Mellanox · orbalayla-nvidia · May 14, 2026 · May 14, 2026 · Jun 7, 2026
diff --git a/.ci/examples/job_matrix_antivirus.yaml b/.ci/examples/job_matrix_antivirus.yaml
@@ -0,0 +1,37 @@
+---
+# Example matrix that runs the GLIT antivirus scanner via the `antivirus`
+# var in Mellanox-lab/swx-jenkins-lib. The executing container must have
+# /auto/GLIT mounted (hostPath volume below).
+
+job: antivirus-example
+
+failFast: false
+timeout_minutes: 30
+
+env:
+  # Default keeps the example self-contained; override for a real release path.
+  RELEASE_PATH: '/auto/GLIT'
+
+kubernetes:
+  cloud: swx-k8s
+  nodeSelector: 'kubernetes.io/arch=amd64'
+
+volumes:
+  - {mountPath: /auto/GLIT, hostPath: /auto/GLIT}
+
+runs_on_dockers:
+  - url: 'ubuntu:22.04'
+    name: 'av_runner'
+    tag: '22.04'
+    arch: 'x86_64'
+
+steps:
+  - name: Antivirus scan
+    shell: action
+    module: antivirusCI
+    run: scan
+    containerSelector: '{name:"av_runner"}'
+    args:
+      path: '${RELEASE_PATH}'
+      skipIfMissing: true
+    archiveArtifacts: 'logs/antivirus_*.log'
diff --git a/vars/antivirusCI.groovy b/vars/antivirusCI.groovy
@@ -0,0 +1,58 @@
+#!/usr/bin/env groovy
+
+// Matrix-side bridge to the `antivirus` var in Mellanox-lab/swx-jenkins-lib.
+// Modeled on slurmCI.
+
+int call(ctx, oneStep, config) {
+    def args = (oneStep.args ?: [:]).clone()
+
+    def libRef = args.remove('ref')
+    if (libRef) {
+        library(identifier: "swx-jenkins-lib@${libRef}")
+    } else {
+        // TEMP: load swx-jenkins-lib from the fork branch carrying the
+        // antivirus var (https://github.com/Mellanox-lab/swx-jenkins-lib/pull/4).
+        // Revert to library('swx-jenkins-lib') before merging.
+        library('github.com/orbalayla-nvidia/swx-jenkins-lib@feat/antivirus')
+    }
+
+    if (!(args?.containsKey('path') || args?.containsKey('paths'))) {
+        ctx.reportFail(oneStep.name, "antivirusCI: 'path' or 'paths' arg required")
+        return 1
+    }
+
+    // Resolve ${VAR} on String values only; lists pass through.
+    for (def entry in ctx.entrySet(args)) {
+        if (!(entry.value instanceof String)) continue
+        def resolved = ctx.resolveTemplate(['env': env], entry.value, config)
+        def pass2 = resolved
+        def safety = 0
+        while (pass2.contains('${') && safety++ < 20) {
+            def start = pass2.indexOf('${')
+            def end = pass2.indexOf('}', start)
+            if (end == -1) break
+            def name = pass2.substring(start + 2, end)
+            def val = env."${name}"
+            if (val == null) break
+            pass2 = pass2.substring(0, start) + val + pass2.substring(end + 1)
+        }
+        args[entry.key] = pass2
+    }
+
+    def vars = []
+    vars += ctx.toEnvVars(config, config.env)
+    vars += ctx.toEnvVars(config, oneStep.env)
+
+    int rc = 0
+    withEnv(vars) {
+        try {
+            antivirus.scan(args)
+        } catch (org.jenkinsci.plugins.workflow.steps.FlowInterruptedException fie) {
+            throw fie
+        } catch (Exception e) {
+            ctx.reportFail(oneStep.name, "antivirus.scan failed: ${e.message}")
+            rc = 1
+        }
+    }
+    return rc
+}