1/+1
With moving anteater into a virtualenv inside the container, it is no longer installed to a location accessible by the default PATH. Using the absolute path to the anteater binary should allow this to run. Change-Id: I978e96d6de1b6c7bb63ff877b5bc77e1b6ee44df Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
2017-06-23Merge "Add octopus|pharos|functest to ci gate security"Aric Gardner1-1/+1
2017-06-22Merge "Directly Run Anteater Docker Container"Luke Hinds1-10/+6
2017-06-21Directly Run Anteater Docker ContainerTrevor Bramwell1-10/+6
The current approach is to run /bin/bash in a fully privilaged docker container as the root user and exec the anteater command from this. There are a couple of reasons this approach doesn't make sense: 1) anteater is not a long running service 2) anteater doesn't need any privilaged access to the host 3) anteater is already a compiled binary and can be ran directly Because the anteater container doesn't need access to all the host devices nor is it running docker containers inside of docker, the `--privileged=true` flag can be removed. Note: '--rm' is added as well to ensure volumes do not persist past the container lifecycle and lead to build server running out of disk space. JIRA: RELENG-250 Change-Id: I1ec90b3737abf591b6b3373fe2fc8f52cdcfb11a Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
2017-06-21Add octopus|pharos|functest to ci gate securityagardner1-1/+1
JIRA: RELENG-252 Change-Id: I884853cc3faf4cd24832bf5f35078a0913f2a0b3 Signed-off-by: agardner <agardner@linuxfoundation.org>
2017-06-20--user nobody did not work on ericsson-build3agardner2-2/+2
also change job to only run weekly Change-Id: I5f0d5f1d7020c02b2f3ec76aa7f5da2196184529 Signed-off-by: agardner <agardner@linuxfoundation.org>
2017-06-19Add weekly job for security scanAric Gardner4-14/+115
Added license headers remove errexit from report to gerrit run as --user nobody Change-Id: I4b65dbae1f255015877766a0afa44e9b9898651c Signed-off-by: Aric Gardner <agardner@linuxfoundation.org> Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
2017-06-14Add releng repo to security checkAric Gardner2-13/+14
some formatting changes to shell script Change-Id: I301cb4b385df81a81de5ba230c5a4709461703a3 Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
2017-06-14Add exit status, remove awk warningAric Gardner2-2/+8
Change-Id: I090e601b45b58fae4235867536553570f2674f9a Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
2017-06-14Move gerrit comment logic to its own fileAric Gardner3-24/+21
this file will become too complicated to escape inside the job definition. Change-Id: I3e167bee5d315a7ff3b52e7274b68c3146dfbd03 Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
2017-06-14Fix gerrit commentAric Gardner2-3/+1
Change-Id: Id1340090fbf410f9eda5e115f554fee778d26b90 Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
2017-06-14We cant report the results if anteater exits 1Aric Gardner1-1/+3
So I guess we put the voting logic in the report results to gerrit step Change-Id: I5a6d8c7986bc317648bbb7512ba4f8357bbb4f3c Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
2017-06-14Report anteater results to gerrit.Aric Gardner2-2/+2
used tee to create audit log Change-Id: I6941e142064cf7c9b4586660be69df2a02807af3 Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
2017-06-14Fix skip vote on anteaterjobAric Gardner1-5/+5
looks like the spacing was off Change-Id: Ief6d15d122add79b8f9492550ce4ceecafe545bd Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
2017-06-13anteater: Fix jjb scriptFatih Degirmenci1-1/+1
Change-Id: Ib42cef840ff8118c32676efdf8c21c315c1f4911 Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
2017-06-13move to a server that docker works onAric Gardner1-1/+1
Change-Id: Ibb3cc5a2425d9f2f79e27c86e22b176fd36cb3dc Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
2017-06-13Change git baseAric Gardner1-0/+4
Change-Id: I988a95141886d53b7b14f3ab5c673f589786ae7a Signed-off-by: Aric Gardner <agardner@linuxfounation.org>
2017-06-13run anteater ci gate on lf-build2Aric Gardner1-0/+4
Change-Id: I21aca84c2ce5526f4a0942b21c50455c3d8aa4bd Signed-off-by: Aric Gardner <agardner@linuxfounation.org>
2017-06-13releng-anteater: Create script to run checks and adjust jjbFatih Degirmenci2-12/+39
Change-Id: I7f161b5f939eaeba019ce882a9977908ee0c01b8 Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com> Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
2017-06-01Add Job Configuration for Anteaterlukehinds1-0/+105
Change adds anteater Docker push and renames securityaudit to ci_gate_security Change-Id: Ibf7d930003e7d59cb84a3ddb72962a150590418b Signed-off-by: lukehinds <lhinds@redhat.com>