blob: 6b7cd474720916c44c3ab05e16e8599b7211e34d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
########################
# Job configuration for opnfv-lint
########################
- project:
name: security-scan
project: anteaterfw
jobs:
- 'opnfv-security-scan-verify-{stream}'
stream:
- master:
branch: '{stream}'
gs-pathname: ''
disabled: false
########################
# job templates
########################
- job-template:
name: 'opnfv-security-scan-verify-{stream}'
disabled: '{obj:disabled}'
parameters:
- project-parameter:
project: $GERRIT_PROJECT
- gerrit-parameter:
branch: '{branch}'
scm:
- gerrit-trigger-scm:
credentials-id: '{ssh-credentials}'
refspec: '$GERRIT_REFSPEC'
choosing-strategy: 'gerrit'
triggers:
- gerrit:
server-name: 'gerrit.opnfv.org'
trigger-on:
- patchset-created-event:
exclude-drafts: 'false'
exclude-trivial-rebase: 'false'
exclude-no-code-change: 'false'
- draft-published-event
- comment-added-contains-event:
comment-contains-value: 'recheck'
- comment-added-contains-event:
comment-contains-value: 'reverify'
projects:
- project-compare-type: 'REG_EXP'
project-pattern: 'functest'
branches:
- branch-compare-type: 'ANT'
branch-pattern: '**/{branch}'
file-paths:
- compare-type: ANT
pattern: '**/*.py'
skip-vote:
successful: true
failed: true
unstable: true
notbuilt: true
builders:
- security-scan-python-code
- report-security-scan-result-to-gerrit
########################
# builder macros
########################
- builder:
name: security-scan-python-code
builders:
- shell: |
#!/bin/bash
set -o errexit
set -o pipefail
set -o xtrace
export PATH=$PATH:/usr/local/bin/
# this is where the security/license scan script will be executed
echo "Hello World!"
- builder:
name: report-security-scan-result-to-gerrit
builders:
- shell: |
#!/bin/bash
set -o errexit
set -o pipefail
set -o xtrace
export PATH=$PATH:/usr/local/bin/
# If no violations were found, no lint log will exist.
if [[ -e securityscan.log ]] ; then
echo -e "\nposting security scan report to gerrit...\n"
cat securityscan.log
echo
ssh -p 29418 gerrit.opnfv.org \
"gerrit review -p $GERRIT_PROJECT \
-m \"$(cat securityscan.log)\" \
$GERRIT_PATCHSET_REVISION \
--notify NONE"
exit 1
fi
|
