Skip to content

Commit 801a0ef

Browse files
rsundriyalrsundriyal
authored
Jenkins: Add gitguardian stage to test pipeline
Also changes the Jenkinsfile from scripted to declarative.
1 parent 03d0481 commit 801a0ef

File tree

1 file changed

+155
-127
lines changed

1 file changed

+155
-127
lines changed

Jenkinsfile

+155-127
Original file line numberDiff line numberDiff line change
@@ -56,159 +56,187 @@ properties(
5656
]
5757
)
5858

59-
node('default') {
60-
stage('Generate Tarball') {
61-
cleanWs()
59+
pipeline {
6260

63-
checkout scm
64-
65-
dir(path: 'clamav_documentation') {
66-
git(url: 'https://github.com/Cisco-Talos/clamav-documentation.git', branch: "gh-pages")
67-
}
68-
69-
dir(path: 'docs/html') {
70-
sh '''# Move the clamav-documentation here.
71-
cp -r ../../clamav_documentation/* .
72-
# Clean-up
73-
rm -rf ../../clamav_documentation
74-
rm -rf .git .nojekyll CNAME Placeholder || true
75-
'''
76-
}
61+
agent {
62+
label "default"
63+
}
7764

78-
dir(path: 'build') {
79-
sh """# CPack
80-
cmake .. -D VENDOR_DEPENDENCIES=ON \
81-
-D JSONC_INCLUDE_DIR="$HOME/.mussels/install/host-static/include/json-c" \
82-
-D JSONC_LIBRARY="$HOME/.mussels/install/host-static/lib/libjson-c.a" \
83-
-D ENABLE_JSON_SHARED=OFF \
84-
-D BZIP2_INCLUDE_DIR="$HOME/.mussels/install/host-static/include" \
85-
-D BZIP2_LIBRARY_RELEASE="$HOME/bzip2-1.0.8-install/lib/libbz2.a" \
86-
-D OPENSSL_ROOT_DIR="$HOME/.mussels/install/host-static" \
87-
-D OPENSSL_INCLUDE_DIR="$HOME/.mussels/install/host-static/include" \
88-
-D OPENSSL_CRYPTO_LIBRARY="$HOME/.mussels/install/host-static/lib/libcrypto.a" \
89-
-D OPENSSL_SSL_LIBRARY="$HOME/.mussels/install/host-static/lib/libssl.a" \
90-
-D LIBXML2_INCLUDE_DIR="$HOME/.mussels/install/host-static/include/libxml2" \
91-
-D LIBXML2_LIBRARY="$HOME/.mussels/install/host-static/lib/libxml2.a" \
92-
-D PCRE2_INCLUDE_DIR="$HOME/.mussels/install/host-static/include" \
93-
-D PCRE2_LIBRARY="$HOME/.mussels/install/host-static/lib/libpcre2-8.a" \
94-
-D CURSES_INCLUDE_DIR="$HOME/.mussels/install/host-static/include" \
95-
-D CURSES_LIBRARY="$HOME/.mussels/install/host-static/lib/libncurses.a;$HOME/.mussels/install/host-static/lib/libtinfo.a" \
96-
-D ZLIB_INCLUDE_DIR="$HOME/.mussels/install/host-static/include" \
97-
-D ZLIB_LIBRARY="$HOME/.mussels/install/host-static/lib/libz.a" \
98-
-D LIBCHECK_INCLUDE_DIR="$HOME/.mussels/install/host-static/include" \
99-
-D LIBCHECK_LIBRARY="$HOME/.mussels/install/host-static/lib/libcheck.a"
65+
stages {
10066

101-
cpack --config CPackSourceConfig.cmake """
102-
archiveArtifacts(artifacts: "clamav-${params.VERSION}*.tar.gz", onlyIfSuccessful: true)
67+
stage('GitGuardian Scan') {
68+
environment {
69+
GITGUARDIAN_API_KEY = credentials('gitguardian-token')
70+
GITGUARDIAN_API_URL = 'https://gitguardian.cisco.com/'
71+
}
72+
agent { label "docker" }
73+
steps {
74+
withDockerContainer(args: "-i --entrypoint=''", image: 'gitguardian/ggshield:latest') {
75+
sh 'ggshield secret scan ci'
76+
}
77+
}
10378
}
10479

105-
cleanWs()
106-
}
80+
stage('Generate Tarball') {
81+
steps {
82+
cleanWs()
10783

