From f3b759e5a9cffcc62e42d28f5a2bffd643e16f8a Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Thu, 13 Oct 2022 15:46:00 +0200 Subject: [PATCH] ci: migrate to central ci-tools-lib --- Jenkinsfile | 59 ++++------------------------------------------------- Makefile | 35 ++----------------------------- 2 files changed, 6 insertions(+), 88 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 6ef6731..b59a757 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,56 +1,5 @@ -pipeline { - agent { node { label 'podman-aws-trivy' } } +library identifier: 'zdt-lib@master', retriever: modernSCM( + [$class: 'GitSCMSource', + remote: 'https://git.zero-downtime.net/ZeroDownTime/ci-tools-lib.git']) - stages { - stage('Prepare'){ - // get tags - steps { - sh 'git fetch -q --tags ${GIT_URL} +refs/heads/${BRANCH_NAME}:refs/remotes/origin/${BRANCH_NAME}' - } - } - - // Build using rootless podman - stage('Build'){ - steps { - sh 'make build' - } - } - - stage('Test'){ - steps { - sh 'make test' - } - } - - // Scan via trivy - stage('Scan'){ - environment { - TRIVY_FORMAT = "template" - TRIVY_OUTPUT = "reports/trivy.html" - } - steps { - sh 'mkdir -p reports' - sh 'make scan' - publishHTML target : [ - allowMissing: true, - alwaysLinkToLastBuild: true, - keepAll: true, - reportDir: 'reports', - reportFiles: 'trivy.html', - reportName: 'TrivyScan', - reportTitles: 'TrivyScan' - ] - - // Scan again and fail on CRITICAL vulns - // sh 'TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=CRITICAL make scan' - } - } - - // Push to ECR - stage('Push'){ - steps { - sh 'make push' - } - } - } -} +buildPodman name: 'jenkins-podman', trivyFail: 'NONE' diff --git a/Makefile b/Makefile index 8d2a2fc..ad0a8fc 100644 --- a/Makefile +++ b/Makefile @@ -2,23 +2,13 @@ REGISTRY := public.ecr.aws/zero-downtime IMAGE := cloudbender REGION := us-east-1 -# Parse version from latest git semver tag -GTAG=$(shell git describe --tags --match v*.*.* 2>/dev/null || git rev-parse --short HEAD 2>/dev/null) -TAG ?= $(shell echo $(GTAG) | awk -F '-' '{ print $$1 "-" $$2 }' | sed -e 's/-$$//') - -ifneq ($(TRIVY_REMOTE),) - TRIVY_OPTS := --server ${TRIVY_REMOTE} -endif - -.PHONY: pytest pybuild test_upload upload all build test push scan - -all: pytest pybuild +include .ci/podman.mk pytest: flake8 cloudbender tests TEST=True pytest --log-cli-level=DEBUG -clean: +pyclean: rm -rf .cache build .coverage .eggs cloudbender.egg-info .pytest_cache dist pybuild: @@ -29,24 +19,3 @@ test_upload: pybuild upload: pybuild twine upload -r pypi --non-interactive dist/cloudbender-*.whl - -build: - podman build --rm -t $(IMAGE):$(TAG) -t $(IMAGE):latest . - -test: - @echo "Not implemented (yet)" - -push: - aws ecr-public get-login-password --region $(REGION) | podman login --username AWS --password-stdin $(REGISTRY) - podman tag $(IMAGE):latest $(REGISTRY)/$(IMAGE):$(TAG) $(REGISTRY)/$(IMAGE):latest - podman push $(REGISTRY)/$(IMAGE):$(TAG) - podman push $(REGISTRY)/$(IMAGE):latest - -scan: - trivy image $(TRIVY_OPTS) $(IMAGE):$(TAG) - -# Delete all untagged images -.PHONY: rm-remote-untagged -rm-remote-untagged: - @echo "Removing all untagged images from $(IMAGE) in $(REGION)" - @aws ecr-public batch-delete-image --repository-name $(IMAGE) --region $(REGION) --image-ids $$(for image in $$(aws ecr-public describe-images --repository-name $(IMAGE) --region $(REGION) --output json | jq -r '.imageDetails[] | select(.imageTags | not ).imageDigest'); do echo -n "imageDigest=$$image "; done)