jenkins-podman/Jenkinsfile

41 lines
1007 B
Plaintext
Raw Normal View History

2022-01-13 13:30:51 +00:00
pipeline {
2022-01-13 14:01:27 +00:00
# agent { node { label 'podman && trivy && aws' } }
agent any
2022-01-13 13:30:51 +00:00
stages {
stage('Build'){
steps {
sh 'make build'
}
}
stage('Scan'){
environment {
TRIVY_TEMPLATE = "@${env.WORKSPACE}/html.tpl"
TRIVY_FORMAT = "template"
TRIVY_OUTPUT = "reports/trivy.html"
}
steps {
// Scan via trivy
sh 'mkdir -p reports'
sh 'make scan'
publishHTML target : [
allowMissing: true,
alwaysLinkToLastBuild: true,
keepAll: true,
reportDir: 'reports',
reportFiles: 'trivy.html',
reportName: 'Trivy Scan',
reportTitles: 'Trivy Scan'
]
// Scan again and fail on CRITICAL vulns
sh 'TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=CRITICAL make scan'
}
}
stage('Push'){
steps {
sh 'make push'
}
}
}
}