19. jenkins -- weekly CI
软件截图
jenkins配置
#!/usr/bin/groovy
/*引用plll库–plll名称以jenkins的系统配置为准,@V2.02d为plll库中对应分支(当前分支为无线稳定分支)——政通参考分支为feature/plll_zt */
//@Library('plll@feature/goldendb') _
@Library(['plll@feature/goldendb','jenkins-swap-library@goldendb']) _
/*********************************************************************************************************
* 主流程
********************************************************************************************************/
main()
/* main */
def main() {
/*指定node服务器,优先选择本地slave*/
pnode('goldendb_devops'){
/* 初始化环境 */
set_system_properties()
/* 更新JOB配置properties */
set_default_properties()
/* 执行构建加载 */
plll([
/*工作区定义:默认jenkins公用工作区*/
workspace:"${env.SHARED}",
/*获取项目并行工作区数*/
sharenumber: getShareNumber(),
/*上载制品库服务信息:以jenkins的系统配置为准*/
artifactory: "nj-artifactory",
/*是否发送采集数据*/
sendcidata:true,
]) {
/* 设置运行参数: */
set_running_properties()
/* 一些准备工作 */
run_prepare()
/* 执行业务pipeline流程 */
run_pipeline();
}
if("${plll.getUserName()}" == "branchindexing"){
return
}
print "get pipeline result: ${plll.getResult()}"
if( "${plll.getResult()}" != "success" ){
error "本次构建失败,请检查!"
}
}
return
}
/*********************************************************************************************************
* 设置参数
********************************************************************************************************/
def set_system_properties() {
/* 设置管理员邮件*/
env.ADMIN_USER_EMAIL = "sun.linnan@goldendb.com"
/* 设置gerrit 认证账号的key:该值取自于jenkins credentials*/
env.GERRIT_KEY_ID = "7cbafc4a-fd9d-4e22-a6a9-15910957ce5a"
/* Jenkins服务gerrit trigger配置 */
env.GERRIT_SERVER_NAME = "GerritServer"
/*获取gerrit服务器信息:默认从创建mutlipipeline job的git路径中获取*/
env.GERRIT_SERVER_URL = plll.getScmServer()
/*获取git库信息:创建mutlipipeline job时,git URL有/a/时,一定要去掉/a/ */
env.GERRIT_PROJECT = env.GERRIT_PROJECT?:plll.getScmProject()
/* 设置分支版本 */
env.ProductModel = "ZXCLOUD GoldenDB"
env.BRANCH_TAG = env.BRANCH_TAG?:plll.getJobBaseName()
/* 制品上载路径: */
env.ART_TARGET = "goldendb-snapshot-generic/${plll.getJobName()}/"
/*制品路径声明,以备调用*/
plll.setArtifactory(["target":env.ART_TARGET])
/*邮件接收设置*/
env.mail_list_exec = ""
env.mail_list_sel = ""
if(plll.isDailyCI()){
env.mail_list_to = "${env.mail_list_exec},${env.mail_list_sel}"
env.mail_list_cc = "zhang.jun102@goldendb.com"
}else{
env.mail_list_to = ""
env.mail_list_cc = ""
}
plll.setMailReceiver([to:"${env.mail_list_to}", cc:"${env.mail_list_cc}"])
plll.getData().job_keep_times='25' //设置job老化次数,默认值为60
plll.getData().job_keep_days='4' //设置job老化天数,默认值为60
env.ecversion=params.ecversion
env.component="DBPROXY" //组件名称
return
}
/* 设置分支JOB的属性 */
def set_default_properties() {
/*mutlipipeline 创建分支job时,相关gerrit 触发配置*/
def gerrit = null
def cron = 'H H * * 6'
def parameters = null
/*设置分支JOB的属性入口*/
plll.set_default_properties([
/* 关联gerrit */
gerrit: gerrit,
/* 定时任务 */
cron: cron,
/* 自定义参数 */
parameters: parameters,
]);
return
}
/* 设置运行参数 */
def set_running_properties() {
plll.setBranchTag(env.BRANCH_TAG)
plll.setDebug(false)
plll.getData().kwchecklevel="warn"
if(env.BRANCH_TAG.contains('ZXCLOUD-GoldenDB-InsightTool')){
env.PROJECT_VERSION="${env.BRANCH_TAG}"
}else if (env.BRANCH_TAG.contains('ZXCLOUD-GoldenDB-ALL-InsightTool')){
env.PROJECT_VERSION="${env.BRANCH_TAG}"
}else{
env.PROJECT_VERSION="ZXCLOUD-GoldenDB-InsightToolV${env.BRANCH_TAG}"
}
env.GIT_VERSION=""
env.language="C"
env.PUBLIC = "${env.SHARED}/public"
env.CODE= "${env.SHARESPACE}/source"
env.OUTPUT = "${env.SHARESPACE}/output"
plll.getData().autoOptimizeCheckout = true
return
}
def run_prepare(){
/*更改权限,防止操作因权限问题失败;清理UT测试的中间结果*/
def cmd = ""
cmd += "cd /home/workspace;"
cmd += "chmod -R 777 * || true;"
pdocker.callbash (
/* image */ "docker.artnj.zte.com.cn/cci/cloud-goldendb/redhat6.5:dbproxyv1.0",
