ci-tools-lib/vars/buildPodman.groovy

72 lines
1.7 KiB
Groovy
Raw Normal View History

2022-02-11 16:47:10 +00:00
// Common container builder by ZeroDownTime
2022-02-14 12:15:52 +00:00
def call(Map config=[:]) {
2022-02-11 17:13:04 +00:00
pipeline {
agent {
node {
label 'podman-aws-trivy'
}
}
2022-02-11 16:47:10 +00:00
2022-02-11 17:13:04 +00:00
stages {
stage('Prepare') {
// get tags
steps {
sh 'git fetch -q --tags ${GIT_URL} +refs/heads/${BRANCH_NAME}:refs/remotes/origin/${BRANCH_NAME}'
}
}
2022-02-11 16:47:10 +00:00
2022-02-11 17:13:04 +00:00
// Build using rootless podman
stage('Build') {
steps {
sh 'make build'
}
}
2022-02-11 16:47:10 +00:00
2022-02-11 17:13:04 +00:00
stage('Test') {
steps {
sh 'make test'
}
}
2022-02-11 16:47:10 +00:00
2022-02-11 17:13:04 +00:00
// Scan via trivy
stage('Scan') {
environment {
TRIVY_FORMAT = "template"
TRIVY_OUTPUT = "reports/trivy.html"
}
steps {
sh 'mkdir -p reports'
sh 'make scan'
publishHTML target: [
allowMissing: true,
alwaysLinkToLastBuild: true,
keepAll: true,
reportDir: 'reports',
reportFiles: 'trivy.html',
reportName: 'TrivyScan',
reportTitles: 'TrivyScan'
]
2022-02-11 16:47:10 +00:00
// Scan again and fail on CRITICAL vulns, if not overridden
script {
if (config.trivyFail == 'NONE') {
echo 'trivyFail == NONE, review Trivy report manually. Proceeding ...'
} else {
sh "TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=${config.trivyFail} make scan"
}
}
2022-02-11 17:13:04 +00:00
}
}
2022-02-11 16:47:10 +00:00
2022-02-11 17:13:04 +00:00
// Push to ECR
stage('Push') {
steps {
sh 'make ecr-login push'
2022-02-11 17:13:04 +00:00
}
}
2022-02-11 17:13:04 +00:00
}
}
}