# SPDX-license-identifier: Apache-2.0
########################
# Job configuration for opnfv-anteater (security audit)
########################
- project:

    name: anteaterfw

    project: anteaterfw

    jobs:
        - 'opnfv-security-audit-verify-{stream}'
        - 'opnfv-security-audit-weekly-{stream}'

    stream:
        - master:
            branch: '{stream}'
            gs-pathname: ''
            disabled: false

########################
# job templates
########################
- job-template:
    name: 'opnfv-security-audit-weekly-{stream}'

    disabled: '{obj:disabled}'

    parameters:
        - label:
            name: SLAVE_LABEL
            default: 'ericsson-build3'
            description: 'Slave label on Jenkins'
        - project-parameter:
            project: releng
            branch: '{branch}'

    triggers:
        - timed: '0 H/6 * * *'

    builders:
        - anteater-security-audit-weekly

- job-template:
    name: 'opnfv-security-audit-verify-{stream}'

    disabled: '{obj:disabled}'

    parameters:
        - label:
            name: SLAVE_LABEL
            default: 'ericsson-build3'
            description: 'Slave label on Jenkins'
        - project-parameter:
            project: $GERRIT_PROJECT
            branch: '{branch}'
        - string:
            name: GIT_BASE
            default: https://gerrit.opnfv.org/gerrit/$PROJECT
            description: "Used for overriding the GIT URL coming from Global Jenkins configuration in case if the stuff is done on none-LF HW."

    scm:
        - git-scm-gerrit

    triggers:
        - gerrit:
            server-name: 'gerrit.opnfv.org'
            trigger-on:
                - patchset-created-event:
                    exclude-drafts: 'false'
                    exclude-trivial-rebase: 'false'
                    exclude-no-code-change: 'false'
                - draft-published-event
                - comment-added-contains-event:
                    comment-contains-value: 'recheck'
                - comment-added-contains-event:
                    comment-contains-value: 'reverify'
            projects:
              - project-compare-type: 'REG_EXP'
                project-pattern: 'sandbox|releng'
                branches:
                  - branch-compare-type: 'ANT'
                    branch-pattern: '**/{branch}'
                file-paths:
                  - compare-type: ANT
                    pattern: '**'
            skip-vote:
                successful: true
                failed: true
                unstable: true
                notbuilt: true

    builders:
        - anteater-security-audit
        - report-security-audit-result-to-gerrit
########################
# builder macros
########################
- builder:
    name: anteater-security-audit
    builders:
        - shell:
            !include-raw: ./anteater-security-audit.sh

- builder:
    name: report-security-audit-result-to-gerrit
    builders:
        - shell:
            !include-raw: ./anteater-report-to-gerrit.sh

- builder:
    name: anteater-security-audit-weekly
    builders:
        - shell:
            !include-raw:
                - ./anteater-clone-all-repos.sh
                - ./anteater-security-audit-weekly.sh