########################
# Job configuration for opnfv-lint
########################
- project:
name: anteaterfw
project: anteaterfw
jobs:
- 'opnfv-security-audit-verify-{stream}'
stream:
- master:
branch: '{stream}'
gs-pathname: ''
disabled: false
########################
# job templates
########################
- job-template:
name: 'opnfv-security-audit-verify-{stream}'
disabled: '{obj:disabled}'
parameters:
- project-parameter:
project: $GERRIT_PROJECT
branch: '{branch}'
scm:
- git-scm-gerrit
triggers:
- gerrit:
server-name: 'gerrit.opnfv.org'
trigger-on:
- patchset-created-event:
exclude-drafts: 'false'
exclude-trivial-rebase: 'false'
exclude-no-code-change: 'false'
- draft-published-event
- comment-added-contains-event:
comment-contains-value: 'recheck'
- comment-added-contains-event:
comment-contains-value: 'reverify'
projects:
- project-compare-type: 'REG_EXP'
project-pattern: 'sandbox'
branches:
- branch-compare-type: 'ANT'
branch-pattern: '**/{branch}'
file-paths:
- compare-type: ANT
pattern: '**/*.py'
skip-vote:
successful: true
failed: true
unstable: true
notbuilt: true
builders:
- security-audit-python-code
- report-security-audit-result-to-gerrit
########################
# builder macros
########################
- builder:
name: security-audit-python-code
builders:
- shell: |
#!/bin/bash
set -o errexit
set -o pipefail
set -o xtrace
export PATH=$PATH:/usr/local/bin/
# this is where the security/license audit script will be executed
echo "Hello World!"
- builder:
name: report-security-audit-result-to-gerrit
builders:
- shell: |
#!/bin/bash
set -o errexit
set -o pipefail
set -o xtrace
export PATH=$PATH:/usr/local/bin/
# If no violations were found, no lint log will exist.
if [[ -e securityaudit.log ]] ; then
echo -e "\nposting security audit report to gerrit...\n"
cat securityaudit.log
echo
ssh -p 29418 gerrit.opnfv.org \
"gerrit review -p $GERRIT_PROJECT \
-m \"$(cat securityaudit.log)\" \
$GERRIT_PATCHSET_REVISION \
--notify NONE"
exit 1
fi