blob: f521c91d5a3763b293c3ac747769f96bf0cf7751 [file] [log] [blame]
Zack Williamsc1d6a5e2019-05-06 16:35:58 -07001// Licensed under the Apache License, Version 2.0 (the "License");
2// you may not use this file except in compliance with the License.
3// You may obtain a copy of the License at
4//
5// http://www.apache.org/licenses/LICENSE-2.0
6//
7// Unless required by applicable law or agreed to in writing, software
8// distributed under the License is distributed on an "AS IS" BASIS,
9// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10// See the License for the specific language governing permissions and
11// limitations under the License.
12
13// synopsys-check.groovy
14
15pipeline {
16
17 /* no label, executor is determined by JJB */
18 agent {
Zack Williamsb3292082019-10-11 17:15:18 -070019 label "${params.buildNode}"
Zack Williamsc1d6a5e2019-05-06 16:35:58 -070020 }
21
Zack Williams861c4702019-07-02 13:41:21 -070022 // Set so that synopsys_detect will know where to run golang tools from
23 environment {
24 PATH = "$PATH:/usr/lib/go-1.12/bin:/usr/local/go/bin/:$WORKSPACE/go/bin"
25 GOPATH = "$WORKSPACE/go"
26 }
27
Zack Williamsc1d6a5e2019-05-06 16:35:58 -070028 options {
Zack Williams79030932019-05-08 15:50:36 -070029 timeout(240)
Zack Williamsc1d6a5e2019-05-06 16:35:58 -070030 }
31
32 stages {
33
34 stage ("Clean workspace") {
35 steps {
36 sh 'rm -rf *'
37 }
38 }
39
40 stage ("Get repo list") {
41 steps {
42 script {
Zack Williams79030932019-05-08 15:50:36 -070043 writeFile file: 'get_repo_list.py', text: """
44#!/usr/bin/env python
45
46import json
47import os
48import requests
49
50if "github_organization" in os.environ:
51 # this is a github org
52 github_req = requests.get("https://api.github.com/orgs/%s/repos" %
53 os.environ["github_organization"])
54
55 # pull out the "name" key out of each item
56 repo_list = map(lambda item: item["name"], github_req.json())
57
58else:
59 # this is a gerrit server
60
61 # fetch the list of projects
62 gerrit_req = requests.get("%s/projects/?pp=0" %
63 os.environ["git_server_url"])
64 # remove XSSI prefix
65 # https://gerrit-review.googlesource.com/Documentation/rest-api.html#output
66 gerrit_json = json.loads(gerrit_req.text.splitlines()[1])
67
68 # remove repos which don't contain code
69 repo_list = [repo for repo in gerrit_json.keys()
70 if repo not in ["All-Projects", "All-Users", "voltha-bal"]]
71
72# sort and print
73print(",".join(sorted(repo_list)))
74"""
75
Zack Williamsb92f5d82019-05-06 22:16:40 -070076 /* this defines the variable globally - not ideal, but works - see:
77 https://stackoverflow.com/questions/50571316/strange-variable-scoping-behavior-in-jenkinsfile
78 */
79 repos = sh(
Zack Williams79030932019-05-08 15:50:36 -070080 returnStdout: true,
81 script: "python -u get_repo_list.py").trim().split(",")
Zack Williamsc1d6a5e2019-05-06 16:35:58 -070082
Zack Williamsb92f5d82019-05-06 22:16:40 -070083 echo "repo list: ${repos}"
Zack Williamsc1d6a5e2019-05-06 16:35:58 -070084 }
85 }
86 }
87
88 stage ("Checkout repos") {
89 steps {
90 script {
91 repos.each { gitRepo ->
92 sh "echo Checking out: ${gitRepo}"
Zack Williams79030932019-05-08 15:50:36 -070093 checkout(changelog: false, scm: [
Zack Williamsc1d6a5e2019-05-06 16:35:58 -070094 $class: 'GitSCM',
Zack Williams99330272019-08-21 11:33:48 -070095 userRemoteConfigs: [[ url: "${params.git_server_url}/${gitRepo}/", ]],
96 branches: [[ name: "${branch}", ]],
Zack Williamsc1d6a5e2019-05-06 16:35:58 -070097 extensions: [
Zack Williams79030932019-05-08 15:50:36 -070098 [$class: 'RelativeTargetDirectory', relativeTargetDir: "${gitRepo}"],
99 [$class: 'CloneOption', depth: 0, noTags: false, reference: '', shallow: false],
Zack Williamsc1d6a5e2019-05-06 16:35:58 -0700100 ],
Zack Williams79030932019-05-08 15:50:36 -0700101 ])
Zack Williamsc1d6a5e2019-05-06 16:35:58 -0700102 }
103 }
104 }
105 }
106
107 stage ("Synopsys Detect") {
108 steps {
Zack Williamsd9a34c42019-09-26 07:56:43 -0700109 // catch any errors that occur so that logs can be saved in the next stage
110 catchError {
111 script {
112 repos.each { gitRepo ->
113 sh "echo Running Synopsys Detect on: ${gitRepo}"
114 synopsys_detect("--detect.source.path=${gitRepo} " + \
115 "--detect.project.name=${blackduck_project}_${projectName} " + \
116 "--detect.project.version.name=$git_tag_or_branch " + \
117 "--detect.blackduck.signature.scanner.snippet.matching=SNIPPET_MATCHING " + \
118 "--detect.blackduck.signature.scanner.upload.source.mode=true " + \
119 "--detect.blackduck.signature.scanner.exclusion.patterns=/vendor/ " + \
120 "--detect.policy.check.fail.on.severities=ALL,BLOCKER,CRITICAL,MAJOR,MINOR,TRIVIAL " + \
121 "--detect.report.timeout=900 " + \
122 "--detect.tools=ALL " + \
123 "--detect.cleanup=false")
124 }
Zack Williamsc1d6a5e2019-05-06 16:35:58 -0700125 }
126 }
127 }
128 }
129
130 stage ("Save logs") {
131 steps {
132 sh returnStdout: true, script: """
133 echo COPYING LOGS
134 mkdir -p bd_logs
135 cp -r /home/jenkins/blackduck/runs/* bd_logs
136 ls -l bd_logs/*/*
137 """
138 archiveArtifacts artifacts:'bd_logs/**/*.*'
139 }
140 }
141 }
142}