Jobs for running the Synopsys BlackDuck check
Change-Id: Ida89ac662a9acfb236ef0298f73d44d1f11f3a71
diff --git a/jjb/defaults.yaml b/jjb/defaults.yaml
index f850d4b..7756219 100644
--- a/jjb/defaults.yaml
+++ b/jjb/defaults.yaml
@@ -149,3 +149,10 @@
# This portion of the path should be included: `$GOPATH/src/<dest-gopath>/<project>"
# If blank, golang related variables won't be set
dest-gopath: ''
+
+ # github organization
+ # Used to pull list of all repos from a specific github organization
+ # Currently used with: synopsys detect
+ # Default is blank, which implies using gerrit instead
+ github-organization: ''
+
diff --git a/jjb/license-check.yaml b/jjb/license-check.yaml
deleted file mode 100644
index 79bc542..0000000
--- a/jjb/license-check.yaml
+++ /dev/null
@@ -1,70 +0,0 @@
----
-# omec license check job
-
-- project:
- name: omec-license-check
-
- project-name: '{name}'
-
- jobs:
- - 'blackduck-license-check'
-
-- job-template:
- id: 'blackduck-license-check'
- name: 'omec-license'
-
- description: |
- Created by {id} job-template from ci-management/jjb/license-check.yaml<br />
- Copyright (c) 2018 Open Networking Foundation (ONF)
-
- properties:
- - cord-infra-properties:
- build-days-to-keep: '{build-days-to-keep}'
- artifact-num-to-keep: '{artifact-num-to-keep}'
-
- wrappers:
- - lf-infra-wrappers:
- build-timeout: '{build-timeout}'
- jenkins-ssh-credential: '{jenkins-ssh-credential}'
-
- parameters:
- - string:
- name: TestNodeName
- default: 'ubuntu16.04-basebuild-1c-1g'
- description: 'Jenkins node name of TestVM Node'
-
- - string:
- name: branch
- default: 'master'
- description: 'Gerrit Branch'
-
- - string:
- name: repos
- default: 'ngic-rtc,freediameter,c3po,openmme,oss-util,deployment,il_trafficgen'
- description: 'list of the repos to check'
-
- - string:
- name: prefix
- default: 'cord-m'
- description: 'The prefix to give to the projects in the BlackDuck dashboard'
-
- - string:
- name: notificationEmail
- default: 'omecproject-support@opennetworking.org'
- description: ''
-
- project-type: pipeline
- concurrent: true
-
- pipeline-scm:
- script-path: 'Jenkinsfile-license-check.groovy'
- scm:
- - git:
- url: 'https://github.com/omec-project/omec-project-ci'
- branches:
- - 'master'
-
- triggers:
- - timed: |
- TZ=America/Los_Angeles
- H 3 * * *
diff --git a/jjb/omec-ci.yaml b/jjb/omec-ci.yaml
index 9c4ca0c..1af8803 100644
--- a/jjb/omec-ci.yaml
+++ b/jjb/omec-ci.yaml
@@ -3,6 +3,19 @@
# Uses github pull request builder to trigger and Jenkinsfiles from this repo
# https://github.com/omec-project/omec-project-ci
+# license check
+- project:
+ name: omec-license-check
+
+ project-name: '{name}'
+
+ jobs:
+ - 'synopsys-check':
+ build-node: "ubuntu16.04-basebuild-2c-4g"
+ blackduck-project: omec
+ github-organization: omec-project
+ git-server-url: "https://github.com"
+
# generic OMEC test-case jobs, shared by other projects and triggered within pipelines
- project:
name: omec
diff --git a/jjb/opencord.yaml b/jjb/opencord.yaml
new file mode 100644
index 0000000..b9505bd
--- /dev/null
+++ b/jjb/opencord.yaml
@@ -0,0 +1,13 @@
+---
+# opencord jobs
+# Currently is only the license check across all repos
+
+- project:
+ name: opencord-license-check
+
+ project-name: '{name}'
+
+ jobs:
+ - 'synopsys-check':
+ build-node: "ubuntu16.04-basebuild-2c-4g"
+ blackduck-project: opencord
diff --git a/jjb/pipeline/synopsys-check.groovy b/jjb/pipeline/synopsys-check.groovy
new file mode 100644
index 0000000..f454d29
--- /dev/null
+++ b/jjb/pipeline/synopsys-check.groovy
@@ -0,0 +1,102 @@
