Squashed '.ci/' changes from ba73be4..b6fea5a
b6fea5a fix: fix quotes, do not execute scan during push db97da8 feat: revert extraSteps for now 322285e feat: add ability to execute custom extraSteps ba21a45 feat: make trivy scan cause build to fail configurable git-subtree-dir: .ci git-subtree-split: b6fea5a0a63a679f8e7cd334811ab52f4a7c2c41
This commit is contained in:
parent
065ea1bda0
commit
967f6a6e36
@ -26,7 +26,7 @@ scan: build
|
||||
@echo "Scanning $(IMAGE):$(TAG) using Trivy"
|
||||
@trivy $(TRIVY_OPTS) $(IMAGE):$(TAG)
|
||||
|
||||
push: scan
|
||||
push: build
|
||||
@aws ecr-public get-login-password --region $(REGION) | docker login --username AWS --password-stdin $(REGISTRY)
|
||||
@docker tag $(IMAGE):$(TAG) $(REGISTRY)/$(IMAGE):$(TAG) $(REGISTRY)/$(IMAGE):latest
|
||||
docker push $(REGISTRY)/$(IMAGE):$(TAG)
|
||||
|
@ -1,6 +1,6 @@
|
||||
// Common container builder by ZeroDownTime
|
||||
|
||||
def call(Map config) {
|
||||
def call(Map config=[:]) {
|
||||
pipeline {
|
||||
agent {
|
||||
node {
|
||||
@ -49,7 +49,7 @@ def call(Map config) {
|
||||
]
|
||||
|
||||
// Scan again and fail on CRITICAL vulns
|
||||
sh 'TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=CRITICAL make scan'
|
||||
sh "[ \"${config.trivyFail}\" == \"NONE\" ] || TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=${config.trivyFail} make scan"
|
||||
}
|
||||
}
|
||||
|
||||
@ -59,6 +59,7 @@ def call(Map config) {
|
||||
sh 'make push'
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user