jenkins-podman/Jenkinsfile
2022-01-16 11:58:29 +01:00

56 lines
1.2 KiB
Groovy

pipeline {
agent { node { label 'podman-aws-trivy' } }
stages {
stage('Prepare'){
steps {
// get tags
sh 'git fetch --tags ${env.GIT_URL} +refs/heads/${env.BRANCH_NAME}:refs/remotes/origin/${env.BRANCH_NAME}'
}
}
// Build using rootless podman
stage('Build'){
steps {
sh 'make build'
}
}
stage('Test'){
steps {
sh 'make test'
}
}
// Scan via trivy
stage('Scan'){
environment {
TRIVY_FORMAT = "template"
TRIVY_OUTPUT = "reports/trivy.html"
}
steps {
sh 'mkdir -p reports'
sh 'make scan'
publishHTML target : [
allowMissing: true,
alwaysLinkToLastBuild: true,
keepAll: true,
reportDir: 'reports',
reportFiles: 'trivy.html',
reportName: 'TrivyScan',
reportTitles: 'TrivyScan'
]
// Scan again and fail on CRITICAL vulns
sh 'TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=CRITICAL make scan'
}
}
// Push to ECR
stage('Push'){
steps {
sh 'make push'
}
}
}
}