jenkins-podman/Jenkinsfile

pipeline {
  agent { node { label 'podman-aws-trivy' } }
  stages {
    // Build using rootless podman
    stage('Build'){
        steps {
            sh 'make build'
        }
    }

    // Scan via trivy
    stage('Scan'){
        environment { 
	    TRIVY_FORMAT = "template"
	    TRIVY_OUTPUT = "reports/trivy.html"
        }
        steps {
            sh 'mkdir -p reports'
            sh 'make scan'
            publishHTML target : [
                allowMissing: true,
                alwaysLinkToLastBuild: true,
                keepAll: true,
                reportDir: 'reports',
                reportFiles: 'trivy.html',
                reportName: 'TrivyScan',
                reportTitles: 'TrivyScan'
            ]

            // Scan again and fail on CRITICAL vulns
            sh 'TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=CRITICAL make scan'
        }
    }

    // Push to ECR
    stage('Push'){
        steps {
            sh 'make push'
        }
    }
  }
}
ci: improve Jenkinsfile 2022-01-13 13:30:51 +00:00			`pipeline {`
ci: final cleanup 2022-01-14 00:35:17 +00:00			`agent { node { label 'podman-aws-trivy' } }`
ci: improve Jenkinsfile 2022-01-13 13:30:51 +00:00			`stages {`
ci: more Jenkins fixes 2022-01-13 14:31:35 +00:00			`// Build using rootless podman`
ci: improve Jenkinsfile 2022-01-13 13:30:51 +00:00			`stage('Build'){`
			`steps {`
			`sh 'make build'`
			`}`
			`}`
ci: more Jenkins fixes 2022-01-13 14:31:35 +00:00
			`// Scan via trivy`
ci: improve Jenkinsfile 2022-01-13 13:30:51 +00:00			`stage('Scan'){`
			`environment {`
			`TRIVY_FORMAT = "template"`
			`TRIVY_OUTPUT = "reports/trivy.html"`
			`}`
			`steps {`
			`sh 'mkdir -p reports'`
			`sh 'make scan'`
			`publishHTML target : [`
			`allowMissing: true,`
			`alwaysLinkToLastBuild: true,`
			`keepAll: true,`
			`reportDir: 'reports',`
			`reportFiles: 'trivy.html',`
chore: debug Jenkins 2022-01-13 14:17:18 +00:00			`reportName: 'TrivyScan',`
			`reportTitles: 'TrivyScan'`
ci: improve Jenkinsfile 2022-01-13 13:30:51 +00:00			`]`

			`// Scan again and fail on CRITICAL vulns`
			`sh 'TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=CRITICAL make scan'`
			`}`
			`}`
ci: more Jenkins fixes 2022-01-13 14:31:35 +00:00
			`// Push to ECR`
ci: improve Jenkinsfile 2022-01-13 13:30:51 +00:00			`stage('Push'){`
			`steps {`
ci: more Jenkins fixes 2022-01-13 14:31:35 +00:00			`sh 'make push'`
ci: improve Jenkinsfile 2022-01-13 13:30:51 +00:00			`}`
			`}`
			`}`
			`}`