Skip to content

Commit

Permalink
Accept fixed cves in golang jobs (#4272)
Browse files Browse the repository at this point in the history
  • Loading branch information
@thegreyd
thegreyd authored Oct 17, 2024
1 parent 8a12b0a commit 6db4099
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 3 deletions.
17 changes: 16 additions & 1 deletion jobs/build/golang-builder/Jenkinsfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,14 @@ node {
defaultValue: "",
trim: true,
),
string(
name: 'FIXED_CVES',
description: 'CVEs that are confirmed to be fixed in all given golang nvrs (comma separated). This will be used to fetch relevant Tracker bugs and move them to ON_QA state if determined to be fixed (nightly is found containing fixed builds)',
),
booleanParam(
name: 'FORCE_UPDATE_TRACKERS',
description: 'Force update found tracker bugs for the given CVEs, even if the latest nightly is not found containing fixed builds',
),
booleanParam(
name: 'CREATE_TAGGING_TICKET',
description: 'Create a CWFCONF Jira ticket for tagging golang builds in ART buildroots',
Expand Down Expand Up @@ -70,7 +78,8 @@ node {
string(credentialsId: 'art-bot-slack-token', variable: 'SLACK_BOT_TOKEN'),
string(credentialsId: 'redis-server-password', variable: 'REDIS_SERVER_PASSWORD'),
string(credentialsId: 'openshift-bot-token', variable: 'GITHUB_TOKEN'),
file(credentialsId: 'konflux-gcp-app-creds-prod', variable: 'GOOGLE_APPLICATION_CREDENTIALS')
file(credentialsId: 'konflux-gcp-app-creds-prod', variable: 'GOOGLE_APPLICATION_CREDENTIALS'),
string(credentialsId: 'jboss-jira-token', variable: 'JIRA_TOKEN'),
]) {
withEnv(["BUILD_URL=${BUILD_URL}", "JOB_NAME=${JOB_NAME}", 'DOOZER_DB_NAME=art_dash']) {
script {
Expand All @@ -93,12 +102,18 @@ node {
"--art-jira=${params.ART_JIRA}",
"${golang_nvrs}"
]
if (params.FIXED_CVES) {
cmd << "--cves=${params.FIXED_CVES}"
}
if (params.CREATE_TAGGING_TICKET) {
cmd << "--create-tagging-ticket"
}
if (params.SCRATCH) {
cmd << "--scratch"
}
if (params.FORCE_UPDATE_TRACKERS) {
cmd << "--force-update-tracker"
}
if (!params.DRY_RUN) {
cmd << "--confirm"
}
Expand Down
13 changes: 11 additions & 2 deletions jobs/build/rebuild-golang-rpms/Jenkinsfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,10 @@ node {
defaultValue: "",
trim: true,
),
string(
name: 'FIXED_CVES',
description: 'CVEs that are confirmed to be fixed in all given golang nvrs (comma separated). This will be used to fetch relevant Tracker bugs and move them to ON_QA state if determined to be fixed (fixed builds are found)',
),
string(
name: 'ART_JIRA',
description: 'ART jira ticket number as reference - this will be included in the commit message when bumping and building rpms',
Expand Down Expand Up @@ -67,7 +71,6 @@ node {

stage('Rebuild golang rpms') {
def golang_nvrs = commonlib.cleanSpaceList(params.GOLANG_NVRS)
def rpms_param = params.RPMS ? "--rpms=${params.RPMS}" : ""

script {
// Prepare working dir
Expand All @@ -87,9 +90,14 @@ node {
"rebuild-golang-rpms",
"--ocp-version=${params.BUILD_VERSION}",
"--art-jira=${params.ART_JIRA}",
"${rpms_param}",
"${golang_nvrs}"
]
if (params.RPMS) {
cmd << "--rpms=${params.RPMS}"
}
if (params.FIXED_CVES) {
cmd << "--cves=${params.FIXED_CVES}"
}
if (params.FORCE_REBUILD) {
cmd << "--force"
}
Expand All @@ -100,6 +108,7 @@ node {
withCredentials([
string(credentialsId: 'art-bot-slack-token', variable: 'SLACK_BOT_TOKEN'),
string(credentialsId: 'openshift-bot-token', variable: 'GITHUB_TOKEN'),
string(credentialsId: 'jboss-jira-token', variable: 'JIRA_TOKEN'),
]) {
withEnv(["BUILD_URL=${env.BUILD_URL}"]) {
try {
Expand Down

0 comments on commit 6db4099

Please sign in to comment.