| commit | ef045429ab21a357c9cb5298e2470db88ec27054 | [log] [tgz] |
|---|---|---|
| author | Marija Savtchouk <mariasavtchouk@google.com> | Wed May 03 15:37:18 2023 +0200 |
| committer | Marija Savtchouk <mariasavtchouk@google.com> | Wed May 03 17:02:18 2023 +0200 |
| tree | cfd4b62a62f325e2315b887198ba4f3780368ad9 | |
| parent | 743eb42e6d3e67b4e2654995b1399d79f3802888 [diff] |
Add Gemfile, Gemfile.lock A build time dependency installation is considered a security vulnerability, because compromised dependencies can lead to remote code execution at build time or runtime. Added required files to address this. Change-Id: I69caeaf79cb3611291829bd5a51cf3c1226e91f2 Google-Bug-Id: b/280554949
This project uses Jenkins Jobs Builder [1] to generate jobs from yaml descriptor files.
To add new jobs reuse existing templates, defaults etc. as much as possible. E.g. adding a job to build an additional branch of a project may be as easy as adding the name of the branch to an existing project.
To ensure well readable yaml-files, use yamllint [2] to lint the yaml-files. Yamllint can be downloaded using Python Pip:
pip3 install --require-hashes yamllint
To run the linter, execute this command from the project's root directory:
yamllint -c yamllint-config.yaml jenkins/**/*.yaml
Yamllint will not fix detected issues itself.
[1] https://docs.openstack.org/infra/jenkins-job-builder/index.html [2] https://pypi.org/project/yamllint/