Mellanox · ntsemah · Oct 27, 2025
diff --git a/.ci/antivirus.sh b/.ci/antivirus.sh
@@ -0,0 +1,37 @@
+#!/bin/bash -uxe
+
+echo -e "\n\n**********************************"
+echo -e "\n\nStarting antivirus.sh script...\n\n"
+echo -e "**********************************\n\n"
+
+[[ -z "${WORKSPACE:-}" ]] && { echo "ERROR: WORKSPACE variable is empty"; exit 1; }
+[[ ! -d "${WORKSPACE}" ]] && { echo "ERROR: ${WORKSPACE} does not exist"; exit 1; }
+[[ -z "${release_folder:-}" ]] && { echo "ERROR: release_folder variable is empty"; exit 1; }
+[[ ! -d "${release_folder}" ]] && { echo "ERROR: ${release_folder} does not exist"; exit 1; }
+[[ -z "${release_tag:-}" ]] && { echo "ERROR: release_tag variable is empty"; exit 1; }
+
+if [ -z "${revision:-}" ]; then
+    echo "WARN: 'revision' was not set, defaulting to 1"
+    revision=1
+fi
+
+mkdir -p "${WORKSPACE}/logs/"
+
+release_src_folder="${release_folder}/vma_v_${release_tag}-0/src"
+pkg_name="libvma-${release_tag}-${revision}.src.rpm"
+tarball_name="libvma-${release_tag}.tar.gz"
+rpm_log="${WORKSPACE}/logs/${pkg_name}_antivirus.log"
+tarball_log="${WORKSPACE}/logs/${tarball_name}_antivirus.log"
+
+[[ ! -d "${release_src_folder}" ]] && { echo "ERROR: ${release_src_folder} does not exist."; exit 1; }
+[[ ! -e "${release_src_folder}/${pkg_name}" ]] && { echo "ERROR: ${release_src_folder}/${pkg_name} does not exist."; exit 1; }
+[[ ! -e "${release_src_folder}/${tarball_name}" ]] && { echo "ERROR: ${release_src_folder}/${tarball_name} does not exist."; exit 1; }
+
+/auto/GLIT/SCRIPTS/HELPERS/antivirus-scan.sh "${release_src_folder}/${pkg_name}" |& tee "${rpm_log}"
+/auto/GLIT/SCRIPTS/HELPERS/antivirus-scan.sh "${release_src_folder}/${tarball_name}" |& tee "${tarball_log}"
+
+if grep -q 'Possibly Infected:.............     0' "${rpm_log}" && grep -q 'Possibly Infected:.............     0' "${tarball_log}"; then
+    exit 0
+else
+    exit 1
+fi
diff --git a/.ci/do_release.sh b/.ci/do_release.sh
@@ -7,7 +7,7 @@ echo "**********************************"
 set -o pipefail
 
 print_help() {
-    set +xv  
+    set +xv
     echo -e "\n\n"
     echo "--------------------------------------------------"
     echo "Usage: release_folder=<release folder> release_tag=<release tag> [revision=<revision>] [do_release=<true|false>] $0"
@@ -69,16 +69,16 @@ if [ "${do_release}" = true ] ; then
         exit 1
     fi
 
-    if [[ -e "${DST_DIR}/${pkg_name}" || -e "${DST_DIR}/${tarball_name}" ]]; then 
+    if [[ -e "${DST_DIR}/${pkg_name}" || -e "${DST_DIR}/${tarball_name}" ]]; then
         echo "ERROR: [${DST_DIR}/${pkg_name}] or [${DST_DIR}/${tarball_name}] file already exist. Exit"
         exit 1
     fi
     files_dir=$(pwd)
     pushd "${release_folder}" || { echo "ERROR: Failed to pushd to ${release_folder}. Exit" ; exit 1; }
-    sudo -E -u swx-jenkins mkdir -p "$DST_DIR"
-    sudo -E -u swx-jenkins cp -v "${files_dir}/${pkg_folder}/${pkg_name}" "$DST_DIR"
-    sudo -E -u swx-jenkins cp -v "${files_dir}/${pkg_folder}/${tarball_name}" "$DST_DIR"
-    sudo -E -u swx-jenkins ln -s "${DST_DIR}/${pkg_name}" "${release_folder}/source_rpms/${pkg_name}"
+    mkdir -p "$DST_DIR"
+    cp -v "${files_dir}/${pkg_folder}/${pkg_name}" "$DST_DIR"
+    cp -v "${files_dir}/${pkg_folder}/${tarball_name}" "$DST_DIR"
+    ln -s "${DST_DIR}/${pkg_name}" "${release_folder}/source_rpms/${pkg_name}"
     popd || { echo "ERROR: Failed to popd from ${release_folder}. Exit" ; exit 1; }
 
     echo "INFO: Release found at $DST_DIR"

diff --git a/.ci/pipeline/release_jjb.yaml b/.ci/pipeline/release_jjb.yaml
@@ -34,7 +34,11 @@
         - bool:
             name: "do_release"
             default: true
-            description: "Release build packges into the release folder, set to false for debugging"
+            description: "Release build packages into the release folder, set to false for debugging"
+        - bool:
+            name: "do_antivirus"
+            default: true
+            description: "Run Antivirus scan."
         - string:
             name: "notification_email"
             default: "{jjb_release_email}"

diff --git a/.ci/pipeline/release_matrix_job.yaml b/.ci/pipeline/release_matrix_job.yaml
@@ -24,6 +24,9 @@ volumes:
   - {mountPath: /auto/mswg/release/vma, hostPath: /auto/mswg/release/vma}
   # User profile for release
   - {mountPath: /var/home/swx-jenkins, hostPath: /labhome/swx-jenkins}
+  # for Antivirus
+  - {mountPath: /auto/BACKUP/logs_of_LOGS, hostPath: /auto/BACKUP/logs_of_LOGS}
+  - {mountPath: /auto/GLIT/SCRIPTS/HELPERS, hostPath: /auto/GLIT/SCRIPTS/HELPERS}
 
 empty_volumes:
   - {mountPath: /tmp/source_rpms, memory: true}
@@ -35,7 +38,9 @@ runs_on_dockers:
       uri: '$arch/$name/release',
       build_args: '--no-cache',
       arch: 'x86_64',
-      tag: '20250128'
+      tag: '20250128',
+      runAsUser: '6213',
+      runAsGroup: '101'
     }
 
 steps:
@@ -45,6 +50,12 @@ steps:
       .ci/do_release.sh
     archiveArtifacts: pkg/build_pkg.log,pkg/packages/*.rpm
 
+  - name: Antivirus
+    enable: ${do_antivirus}
+    run: |
+      env WORKSPACE=$PWD .ci/antivirus.sh
+    archiveArtifacts: 'logs/'
+
 pipeline_start:
     shell: action
     module: groovy