From 967f6a6e36848203d35e98763b918acd734b1955 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Mon, 14 Feb 2022 13:36:05 +0100 Subject: [PATCH] Squashed '.ci/' changes from ba73be4..b6fea5a b6fea5a fix: fix quotes, do not execute scan during push db97da8 feat: revert extraSteps for now 322285e feat: add ability to execute custom extraSteps ba21a45 feat: make trivy scan cause build to fail configurable git-subtree-dir: .ci git-subtree-split: b6fea5a0a63a679f8e7cd334811ab52f4a7c2c41 --- podman.mk | 2 +- vars/buildPodman.groovy | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/podman.mk b/podman.mk index fb68db6..6f2bdcd 100644 --- a/podman.mk +++ b/podman.mk @@ -26,7 +26,7 @@ scan: build @echo "Scanning $(IMAGE):$(TAG) using Trivy" @trivy $(TRIVY_OPTS) $(IMAGE):$(TAG) -push: scan +push: build @aws ecr-public get-login-password --region $(REGION) | docker login --username AWS --password-stdin $(REGISTRY) @docker tag $(IMAGE):$(TAG) $(REGISTRY)/$(IMAGE):$(TAG) $(REGISTRY)/$(IMAGE):latest docker push $(REGISTRY)/$(IMAGE):$(TAG) diff --git a/vars/buildPodman.groovy b/vars/buildPodman.groovy index 96a9c23..8479c1d 100644 --- a/vars/buildPodman.groovy +++ b/vars/buildPodman.groovy @@ -1,6 +1,6 @@ // Common container builder by ZeroDownTime -def call(Map config) { +def call(Map config=[:]) { pipeline { agent { node { @@ -49,7 +49,7 @@ def call(Map config) { ] // Scan again and fail on CRITICAL vulns - sh 'TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=CRITICAL make scan' + sh "[ \"${config.trivyFail}\" == \"NONE\" ] || TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=${config.trivyFail} make scan" } } @@ -59,6 +59,7 @@ def call(Map config) { sh 'make push' } } + } } }