saret/rpc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'master' into changelog_automation

Browse Source
This commit is contained in:
Matt Primrose
2021-07-06 16:20:35 -07:00
committed by GitHub
parent bea1eb22ef dea97dec64
commit d94302543b
2 changed files with 94 additions and 106 deletions
Download Patch File Download Diff File Expand all files Collapse all files

195
Jenkinsfile vendored
View File

@@ -1,61 +1,33 @@
pipeline { pipeline {
agent none agent {
label 'docker-amt'
}
options { options {
buildDiscarder(logRotator(numToKeepStr: '5', daysToKeepStr: '30')) buildDiscarder(logRotator(numToKeepStr: '5', daysToKeepStr: '30'))
timestamps() timestamps()
timeout(unit: 'HOURS', time: 2) timeout(unit: 'HOURS', time: 2)
} }
stages { stages {
stage ('Parallel') { stage ('Cloning Repository') {
parallel {
stage ('Linux') {
agent { label 'docker-amt' }
stages {
stage ('Cloning Repository') {
steps {
script {
scmCheckout {
clean = true
}
}
}
}
}
}
stage ('Windows') {
agent { label 'openamt-win' }
stages {
stage ('Cloning Repository') {
steps {
script {
scmCheckout {
clean = true
}
}
}
}
}
}
}
}
stage ('Static Code Scan - Protex') {
agent { label 'docker-amt' }
steps { steps {
script { script {
staticCodeScan { scmCheckout {
// generic clean = true
scanners = ['protex']
scannerType = ['c','c++']
protexProjectName = 'OpenAMT - RPC'
// internal, do not change
protexBuildName = 'rrs-generic-protex-build'
} }
} }
} }
} }
stage('Static Code Scan - Protex') {
environment{
PROJECT_NAME = 'OpenAMT - RPC'
SCANNERS = 'protex'
}
steps {
rbheStaticCodeScan()
}
}
stage ('Parallel Builds') { stage ('Parallel Builds') {
parallel { parallel {
stage ('Linux') { stage ('Linux') {
@@ -71,6 +43,7 @@ pipeline {
steps { steps {
sh './scripts/jenkins-pre-build.sh' sh './scripts/jenkins-pre-build.sh'
sh './scripts/jenkins-build.sh' sh './scripts/jenkins-build.sh'
stash includes: 'build/rpc', name: 'linux-rpc-app'
} }
} }
stage ('Archive') { stage ('Archive') {
@@ -78,7 +51,6 @@ pipeline {
archiveArtifacts allowEmptyArchive: true, artifacts: 'build/rpc', caseSensitive: false, onlyIfSuccessful: true archiveArtifacts allowEmptyArchive: true, artifacts: 'build/rpc', caseSensitive: false, onlyIfSuccessful: true
} }
} }
} }
} }
stage ('Windows') { stage ('Windows') {
@@ -89,7 +61,7 @@ pipeline {
bat 'scripts\\jenkins-pre-build.cmd' bat 'scripts\\jenkins-pre-build.cmd'
bat 'scripts\\jenkins-build.cmd' bat 'scripts\\jenkins-build.cmd'
// prepare stash for the binary scan // prepare stash for the binary scan
stash includes: "**/*.exe", name: 'rpc-app' stash includes: '**/*.exe', name: 'win-rpc-app'
} }
} }
stage ('Archive') { stage ('Archive') {
@@ -101,71 +73,82 @@ pipeline {
} }
} }
} }
stage ('Parallel Scans') {
parallel {
stage ('Static Code Scan Linux') {
agent { label 'docker-amt' }
steps {
script {
staticCodeScan {
// generic
scanners = ['bdba','klocwork']
scannerType = 'c++'
protecodeGroup = '25' stage('Prep Binary') {
protecodeScanName = 'rpc-zip' steps {
protecodeDirectory = './build/rpc' sh 'mkdir -p ./bin'
dir('./bin') {
