[CORD-3083]
Verify jobs on automation-tools repo
Add shellcheck linting
Change-Id: Iddcf439a0f2f8046309c999a0a3b3f7774925849
diff --git a/jjb/lint.yaml b/jjb/lint.yaml
index 754f1fc..566bca2 100644
--- a/jjb/lint.yaml
+++ b/jjb/lint.yaml
@@ -130,3 +130,45 @@
helm repo add incubator https://kubernetes-charts-incubator.storage.googleapis.com/
- shell: !include-raw-escape: shell/helmlint.sh
+
+
+# run `shellcheck` to validate shell scripts charts
+- job-template:
+ id: verify-shellcheck
+ name: 'verify_{project}_shellcheck'
+ description: |
+ Created by {id} job-template from ci-management/jjb/lint.yaml
+
+ triggers:
+ - cord-infra-gerrit-trigger-patchset:
+ gerrit-server-name: '{gerrit-server-name}'
+ project-regexp: '^{project}$'
+ branch-regexp: '{branch-regexp}'
+ file-include-regexp: '{all-files-regexp}'
+ dependency-jobs: '{dependency-jobs}'
+
+ properties:
+ - cord-infra-properties:
+ build-days-to-keep: '{build-days-to-keep}'
+ artifact-num-to-keep: '{artifact-num-to-keep}'
+
+ wrappers:
+ - lf-infra-wrappers:
+ build-timeout: '{build-timeout}'
+ jenkins-ssh-credential: '{jenkins-ssh-credential}'
+
+ scm:
+ - lf-infra-gerrit-scm:
+ git-url: '$GIT_URL/$GERRIT_PROJECT'
+ refspec: '$GERRIT_REFSPEC'
+ branch: '$GERRIT_BRANCH'
+ submodule-recursive: 'false'
+ choosing-strategy: gerrit
+ jenkins-ssh-credential: '{jenkins-ssh-credential}'
+
+ node: '{build-node}'
+ project-type: freestyle
+ concurrent: true
+
+ builders:
+ - shell: !include-raw-escape: shell/shcheck.sh
diff --git a/jjb/shell/ansiblelint.sh b/jjb/shell/ansiblelint.sh
index beb0891..f97d186 100755
--- a/jjb/shell/ansiblelint.sh
+++ b/jjb/shell/ansiblelint.sh
@@ -14,6 +14,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+# ansiblelint.sh - check all yaml files that they pass the ansible-lint tool
+
set +e -u -o pipefail
fail_ansible=0
@@ -24,14 +26,16 @@
WORKSPACE=${WORKSPACE:-.}
echo "=> Linting Ansible Code with $(ansible-lint --version)"
-for f in $(find "${WORKSPACE}" -type f -name "*.yml" -o -name "*.yaml"); do
- echo "==> CHECKING: ${f}"
- ansible-lint -p "${f}"
- rc=$?
- if [[ $rc != 0 ]]; then
- echo "==> LINTING FAIL: ${f}"
- fail_ansible=1
- fi
-done
+
+while IFS= read -r -d '' yf
+do
+ echo "==> CHECKING: ${yf}"
+ ansible-lint -p "${yf}"
+ rc=$?
