From 67202dc5d337fa944a4d1eec057da02aac26aeee Mon Sep 17 00:00:00 2001 From: Bill Mahoney Date: Wed, 31 Mar 2021 18:11:41 -0700 Subject: [PATCH] ci: update build for scanning Signed-off-by: Bill Mahoney --- Jenkinsfile | 172 +++++++++++++++++++++++++++++++++++ scripts/jenkins-build.cmd | 4 +- scripts/jenkins-build.sh | 6 +- scripts/jenkins-pre-build.sh | 9 +- 4 files changed, 182 insertions(+), 9 deletions(-) create mode 100644 Jenkinsfile diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..af5fae5 --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,172 @@ +pipeline { + agent none + triggers {cron '@daily'} + options { + buildDiscarder(logRotator(numToKeepStr: '5', daysToKeepStr: '30')) + timestamps() + timeout(unit: 'HOURS', time: 2) + } + + stages { + stage ('Parallel') { + parallel { + stage ('Linux') { + agent { label 'docker-amt' } + stages { + stage ('Cloning Repository') { + steps { + script { + scmCheckout { + clean = true + } + } + } + } + } + } + stage ('Windows') { + agent { label 'openamt-win' } + stages { + stage ('Cloning Repository') { + steps { + script { + scmCheckout { + clean = true + } + } + } + } + } + } + } + } + stage ('Static Code Scan - Protex') { + agent { label 'docker-amt' } + steps { + script { + staticCodeScan { + // generic + scanners = ['protex'] + scannerType = ['c','c++'] + + protexProjectName = 'OpenAMT - RPC' + // internal, do not change + protexBuildName = 'rrs-generic-protex-build' + } + } + } + } + + stage ('Parallel Builds') { + parallel { + stage ('Linux') { + agent { label 'docker-amt' } + stages { + stage('Build') { + agent { + docker { + image 'ubuntu:18.04' + reuseNode true + } + } + steps { + sh './scripts/jenkins-pre-build.sh' + sh './scripts/jenkins-build.sh' + } + } + stage ('Archive') { + steps { + archiveArtifacts allowEmptyArchive: true, artifacts: 'build/rpc', caseSensitive: false, onlyIfSuccessful: true + } + } + + } + } + stage ('Windows') { + agent { label 'openamt-win' } + stages{ + stage ('Build') { + steps { + bat 'scripts\\jenkins-pre-build.cmd' + bat 'scripts\\jenkins-build.cmd' + // prepare stash for the binary scan + stash includes: "**/*.exe", name: 'rpc-app' + } + } + stage ('Archive') { + steps { + archiveArtifacts allowEmptyArchive: true, artifacts: 'build\\Release\\rpc.exe', caseSensitive: false, onlyIfSuccessful: true + } + } + } + } + } + } + stage ('Parallel Scans') { + parallel { + stage ('Static Code Scan Linux') { + agent { label 'docker-amt' } + steps { + script { + staticCodeScan { + // generic + scanners = ['bdba','klocwork'] + scannerType = 'c++' + + protecodeGroup = '25' + protecodeScanName = 'rpc-zip' + protecodeDirectory = './build/rpc' + + klockworkPreBuildScript = './scripts/jenkins-pre-build.sh' + klockworkBuildCommand = './scripts/jenkins-build.sh' + klockworkProjectName = 'Panther Point Creek' + klockworkIgnoreCompileErrors = true + } + } + } + } + stage ('Static Code Scan Windows') { + stages { + stage ('Static Code Scan Windows - Klockwork') { + agent { label 'openamt-win' } + steps { + script { + staticCodeScan { + // generic + scanners = ['klocwork'] + scannerType = 'c++' + + klockworkPreBuildScript = 'scripts\\jenkins-pre-build.cmd' + klockworkBuildCommand = 'scripts\\jenkins-build.cmd' + klockworkProjectName = 'Panther Point Creek' + klockworkIgnoreCompileErrors = true + } + } + } + } + stage ('Static Code Scan Windows - BDBA') { + agent { label 'docker-amt' } + steps { + script { + sh "mkdir -p bdbaScanDir" + dir("bdbaScanDir") { + unstash 'rpc-app' + } + staticCodeScan { + // generic + scanners = ['bdba'] + scannerType = 'c++' + + protecodeGroup = '25' + protecodeScanName = 'rpc-zip' + protecodeDirectory = 'bdbaScanDir' + } + } + } + } + } + } + } + } + } +} \ No newline at end of file diff --git a/scripts/jenkins-build.cmd b/scripts/jenkins-build.cmd index 7d08ef0..a2c299c 100755 --- a/scripts/jenkins-build.cmd +++ b/scripts/jenkins-build.cmd @@ -14,7 +14,7 @@ set BASE_DIR=%cd% set VCPKG_DIR=C:\opt\vcpkg-source REM build RPC -cd %BASE_DIR%/rpc + if exist "build" rd /q /s "build" @@ -23,4 +23,4 @@ cd build echo %VCPKG_DIR%\vcpkg\scripts\buildsystems\vcpkg.cmake cmake -DVCPKG_TARGET_TRIPLET=x64-windows-static -DCMAKE_TOOLCHAIN_FILE=%VCPKG_DIR%\vcpkg\scripts\buildsystems\vcpkg.cmake .. cmake --build . --config Release -dir %BASE_DIR%\rpc\build +dir %BASE_DIR%\build \ No newline at end of file diff --git a/scripts/jenkins-build.sh b/scripts/jenkins-build.sh index 197289d..fdd3181 100755 --- a/scripts/jenkins-build.sh +++ b/scripts/jenkins-build.sh @@ -5,9 +5,9 @@ set -x # Jenkins Build script # - Ubuntu 18.04 # - +export BASE_DIR="$PWD" export CMAKE_CXX_FLAGS="-isystem /usr/lib/gcc/x86_64-linux-gnu/7/include" -cd "$BASE_DIR"/rpc + if [ -d "build" ]; then rm -rf build @@ -15,5 +15,5 @@ fi mkdir build cd build -cmake -DCMAKE_TOOLCHAIN_FILE="$BASE_DIR"/rpc/vcpkg/scripts/buildsystems/vcpkg.cmake -DCMAKE_BUILD_TYPE=Release .. +cmake -DCMAKE_TOOLCHAIN_FILE="$BASE_DIR"/vcpkg/scripts/buildsystems/vcpkg.cmake -DCMAKE_BUILD_TYPE=Release .. cmake --build . diff --git a/scripts/jenkins-pre-build.sh b/scripts/jenkins-pre-build.sh index 807b2ce..3fb1543 100755 --- a/scripts/jenkins-pre-build.sh +++ b/scripts/jenkins-pre-build.sh @@ -4,14 +4,15 @@ # - Ubuntu 18.04 # -sudo apt install git cmake build-essential curl zip unzip tar pkg-config +apt update +apt install git cmake build-essential curl zip unzip tar pkg-config -y ## current dir - RPC source directory -export BASE_DIR="$PWD" +#export BASE_DIR="$PWD" -cd "$BASE_DIR"/rpc +#cd "$BASE_DIR"/rpc ## build vcpkg -git clone --branch 2020.11-1 https://github.com/microsoft/vcpkg.git +git -C vcpkg pull || git clone --branch 2020.11-1 https://github.com/microsoft/vcpkg.git vcpkg cd vcpkg ./bootstrap-vcpkg.sh