From 6db4099eb8119da3968ec557504c5cc13350f08c Mon Sep 17 00:00:00 2001 From: Siddharth Sharma Date: Thu, 17 Oct 2024 16:56:11 -0400 Subject: [PATCH] Accept fixed cves in golang jobs (#4272) --- jobs/build/golang-builder/Jenkinsfile | 17 ++++++++++++++++- jobs/build/rebuild-golang-rpms/Jenkinsfile | 13 +++++++++++-- 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/jobs/build/golang-builder/Jenkinsfile b/jobs/build/golang-builder/Jenkinsfile index b9e70351fe..7ee425f7fe 100644 --- a/jobs/build/golang-builder/Jenkinsfile +++ b/jobs/build/golang-builder/Jenkinsfile @@ -27,6 +27,14 @@ node { defaultValue: "", trim: true, ), + string( + name: 'FIXED_CVES', + description: 'CVEs that are confirmed to be fixed in all given golang nvrs (comma separated). This will be used to fetch relevant Tracker bugs and move them to ON_QA state if determined to be fixed (nightly is found containing fixed builds)', + ), + booleanParam( + name: 'FORCE_UPDATE_TRACKERS', + description: 'Force update found tracker bugs for the given CVEs, even if the latest nightly is not found containing fixed builds', + ), booleanParam( name: 'CREATE_TAGGING_TICKET', description: 'Create a CWFCONF Jira ticket for tagging golang builds in ART buildroots', @@ -70,7 +78,8 @@ node { string(credentialsId: 'art-bot-slack-token', variable: 'SLACK_BOT_TOKEN'), string(credentialsId: 'redis-server-password', variable: 'REDIS_SERVER_PASSWORD'), string(credentialsId: 'openshift-bot-token', variable: 'GITHUB_TOKEN'), - file(credentialsId: 'konflux-gcp-app-creds-prod', variable: 'GOOGLE_APPLICATION_CREDENTIALS') + file(credentialsId: 'konflux-gcp-app-creds-prod', variable: 'GOOGLE_APPLICATION_CREDENTIALS'), + string(credentialsId: 'jboss-jira-token', variable: 'JIRA_TOKEN'), ]) { withEnv(["BUILD_URL=${BUILD_URL}", "JOB_NAME=${JOB_NAME}", 'DOOZER_DB_NAME=art_dash']) { script { @@ -93,12 +102,18 @@ node { "--art-jira=${params.ART_JIRA}", "${golang_nvrs}" ] + if (params.FIXED_CVES) { + cmd << "--cves=${params.FIXED_CVES}" + } if (params.CREATE_TAGGING_TICKET) { cmd << "--create-tagging-ticket" } if (params.SCRATCH) { cmd << "--scratch" } + if (params.FORCE_UPDATE_TRACKERS) { + cmd << "--force-update-tracker" + } if (!params.DRY_RUN) { cmd << "--confirm" } diff --git a/jobs/build/rebuild-golang-rpms/Jenkinsfile b/jobs/build/rebuild-golang-rpms/Jenkinsfile index 034a07cb50..28c8914adb 100644 --- a/jobs/build/rebuild-golang-rpms/Jenkinsfile +++ b/jobs/build/rebuild-golang-rpms/Jenkinsfile @@ -25,6 +25,10 @@ node { defaultValue: "", trim: true, ), + string( + name: 'FIXED_CVES', + description: 'CVEs that are confirmed to be fixed in all given golang nvrs (comma separated). This will be used to fetch relevant Tracker bugs and move them to ON_QA state if determined to be fixed (fixed builds are found)', + ), string( name: 'ART_JIRA', description: 'ART jira ticket number as reference - this will be included in the commit message when bumping and building rpms', @@ -67,7 +71,6 @@ node { stage('Rebuild golang rpms') { def golang_nvrs = commonlib.cleanSpaceList(params.GOLANG_NVRS) - def rpms_param = params.RPMS ? "--rpms=${params.RPMS}" : "" script { // Prepare working dir @@ -87,9 +90,14 @@ node { "rebuild-golang-rpms", "--ocp-version=${params.BUILD_VERSION}", "--art-jira=${params.ART_JIRA}", - "${rpms_param}", "${golang_nvrs}" ] + if (params.RPMS) { + cmd << "--rpms=${params.RPMS}" + } + if (params.FIXED_CVES) { + cmd << "--cves=${params.FIXED_CVES}" + } if (params.FORCE_REBUILD) { cmd << "--force" } @@ -100,6 +108,7 @@ node { withCredentials([ string(credentialsId: 'art-bot-slack-token', variable: 'SLACK_BOT_TOKEN'), string(credentialsId: 'openshift-bot-token', variable: 'GITHUB_TOKEN'), + string(credentialsId: 'jboss-jira-token', variable: 'JIRA_TOKEN'), ]) { withEnv(["BUILD_URL=${env.BUILD_URL}"]) { try {