From e3cb29c45414abb1fd6812bbeaeb5b2d340adab5 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Tue, 8 Feb 2022 14:14:24 +0100 Subject: [PATCH] ci: Add Jenkins support, set Python version based on tags --- Jenkinsfile | 56 +++++++++++++++++++++++++++++++++++++++++ Makefile | 19 ++++++++------ cloudbender/__init__.py | 2 +- 3 files changed, 68 insertions(+), 9 deletions(-) create mode 100644 Jenkinsfile diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..98df856 --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,56 @@ +pipeline { + agent { node { label 'podman-aws-trivy' } } + + stages { + stage('Prepare'){ + // get tags + steps { + sh 'git fetch --tags ${GIT_URL} +refs/heads/${BRANCH_NAME}:refs/remotes/origin/${BRANCH_NAME}' + } + } + + // Build using rootless podman + stage('Build'){ + steps { + sh 'make build' + } + } + + stage('Test'){ + steps { + sh 'make test' + } + } + + // Scan via trivy + stage('Scan'){ + environment { + TRIVY_FORMAT = "template" + TRIVY_OUTPUT = "reports/trivy.html" + } + steps { + sh 'mkdir -p reports' + sh 'make scan' + publishHTML target : [ + allowMissing: true, + alwaysLinkToLastBuild: true, + keepAll: true, + reportDir: 'reports', + reportFiles: 'trivy.html', + reportName: 'TrivyScan', + reportTitles: 'TrivyScan' + ] + + // Scan again and fail on CRITICAL vulns + sh 'TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=CRITICAL make scan' + } + } + + // Push to ECR + stage('Push'){ + steps { + sh 'make push' + } + } + } +} diff --git a/Makefile b/Makefile index 884bde3..583735d 100644 --- a/Makefile +++ b/Makefile @@ -12,23 +12,23 @@ else TRIVY_OPTS := client --remote ${TRIVY_REMOTE} endif -.PHONY: test build test_upload upload all dev_setup docker +.PHONY: pytest build test_upload upload all dev_setup pybuild -all: test build +all: pybuild pytest dev_setup: - pip install -r requirements.txt --user + pip install -r dev-requirements.txt --user -test: +pytest: flake8 --ignore=E501 cloudbender tests TEST=True pytest --log-cli-level=DEBUG clean: rm -rf .cache build .coverage .eggs cloudbender.egg-info .pytest_cache dist -build: $(PACKAGE_FILE) - -$(PACKAGE_FILE): +pybuild: + # Set version in Python + sed -i cloudbender/__init__.py -e 's/__version__.*/__version__ = "$(TAG)"/' python setup.py bdist_wheel --universal test_upload: $(PACKAGE_FILE) @@ -37,9 +37,12 @@ test_upload: $(PACKAGE_FILE) upload: $(PACKAGE_FILE) twine upload --repository-url https://upload.pypi.org/legacy/ dist/cloudbender-*.whl -docker: +build: podman build --rm --squash-all -t $(REPOSITORY):$(TAG) -t $(REPOSITORY):latest . +test: + @echo "Not implemented (yet)" + push: aws ecr-public get-login-password --region $(REGION) | podman login --username AWS --password-stdin $(REGISTRY) podman tag $(REPOSITORY):latest $(REGISTRY)/$(REPOSITORY):$(TAG) $(REGISTRY)/$(REPOSITORY):latest diff --git a/cloudbender/__init__.py b/cloudbender/__init__.py index 2b90842..25ff8a5 100644 --- a/cloudbender/__init__.py +++ b/cloudbender/__init__.py @@ -2,7 +2,7 @@ import logging __author__ = "Stefan Reimer" __email__ = "stefan@zero-downtimet.net" -__version__ = "0.10.2" +__version__ = "v0.10.3" # Set up logging to ``/dev/null`` like a library is supposed to.