saret/rpc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

ci: update scanning

Browse Source 
Signed-off-by: Bill Mahoney <bill.mahoney@intel.com>
This commit is contained in:
Bill Mahoney
2021-06-30 11:18:27 -07:00
parent 17efe70b4e
commit 33abb9d2d2
1 changed files with 89 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

161
Jenkinsfile vendored
View File

@@ -1,16 +1,14 @@
pipeline { pipeline {
agent none agent {
label 'docker-amt'
}
options { options {
buildDiscarder(logRotator(numToKeepStr: '5', daysToKeepStr: '30')) buildDiscarder(logRotator(numToKeepStr: '5', daysToKeepStr: '30'))
timestamps() timestamps()
timeout(unit: 'HOURS', time: 2) timeout(unit: 'HOURS', time: 2)
} }
stages {
stage ('Parallel') {
parallel {
stage ('Linux') {
agent { label 'docker-amt' }
stages { stages {
stage ('Cloning Repository') { stage ('Cloning Repository') {
steps { steps {
@@ -21,41 +19,15 @@ pipeline {
} }
} }
} }
stage('Static Code Scan - Protex') {
environment{
PROJECT_NAME = 'OpenAMT - RPC'
SCANNERS = 'protex'
} }
}
stage ('Windows') {
agent { label 'openamt-win' }
stages {
stage ('Cloning Repository') {
steps { steps {
script { rbheStaticCodeScan()
scmCheckout {
clean = true
} }
} }
}
}
}
}
}
}
stage ('Static Code Scan - Protex') {
agent { label 'docker-amt' }
steps {
script {
staticCodeScan {
// generic
scanners = ['protex']
scannerType = ['c','c++']
protexProjectName = 'OpenAMT - RPC'
// internal, do not change
protexBuildName = 'rrs-generic-protex-build'
}
}
}
}
stage ('Parallel Builds') { stage ('Parallel Builds') {
parallel { parallel {
stage ('Linux') { stage ('Linux') {
@@ -71,6 +43,7 @@ pipeline {
steps { steps {
sh './scripts/jenkins-pre-build.sh' sh './scripts/jenkins-pre-build.sh'
sh './scripts/jenkins-build.sh' sh './scripts/jenkins-build.sh'
stash includes: 'build/rpc', name: 'linux-rpc-app'
} }
} }
stage ('Archive') { stage ('Archive') {
@@ -78,7 +51,6 @@ pipeline {
archiveArtifacts allowEmptyArchive: true, artifacts: 'build/rpc', caseSensitive: false, onlyIfSuccessful: true archiveArtifacts allowEmptyArchive: true, artifacts: 'build/rpc', caseSensitive: false, onlyIfSuccessful: true
} }
} }
} }
} }
stage ('Windows') { stage ('Windows') {
@@ -89,7 +61,7 @@ pipeline {
bat 'scripts\\jenkins-pre-build.cmd' bat 'scripts\\jenkins-pre-build.cmd'
bat 'scripts\\jenkins-build.cmd' bat 'scripts\\jenkins-build.cmd'
// prepare stash for the binary scan // prepare stash for the binary scan
stash includes: "**/*.exe", name: 'rpc-app' stash includes: '**/*.exe', name: 'win-rpc-app'
} }
} }
stage ('Archive') { stage ('Archive') {
@@ -101,70 +73,81 @@ pipeline {
} }
} }
} }
stage ('Parallel Scans') {
parallel { stage('Prep Binary') {
stage ('Static Code Scan Linux') {
agent { label 'docker-amt' }
steps { steps {
script { sh 'mkdir -p ./bin'
staticCodeScan { dir('./bin') {
// generic unstash 'linux-rpc-app'
scanners = ['bdba','klocwork'] unstash 'win-rpc-app'
scannerType = 'c++' }
}
}
stage('Linux Scans') {
environment{
PROJECT_NAME = 'OpenAMT - RPC - Linux'
SCANNERS = 'bdba,klocwork'
protecodeGroup = '25' // protecode details
protecodeScanName = 'rpc-zip' PROTECODE_BIN_DIR = './bin'
protecodeDirectory = './build/rpc' PROTECODE_INCLUDE_SUB_DIRS = true
// klocwork details
KLOCWORK_SCAN_TYPE = 'c++'
KLOCWORK_PRE_BUILD_SCRIPT = './scripts/jenkins-pre-build.sh'
KLOCWORK_BUILD_COMMAND = './scripts/jenkins-build.sh'
KLOCWORK_IGNORE_COMPILE_ERRORS = true
// publishArtifacts details
PUBLISH_TO_ARTIFACTORY = true
}
steps {
rbheStaticCodeScan()
dir('artifacts/Klockwork'){
sh 'cp kw_report.html kw_report_linux.html'
sh 'cp kw_report.csv kw_report_linux.csv'
archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_linux.html'
archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_linux.csv'
}
klockworkPreBuildScript = './scripts/jenkins-pre-build.sh'
klockworkBuildCommand = './scripts/jenkins-build.sh'
klockworkProjectName = 'Panther Point Creek'
klockworkIgnoreCompileErrors = true
} }
} }
} stage('Windows Scans'){
}
stage ('Static Code Scan Windows') {
stages {
stage ('Static Code Scan Windows - Klockwork') {
agent { label 'openamt-win' } agent { label 'openamt-win' }
steps { stages{
script { stage ('Windows Scans - klocwork') {
staticCodeScan { environment {
// generic PROJECT_NAME = 'OpenAMT - RPC - Windows'
scanners = ['klocwork'] SCANNERS = 'klocwork'
scannerType = 'c++'
klockworkPreBuildScript = 'scripts\\jenkins-pre-build.cmd' // klocwork details
klockworkBuildCommand = 'scripts\\jenkins-build.cmd' KLOCWORK_SCAN_TYPE = 'c++'
klockworkProjectName = 'Panther Point Creek' KLOCWORK_PRE_BUILD_SCRIPT = 'scripts\\jenkins-pre-build.cmd'
klockworkIgnoreCompileErrors = true KLOCWORK_BUILD_COMMAND = 'scripts\\jenkins-build.cmd'
} KLOCWORK_IGNORE_COMPILE_ERRORS = true
}
}
}
stage ('Static Code Scan Windows - BDBA') {
agent { label 'docker-amt' }
steps {
script {
sh "mkdir -p bdbaScanDir"
dir("bdbaScanDir") {
unstash 'rpc-app'
}
staticCodeScan {
// generic
scanners = ['bdba']
scannerType = 'c++'
protecodeGroup = '25' // publishArtifacts details
protecodeScanName = 'rpc-zip' PUBLISH_TO_ARTIFACTORY = true
protecodeDirectory = 'bdbaScanDir' }
steps {
rbheStaticCodeScan()
dir('artifacts\\Klockwork'){
bat 'copy kw_report.html kw_report_windows.html'
bat 'copy kw_report.csv kw_report_windows.csv'
stash includes: 'kw_report_windows.*', name: 'win-kwreports'
archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_windows.html'
archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_windows.csv'
} }
} }
} }
} }
} }
stage('Publish Artifacts'){
steps{
dir('artifacts/Klockwork'){
unstash 'win-kwreports'
} }
publishArtifacts()
} }
} }
} }