klockworkPreBuildScript = './scripts/jenkins-pre-build.sh' unstash 'linux-rpc-app'
klockworkBuildCommand = './scripts/jenkins-build.sh' unstash 'win-rpc-app'
klockworkProjectName = 'Panther Point Creek'
klockworkIgnoreCompileErrors = true
}
}
}
} }
stage ('Static Code Scan Windows') { }
stages { }
stage ('Static Code Scan Windows - Klockwork') { stage('Linux Scans') {
agent { label 'openamt-win' } environment{
steps { PROJECT_NAME = 'OpenAMT - RPC - Linux'
script { SCANNERS = 'bdba,klocwork'
staticCodeScan {
// generic // protecode details
scanners = ['klocwork'] PROTECODE_BIN_DIR = './bin'
scannerType = 'c++' PROTECODE_INCLUDE_SUB_DIRS = true
klockworkPreBuildScript = 'scripts\\jenkins-pre-build.cmd' // klocwork details
klockworkBuildCommand = 'scripts\\jenkins-build.cmd' KLOCWORK_SCAN_TYPE = 'c++'
klockworkProjectName = 'Panther Point Creek' KLOCWORK_PRE_BUILD_SCRIPT = './scripts/jenkins-pre-build.sh'
klockworkIgnoreCompileErrors = true KLOCWORK_BUILD_COMMAND = './scripts/jenkins-build.sh'
} KLOCWORK_IGNORE_COMPILE_ERRORS = true
}
} // publishArtifacts details
} PUBLISH_TO_ARTIFACTORY = true
stage ('Static Code Scan Windows - BDBA') { }
agent { label 'docker-amt' } steps {
steps { rbheStaticCodeScan()
script { dir('artifacts/Klockwork'){
sh "mkdir -p bdbaScanDir" sh 'cp kw_report.html kw_report_linux.html'
dir("bdbaScanDir") { sh 'cp kw_report.csv kw_report_linux.csv'
unstash 'rpc-app' archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_linux.html'
} archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_linux.csv'
staticCodeScan { }
// generic
scanners = ['bdba'] }
scannerType = 'c++' }
stage('Windows Scans'){
protecodeGroup = '25' agent { label 'openamt-win' }
protecodeScanName = 'rpc-zip' stages{
protecodeDirectory = 'bdbaScanDir' stage ('Windows Scans - klocwork') {
} environment {
} PROJECT_NAME = 'OpenAMT - RPC - Windows'
} SCANNERS = 'klocwork'
// klocwork details
KLOCWORK_SCAN_TYPE = 'c++'
KLOCWORK_PRE_BUILD_SCRIPT = 'scripts\\jenkins-pre-build.cmd'
KLOCWORK_BUILD_COMMAND = 'scripts\\jenkins-build.cmd'
KLOCWORK_IGNORE_COMPILE_ERRORS = true
// publishArtifacts details
PUBLISH_TO_ARTIFACTORY = true
}
steps {
rbheStaticCodeScan()
dir('artifacts\\Klockwork'){
bat 'copy kw_report.html kw_report_windows.html'
bat 'copy kw_report.csv kw_report_windows.csv'
stash includes: 'kw_report_windows.*', name: 'win-kwreports'
archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_windows.html'
archiveArtifacts allowEmptyArchive: true, artifacts: 'kw_report_windows.csv'
} }
} }
} }
} }
} }
stage('Publish Artifacts'){
steps{
dir('artifacts/Klockwork'){
unstash 'win-kwreports'
}
publishArtifacts()
}
}
} }
} }

5
SECURITY.md Normal file
View File

@@ -0,0 +1,5 @@
# Security Policy
Intel is committed to rapidly addressing security vulnerabilities affecting our customers and providing clear guidance on the solution, impact, severity and mitigation.
## Reporting a Vulnerability
Please report any security vulnerabilities in this project utilizing the guidelines [here](https://www.intel.com/content/www/us/en/security-center/vulnerability-handling-guidelines.html).