ci: update scanning

Signed-off-by: Bill Mahoney <bill.mahoney@intel.com>
2021-06-30 11:18:27 -07:00
parent 17efe70b4e
commit 33abb9d2d2
1 changed files with 89 additions and 106 deletions
--- a/195
+++ b/195
@@ -1,61 +1,33 @@
 pipeline {
-    agent none
+    agent {
        label 'docker-amt'
    }
    options {
        buildDiscarder(logRotator(numToKeepStr: '5', daysToKeepStr: '30'))
        timestamps()
        timeout(unit: 'HOURS', time: 2)
    }
    stages {
-        stage ('Parallel') {
+        stage ('Cloning Repository') {
            parallel {
                stage ('Linux') {
                    agent { label 'docker-amt' }
                    stages {
                        stage ('Cloning Repository') {
                            steps {
                                script {
                                    scmCheckout {
                                        clean = true
                                    }
                                }
                            }
                        }
                    }
                }
                stage ('Windows') {
                    agent { label 'openamt-win' }
                    stages {
                        stage ('Cloning Repository') {
                            steps {
                                script {
                                    scmCheckout {
                                        clean = true
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
        stage ('Static Code Scan - Protex') {
            agent { label 'docker-amt' }
            steps {
                script {
-                    staticCodeScan {
+                    scmCheckout {
-                        // generic
+                        clean = true
                        scanners             = ['protex']
                        scannerType          = ['c','c++']
                        protexProjectName    = 'OpenAMT - RPC'
                        // internal, do not change
                        protexBuildName      = 'rrs-generic-protex-build'
                    }
                }
            }
        }
-
+        stage('Static Code Scan - Protex') {
            environment{
                PROJECT_NAME               = 'OpenAMT - RPC'
                SCANNERS                   = 'protex'
            }
            steps {
                rbheStaticCodeScan()
            }
        }
        stage ('Parallel Builds') {
            parallel {
                stage ('Linux') {
@@ -71,6 +43,7 @@ pipeline {
                            steps {
                                sh './scripts/jenkins-pre-build.sh'
                                sh './scripts/jenkins-build.sh'
                                stash includes: 'build/rpc', name: 'linux-rpc-app'
                            }
                        }
                        stage ('Archive') {
@@ -78,7 +51,6 @@ pipeline {
                                archiveArtifacts allowEmptyArchive: true, artifacts: 'build/rpc', caseSensitive: false, onlyIfSuccessful: true
                            }
                        }
                    }
                }
                stage ('Windows') {
@@ -89,7 +61,7 @@ pipeline {
                                bat 'scripts\\jenkins-pre-build.cmd'
                                bat 'scripts\\jenkins-build.cmd'
                                // prepare stash for the binary scan
-                                stash includes: "**/*.exe", name: 'rpc-app'
+                                stash includes: '**/*.exe', name: 'win-rpc-app'
                            }
                        }
                        stage ('Archive') {
@@ -101,71 +73,82 @@ pipeline {
                }
            }
        }
        stage ('Parallel Scans') {
            parallel {
                stage ('Static Code Scan Linux') {
                    agent { label 'docker-amt' }
                    steps {
                        script {
                            staticCodeScan {
                                // generic
                                scanners             = ['bdba','klocwork']
                                scannerType          = 'c++'
-                                protecodeGroup          = '25'
+        stage('Prep Binary') {
-                                protecodeScanName       = 'rpc-zip'
+            steps {
-                                protecodeDirectory      = './build/rpc'
+                sh 'mkdir -p ./bin'
-                                
+                dir('./bin') {
-                                klockworkPreBuildScript = './scripts/jenkins-pre-build.sh'
+                    unstash 'linux-rpc-app'
-                                klockworkBuildCommand = './scripts/jenkins-build.sh'
+                    unstash 'win-rpc-app'
                                klockworkProjectName  = 'Panther Point Creek'
                                klockworkIgnoreCompileErrors = true
                            }
                        }
                    }
                }
