--- # SPDX-license-identifier: Apache-2.0 ######################## # Job configuration for opnfv-anteater (security audit) ######################## - project: name: anteaterfw project: anteaterfw repo: - apex - apex-os-net-config - apex-puppet-tripleo - apex-tripleo-heat-templates - armband - auto - availability - bamboo - barometer - bottlenecks - calipso - clover - container4nfv - cperf - daisy - doctor - domino - dovetail - dpacc - enfv - fds - fuel - ipv6 - joid - kvmfornfv - models - moon - nfvbench - onosfw - opera - opnfvdocs - orchestra - ovn4nfv - ovno - ovsnfv - parser - pharos - qtip - releng - releng-anteater - releng-testresults - releng-utils - releng-xci - samplevnf - sdnvpn - securityscanning - sfc - snaps - stor4nfv - storperf - ves - vswitchperf - yardstick jobs: - 'opnfv-security-audit-verify-{stream}' - 'opnfv-security-audit-{repo}-weekly-{stream}' stream: - master: branch: '{stream}' gs-pathname: '' disabled: false ######################## # job templates ######################## - job-template: name: 'opnfv-security-audit-{repo}-weekly-{stream}' disabled: '{obj:disabled}' parameters: - opnfv-build-defaults - string: name: ANTEATER_SCAN_PATCHSET default: "false" description: "Have anteater scan patchsets (true) or full project (false)" - project-parameter: project: '{repo}' branch: '{branch}' scm: - git-scm-gerrit triggers: - timed: '@weekly' builders: - anteater-security-audit-weekly publishers: # defined in jjb/global/releng-macros.yml - 'email-{repo}-ptl': subject: 'OPNFV Security Scan Result: {repo}' - workspace-cleanup: fail-build: false - job-template: name: 'opnfv-security-audit-verify-{stream}' disabled: '{obj:disabled}' parameters: - label: name: SLAVE_LABEL default: 'opnfv-build' description: 'Slave label on Jenkins' all-nodes: false node-eligibility: 'ignore-offline' - project-parameter: project: $GERRIT_PROJECT branch: '{branch}' - string: name: GIT_BASE default: https://gerrit.opnfv.org/gerrit/$PROJECT # yamllint disable rule:line-length description: "Used for overriding the GIT URL coming from Global Jenkins configuration in case if the stuff is done on none-LF HW." # yamllint enable rule:line-length scm: - git-scm-gerrit # yamllint disable rule:line-length triggers: - gerrit: server-name: 'gerrit.opnfv.org' trigger-on: - patchset-created-event: exclude-drafts: 'false' exclude-trivial-rebase: 'false' exclude-no-code-change: 'false' - draft-published-event - comment-added-contains-event: comment-contains-value: 'recheck' projects: - project-compare-type: 'REG_EXP' project-pattern: 'apex|armband|bamboo|barometer|bottlenecks|calipso|cperf|daisy|doctor|dovetail|dpacc|enfv|fds|fuel|pharos|releng|sandbox|yardstick|infra|ipv6|kvmfornfv|models|moon' branches: - branch-compare-type: 'ANT' branch-pattern: '**/{branch}' file-paths: - compare-type: ANT pattern: '**' skip-vote: successful: true failed: true unstable: true notbuilt: true # yamllint enable rule:line-length builders: - anteater-security-audit - report-security-audit-result-to-gerrit publishers: - archive-artifacts: artifacts: ".reports/*" ######################## # builder macros ######################## - builder: name: anteater-security-audit builders: - shell: !include-raw: ./anteater-security-audit.sh - builder: name: report-security-audit-result-to-gerrit builders: - shell: !include-raw: ./anteater-report-to-gerrit.sh - builder: name: anteater-security-audit-weekly builders: - shell: !include-raw: ./anteater-security-audit-weekly.sh