Merge "Disable Synopsys/BlackDuck checks, un-trigger FOSSA job"
diff --git a/jjb/fossa.yaml b/jjb/fossa.yaml
index 9d6e09b..38fe47e 100644
--- a/jjb/fossa.yaml
+++ b/jjb/fossa.yaml
@@ -22,34 +22,34 @@
Created by {id} job-template from ci-management/jjb/fossa.yaml<br/>
Copyright (c) 2018-present Open Networking Foundation (ONF)
- # replace with cord-infra-gerrit-trigger-patchset when skip-vote is removed
- triggers:
- - gerrit:
- server-name: '{gerrit-server-name}'
- dependency-jobs: '{dependency-jobs}'
- silent-start: true
- trigger-on:
- - patchset-created-event:
- exclude-drafts: true
- exclude-trivial-rebase: false
- exclude-no-code-change: true
- - draft-published-event
- - comment-added-contains-event:
- comment-contains-value: '(?i)^.*recheck$'
- projects:
- - project-compare-type: REG_EXP
- project-pattern: '{project-regexp}'
- branches:
- - branch-compare-type: REG_EXP
- branch-pattern: '{branch-regexp}'
- file-paths:
- - compare-type: REG_EXP
- pattern: '{file-include-regexp}'
- skip-vote:
- success: true
- failed: true
- unstable: true
- notbuilt: true
+# # replace with cord-infra-gerrit-trigger-patchset when skip-vote is removed
+# triggers:
+# - gerrit:
+# server-name: '{gerrit-server-name}'
+# dependency-jobs: '{dependency-jobs}'
+# silent-start: true
+# trigger-on:
+# - patchset-created-event:
+# exclude-drafts: true
+# exclude-trivial-rebase: false
+# exclude-no-code-change: true
+# - draft-published-event
+# - comment-added-contains-event:
+# comment-contains-value: '(?i)^.*recheck$'
+# projects:
+# - project-compare-type: REG_EXP
+# project-pattern: '{project-regexp}'
+# branches:
+# - branch-compare-type: REG_EXP
+# branch-pattern: '{branch-regexp}'
+# file-paths:
+# - compare-type: REG_EXP
+# pattern: '{file-include-regexp}'
+# skip-vote:
+# success: true
+# failed: true
+# unstable: true
+# notbuilt: true
properties:
- cord-infra-properties:
diff --git a/jjb/omec-ci.yaml b/jjb/omec-ci.yaml
index 1c6efc6..594b35a 100644
--- a/jjb/omec-ci.yaml
+++ b/jjb/omec-ci.yaml
@@ -3,18 +3,6 @@
# Uses github pull request builder to trigger and Jenkinsfiles from this repo
# https://github.com/omec-project/omec-project-ci
-# license check
-- project:
- name: omec-license-check
-
- blackduck-project: omec
-
- jobs:
- - 'synopsys-periodic-check':
- github-organization: 'omec-project'
- build-node: "ubuntu16.04-basebuild-2c-4g"
- git-server-url: "https://github.com/omec-project"
-
# generic OMEC test-case jobs, shared by other projects and triggered within pipelines
- project:
name: omec
diff --git a/jjb/onos.yaml b/jjb/onos.yaml
deleted file mode 100644
index 153b86c..0000000
--- a/jjb/onos.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-# onos jobs
-# Currently is only the license check across all repos on onos gerrit
-# Kind of a hack as it should happen in ONOS gerrit, but temporary
-
-- project:
- name: onos-license-check
-
- blackduck-project: onos
-
- jobs:
- - 'synopsys-periodic-check':
- build-node: "ubuntu16.04-basebuild-2c-4g"
- git-server-url: "https://gerrit.onosproject.org"
diff --git a/jjb/opencord.yaml b/jjb/opencord.yaml
deleted file mode 100644
index 42e7728..0000000
--- a/jjb/opencord.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-# opencord jobs
-# Currently is only the license check across all repos
-
-- project:
- name: cord-licensing-check
-
- blackduck-project: cord
-
- jobs:
- # - 'synopsys-periodic-check':
- # build-node: "ubuntu16.04-basebuild-2c-4g"
- # git-server-url: "{gerrit-server-url}"
- - 'synopsys-merge-check'
-
diff --git a/jjb/pipeline/synopsys-check.groovy b/jjb/pipeline/synopsys-check.groovy
