From 4beba61b493bdc9fd969b3de2b948b3f2678338e Mon Sep 17 00:00:00 2001 From: lukehinds Date: Mon, 19 Dec 2016 13:37:47 +0000 Subject: Renames securityscanning to securityaudit `securityscanning` is a namespace already used by a OPNFV project, so renaming CI security audit objects in releng to securityaudit to save any confusion between projects Change-Id: If35bf026e36b7fd7159aa9c158af03ea6ec2526e Signed-off-by: lukehinds --- jjb/securityaudit/opnfv-security-audit.yml | 106 +++++++++++++++++++++++++++ jjb/securityscanning/opnfv-security-scan.yml | 106 --------------------------- 2 files changed, 106 insertions(+), 106 deletions(-) create mode 100644 jjb/securityaudit/opnfv-security-audit.yml delete mode 100644 jjb/securityscanning/opnfv-security-scan.yml diff --git a/jjb/securityaudit/opnfv-security-audit.yml b/jjb/securityaudit/opnfv-security-audit.yml new file mode 100644 index 000000000..680be20d2 --- /dev/null +++ b/jjb/securityaudit/opnfv-security-audit.yml @@ -0,0 +1,106 @@ +######################## +# Job configuration for opnfv-lint +######################## +- project: + + name: anteaterfw + + project: anteaterfw + + jobs: + - 'opnfv-security-audit-verify-{stream}' + + stream: + - master: + branch: '{stream}' + gs-pathname: '' + disabled: false + +######################## +# job templates +######################## +- job-template: + name: 'opnfv-security-audit-verify-{stream}' + + disabled: '{obj:disabled}' + + parameters: + - project-parameter: + project: $GERRIT_PROJECT + - gerrit-parameter: + branch: '{branch}' + + scm: + - git-scm-gerrit + + triggers: + - gerrit: + server-name: 'gerrit.opnfv.org' + trigger-on: + - patchset-created-event: + exclude-drafts: 'false' + exclude-trivial-rebase: 'false' + exclude-no-code-change: 'false' + - draft-published-event + - comment-added-contains-event: + comment-contains-value: 'recheck' + - comment-added-contains-event: + comment-contains-value: 'reverify' + projects: + - project-compare-type: 'REG_EXP' + project-pattern: 'sandbox' + branches: + - branch-compare-type: 'ANT' + branch-pattern: '**/{branch}' + file-paths: + - compare-type: ANT + pattern: '**/*.py' + skip-vote: + successful: true + failed: true + unstable: true + notbuilt: true + + builders: + - security-audit-python-code + - report-security-audit-result-to-gerrit +######################## +# builder macros +######################## +- builder: + name: security-audit-python-code + builders: + - shell: | + #!/bin/bash + set -o errexit + set -o pipefail + set -o xtrace + export PATH=$PATH:/usr/local/bin/ + + # this is where the security/license audit script will be executed + echo "Hello World!" +- builder: + name: report-security-audit-result-to-gerrit + builders: + - shell: | + #!/bin/bash + set -o errexit + set -o pipefail + set -o xtrace + export PATH=$PATH:/usr/local/bin/ + + # If no violations were found, no lint log will exist. + if [[ -e securityaudit.log ]] ; then + echo -e "\nposting security audit report to gerrit...\n" + + cat securityaudit.log + echo + + ssh -p 29418 gerrit.opnfv.org \ + "gerrit review -p $GERRIT_PROJECT \ + -m \"$(cat securityaudit.log)\" \ + $GERRIT_PATCHSET_REVISION \ + --notify NONE" + + exit 1 + fi diff --git a/jjb/securityscanning/opnfv-security-scan.yml b/jjb/securityscanning/opnfv-security-scan.yml deleted file mode 100644 index 96f64a8cc..000000000 --- a/jjb/securityscanning/opnfv-security-scan.yml +++ /dev/null @@ -1,106 +0,0 @@ -######################## -# Job configuration for opnfv-lint -######################## -- project: - - name: anteaterfw - - project: anteaterfw - - jobs: - - 'opnfv-security-scan-verify-{stream}' - - stream: - - master: - branch: '{stream}' - gs-pathname: '' - disabled: false - -######################## -# job templates -######################## -- job-template: - name: 'opnfv-security-scan-verify-{stream}' - - disabled: '{obj:disabled}' - - parameters: - - project-parameter: - project: $GERRIT_PROJECT - - gerrit-parameter: - branch: '{branch}' - - scm: - - git-scm-gerrit - - triggers: - - gerrit: - server-name: 'gerrit.opnfv.org' - trigger-on: - - patchset-created-event: - exclude-drafts: 'false' - exclude-trivial-rebase: 'false' - exclude-no-code-change: 'false' - - draft-published-event - - comment-added-contains-event: - comment-contains-value: 'recheck' - - comment-added-contains-event: - comment-contains-value: 'reverify' - projects: - - project-compare-type: 'REG_EXP' - project-pattern: 'sandbox' - branches: - - branch-compare-type: 'ANT' - branch-pattern: '**/{branch}' - file-paths: - - compare-type: ANT - pattern: '**/*.py' - skip-vote: - successful: true - failed: true - unstable: true - notbuilt: true - - builders: - - security-scan-python-code - - report-security-scan-result-to-gerrit -######################## -# builder macros -######################## -- builder: - name: security-scan-python-code - builders: - - shell: | - #!/bin/bash - set -o errexit - set -o pipefail - set -o xtrace - export PATH=$PATH:/usr/local/bin/ - - # this is where the security/license scan script will be executed - echo "Hello World!" -- builder: - name: report-security-scan-result-to-gerrit - builders: - - shell: | - #!/bin/bash - set -o errexit - set -o pipefail - set -o xtrace - export PATH=$PATH:/usr/local/bin/ - - # If no violations were found, no lint log will exist. - if [[ -e securityscan.log ]] ; then - echo -e "\nposting security scan report to gerrit...\n" - - cat securityscan.log - echo - - ssh -p 29418 gerrit.opnfv.org \ - "gerrit review -p $GERRIT_PROJECT \ - -m \"$(cat securityscan.log)\" \ - $GERRIT_PATCHSET_REVISION \ - --notify NONE" - - exit 1 - fi -- cgit 1.2.3-korg