Update Blackduck jobs
- Add post-merge jobs
- Rename periodic jobs
- Add an ONOS gerrit periodic check
- Use `blackduck-project` and eliminate use of `project-name`
Change-Id: I37cbb13c9b8f3915a76e1a125df9f38f189fc116
diff --git a/jjb/defaults.yaml b/jjb/defaults.yaml
index d8cf63e..cfcd176 100644
--- a/jjb/defaults.yaml
+++ b/jjb/defaults.yaml
@@ -70,6 +70,9 @@
platform-branches-regexp: '^(master|cord-6.1)$'
seba-branches-regexp: '^(master|seba-1.0)$'
+ # matchs all project repos
+ all-projects-regexp: '.*'
+
# for matching repos that build docker images with imagebuilder
# As of 2019-04-16 most of the services actively being developed use the
# make-based image generation process managed by the `docker-publish` job
diff --git a/jjb/omec-ci.yaml b/jjb/omec-ci.yaml
index 6540486..0de0763 100644
--- a/jjb/omec-ci.yaml
+++ b/jjb/omec-ci.yaml
@@ -7,13 +7,12 @@
- project:
name: omec-license-check
- project-name: '{name}'
+ blackduck-project: omec
jobs:
- - 'synopsys-check':
- build-node: "ubuntu16.04-basebuild-2c-4g"
- blackduck-project: omec
+ - 'synopsys-periodic-check':
github-organization: omec-project
+ build-node: "ubuntu16.04-basebuild-2c-4g"
git-server-url: "https://github.com/omec-project"
# generic OMEC test-case jobs, shared by other projects and triggered within pipelines
diff --git a/jjb/onos.yaml b/jjb/onos.yaml
new file mode 100644
index 0000000..153b86c
--- /dev/null
+++ b/jjb/onos.yaml
@@ -0,0 +1,14 @@
+---
+# onos jobs
+# Currently is only the license check across all repos on onos gerrit
+# Kind of a hack as it should happen in ONOS gerrit, but temporary
+
+- project:
+ name: onos-license-check
+
+ blackduck-project: onos
+
+ jobs:
+ - 'synopsys-periodic-check':
+ build-node: "ubuntu16.04-basebuild-2c-4g"
+ git-server-url: "https://gerrit.onosproject.org"
diff --git a/jjb/opencord.yaml b/jjb/opencord.yaml
index 7b41d59..cf23aea 100644
--- a/jjb/opencord.yaml
+++ b/jjb/opencord.yaml
@@ -3,12 +3,13 @@
# Currently is only the license check across all repos
- project:
- name: opencord-license-check
+ name: cord-licensing-check
- project-name: '{name}'
+ blackduck-project: cord
jobs:
- - 'synopsys-check':
+ - 'synopsys-periodic-check':
build-node: "ubuntu16.04-basebuild-2c-4g"
- blackduck-project: opencord
git-server-url: "{gerrit-server-url}"
+ - 'synopsys-merge-check'
+
diff --git a/jjb/pipeline/docker-publish.groovy b/jjb/pipeline/docker-publish.groovy
index 9279635..dce23f1 100644
--- a/jjb/pipeline/docker-publish.groovy
+++ b/jjb/pipeline/docker-publish.groovy
@@ -1,3 +1,17 @@
+// Copyright 2017-present Open Networking Foundation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
/* docker-publish pipeline */
pipeline {
diff --git a/jjb/pipeline/synopsys-check.groovy b/jjb/pipeline/synopsys-check.groovy
index f111415..c0fca94 100644
--- a/jjb/pipeline/synopsys-check.groovy
+++ b/jjb/pipeline/synopsys-check.groovy
@@ -105,7 +105,7 @@
script {
repos.each { gitRepo ->
sh "echo Running Synopsys Detect on: ${gitRepo}"
- synopsys_detect("--detect.source.path=${gitRepo} --detect.project.name=${blackduck_project} --detect.project.version.name=${branch} --detect.blackduck.signature.scanner.snippet.mode=true --detect.tools=ALL --detect.cleanup=false")
+ synopsys_detect("--detect.source.path=${gitRepo} --detect.project.name=${blackduck_project}_${gitRepo} --detect.project.version.name=${branch} --detect.blackduck.signature.scanner.snippet.mode=true --detect.tools=ALL --detect.cleanup=false")
}
}
}
diff --git a/jjb/pipeline/synopsys-single.groovy b/jjb/pipeline/synopsys-single.groovy
new file mode 100644
index 0000000..c1df6ec
--- /dev/null
+++ b/jjb/pipeline/synopsys-single.groovy
@@ -0,0 +1,74 @@
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// synopsys-single.groovy
+// checks a single repo against synopsys