108-
def buildResult
84+
checkout scm
10985

110-
stage('Build') {
111-
buildResult = build(job: "${params.BUILD_PIPELINES_PATH}/${params.BUILD_PIPELINE}",
112-
propagate: true,
113-
wait: true,
114-
parameters: [
115-
[$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"],
116-
[$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"],
117-
[$class: 'StringParameterValue', name: 'FRAMEWORK_BRANCH', value: "${params.FRAMEWORK_BRANCH}"],
118-
[$class: 'StringParameterValue', name: 'VERSION', value: "${params.VERSION}"],
119-
[$class: 'StringParameterValue', name: 'SHARED_LIB_BRANCH', value: "${params.SHARED_LIB_BRANCH}"]
120-
]
121-
)
122-
echo "${params.BUILD_PIPELINES_PATH}/${params.BUILD_PIPELINE} #${buildResult.number} succeeded."
123-
}
86+
dir(path: 'clamav_documentation') {
87+
git(url: 'https://github.com/Cisco-Talos/clamav-documentation.git', branch: "gh-pages")
88+
}
12489

125-
stage('Test') {
126-
def tasks = [:]
90+
dir(path: 'docs/html') {
91+
sh """# Move the clamav-documentation here.
92+
cp -r ../../clamav_documentation/ .
93+
# Clean-up
94+
rm -rf ../../clamav_documentation
95+
rm -rf .git .nojekyll CNAME Placeholder || true
96+
"""
97+
}
12798

128-
tasks["package_regular_custom"] = {
129-
def exception = null
130-
try {
131-
stage("Package") {
132-
final regularResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.PACKAGE_PIPELINE}",
133-
propagate: true,
134-
wait: true,
135-
parameters: [
136-
[$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"],
137-
[$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"],
138-
[$class: 'StringParameterValue', name: 'BUILD_JOB_NAME', value: "${params.BUILD_PIPELINES_PATH}/${params.BUILD_PIPELINE}"],
139-
[$class: 'StringParameterValue', name: 'BUILD_JOB_NUMBER', value: "${buildResult.number}"],
140-
[$class: 'StringParameterValue', name: 'TESTS_BRANCH', value: "${params.TESTS_BRANCH}"],
141-
[$class: 'StringParameterValue', name: 'FRAMEWORK_BRANCH', value: "${params.FRAMEWORK_BRANCH}"],
142-
[$class: 'StringParameterValue', name: 'VERSION', value: "${params.VERSION}"],
143-
[$class: 'StringParameterValue', name: 'SHARED_LIB_BRANCH', value: "${params.SHARED_LIB_BRANCH}"]
144-
]
145-
)
146-
echo "${params.TEST_PIPELINES_PATH}/${params.PACKAGE_PIPELINE} #${regularResult.number} succeeded."
99+
dir(path: 'build') {
100+
sh """# CPack
101+
cmake .. -D VENDOR_DEPENDENCIES=ON \
102+
-D JSONC_INCLUDE_DIR="$HOME/.mussels/install/host-static/include/json-c" \
103+
-D JSONC_LIBRARY="$HOME/.mussels/install/host-static/lib/libjson-c.a" \
104+
-D ENABLE_JSON_SHARED=OFF \
105+
-D BZIP2_INCLUDE_DIR="$HOME/.mussels/install/host-static/include" \
106+
-D BZIP2_LIBRARY_RELEASE="$HOME/bzip2-1.0.8-install/lib/libbz2.a" \
107+
-D OPENSSL_ROOT_DIR="$HOME/.mussels/install/host-static" \
108+
-D OPENSSL_INCLUDE_DIR="$HOME/.mussels/install/host-static/include" \
109+
-D OPENSSL_CRYPTO_LIBRARY="$HOME/.mussels/install/host-static/lib/libcrypto.a" \
110+
-D OPENSSL_SSL_LIBRARY="$HOME/.mussels/install/host-static/lib/libssl.a" \
111+
-D LIBXML2_INCLUDE_DIR="$HOME/.mussels/install/host-static/include/libxml2" \
112+
-D LIBXML2_LIBRARY="$HOME/.mussels/install/host-static/lib/libxml2.a" \
113+
-D PCRE2_INCLUDE_DIR="$HOME/.mussels/install/host-static/include" \
114+
-D PCRE2_LIBRARY="$HOME/.mussels/install/host-static/lib/libpcre2-8.a" \
115+
-D CURSES_INCLUDE_DIR="$HOME/.mussels/install/host-static/include" \
116+
-D CURSES_LIBRARY="$HOME/.mussels/install/host-static/lib/libncurses.a;$HOME/.mussels/install/host-static/lib/libtinfo.a" \
117+
-D ZLIB_INCLUDE_DIR="$HOME/.mussels/install/host-static/include" \
118+
-D ZLIB_LIBRARY="$HOME/.mussels/install/host-static/lib/libz.a" \
119+
-D LIBCHECK_INCLUDE_DIR="$HOME/.mussels/install/host-static/include" \
120+
-D LIBCHECK_LIBRARY="$HOME/.mussels/install/host-static/lib/libcheck.a"
121+
122+
cpack --config CPackSourceConfig.cmake
123+
"""
124+
archiveArtifacts(artifacts: "clamav-${params.VERSION}*.tar.gz", onlyIfSuccessful: true)
147125
}
148-
} catch (exc) {
149-
echo "${params.TEST_PIPELINES_PATH}/${params.PACKAGE_PIPELINE} failed."
150-
exception = exc
126+
cleanWs()
151127
}
128+
}
152129

