---
# SPDX-license-identifier: Apache-2.0
########################
# Job configuration for opnfv-anteater (security audit)
########################
- project:
name: anteaterfw
project: anteaterfw
repo:
- apex
- apex-os-net-config
- apex-puppet-tripleo
- apex-tripleo-heat-templates
- armband
- auto
- availability
- bamboo
- barometer
- bottlenecks
- calipso
- clover
- compass-containers
- compass4nfv
- conductor
- container4nfv
- copper
- cperf
- daisy
- doctor
- domino
- dovetail
- dpacc
- enfv
- fastpathmetrics
- fds
- fuel
- functest
- ipv6
- joid
- kvmfornfv
- models
- moon
- multisite
- netready
- nfvbench
- octopus
- onosfw
- openretriever
- opera
- opnfvdocs
- orchestra
- ovn4nfv
- ovno
- ovsnfv
- parser
- pharos
- pharos-tools
- promise
- qtip
- releng
- releng-anteater
- releng-testresults
- releng-utils
- releng-xci
- samplevnf
- sdnvpn
- securityscanning
- sfc
- snaps
- stor4nfv
- storperf
- ves
- vswitchperf
- yardstick
jobs:
- 'opnfv-security-audit-verify-{stream}'
- 'opnfv-security-audit-{repo}-weekly-{stream}'
stream:
- master:
branch: '{stream}'
gs-pathname: ''
disabled: false
########################
# job templates
########################
- job-template:
name: 'opnfv-security-audit-{repo}-weekly-{stream}'
disabled: '{obj:disabled}'
parameters:
- ericsson-build3-defaults
- string:
name: ANTEATER_SCAN_PATCHSET
default: "false"
description: "Have anteater scan patchsets (true) or full project (false)"
- project-parameter:
project: '{repo}'
branch: '{branch}'
scm:
- git-scm-gerrit
triggers:
- timed: '@weekly'
builders:
- anteater-security-audit-weekly
publishers:
# defined in jjb/global/releng-macros.yml
- 'email-{repo}-ptl':
subject: 'OPNFV Security Scan Result: {repo}'
- workspace-cleanup:
fail-build: false
- job-template:
name: 'opnfv-security-audit-verify-{stream}'
disabled: '{obj:disabled}'
parameters:
- label:
name: SLAVE_LABEL
default: 'opnfv-build'
description: 'Slave label on Jenkins'
- project-parameter:
project: $GERRIT_PROJECT
branch: '{branch}'
- string:
name: GIT_BASE
default: https://gerrit.opnfv.org/gerrit/$PROJECT
# yamllint disable rule:line-length
description: "Used for overriding the GIT URL coming from Global Jenkins configuration in case if the stuff is done on none-LF HW."
# yamllint enable rule:line-length
scm:
- git-scm-gerrit
# yamllint disable rule:line-length
triggers:
- gerrit:
server-name: 'gerrit.opnfv.org'
trigger-on:
- patchset-created-event:
exclude-drafts: 'false'
exclude-trivial-rebase: 'false'
exclude-no-code-change: 'false'
- draft-published-event
- comment-added-contains-event:
comment-contains-value: 'recheck'
- comment-added-contains-event:
comment-contains-value: 'reverify'
projects:
- project-compare-type: 'REG_EXP'
project-pattern: 'apex|armband|bamboo|barometer|bottlenecks|calipso|compass4nfv|conductor|copper|cperf|daisy|doctor|dovetail|dpacc|enfv|escalator|fds|fuel|functest|octopus|pharos|releng|sandbox|yardstick|infra|ipv6|kvmfornfv|lsoapi|models|moon|multisite|netready'
branches:
- branch-compare-type: 'ANT'
branch-pattern: '**/{branch}'
file-paths:
- compare-type: ANT
pattern: '**'
skip-vote:
successful: true
failed: true
unstable: true
notbuilt: true
# yamllint enable rule:line-length
builders:
- anteater-security-audit
- report-security-audit-result-to-gerrit
publishers:
- archive-artifacts:
artifacts: ".reports/*"
########################
# builder macros
########################
- builder:
name: anteater-security-audit
builders:
- shell:
!include-raw: ./anteater-security-audit.sh
- builder:
name: report-security-audit-result-to-gerrit
builders:
- shell:
!include-raw: ./anteater-report-to-gerrit.sh
- builder:
name: anteater-security-audit-weekly
builders:
- shell:
!include-raw: ./anteater-security-audit-weekly.sh