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// synopsys-check.groovy
+
+pipeline {
+
+ /* no label, executor is determined by JJB */
+ agent {
+ label "${params.executorNode}"
+ }
+
+ options {
+ timeout(30)
+ }
+
+ stages {
+
+ stage ("Clean workspace") {
+ steps {
+ sh 'rm -rf *'
+ }
+ }
+
+ stage ("Get repo list") {
+ steps {
+ script {
+ def repos = sh(
+ returnStdout: true,
+ script: """
+ #!/usr/bin/env bash
+ set -eu -o pipefail
+
+ if [ -z "${github_organization}" ]
+ then
+ # no github org set, assume gerrit server
+ curl "${git_server_url}/projects/?pp=0" | python -c 'import json,sys; ij=sys.stdin.readlines(); obj=json.loads(ij[1]); print(",".join(obj.keys()))'
+ else
+ # github org set, assume github organization
+ curl -sS "https://api.github.com/orgs/${github_organization}/repos" | python -c 'import json,sys;obj=json.load(sys.stdin); print ",".join(map(lambda item: item["name"], obj))'
+ fi
+ """
+ ).split(",")
+ }
+ }
+ }
+
+ stage ("Checkout repos") {
+ steps {
+ script {
+ repos.each { gitRepo ->
+ sh "echo Checking out: ${gitRepo}"
+ checkout(
+ [
+ $class: 'GitSCM',
+ userRemoteConfigs: [[
+ url: "${params.git_server_url}/${gitRepo}/",
+ name: "${branch}",
+ ]],
+ extensions: [
+ [$class: 'RelativeTargetDirectory', relativeTargetDir: "${gitRepo}"],
+ [$class: 'CloneOption', depth: 0, noTags: false, reference: '', shallow: false],
+ ],
+ ])
+ }
+ }
+ }
+ }
+
+ stage ("Synopsys Detect") {
+ steps {
+ script {
+ repos.each { gitRepo ->
+ sh "echo Running Synopsys Detect on: ${gitRepo}"
+ synopsys_detect("--detect.source.path=${gitRepo} --detect.project.name=${blackduck_project} --detect.project.version.name=${branch} --detect.blackduck.signature.scanner.snippet.mode=true --detect.tools=ALL --detect.cleanup=false")
+ }
+ }
+ }
+ }
+
+ stage ("Save logs") {
+ steps {
+ sh returnStdout: true, script: """
+ echo COPYING LOGS
+ mkdir -p bd_logs
+ cp -r /home/jenkins/blackduck/runs/* bd_logs
+ ls -l bd_logs/*/*
+ """
+ archiveArtifacts artifacts:'bd_logs/**/*.*'
+ }
+ }
+ }
+}
diff --git a/jjb/synopsys-check.yaml b/jjb/synopsys-check.yaml
new file mode 100644
index 0000000..2688ae4
--- /dev/null
+++ b/jjb/synopsys-check.yaml
@@ -0,0 +1,57 @@
+---
+# synopsys license check job
+# Check for license issues with the Synopsys "Black Duck" tool
+
+- job-template:
+ id: 'synopsys-check'
+ name: 'synopsys-check_{blackduck-project}'
+
+ description: |
+ Created by {id} job-template from ci-management/jjb/synopsys-check.yaml<br/>
+ Copyright (c) 2018-present Open Networking Foundation (ONF)
+
+ properties:
+ - cord-infra-properties:
+ build-days-to-keep: '{build-days-to-keep}'
+ artifact-num-to-keep: '{artifact-num-to-keep}'
+
+ wrappers:
+ - lf-infra-wrappers:
+ build-timeout: '{build-timeout}'
+ jenkins-ssh-credential: '{jenkins-ssh-credential}'
+
+ parameters:
+ - string:
+ name: executorNode
+ default: '{build-node}'
+ description: 'Name of the Jenkins node to run the job on'
+
+ - string:
+ name: branch
+ default: 'master'
+ description: 'branch to check'
+
+ - string:
+ name: git_server_url
+ default: '{gerrit-server-url}'
+ description: 'Git Server URL'
+
+ - string:
+ name: github_organization
+ default: '{github-organization}'
+ description: 'GitHub Organization (leave blank if using Gerrit)'
+
+ - string:
+ name: blackduck_project
+ default: '{blackduck-project}'
+ description: 'The project to assign repos to in the BlackDuck dashboard'
+
+ project-type: pipeline
+ concurrent: true
+
+ dsl: !include-raw-escape: pipeline/synopsys-check.groovy
+
+ triggers:
+ - timed: |
+ TZ=America/Los_Angeles
+ H 3 * * *