153-
try {
154-
stage("Regular From-Source") {
155-
final regularResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.REGULAR_PIPELINE}",
130+
stage('Build') {
131+
steps {
132+
script{
133+
buildResult = build(job: "${params.BUILD_PIPELINES_PATH}/${params.BUILD_PIPELINE}",
156134
propagate: true,
157135
wait: true,
158136
parameters: [
159137
[$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"],
160138
[$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"],
161-
[$class: 'StringParameterValue', name: 'TESTS_BRANCH', value: "${params.TESTS_BRANCH}"],
162139
[$class: 'StringParameterValue', name: 'FRAMEWORK_BRANCH', value: "${params.FRAMEWORK_BRANCH}"],
163140
[$class: 'StringParameterValue', name: 'VERSION', value: "${params.VERSION}"],
164141
[$class: 'StringParameterValue', name: 'SHARED_LIB_BRANCH', value: "${params.SHARED_LIB_BRANCH}"]
165142
]
166143
)
167-
echo "${params.TEST_PIPELINES_PATH}/${params.REGULAR_PIPELINE} #${regularResult.number} succeeded."
144+
echo "${params.BUILD_PIPELINES_PATH}/${params.BUILD_PIPELINE} #${buildResult.number} succeeded."
168145
}
169-
} catch (exc) {
170-
echo "${params.TEST_PIPELINES_PATH}/${params.REGULAR_PIPELINE} failed."
171-
exception = exc
172-
}
173-
174-
stage("Custom From-Source") {
175-
final customResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.CUSTOM_PIPELINE}",
176-
propagate: true,
177-
wait: true,
178-
parameters: [
179-
[$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"],
180-
[$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"],
181-
[$class: 'StringParameterValue', name: 'TESTS_BRANCH', value: "${params.TESTS_CUSTOM_BRANCH}"],
182-
[$class: 'StringParameterValue', name: 'FRAMEWORK_BRANCH', value: "${params.FRAMEWORK_BRANCH}"],
183-
[$class: 'StringParameterValue', name: 'VERSION', value: "${params.VERSION}"],
184-
[$class: 'StringParameterValue', name: 'SHARED_LIB_BRANCH', value: "${params.SHARED_LIB_BRANCH}"]
185-
]
186-
)
187-
echo "${params.TEST_PIPELINES_PATH}/${params.CUSTOM_PIPELINE} #${customResult.number} succeeded."
188-
}
189-
if(exception != null) {
190-
echo "Custom Pipeline passed, but prior pipelines failed!"
191-
throw exception
192146
}
193147
}
194148

