Zack Williams | c1d6a5e | 2019-05-06 16:35:58 -0700 | [diff] [blame] | 1 | // Licensed under the Apache License, Version 2.0 (the "License"); |
| 2 | // you may not use this file except in compliance with the License. |
| 3 | // You may obtain a copy of the License at |
| 4 | // |
| 5 | // http://www.apache.org/licenses/LICENSE-2.0 |
| 6 | // |
| 7 | // Unless required by applicable law or agreed to in writing, software |
| 8 | // distributed under the License is distributed on an "AS IS" BASIS, |
| 9 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 10 | // See the License for the specific language governing permissions and |
| 11 | // limitations under the License. |
| 12 | |
| 13 | // synopsys-check.groovy |
| 14 | |
| 15 | pipeline { |
| 16 | |
| 17 | /* no label, executor is determined by JJB */ |
| 18 | agent { |
Zack Williams | b329208 | 2019-10-11 17:15:18 -0700 | [diff] [blame] | 19 | label "${params.buildNode}" |
Zack Williams | c1d6a5e | 2019-05-06 16:35:58 -0700 | [diff] [blame] | 20 | } |
| 21 | |
Zack Williams | 861c470 | 2019-07-02 13:41:21 -0700 | [diff] [blame] | 22 | // Set so that synopsys_detect will know where to run golang tools from |
| 23 | environment { |
| 24 | PATH = "$PATH:/usr/lib/go-1.12/bin:/usr/local/go/bin/:$WORKSPACE/go/bin" |
| 25 | GOPATH = "$WORKSPACE/go" |
| 26 | } |
| 27 | |
Zack Williams | c1d6a5e | 2019-05-06 16:35:58 -0700 | [diff] [blame] | 28 | options { |
Zack Williams | 7903093 | 2019-05-08 15:50:36 -0700 | [diff] [blame] | 29 | timeout(240) |
Zack Williams | c1d6a5e | 2019-05-06 16:35:58 -0700 | [diff] [blame] | 30 | } |
| 31 | |
| 32 | stages { |
| 33 | |
| 34 | stage ("Clean workspace") { |
| 35 | steps { |
| 36 | sh 'rm -rf *' |
| 37 | } |
| 38 | } |
| 39 | |
| 40 | stage ("Get repo list") { |
| 41 | steps { |
| 42 | script { |
Zack Williams | 7903093 | 2019-05-08 15:50:36 -0700 | [diff] [blame] | 43 | writeFile file: 'get_repo_list.py', text: """ |
| 44 | #!/usr/bin/env python |
| 45 | |
| 46 | import json |
| 47 | import os |
| 48 | import requests |
| 49 | |
| 50 | if "github_organization" in os.environ: |
| 51 | # this is a github org |
| 52 | github_req = requests.get("https://api.github.com/orgs/%s/repos" % |
| 53 | os.environ["github_organization"]) |
| 54 | |
| 55 | # pull out the "name" key out of each item |
| 56 | repo_list = map(lambda item: item["name"], github_req.json()) |
| 57 | |
| 58 | else: |
| 59 | # this is a gerrit server |
| 60 | |
| 61 | # fetch the list of projects |
| 62 | gerrit_req = requests.get("%s/projects/?pp=0" % |
| 63 | os.environ["git_server_url"]) |
| 64 | # remove XSSI prefix |
| 65 | # https://gerrit-review.googlesource.com/Documentation/rest-api.html#output |
| 66 | gerrit_json = json.loads(gerrit_req.text.splitlines()[1]) |
| 67 | |
| 68 | # remove repos which don't contain code |
| 69 | repo_list = [repo for repo in gerrit_json.keys() |
| 70 | if repo not in ["All-Projects", "All-Users", "voltha-bal"]] |
| 71 | |
| 72 | # sort and print |
| 73 | print(",".join(sorted(repo_list))) |
| 74 | """ |
| 75 | |
Zack Williams | b92f5d8 | 2019-05-06 22:16:40 -0700 | [diff] [blame] | 76 | /* this defines the variable globally - not ideal, but works - see: |
