[CI] issue: HPCINFRA-3964 add Blackduck step to release job

Signed-off-by: Noam Tsemah <[email protected]>

Author: ntsemah

.ci/pipeline/release_jjb.yaml

@@ -35,6 +35,10 @@
             name: "do_release"
             default: true
             description: "Release build packges into the release folder, set to false for debugging"
+        - bool:
+            name: "do_blackduck"
+            default: true
+            description: "Run BlackDuck."
         - string:
             name: "notification_email"
             default: "{jjb_release_email}"

.ci/pipeline/release_matrix_job.yaml

@@ -13,6 +13,9 @@ kubernetes:
   limits: '{memory: 8Gi, cpu: 7000m}'
   requests: '{memory: 8Gi, cpu: 7000m}'
 
+credentials:
+  - {credentialsId: 'swx-jenkins3-svc_git-nbu_token', type: 'string', variable: 'BLACKDUCK_GERRIT_CREDENTIALS'}
+
 env:
   MAIL_FROM: [email protected]
 
@@ -31,7 +34,7 @@ runs_on_dockers:
       arch: 'x86_64',
       tag: '20250304'
     }
-
+  - {name: 'blackduck', url: 'harbor.mellanox.com/toolbox/blackduck_post_scan:latest', category: 'tool', arch: 'x86_64'}
 
 steps:
   - name: Build-dpcp
@@ -43,10 +46,31 @@ steps:
 
   - name: Release
     parallel: false
+    containerSelector:
+      - "{name: 'rhel8.6', variant:1}"
     run: |
      .ci/do_release.sh
     archiveArtifacts: "**/build_pkg.log,**/packages/*.rpm"
 
+  - name: Blackduck
+    enable: ${do_blackduck}
+    containerSelector:
+      - "{name: 'blackduck', category:'tool', variant:1}"
+    shell: action
+    module: ngci
+    run: NGCIBlackDuckScan
+    args:
+      projectName: "libxlio"
+      projectVersion: "${sha1}"
+      projectSrcPath: "src"
+      attachArtifact: true
+      reportName: "BlackDuck report"
+      scanMode: "source"
+      skipDockerDaemonCheck: true
+      credentialsId: "swx-jenkins3-svc_git-nbu_token"
+    env:
+      SPRING_APPLICATION_JSON: '{"blackduck.url":"https://blackduck.mellanox.com/","blackduck.api.token":"ODMwOWYwMzEtODA2ZC00MzBjLWI1ZDEtNmFiMjBkYzQzMzkwOjNmNjExN2M1LWE2ZmEtNDZlYS1hZjRiLTZlNDgwNjAwOTVjNw=="}'
+
 pipeline_start:
     shell: action
     module: groovy