/* cmd */ "${cmd}",
/* volumes */ "-v ${env.SHARESPACE}:/home/workspace",
/* params */ "--privileged",
)
/*清理并重新创建输出目录以及基线打zip包目录*/
run "rm -rf ${env.OUTPUT}"
run "mkdir -p ${env.OUTPUT}"
}
/*********************************************************************************************************
* 业务流程
********************************************************************************************************/
def run_pipeline() {
parallel 'HardCodeDetect':{
stage('Checkout') { run_update() }
stage('HardCodeDetect') { run_hardcode_detect() }
}, 'Hub':{
stage('Hub') {
run_hub()
}
}
}
/* 更新 */
def run_update() {
plll.Update('update', '更新代码', [
scm:[type:"git", keyid:"${env.GERRIT_KEY_ID}", repo:"${env.GERRIT_SERVER_URL}", project:"${env.GERRIT_PROJECT}",
branch:"${env.BRANCH_TAG}", path:"${env.SHARESPACE}/source",refspec:""],
report:[[report_dir:"${env.SHARESPACE}/target/Update/update/output/", report_file:"commit_files.txt",report_name:"变更文件", report_always:true,report_all:false]],
measure:null,
])
}
def run_hub(){
def ccaProjectName = 'GoldenDB V7.3'
def ccaTaskName = "${env.BRANCH_TAG}_GDB_InsightTool_openSrc_ALL"
plll.ccaHub('ccaHub', 'ccaHub', [
projectName:ccaProjectName ,
taskName: ccaTaskName
])
}
def run_hardcode_detect() {
pnode {
def title = "InsightTool-${env.BRANCH_TAG}-#${BUILD_NUMBER}-"
def cmd = ""
echo "开始安全编码扫描。。。。。。。。"
if (plll.isDailyCI() || plll.isManualCI()) {
cmd = """cp -rf /home/version/HardCode/* /home/HardCodedInspectionTool &&
sed -i s/'GDB'/'${title}'/g /home/HardCodedInspectionTool/llm_hardcode/createIcenter.py &&
sh scan.sh &&
sh ai.sh &&
cp -rf /home/HardCodedInspectionTool/TopN_report /home/output &&
cp -r /home/HardCodedInspectionTool/*.tar.gz /home/output/TopN_report/ """
} else if (plll.isVerifyCI()) {
cmd = """cp -rf /home/version/HardCode/* /home/HardCodedInspectionTool &&
python3 add_prefix.py -i /home/version/codediff -o scanlist.txt -p /home/version &&
sed -i s/'GDB'/'${title}'/g /home/HardCodedInspectionTool/llm_hardcode/createIcenter.py &&
sh scan.sh &&
sh ai.sh &&
cp -rf /home/HardCodedInspectionTool/TopN_report /home/output &&
cp -r /home/HardCodedInspectionTool/*.tar.gz /home/output/TopN_report/ """
} else {
return
}
plll.Task("HardCodedInspectionToolV2.5", "明文密码检查", [
run_execute: {
pdocker.callbash(
"goldendb-release-docker.artnj.zte.com.cn/build/centos8:hardcodev2.5",
cmd,
"-v ${env.CODE}:/home/version -v ${env.OUTPUT}/hardcode:/home/output -w /home/HardCodedInspectionTool",
"--privileged"
)
def news = run('grep ",NEW$" ' + "${env.OUTPUT}/hardcode/TopN_report/Team_*.csv | wc -l || true", true)
if ("${news}" != "0") {
error "新引入了${news}个明文密码,请处理!参考: https://i.zte.com.cn/index/ispace/#/space/e63167c497404b58851f0d73d79a5afd/wiki/page/73810e0ab6fa408f9c2ee9f4b14e68b4/view"
}
},
report: [
[
report_dir : "${env.OUTPUT}/hardcode/TopN_report",
report_name : 'HardCodedInspection_html',
report_files: ["*.html"],
report_all : true
],
[
report_dir : "${env.OUTPUT}/hardcode/TopN_report",
report_name : 'HardCodedInspection_report',
report_files: ["*.tar.gz"],
report_all : true
]
]
]);
echo "---------------------end hardcode detect check------------------------"
}
}
/*********************************************************************************************************
* 工具函数
********************************************************************************************************/
/**
* 获取并行数
* 1、非mesos节点,master不限制(由节点的executor个数决定)
* 2、mesos节点,master最多10个,非master最多2个
*/
def getShareNumber() {
def sharenumber=0
if(plll.isMesos()) {
sharenumber = 4
}
if(!plll.checkBranchName('master')){
sharenumber = 4
}
return sharenumber
}
def getLockName(){
def lock_name = null
if(plll.isMergeCI()){
lock_name = "${plll.getJobName()}/mergeci"
}
return lock_name
}
浙公网安备 33010602011771号