-                stage ('Static Code Scan Windows') {
+            }
-                    stages {
+        }
-                        stage ('Static Code Scan Windows - Klockwork') {
+        stage('Linux Scans') {
-                            agent { label 'openamt-win' }
+            environment{
-                            steps {
+                PROJECT_NAME               = 'OpenAMT - RPC - Linux'
-                                script {
+                SCANNERS                   = 'bdba,klocwork'
-                                    staticCodeScan {
+
-                                        // generic
+                // protecode details
-                                        scanners             = ['klocwork']
+                PROTECODE_BIN_DIR          = './bin'
-                                        scannerType          = 'c++'
+                PROTECODE_INCLUDE_SUB_DIRS = true
-                                        
+                
-                                        klockworkPreBuildScript = 'scripts\\jenkins-pre-build.cmd'
+                // klocwork details
-                                        klockworkBuildCommand = 'scripts\\jenkins-build.cmd'
+                KLOCWORK_SCAN_TYPE             = 'c++'
-                                        klockworkProjectName  = 'Panther Point Creek'
+                KLOCWORK_PRE_BUILD_SCRIPT      = './scripts/jenkins-pre-build.sh'
-                                        klockworkIgnoreCompileErrors = true
+                KLOCWORK_BUILD_COMMAND         = './scripts/jenkins-build.sh'
-                                    }
+                KLOCWORK_IGNORE_COMPILE_ERRORS = true
-                                }
+
-                            }
+                // publishArtifacts details
-                        }
+                PUBLISH_TO_ARTIFACTORY         = true
-                        stage ('Static Code Scan Windows - BDBA') {
+            }
-                            agent { label 'docker-amt' }
+            steps {
-                            steps {
+                rbheStaticCodeScan()
-                                script {
+                dir('artifacts/Klockwork'){
-                                    sh "mkdir -p bdbaScanDir"
+                    sh 'cp kw_report.html kw_report_linux.html'
-                                    dir("bdbaScanDir") {
+                    sh 'cp kw_report.csv kw_report_linux.csv'
-                                        unstash 'rpc-app'
+                    archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_linux.html'
-                                    }
+                    archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_linux.csv'
-                                    staticCodeScan {
+                }
-                                        // generic
+                
-                                        scanners             = ['bdba']
+            }
-                                        scannerType          = 'c++'
+        }
-                                        
+        stage('Windows Scans'){
-                                        protecodeGroup          = '25'
+            agent { label 'openamt-win' }
-                                        protecodeScanName       = 'rpc-zip'
+            stages{
-                                        protecodeDirectory      = 'bdbaScanDir'
+                stage ('Windows Scans - klocwork') {
-                                    }
+                    environment {
-                                }
+                        PROJECT_NAME                   = 'OpenAMT - RPC - Windows'
-                            }
+                        SCANNERS                       = 'klocwork'
                        // klocwork details
                        KLOCWORK_SCAN_TYPE             = 'c++'
                        KLOCWORK_PRE_BUILD_SCRIPT      = 'scripts\\jenkins-pre-build.cmd'
                        KLOCWORK_BUILD_COMMAND         = 'scripts\\jenkins-build.cmd'
                        KLOCWORK_IGNORE_COMPILE_ERRORS = true
                        // publishArtifacts details
                        PUBLISH_TO_ARTIFACTORY         = true
                    }
                    steps {
                        rbheStaticCodeScan()
                        dir('artifacts\\Klockwork'){
                            bat 'copy kw_report.html kw_report_windows.html'
                            bat 'copy kw_report.csv kw_report_windows.csv'
                            stash includes: 'kw_report_windows.*', name: 'win-kwreports'
                            archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_windows.html'
                            archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_windows.csv'
                        }
                    }
                }
            }
        }
        stage('Publish Artifacts'){
            steps{
                dir('artifacts/Klockwork'){
                    unstash 'win-kwreports'
                }
                publishArtifacts()
            }
        }
    }
-}
+}