deleted file mode 100644
index f521c91..0000000
--- a/jjb/pipeline/synopsys-check.groovy
+++ /dev/null
@@ -1,142 +0,0 @@
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// synopsys-check.groovy
-
-pipeline {
-
- /* no label, executor is determined by JJB */
- agent {
- label "${params.buildNode}"
- }
-
- // Set so that synopsys_detect will know where to run golang tools from
- environment {
- PATH = "$PATH:/usr/lib/go-1.12/bin:/usr/local/go/bin/:$WORKSPACE/go/bin"
- GOPATH = "$WORKSPACE/go"
- }
-
- options {
- timeout(240)
- }
-
- stages {
-
- stage ("Clean workspace") {
- steps {
- sh 'rm -rf *'
- }
- }
-
- stage ("Get repo list") {
- steps {
- script {
- writeFile file: 'get_repo_list.py', text: """
-#!/usr/bin/env python
-
-import json
-import os
-import requests
-
-if "github_organization" in os.environ:
- # this is a github org
- github_req = requests.get("https://api.github.com/orgs/%s/repos" %
- os.environ["github_organization"])
-
- # pull out the "name" key out of each item
- repo_list = map(lambda item: item["name"], github_req.json())
-
-else:
- # this is a gerrit server
-
- # fetch the list of projects
- gerrit_req = requests.get("%s/projects/?pp=0" %
- os.environ["git_server_url"])
- # remove XSSI prefix
- # https://gerrit-review.googlesource.com/Documentation/rest-api.html#output
- gerrit_json = json.loads(gerrit_req.text.splitlines()[1])
-
- # remove repos which don't contain code
- repo_list = [repo for repo in gerrit_json.keys()
- if repo not in ["All-Projects", "All-Users", "voltha-bal"]]
-
-# sort and print
-print(",".join(sorted(repo_list)))
-"""
-
- /* this defines the variable globally - not ideal, but works - see:
- https://stackoverflow.com/questions/50571316/strange-variable-scoping-behavior-in-jenkinsfile
- */
- repos = sh(
- returnStdout: true,
- script: "python -u get_repo_list.py").trim().split(",")
-
- echo "repo list: ${repos}"
- }
- }
- }
-
- stage ("Checkout repos") {
- steps {
- script {
- repos.each { gitRepo ->
- sh "echo Checking out: ${gitRepo}"
- checkout(changelog: false, scm: [
- $class: 'GitSCM',
- userRemoteConfigs: [[ url: "${params.git_server_url}/${gitRepo}/", ]],
- branches: [[ name: "${branch}", ]],
- extensions: [
- [$class: 'RelativeTargetDirectory', relativeTargetDir: "${gitRepo}"],
- [$class: 'CloneOption', depth: 0, noTags: false, reference: '', shallow: false],
- ],
- ])
- }
- }
- }
- }
-
- stage ("Synopsys Detect") {
- steps {
- // catch any errors that occur so that logs can be saved in the next stage
- catchError {
- script {
- repos.each { gitRepo ->
- sh "echo Running Synopsys Detect on: ${gitRepo}"
- synopsys_detect("--detect.source.path=${gitRepo} " + \
- "--detect.project.name=${blackduck_project}_${projectName} " + \
- "--detect.project.version.name=$git_tag_or_branch " + \
- "--detect.blackduck.signature.scanner.snippet.matching=SNIPPET_MATCHING " + \
- "--detect.blackduck.signature.scanner.upload.source.mode=true " + \
- "--detect.blackduck.signature.scanner.exclusion.patterns=/vendor/ " + \
- "--detect.policy.check.fail.on.severities=ALL,BLOCKER,CRITICAL,MAJOR,MINOR,TRIVIAL " + \
- "--detect.report.timeout=900 " + \
- "--detect.tools=ALL " + \
- "--detect.cleanup=false")
- }
- }
- }
- }
- }
-
- stage ("Save logs") {
- steps {
- sh returnStdout: true, script: """
- echo COPYING LOGS
- mkdir -p bd_logs
- cp -r /home/jenkins/blackduck/runs/* bd_logs
- ls -l bd_logs/*/*
- """
- archiveArtifacts artifacts:'bd_logs/**/*.*'
- }
- }
- }
-}
diff --git a/jjb/pipeline/synopsys-single.groovy b/jjb/pipeline/synopsys-single.groovy
deleted file mode 100644