| 77 | https://stackoverflow.com/questions/50571316/strange-variable-scoping-behavior-in-jenkinsfile |
| 78 | */ |
| 79 | repos = sh( |
Zack Williams | 7903093 | 2019-05-08 15:50:36 -0700 | [diff] [blame] | 80 | returnStdout: true, |
| 81 | script: "python -u get_repo_list.py").trim().split(",") |
Zack Williams | c1d6a5e | 2019-05-06 16:35:58 -0700 | [diff] [blame] | 82 | |
Zack Williams | b92f5d8 | 2019-05-06 22:16:40 -0700 | [diff] [blame] | 83 | echo "repo list: ${repos}" |
Zack Williams | c1d6a5e | 2019-05-06 16:35:58 -0700 | [diff] [blame] | 84 | } |
| 85 | } |
| 86 | } |
| 87 | |
| 88 | stage ("Checkout repos") { |
| 89 | steps { |
| 90 | script { |
| 91 | repos.each { gitRepo -> |
| 92 | sh "echo Checking out: ${gitRepo}" |
Zack Williams | 7903093 | 2019-05-08 15:50:36 -0700 | [diff] [blame] | 93 | checkout(changelog: false, scm: [ |
Zack Williams | c1d6a5e | 2019-05-06 16:35:58 -0700 | [diff] [blame] | 94 | $class: 'GitSCM', |
Zack Williams | 9933027 | 2019-08-21 11:33:48 -0700 | [diff] [blame] | 95 | userRemoteConfigs: [[ url: "${params.git_server_url}/${gitRepo}/", ]], |
| 96 | branches: [[ name: "${branch}", ]], |
Zack Williams | c1d6a5e | 2019-05-06 16:35:58 -0700 | [diff] [blame] | 97 | extensions: [ |
Zack Williams | 7903093 | 2019-05-08 15:50:36 -0700 | [diff] [blame] | 98 | [$class: 'RelativeTargetDirectory', relativeTargetDir: "${gitRepo}"], |
| 99 | [$class: 'CloneOption', depth: 0, noTags: false, reference: '', shallow: false], |
Zack Williams | c1d6a5e | 2019-05-06 16:35:58 -0700 | [diff] [blame] | 100 | ], |
Zack Williams | 7903093 | 2019-05-08 15:50:36 -0700 | [diff] [blame] | 101 | ]) |
Zack Williams | c1d6a5e | 2019-05-06 16:35:58 -0700 | [diff] [blame] | 102 | } |
| 103 | } |
| 104 | } |
| 105 | } |
| 106 | |
| 107 | stage ("Synopsys Detect") { |
| 108 | steps { |
Zack Williams | d9a34c4 | 2019-09-26 07:56:43 -0700 | [diff] [blame] | 109 | // catch any errors that occur so that logs can be saved in the next stage |
| 110 | catchError { |
| 111 | script { |
| 112 | repos.each { gitRepo -> |
| 113 | sh "echo Running Synopsys Detect on: ${gitRepo}" |
| 114 | synopsys_detect("--detect.source.path=${gitRepo} " + \ |
| 115 | "--detect.project.name=${blackduck_project}_${projectName} " + \ |
| 116 | "--detect.project.version.name=$git_tag_or_branch " + \ |
| 117 | "--detect.blackduck.signature.scanner.snippet.matching=SNIPPET_MATCHING " + \ |
| 118 | "--detect.blackduck.signature.scanner.upload.source.mode=true " + \ |
| 119 | "--detect.blackduck.signature.scanner.exclusion.patterns=/vendor/ " + \ |
| 120 | "--detect.policy.check.fail.on.severities=ALL,BLOCKER,CRITICAL,MAJOR,MINOR,TRIVIAL " + \ |
| 121 | "--detect.report.timeout=900 " + \ |
| 122 | "--detect.tools=ALL " + \ |
| 123 | "--detect.cleanup=false") |
| 124 | } |
Zack Williams | c1d6a5e | 2019-05-06 16:35:58 -0700 | [diff] [blame] | 125 | } |
| 126 | } |
| 127 | } |
| 128 | } |
| 129 | |
| 130 | stage ("Save logs") { |
| 131 | steps { |
| 132 | sh returnStdout: true, script: """ |
| 133 | echo COPYING LOGS |
| 134 | mkdir -p bd_logs |
| 135 | cp -r /home/jenkins/blackduck/runs/* bd_logs |
| 136 | ls -l bd_logs/*/* |
| 137 | """ |
| 138 | archiveArtifacts artifacts:'bd_logs/**/*.*' |
| 139 | } |
| 140 | } |
| 141 | } |
| 142 | } |