diff --git a/Dockerfile b/Dockerfile index c6f434f..cc39a06 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,7 +23,7 @@ RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers \ /var/lib/shared/vfs-images/images.lock /var/lib/shared/vfs-layers/layers.lock # Trivy html template -ADD --chown=jenkins:jenkins html.tpl /home/jenkins/agent +ADD --chown=jenkins:jenkins html.tpl /home/jenkins # Make docker in Jenkinsfiles work RUN ln -s /usr/bin/podman /usr/bin/docker diff --git a/Jenkinsfile b/Jenkinsfile index d1e5f2e..19abd3a 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -2,19 +2,21 @@ pipeline { // agent { node { label 'podman && trivy && aws' } } agent { node { label 'podman' } } stages { + // Build using rootless podman stage('Build'){ steps { sh 'make build' } } + + // Scan via trivy stage('Scan'){ environment { - TRIVY_TEMPLATE = "@${env.JENKINS_AGENT_WORKDIR}/html.tpl" + TRIVY_TEMPLATE = "@${env.HOME}/html.tpl" TRIVY_FORMAT = "template" TRIVY_OUTPUT = "reports/trivy.html" } steps { - // Scan via trivy sh 'mkdir -p reports' sh 'env' sh 'make scan' @@ -33,9 +35,11 @@ pipeline { sh 'TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=CRITICAL make scan' } } + + // Push to ECR stage('Push'){ steps { - sh 'echo make push' + sh 'make push' } } } diff --git a/Makefile b/Makefile index 2098361..1d00f52 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -VERSION ?= 0.1.0 +VERSION ?= 0.1.1 BASE ?= latest-alpine-jdk11 REGISTRY := public.ecr.aws/zero-downtime REPOSITORY := jenkins-podman