index 8b63d89..0000000
--- a/jjb/pipeline/synopsys-single.groovy
+++ /dev/null
@@ -1,134 +0,0 @@
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// synopsys-single.groovy
-// checks a single repo against synopsys
-
-pipeline {
-
- /* no label, executor is determined by JJB */
- agent {
- label "${params.buildNode}"
- }
-
- // Set so that synopsys_detect will know where to run golang tools from
- environment {
- PATH = "$PATH:/usr/lib/go-1.12/bin:/usr/local/go/bin/:$WORKSPACE/go/bin"
- GOPATH = "$WORKSPACE/go"
- }
-
- options {
- timeout(60)
- }
-
- stages {
-
- stage ("Clean workspace") {
- steps {
- sh 'rm -rf *'
- }
- }
-
- stage('Checkout') {
- steps {
- checkout([
- $class: 'GitSCM',
- userRemoteConfigs: [[ url: "${params.gitUrl}", ]],
- branches: [[ name: "${params.gitRef}", ]],
- extensions: [
- [$class: 'WipeWorkspace'],
- [$class: 'RelativeTargetDirectory', relativeTargetDir: "${params.projectName}"],
- [$class: 'CloneOption', depth: 0, noTags: false, reference: '', shallow: false],
- ],
- ])
-
- // Used later to set the branch/tag in the blackduck UI release
- script {
- git_tag_or_branch = sh(script:"cd $projectName; if [[ \$(git tag -l --points-at HEAD) ]]; then git tag -l --points-at HEAD; else echo ${branchName}; fi", returnStdout: true).trim()
- }
- }
- }
-
- stage ("Prepare") {
- steps {
-
- // change the path tested if for golang projects which expect to be found in GOPATH
- script {
- test_path = sh(script:"if [ -f \"$projectName/Gopkg.toml\" ] || [ -f \"$projectName/go.mod\" ] ; then echo $WORKSPACE/go/src/github.com/opencord/$projectName; else echo $projectName; fi", returnStdout: true).trim()
- }
-
- sh returnStdout: true, script: """
- if [ -f "$projectName/package.json" ]
- then
- echo "Found '$projectName/package.json', assuming a Node.js project, running npm install"
- pushd "$projectName"
- npm install
- popd
- elif [ -f "$projectName/Gopkg.toml" ]
- then
- echo "Found '$projectName/Gopkg.toml', assuming a golang project using dep"
- mkdir -p "\$GOPATH/src/github.com/opencord/"
- mv "$WORKSPACE/$projectName" "$test_path"
- pushd "$test_path"
- dep ensure
- popd
- elif [ -f "$projectName/go.mod" ]
- then
- echo "Found '$projectName/go.mod', assuming a golang project using go modules"
- mkdir -p "\$GOPATH/src/github.com/opencord/"
- mv "$WORKSPACE/$projectName" "$test_path"
- pushd "$test_path"
- make dep
- popd
- fi
- """
- }
- }
-
- stage ("Synopsys Detect") {
- steps {
- // catch any errors that occur so that logs can be saved in the next stage
- // docs: https://jenkins.io/doc/pipeline/steps/workflow-basic-steps/#catcherror-catch-error-and-set-build-result-to-failure
- catchError {
- sh "echo Running Synopsys Detect on: ${projectName}"
-
- // Plugin: https://github.com/jenkinsci/synopsys-detect-plugin
- // Documentation: https://synopsys.atlassian.net/wiki/spaces/INTDOCS/pages/62423113/Synopsys+Detect
- // also: https://community.synopsys.com/s/article/Integrations-Documentation-Synopsys-Detect-Properties-for-version-5-4-0
- // also: Help menu after logging into BlackDuck portal
- synopsys_detect("--detect.source.path=$test_path " + \
- "--detect.project.name=${blackduck_project}_${projectName} " + \
- "--detect.project.version.name=$git_tag_or_branch " + \
- "--detect.blackduck.signature.scanner.snippet.matching=SNIPPET_MATCHING " + \
- "--detect.blackduck.signature.scanner.upload.source.mode=true " + \
- "--detect.blackduck.signature.scanner.exclusion.patterns=/vendor/ " + \
- "--detect.policy.check.fail.on.severities=ALL,BLOCKER,CRITICAL,MAJOR,MINOR,TRIVIAL " + \
- "--detect.report.timeout=3600 " + \
