From 33abb9d2d2a457ba269857b6ced2776eb7bc1ff4 Mon Sep 17 00:00:00 2001 From: Bill Mahoney Date: Wed, 30 Jun 2021 11:18:27 -0700 Subject: [PATCH] ci: update scanning Signed-off-by: Bill Mahoney --- Jenkinsfile | 195 ++++++++++++++++++++++++---------------------------- 1 file changed, 89 insertions(+), 106 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index d424a21..cdfcec2 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,61 +1,33 @@ pipeline { - agent none + agent { + label 'docker-amt' + } options { buildDiscarder(logRotator(numToKeepStr: '5', daysToKeepStr: '30')) timestamps() timeout(unit: 'HOURS', time: 2) } + stages { - stage ('Parallel') { - parallel { - stage ('Linux') { - agent { label 'docker-amt' } - stages { - stage ('Cloning Repository') { - steps { - script { - scmCheckout { - clean = true - } - } - } - } - } - } - stage ('Windows') { - agent { label 'openamt-win' } - stages { - stage ('Cloning Repository') { - steps { - script { - scmCheckout { - clean = true - } - } - } - } - } - } - } - } - stage ('Static Code Scan - Protex') { - agent { label 'docker-amt' } + stage ('Cloning Repository') { steps { script { - staticCodeScan { - // generic - scanners = ['protex'] - scannerType = ['c','c++'] - - protexProjectName = 'OpenAMT - RPC' - // internal, do not change - protexBuildName = 'rrs-generic-protex-build' + scmCheckout { + clean = true } } } } - + stage('Static Code Scan - Protex') { + environment{ + PROJECT_NAME = 'OpenAMT - RPC' + SCANNERS = 'protex' + } + steps { + rbheStaticCodeScan() + } + } stage ('Parallel Builds') { parallel { stage ('Linux') { @@ -71,6 +43,7 @@ pipeline { steps { sh './scripts/jenkins-pre-build.sh' sh './scripts/jenkins-build.sh' + stash includes: 'build/rpc', name: 'linux-rpc-app' } } stage ('Archive') { @@ -78,7 +51,6 @@ pipeline { archiveArtifacts allowEmptyArchive: true, artifacts: 'build/rpc', caseSensitive: false, onlyIfSuccessful: true } } - } } stage ('Windows') { @@ -89,7 +61,7 @@ pipeline { bat 'scripts\\jenkins-pre-build.cmd' bat 'scripts\\jenkins-build.cmd' // prepare stash for the binary scan - stash includes: "**/*.exe", name: 'rpc-app' + stash includes: '**/*.exe', name: 'win-rpc-app' } } stage ('Archive') { @@ -101,71 +73,82 @@ pipeline { } } } - stage ('Parallel Scans') { - parallel { - stage ('Static Code Scan Linux') { - agent { label 'docker-amt' } - steps { - script { - staticCodeScan { - // generic - scanners = ['bdba','klocwork'] - scannerType = 'c++' - protecodeGroup = '25' - protecodeScanName = 'rpc-zip' - protecodeDirectory = './build/rpc' - - klockworkPreBuildScript = './scripts/jenkins-pre-build.sh' - klockworkBuildCommand = './scripts/jenkins-build.sh' - klockworkProjectName = 'Panther Point Creek' - klockworkIgnoreCompileErrors = true - } - } - } + stage('Prep Binary') { + steps { + sh 'mkdir -p ./bin' + dir('./bin') { + unstash 'linux-rpc-app' + unstash 'win-rpc-app' } - stage ('Static Code Scan Windows') { - stages { - stage ('Static Code Scan Windows - Klockwork') { - agent { label 'openamt-win' } - steps { - script { - staticCodeScan { - // generic - scanners = ['klocwork'] - scannerType = 'c++' - - klockworkPreBuildScript = 'scripts\\jenkins-pre-build.cmd' - klockworkBuildCommand = 'scripts\\jenkins-build.cmd' - klockworkProjectName = 'Panther Point Creek' - klockworkIgnoreCompileErrors = true - } - } - } - } - stage ('Static Code Scan Windows - BDBA') { - agent { label 'docker-amt' } - steps { - script { - sh "mkdir -p bdbaScanDir" - dir("bdbaScanDir") { - unstash 'rpc-app' - } - staticCodeScan { - // generic - scanners = ['bdba'] - scannerType = 'c++' - - protecodeGroup = '25' - protecodeScanName = 'rpc-zip' - protecodeDirectory = 'bdbaScanDir' - } - } - } + } + } + stage('Linux Scans') { + environment{ + PROJECT_NAME = 'OpenAMT - RPC - Linux' + SCANNERS = 'bdba,klocwork' + + // protecode details + PROTECODE_BIN_DIR = './bin' + PROTECODE_INCLUDE_SUB_DIRS = true + + // klocwork details + KLOCWORK_SCAN_TYPE = 'c++' + KLOCWORK_PRE_BUILD_SCRIPT = './scripts/jenkins-pre-build.sh' + KLOCWORK_BUILD_COMMAND = './scripts/jenkins-build.sh' + KLOCWORK_IGNORE_COMPILE_ERRORS = true + + // publishArtifacts details + PUBLISH_TO_ARTIFACTORY = true + } + steps { + rbheStaticCodeScan() + dir('artifacts/Klockwork'){ + sh 'cp kw_report.html kw_report_linux.html' + sh 'cp kw_report.csv kw_report_linux.csv' + archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_linux.html' + archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_linux.csv' + } + + } + } + stage('Windows Scans'){ + agent { label 'openamt-win' } + stages{ + stage ('Windows Scans - klocwork') { + environment { + PROJECT_NAME = 'OpenAMT - RPC - Windows' + SCANNERS = 'klocwork' + + // klocwork details + KLOCWORK_SCAN_TYPE = 'c++' + KLOCWORK_PRE_BUILD_SCRIPT = 'scripts\\jenkins-pre-build.cmd' + KLOCWORK_BUILD_COMMAND = 'scripts\\jenkins-build.cmd' + KLOCWORK_IGNORE_COMPILE_ERRORS = true + + // publishArtifacts details + PUBLISH_TO_ARTIFACTORY = true + } + steps { + rbheStaticCodeScan() + dir('artifacts\\Klockwork'){ + bat 'copy kw_report.html kw_report_windows.html' + bat 'copy kw_report.csv kw_report_windows.csv' + stash includes: 'kw_report_windows.*', name: 'win-kwreports' + archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_windows.html' + archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_windows.csv' } } } } } + stage('Publish Artifacts'){ + steps{ + dir('artifacts/Klockwork'){ + unstash 'win-kwreports' + } + publishArtifacts() + } + } } -} +} \ No newline at end of file