+ if [[ $rc != 0 ]]; then
+ echo "==> LINTING FAIL: ${yf}"
+ fail_ansible=1
+ fi
+done < <(find "${WORKSPACE}" \( -name "*.yml" -o -name "*.yaml" \) -print0)
exit ${fail_ansible}
diff --git a/jjb/shell/helmlint.sh b/jjb/shell/helmlint.sh
index 27cf676..c0ac0f4 100755
--- a/jjb/shell/helmlint.sh
+++ b/jjb/shell/helmlint.sh
@@ -29,8 +29,8 @@
# when not running under Jenkins, use current dir as workspace
WORKSPACE=${WORKSPACE:-.}
-for chart in $(find "${WORKSPACE}" -name Chart.yaml -print) ; do
-
+while IFS= read -r -d '' chart
+do
chartdir=$(dirname "${chart}")
# update requirements if it exists. Skip voltha as it has non-clean reqirements
@@ -49,7 +49,7 @@
if [[ $rc != 0 ]]; then
fail_lint=1
fi
-done
+done < <(find "${WORKSPACE}" -name Chart.yaml -print0)
if [[ $fail_lint != 0 ]]; then
exit 1
diff --git a/jjb/shell/jflint.sh b/jjb/shell/jflint.sh
index 8ece6b7..e7b76f0 100755
--- a/jjb/shell/jflint.sh
+++ b/jjb/shell/jflint.sh
@@ -1,5 +1,19 @@
#!/usr/bin/env bash
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
# jflint.sh - lint for Jenkins declarative pipeline jobs
#
# curl commands from: https://jenkins.io/doc/book/pipeline/development/#linter
diff --git a/jjb/shell/licensecheck.sh b/jjb/shell/licensecheck.sh
index 42b6b87..e40802a 100755
--- a/jjb/shell/licensecheck.sh
+++ b/jjb/shell/licensecheck.sh
@@ -1,14 +1,21 @@
-#!/usr/bin/env sh
+#!/usr/bin/env bash
# licensecheck.sh
# checks for copyright/license headers on files
# excludes filename extensions where this check isn't pertinent
-# this could be rewritten with better form. Currently is a cut/paste from the
-# Jenkins job with minimal changes (BSD/OS X xargs params compat, sort of
-# excluded file extensions).
+set +e -u -o pipefail
+fail_licensecheck=0
-find . -name ".git" -prune -o -type f \
+while IFS= read -r -d '' f
+do
+ grep -q "Copyright\|Apache License" "${f}"
+ rc=$?
+ if [[ $rc != 0 ]]; then
+ echo "ERROR: $f does not contain License Header"
+ fail_licensecheck=1
+ fi
+done < <(find . -name ".git" -prune -o -type f \
-name "*.*" \
! -name "*.PNG" \
! -name "*.asc" \
@@ -82,6 +89,7 @@
! -path "*conf*" \
! -path "*git*" \
! -path "*swagger*" \
- -print0 | \
- xargs -0 -n1 sh -c 'if ! grep -q "Copyright\|Apache License" $0; then echo "ERROR: $0 does not contain Copyright header"; exit 1; fi;'
+ -print0 )
+
+exit ${fail_licensecheck}
diff --git a/jjb/shell/shcheck.sh b/jjb/shell/shcheck.sh
new file mode 100755
index 0000000..2abe89c
--- /dev/null
+++ b/jjb/shell/shcheck.sh
@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# shcheck.sh - check shell scripts with shellcheck
+
+set +e -u -o pipefail
+fail_shellcheck=0
+
+# verify that we have shellcheck-lint installed
+command -v shellcheck >/dev/null 2>&1 || { echo "shellcheck not found, please install it" >&2; exit 1; }
+
+# when not running under Jenkins, use current dir as workspace
+WORKSPACE=${WORKSPACE:-.}
+
+echo "=> Linting shell script with $(shellcheck --version)"
+
+while IFS= read -r -d '' sf
+do
+ echo "==> CHECKING: ${sf}"
+ shellcheck "${sf}"
+ rc=$?
+ if [[ $rc != 0 ]]; then
+ echo "==> LINTING FAIL: ${sf}"
+ fail_shellcheck=1
+ fi
+done < <(find "${WORKSPACE}" \( -name "*.sh" -o -name "*.bash" \) -print0)
+
+exit ${fail_shellcheck}
+
diff --git a/jjb/verify/automation-tools.yaml b/jjb/verify/automation-tools.yaml
new file mode 100644
index 0000000..4a0cb63
--- /dev/null
+++ b/jjb/verify/automation-tools.yaml
@@ -0,0 +1,22 @@
+---
+# verification jobs for 'automation-tools' repo
+
+- project:
+ name: automation-tools
+ project: '{name}'
+
+ jobs:
+ - 'verify-automation-tools-jobs':
+ branch-regexp: '{supported-branches-regexp}'
+
+- job-group:
+ name: 'verify-automation-tools-jobs'
+ jobs:
+ - 'verify-licensed'
+ - 'verify-ansible-lint':
+ dependency-jobs: 'verify_automation-tools_licensed'
+ - 'verify-shellcheck':
+ dependency-jobs: 'verify_automation-tools_ansible-lint'
+ - 'verify-sonarqube':
+ dependency-jobs: 'verify_automation-tools_shellcheck'
+