ci: add Jenkinsfile

4 months ago · 099cfa850c
1 changed files with 55 additions and 0 deletions
--- a/55
+++ b/55
@ -0,0 +1,55 @@
+pipeline {
+  agent { node { label 'podman-aws-trivy' } }
+  stages {
+    stage('Prepare'){
+        steps {
+	    // get tags
+            sh 'git fetch --tags ${GIT_URL} +refs/heads/${BRANCH_NAME}:refs/remotes/origin/${BRANCH_NAME}'
+        }
+    }
+
+    // Build using rootless podman
+    stage('Build'){
+        steps {
+            sh 'make build'
+        }
+    }
+
+    stage('Test'){
+        steps {
+            sh 'make test'
+        }
+    }
+
+    // Scan via trivy
+    stage('Scan'){
+        environment { 
+	    TRIVY_FORMAT = "template"
+	    TRIVY_OUTPUT = "reports/trivy.html"
+        }
+        steps {
+            sh 'mkdir -p reports'
+            sh 'make scan'
+            publishHTML target : [
+                allowMissing: true,
+                alwaysLinkToLastBuild: true,
+                keepAll: true,
+                reportDir: 'reports',
+                reportFiles: 'trivy.html',
+                reportName: 'TrivyScan',
+                reportTitles: 'TrivyScan'
+            ]
+
+            // Scan again and fail on CRITICAL vulns
+            sh 'TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=CRITICAL make scan'
+        }
+    }
+
+    // Push to ECR
+    stage('Push'){
+        steps {
+            sh 'make push'
+        }
+    }
+  }
+}