Age | Commit message (Collapse) | Author | Files | Lines |
|
Enable the security gating check to run on all machines labled
'opnfv-build'. This will allow the job to run as long as one of these
machines are online.
JIRA: RELENG-313
Change-Id: Icc792f7732c6cc3ca49bd8db32027fc146f8b1cd
Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
|
|
Setting this to allow all users to read/write the permissions enable the
container to write to the volume mounted reports directory even though
it is owned by the Jenkins user.
JIRA: RELENG-313
Change-Id: Ib26e9b98cd17607c98a180888593c42376458f7f
Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
|
|
JIRA: RELENG-254
Change-Id: If4bfdc2ddaadb4e17d0bc0dc2948780bcbbb10ae
Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
|
|
Fuel project was left out of the list of projects against which
security audit jobs should run, so enable it.
Change-Id: I6d59197f78dfaf381d634c9d1821a7383506276c
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
I dont think the ' does anything good, as it ends up in the output
remove extraneous cat
Change-Id: I4ca62672aa361d370275bd74864f0fc179da9f0b
Signed-off-by: agardner <agardner@linuxfoundation.org>
|
|
|
|
1. mapping .reports mapped into docker
2. export ./reports/*
JIRA: RELENG-279
Change-Id: I4eef3b75589a9d8f36801931d1fd31b7e247c07a
Signed-off-by: Julien <zhang.jun3g@zte.com.cn>
|
|
When quatation marks exist in 'gerrit review' comment, it will failed:
just like:
https://build.opnfv.org/ci/job/opnfv-security-audit-verify-master/877/console
JIRA: RELENG-280
Change-Id: I3536873cb4b31290bae56fd127a00f3b27ba0b9f
Signed-off-by: Julien <zhang.jun3g@zte.com.cn>
|
|
This is a port from the patchset verify job and is needed due to changes
in the docker container.
Change-Id: I54626e4681ab25f6d947aaa2dcf969e5b2e0bab9
Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
|
|
https://wiki.opnfv.org/display/INF/Project+Roll+Out+for+Anteater
Week begining July the 10th
Change-Id: Ifc6e59f2298ae8d83679a3817c82a2cc6ec4acd6
Signed-off-by: lukehinds <lhinds@redhat.com>
|
|
https://wiki.opnfv.org/display/INF/Project+Roll+Out+for+Anteater
Week begining July the 2nd
Depends-on: I3610868930f0d6033e528548dceb09b3279b6b8d
Change-Id: I541ab95f054e8159f41f16520083f71ea2dc5d1f
Signed-off-by: lukehinds <lhinds@redhat.com>
|
|
With moving anteater into a virtualenv inside the container, it is no
longer installed to a location accessible by the default PATH. Using the
absolute path to the anteater binary should allow this to run.
Change-Id: I978e96d6de1b6c7bb63ff877b5bc77e1b6ee44df
Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
|
|
|
|
|
|
The current approach is to run /bin/bash in a fully privilaged docker
container as the root user and exec the anteater command from this.
There are a couple of reasons this approach doesn't make sense:
1) anteater is not a long running service
2) anteater doesn't need any privilaged access to the host
3) anteater is already a compiled binary and can be ran directly
Because the anteater container doesn't need access to all the host
devices nor is it running docker containers inside of docker, the
`--privileged=true` flag can be removed.
Note: '--rm' is added as well to ensure volumes do not persist past the
container lifecycle and lead to build server running out of disk space.
JIRA: RELENG-250
Change-Id: I1ec90b3737abf591b6b3373fe2fc8f52cdcfb11a
Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
|
|
JIRA: RELENG-252
Change-Id: I884853cc3faf4cd24832bf5f35078a0913f2a0b3
Signed-off-by: agardner <agardner@linuxfoundation.org>
|
|
also change job to only run weekly
Change-Id: I5f0d5f1d7020c02b2f3ec76aa7f5da2196184529
Signed-off-by: agardner <agardner@linuxfoundation.org>
|
|
Added license headers
remove errexit from report to gerrit
run as --user nobody
Change-Id: I4b65dbae1f255015877766a0afa44e9b9898651c
Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
|
|
some formatting changes to shell script
Change-Id: I301cb4b385df81a81de5ba230c5a4709461703a3
Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
|
|
Change-Id: I090e601b45b58fae4235867536553570f2674f9a
Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
|
|
this file will become too complicated to escape inside the job
definition.
Change-Id: I3e167bee5d315a7ff3b52e7274b68c3146dfbd03
Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
|
|
Change-Id: Id1340090fbf410f9eda5e115f554fee778d26b90
Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
|
|
So I guess we put the voting logic in the report results to
gerrit step
Change-Id: I5a6d8c7986bc317648bbb7512ba4f8357bbb4f3c
Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
|
|
used tee to create audit log
Change-Id: I6941e142064cf7c9b4586660be69df2a02807af3
Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
|
|
looks like the spacing was off
Change-Id: Ief6d15d122add79b8f9492550ce4ceecafe545bd
Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
|
|
Change-Id: Ib42cef840ff8118c32676efdf8c21c315c1f4911
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
|
|
Change-Id: Ibb3cc5a2425d9f2f79e27c86e22b176fd36cb3dc
Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
|
|
Change-Id: I988a95141886d53b7b14f3ab5c673f589786ae7a
Signed-off-by: Aric Gardner <agardner@linuxfounation.org>
|
|
Change-Id: I21aca84c2ce5526f4a0942b21c50455c3d8aa4bd
Signed-off-by: Aric Gardner <agardner@linuxfounation.org>
|
|
Change-Id: I7f161b5f939eaeba019ce882a9977908ee0c01b8
Signed-off-by: Fatih Degirmenci <fatih.degirmenci@ericsson.com>
Signed-off-by: Trevor Bramwell <tbramwell@linuxfoundation.org>
|
|
Change adds anteater Docker push and renames securityaudit
to ci_gate_security
Change-Id: Ibf7d930003e7d59cb84a3ddb72962a150590418b
Signed-off-by: lukehinds <lhinds@redhat.com>
|