195-
tasks["fuzz_regression"] = {
196-
stage("Fuzz Regression") {
197-
final fuzzResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.FUZZ_PIPELINE}",
198-
propagate: true,
199-
wait: true,
200-
parameters: [
201-
[$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"],
202-
[$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"],
203-
[$class: 'StringParameterValue', name: 'TESTS_FUZZ_BRANCH', value: "${params.TESTS_FUZZ_BRANCH}"],
204-
[$class: 'StringParameterValue', name: 'FUZZ_CORPUS_BRANCH', value: "${params.FUZZ_CORPUS_BRANCH}"],
205-
[$class: 'StringParameterValue', name: 'VERSION', value: "${params.VERSION}"]
206-
]
207-
)
208-
echo "${params.TEST_PIPELINES_PATH}/${params.FUZZ_PIPELINE} #${fuzzResult.number} succeeded."
149+
stage('Tests') {
150+
failFast false
151+
parallel {
152+
stage('Pipeline') {
153+
stages{
154+
stage("Package") {
155+
steps {
156+
catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') {
157+
script{
158+
packageResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.PACKAGE_PIPELINE}",
159+
propagate: true,
160+
wait: true,
161+
parameters: [
162+
[$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"],
163+
[$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"],
164+
[$class: 'StringParameterValue', name: 'TESTS_BRANCH', value: "${params.TESTS_BRANCH}"],
165+
[$class: 'StringParameterValue', name: 'BUILD_JOB_NAME', value: "${params.BUILD_PIPELINES_PATH}/${params.BUILD_PIPELINE}"],
166+
[$class: 'StringParameterValue', name: 'BUILD_JOB_NUMBER', value: "${buildResult.number}"],
167+
[$class: 'StringParameterValue', name: 'FRAMEWORK_BRANCH', value: "${params.FRAMEWORK_BRANCH}"],
168+
[$class: 'StringParameterValue', name: 'VERSION', value: "${params.VERSION}"],
169+
[$class: 'StringParameterValue', name: 'SHARED_LIB_BRANCH', value: "${params.SHARED_LIB_BRANCH}"]
170+
]
171+
)
172+
echo "${params.TEST_PIPELINES_PATH}/${params.PACKAGE_PIPELINE} #${packageResult.number} succeeded."
173+
}
174+
}
175+
}
176+
}
177+
178+
stage("Regular From-Source") {
179+
steps {
180+
catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') {
181+
script{
182+
regularResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.REGULAR_PIPELINE}",
183+
propagate: true,
184+
wait: true,
185+
parameters: [
186+
[$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"],
187+
[$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"],
188+
[$class: 'StringParameterValue', name: 'TESTS_BRANCH', value: "${params.TESTS_BRANCH}"],
189+
[$class: 'StringParameterValue', name: 'FRAMEWORK_BRANCH', value: "${params.FRAMEWORK_BRANCH}"],
190+
[$class: 'StringParameterValue', name: 'VERSION', value: "${params.VERSION}"],
191+
[$class: 'StringParameterValue', name: 'SHARED_LIB_BRANCH', value: "${params.SHARED_LIB_BRANCH}"]
192+
]
193+
)
194+
echo "${params.TEST_PIPELINES_PATH}/${params.REGULAR_PIPELINE} #${regularResult.number} succeeded."
195+
}
196+
}
197+
}
198+
}
199+
200+
stage("Custom From-Source") {
201+
steps {
202+
script{
203+
customResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.CUSTOM_PIPELINE}",
204+
propagate: true,
205+
wait: true,
206+
parameters: [
207+
[$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"],
208+
[$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"],
209+
[$class: 'StringParameterValue', name: 'TESTS_BRANCH', value: "${params.TESTS_CUSTOM_BRANCH}"],
210+
[$class: 'StringParameterValue', name: 'FRAMEWORK_BRANCH', value: "${params.FRAMEWORK_BRANCH}"],
211+
[$class: 'StringParameterValue', name: 'VERSION', value: "${params.VERSION}"],
212+
[$class: 'StringParameterValue', name: 'SHARED_LIB_BRANCH', value: "${params.SHARED_LIB_BRANCH}"]
213+
]
214+
)
215+
echo "${params.TEST_PIPELINES_PATH}/${params.CUSTOM_PIPELINE} #${customResult.number} succeeded."
216+
}
217+
}
218+
}
219+
}
220+
}
221+
stage("Fuzz Regression") {
222+
steps {
223+
script{
224+
fuzzResult = build(job: "${params.TEST_PIPELINES_PATH}/${params.FUZZ_PIPELINE}",
225+
propagate: true,
226+
wait: true,
227+
parameters: [
228+
[$class: 'StringParameterValue', name: 'CLAMAV_JOB_NAME', value: "${JOB_NAME}"],
229+
[$class: 'StringParameterValue', name: 'CLAMAV_JOB_NUMBER', value: "${BUILD_NUMBER}"],
230+
[$class: 'StringParameterValue', name: 'TESTS_FUZZ_BRANCH', value: "${params.TESTS_FUZZ_BRANCH}"],
231+
[$class: 'StringParameterValue', name: 'FUZZ_CORPUS_BRANCH', value: "${params.FUZZ_CORPUS_BRANCH}"],
232+
[$class: 'StringParameterValue', name: 'VERSION', value: "${params.VERSION}"]
233+
]
234+
)
235+
echo "${params.TEST_PIPELINES_PATH}/${params.FUZZ_PIPELINE} #${fuzzResult.number} succeeded."
236+
}
237+
}
238+
}
209239
}
210240
}
211-
212-
parallel tasks
213241
}
214-
}
242+
}

0 commit comments

Comments
 (0)