jenkins-podman/Jenkinsfile

56 lines
1.2 KiB
Plaintext
Raw Normal View History

2022-01-13 13:30:51 +00:00
pipeline {
2022-01-14 00:35:17 +00:00
agent { node { label 'podman-aws-trivy' } }
2022-01-13 13:30:51 +00:00
stages {
2022-01-16 10:55:02 +00:00
stage('Prepare'){
steps {
// get tags
2022-01-16 10:58:29 +00:00
sh 'git fetch --tags ${env.GIT_URL} +refs/heads/${env.BRANCH_NAME}:refs/remotes/origin/${env.BRANCH_NAME}'
2022-01-16 10:55:02 +00:00
}
}
2022-01-13 14:31:35 +00:00
// Build using rootless podman
2022-01-13 13:30:51 +00:00
stage('Build'){
steps {
sh 'make build'
}
}
2022-01-13 14:31:35 +00:00
2022-01-16 10:55:02 +00:00
stage('Test'){
steps {
sh 'make test'
}
}
2022-01-13 14:31:35 +00:00
// Scan via trivy
2022-01-13 13:30:51 +00:00
stage('Scan'){
environment {
TRIVY_FORMAT = "template"
TRIVY_OUTPUT = "reports/trivy.html"
}
steps {
sh 'mkdir -p reports'
sh 'make scan'
publishHTML target : [
allowMissing: true,
alwaysLinkToLastBuild: true,
keepAll: true,
reportDir: 'reports',
reportFiles: 'trivy.html',
2022-01-13 14:17:18 +00:00
reportName: 'TrivyScan',
reportTitles: 'TrivyScan'
2022-01-13 13:30:51 +00:00
]
// Scan again and fail on CRITICAL vulns
sh 'TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=CRITICAL make scan'
}
}
2022-01-13 14:31:35 +00:00
// Push to ECR
2022-01-13 13:30:51 +00:00
stage('Push'){
steps {
2022-01-13 14:31:35 +00:00
sh 'make push'
2022-01-13 13:30:51 +00:00
}
}
}
}