[CI] issue: 4705805 Add antivirus scan to release job

Add antivirus scan step to the release job to scan release packages.

Signed-off-by: Noam Tsemah <[email protected]>

Author: ntsemah

.ci/antivirus.sh

@@ -0,0 +1,56 @@
+#!/bin/bash -Exel
+
+echo -e "\n\n**********************************"
+echo -e "\n\nStarting antivirus.sh script...\n\n"
+echo -e "**********************************\n\n"
+
+if [ -z "$1" ]; then
+    if [ -z "${release_folder}" ]; then
+        echo "ERROR: Please use the first script argument or env var 'release_folder'. Exit"
+        exit 1
+    fi
+else
+    release_folder=$1
+fi
+
+if [ -z "$2" ]; then
+    if [ -z "${release_version}" ]; then
+        echo "ERROR: Please use the second script argument or env var 'release_version'."
+        exit 1
+    fi
+else
+    release_version=$2
+    echo "FULL_VERSION from script parameter: [${release_version}]"
+fi
+
+release_src_folder="${release_folder}/vma_v_${release_version}-0/src"
+if [ ! -e "${release_src_folder}" ] || [ ! -d "${release_src_folder}" ]; then
+    echo "ERROR: [${release_src_folder}] directory doesn't exist. Exit"
+    exit 1
+fi
+
+mkdir -p "${WORKSPACE}/logs/"
+
+cd "${release_src_folder}/"
+pkg_name=$(ls -1 libvma-*.src.rpm)
+tarball_name=$(ls -1 libvma-*.tar.gz)
+
+export RPM_SRC_PATH=${release_src_folder}/$pkg_name
+RPM_LOG=$WORKSPACE/logs/${pkg_name}_antivirus.log
+
+export TARBALL_SRC_PATH=${release_src_folder}/$tarball_name
+TARBALL_LOG=$WORKSPACE/logs/${tarball_name}_antivirus.log
+
+sudo -E -u swx-jenkins /auto/GLIT/SCRIPTS/HELPERS/antivirus-scan.sh "$RPM_SRC_PATH" 2>&1 | tee "$RPM_LOG"
+sudo -E -u swx-jenkins /auto/GLIT/SCRIPTS/HELPERS/antivirus-scan.sh "$TARBALL_SRC_PATH" 2>&1 | tee "$TARBALL_LOG"
+
+if grep -q 'Possibly Infected:.............     0' "$RPM_LOG"; then
+    status=0
+else
+    status=1
+fi
+
+if ! grep -q 'Possibly Infected:.............     0' "$TARBALL_LOG"; then
+    status=1
+fi
+exit $status

.ci/pipeline/release_jjb.yaml

@@ -34,7 +34,11 @@
         - bool:
             name: "do_release"
             default: true
-            description: "Release build packges into the release folder, set to false for debugging"
+            description: "Release build packages into the release folder, set to false for debugging"
+        - bool:
+            name: "do_antivirus"
+            default: true
+            description: "Run Antivirus scan."
         - string:
             name: "notification_email"
             default: "{jjb_release_email}"

.ci/pipeline/release_matrix_job.yaml

@@ -24,6 +24,9 @@ volumes:
   - {mountPath: /auto/mswg/release/vma, hostPath: /auto/mswg/release/vma}
   # User profile for release
   - {mountPath: /var/home/swx-jenkins, hostPath: /labhome/swx-jenkins}
+  # for Antivirus
+  - {mountPath: /auto/BACKUP/logs_of_LOGS, hostPath: /auto/BACKUP/logs_of_LOGS}
+  - {mountPath: /auto/GLIT/SCRIPTS/HELPERS, hostPath: /auto/GLIT/SCRIPTS/HELPERS}
 
 empty_volumes:
   - {mountPath: /tmp/source_rpms, memory: true}
@@ -45,6 +48,12 @@ steps:
       .ci/do_release.sh
     archiveArtifacts: pkg/build_pkg.log,pkg/packages/*.rpm
 
+  - name: Antivirus
+    enable: ${do_antivirus}
+    run: |
+      env WORKSPACE=$PWD .ci/antivirus.sh ${release_folder} ${release_tag}
+    archiveArtifacts: 'logs/'
+
 pipeline_start:
     shell: action
     module: groovy