From 4beba61b493bdc9fd969b3de2b948b3f2678338e Mon Sep 17 00:00:00 2001 From: lukehinds Date: Mon, 19 Dec 2016 13:37:47 +0000 Subject: Renames securityscanning to securityaudit `securityscanning` is a namespace already used by a OPNFV project, so renaming CI security audit objects in releng to securityaudit to save any confusion between projects Change-Id: If35bf026e36b7fd7159aa9c158af03ea6ec2526e Signed-off-by: lukehinds --- jjb/securityaudit/opnfv-security-audit.yml | 106 +++++++++++++++++++++++++++++ 1 file changed, 106 insertions(+) create mode 100644 jjb/securityaudit/opnfv-security-audit.yml (limited to 'jjb/securityaudit') diff --git a/jjb/securityaudit/opnfv-security-audit.yml b/jjb/securityaudit/opnfv-security-audit.yml new file mode 100644 index 000000000..680be20d2 --- /dev/null +++ b/jjb/securityaudit/opnfv-security-audit.yml @@ -0,0 +1,106 @@ +######################## +# Job configuration for opnfv-lint +######################## +- project: + + name: anteaterfw + + project: anteaterfw + + jobs: + - 'opnfv-security-audit-verify-{stream}' + + stream: + - master: + branch: '{stream}' + gs-pathname: '' + disabled: false + +######################## +# job templates +######################## +- job-template: + name: 'opnfv-security-audit-verify-{stream}' + + disabled: '{obj:disabled}' + + parameters: + - project-parameter: + project: $GERRIT_PROJECT + - gerrit-parameter: + branch: '{branch}' + + scm: + - git-scm-gerrit + + triggers: + - gerrit: + server-name: 'gerrit.opnfv.org' + trigger-on: + - patchset-created-event: + exclude-drafts: 'false' + exclude-trivial-rebase: 'false' + exclude-no-code-change: 'false' + - draft-published-event + - comment-added-contains-event: + comment-contains-value: 'recheck' + - comment-added-contains-event: + comment-contains-value: 'reverify' + projects: + - project-compare-type: 'REG_EXP' + project-pattern: 'sandbox' + branches: + - branch-compare-type: 'ANT' + branch-pattern: '**/{branch}' + file-paths: + - compare-type: ANT + pattern: '**/*.py' + skip-vote: + successful: true + failed: true + unstable: true + notbuilt: true + + builders: + - security-audit-python-code + - report-security-audit-result-to-gerrit +######################## +# builder macros +######################## +- builder: + name: security-audit-python-code + builders: + - shell: | + #!/bin/bash + set -o errexit + set -o pipefail + set -o xtrace + export PATH=$PATH:/usr/local/bin/ + + # this is where the security/license audit script will be executed + echo "Hello World!" +- builder: + name: report-security-audit-result-to-gerrit + builders: + - shell: | + #!/bin/bash + set -o errexit + set -o pipefail + set -o xtrace + export PATH=$PATH:/usr/local/bin/ + + # If no violations were found, no lint log will exist. + if [[ -e securityaudit.log ]] ; then + echo -e "\nposting security audit report to gerrit...\n" + + cat securityaudit.log + echo + + ssh -p 29418 gerrit.opnfv.org \ + "gerrit review -p $GERRIT_PROJECT \ + -m \"$(cat securityaudit.log)\" \ + $GERRIT_PATCHSET_REVISION \ + --notify NONE" + + exit 1 + fi -- cgit