+
+pipeline {
+
+ /* no label, executor is determined by JJB */
+ agent {
+ label "${params.executorNode}"
+ }
+
+ options {
+ timeout(30)
+ }
+
+ stages {
+
+ stage ("Clean workspace") {
+ steps {
+ sh 'rm -rf *'
+ }
+ }
+
+ stage('checkout') {
+ steps {
+ checkout([
+ $class: 'GitSCM',
+ userRemoteConfigs: [[
+ url: "${params.gitUrl}",
+ name: "${params.gitRef}",
+ ]],
+ extensions: [
+ [$class: 'WipeWorkspace'],
+ [$class: 'RelativeTargetDirectory', relativeTargetDir: "${params.projectName}"],
+ [$class: 'CloneOption', depth: 0, noTags: false, reference: '', shallow: false],
+ ],
+ ])
+ script {
+ git_tag_or_branch = sh(script:"cd $projectName; if [[ \$(git tag -l --points-at HEAD) ]]; then git tag -l --points-at HEAD; else ${branchName}; fi", returnStdout: true).trim()
+ }
+ }
+ }
+
+ stage ("Synopsys Detect") {
+ steps {
+ sh "echo Running Synopsys Detect on: ${params.projectName}"
+ synopsys_detect("--detect.source.path=${params.projectName} --detect.project.name=${blackduck_project}_${params.projectName} --detect.project.version.name=$git_tag_or_branch --detect.blackduck.signature.scanner.snippet.mode=true --detect.tools=ALL --detect.cleanup=false")
+ }
+ }
+
+ stage ("Save logs") {
+ steps {
+ sh returnStdout: true, script: """
+ echo COPYING LOGS
+ mkdir -p bd_logs
+ cp -r /home/jenkins/blackduck/runs/* bd_logs
+ ls -l bd_logs/*/*
+ """
+ archiveArtifacts artifacts:'bd_logs/**/*.*'
+ }
+ }
+ }
+}
diff --git a/jjb/synopsys-check.yaml b/jjb/synopsys-check.yaml
index 979554a..5fbf4a1 100644
--- a/jjb/synopsys-check.yaml
+++ b/jjb/synopsys-check.yaml
@@ -3,10 +3,11 @@
# Check for license issues with the Synopsys "Black Duck" tool
- job-template:
- id: 'synopsys-check'
- name: 'synopsys-check_{blackduck-project}'
+ id: 'synopsys-periodic-check'
+ name: 'synopsys-periodic-check_{blackduck-project}'
description: |
+ Periodic merge check of code with synopsys toolset
Created by {id} job-template from ci-management/jjb/synopsys-check.yaml<br/>
Copyright (c) 2018-present Open Networking Foundation (ONF)
@@ -55,3 +56,67 @@
- timed: |
TZ=America/Los_Angeles
H 3 * * *
+
+
+- job-template:
+ id: 'synopsys-merge-check'
+ name: 'synopsys-merge-check_{blackduck-project}'
+
+ description: |
+ Post-merge check of code with synopsys toolset
+ Created by {id} job-template from ci-management/jjb/synopsys-check.yaml<br/>
+ Copyright (c) 2018-present Open Networking Foundation (ONF)
+
+ triggers:
+ - cord-infra-gerrit-trigger-merge:
+ gerrit-server-name: '{gerrit-server-name}'
+ project-regexp: '{all-projects-regexp}'
+ branch-regexp: '{all-branches-regexp}'
+ file-include-regexp: '{all-files-regexp}'
+ dependency-jobs: '{dependency-jobs}'
+
+ properties:
+ - cord-infra-properties:
+ build-days-to-keep: '{build-days-to-keep}'
+ artifact-num-to-keep: '{artifact-num-to-keep}'
+
+ wrappers:
+ - lf-infra-wrappers:
+ build-timeout: '{build-timeout}'
+ jenkins-ssh-credential: '{jenkins-ssh-credential}'
+
+ parameters:
+ - string:
+ name: executorNode
+ default: '{build-node}'
+ description: 'Name of the Jenkins node to run the job on'
+
+ - string:
+ name: gitUrl
+ default: '{gerrit-server-url}/$GERRIT_PROJECT'
+ description: 'URL to the git repo'
+
+ - string:
+ name: gitRef
+ default: '$GERRIT_PATCHSET_REVISION'
+ description: 'git ref to build (commit hash or tag)'
+
+ - string:
+ name: projectName
+ default: '$GERRIT_PROJECT'
+ description: 'Name of the project in Gerrit'
+
+ - string:
+ name: branchName
+ default: '$GERRIT_BRANCH'
+ description: 'Branch of the project in Gerrit'
+
+ - string:
+ name: blackduck_project
+ default: '{blackduck-project}'
+ description: 'The project to assign repos to in the BlackDuck dashboard'
+
+ project-type: pipeline
+ concurrent: true
+
+ dsl: !include-raw-escape: pipeline/synopsys-single.groovy