- "--detect.tools=ALL " + \
- "--detect.cleanup=false")
- }
- }
- }
-
- stage ("Save Logs") {
- steps {
- sh returnStdout: true, script: """
- echo COPYING LOGS
- mkdir -p bd_logs
- cp -r /home/jenkins/blackduck/runs/* bd_logs
- ls -l bd_logs/*/*
- """
- archiveArtifacts artifacts:'bd_logs/**/*.*'
- }
- }
- }
-}
diff --git a/jjb/synopsys-check.yaml b/jjb/synopsys-check.yaml
deleted file mode 100644
index ea66e53..0000000
--- a/jjb/synopsys-check.yaml
+++ /dev/null
@@ -1,122 +0,0 @@
----
-# synopsys license check job
-# Check for license issues with the Synopsys "Black Duck" tool
-
-- job-template:
- id: 'synopsys-periodic-check'
- name: 'synopsys-periodic-check_{blackduck-project}'
-
- description: |
- Periodic merge check of code with synopsys toolset
- Created by {id} job-template from ci-management/jjb/synopsys-check.yaml<br/>
- Copyright (c) 2018-present Open Networking Foundation (ONF)
-
- properties:
- - cord-infra-properties:
- build-days-to-keep: '{build-days-to-keep}'
- artifact-num-to-keep: '{artifact-num-to-keep}'
-
- wrappers:
- - lf-infra-wrappers:
- build-timeout: '{build-timeout}'
- jenkins-ssh-credential: '{jenkins-ssh-credential}'
-
- parameters:
- - string:
- name: buildNode
- default: '{build-node}'
- description: 'Name of the Jenkins node to run the job on'
-
- - string:
- name: branch
- default: 'master'
- description: 'branch to check'
-
- - string:
- name: git_server_url
- default: '{git-server-url}'
- description: 'Git Server URL'
-
- - string:
- name: github_organization
- default: '{github-organization}'
- description: 'GitHub Organization (leave blank if using Gerrit)'
-
- - string:
- name: blackduck_project
- default: '{blackduck-project}'
- description: 'The project to assign repos to in the BlackDuck dashboard'
-
- project-type: pipeline
- concurrent: true
-
- dsl: !include-raw-escape: pipeline/synopsys-check.groovy
-
- triggers:
- - timed: |
- TZ=America/Los_Angeles
- H 3 * * *
-
-
-- job-template:
- id: 'synopsys-merge-check'
- name: 'synopsys-merge-check_{blackduck-project}'
-
- description: |
- Post-merge check of code with synopsys toolset
- Created by {id} job-template from ci-management/jjb/synopsys-check.yaml<br/>
- Copyright (c) 2018-present Open Networking Foundation (ONF)
-
- triggers:
- - cord-infra-gerrit-trigger-merge:
- gerrit-server-name: '{gerrit-server-name}'
- project-regexp: '{all-projects-regexp}'
- branch-regexp: '{all-branches-regexp}'
- file-include-regexp: '{all-files-regexp}'
- dependency-jobs: '{dependency-jobs}'
-
- properties:
- - cord-infra-properties:
- build-days-to-keep: '{build-days-to-keep}'
- artifact-num-to-keep: '{artifact-num-to-keep}'
-
- wrappers:
- - lf-infra-wrappers:
- build-timeout: '60'
- jenkins-ssh-credential: '{jenkins-ssh-credential}'
-
- parameters:
- - string:
- name: buildNode
- default: '{build-node}'
- description: 'Name of the Jenkins node to run the job on'
-
- - string:
- name: gitUrl
- default: '{gerrit-server-url}/$GERRIT_PROJECT'
- description: 'URL to the git repo'
-
- - string:
- name: gitRef
- default: '$GERRIT_PATCHSET_REVISION'
- description: 'git ref to build (commit hash or tag)'
-
- - string:
- name: projectName
- default: '$GERRIT_PROJECT'
- description: 'Name of the project in Gerrit'
-
- - string:
- name: branchName
- default: '$GERRIT_BRANCH'
- description: 'Branch of the project in Gerrit'
-
- - string:
- name: blackduck_project
- default: '{blackduck-project}'
- description: 'The project to assign repos to in the BlackDuck dashboard'
-
- project-type: pipeline
- concurrent: true
-
- dsl: !include-raw-escape: pipeline/synopsys-single.groovy