Browse Source

ci: add Jenkinsfile

master v3.15.0
Stefan Reimer 4 months ago
parent
commit
099cfa850c
  1. 55
      Jenkinsfile

55
Jenkinsfile vendored

@ -0,0 +1,55 @@
pipeline {
agent { node { label 'podman-aws-trivy' } }
stages {
stage('Prepare'){
steps {
// get tags
sh 'git fetch --tags ${GIT_URL} +refs/heads/${BRANCH_NAME}:refs/remotes/origin/${BRANCH_NAME}'
}
}
// Build using rootless podman
stage('Build'){
steps {
sh 'make build'
}
}
stage('Test'){
steps {
sh 'make test'
}
}
// Scan via trivy
stage('Scan'){
environment {
TRIVY_FORMAT = "template"
TRIVY_OUTPUT = "reports/trivy.html"
}
steps {
sh 'mkdir -p reports'
sh 'make scan'
publishHTML target : [
allowMissing: true,
alwaysLinkToLastBuild: true,
keepAll: true,
reportDir: 'reports',
reportFiles: 'trivy.html',
reportName: 'TrivyScan',
reportTitles: 'TrivyScan'
]
// Scan again and fail on CRITICAL vulns
sh 'TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=CRITICAL make scan'
}
}
// Push to ECR
stage('Push'){
steps {
sh 'make push'
}
}
}
}
Loading…
Cancel
Save