kubezero/.ci/vars/buildPodman.groovy

// Common container builder by ZeroDownTime

def call(Map config=[:]) {
    pipeline {
      agent {
        node {
          label 'podman-aws-trivy'
        }
      }
      stages {
        stage('Prepare') {
          steps {
            // we set pull tags as project adv. options
            // pull tags
            //withCredentials([gitUsernamePassword(credentialsId: 'gitea-jenkins-user')]) {
            //  sh 'git fetch -q --tags ${GIT_URL}'
            //}
            // Optional project specific preparations
            sh 'make prepare'
          }
        }

        // Build using rootless podman
        stage('Build') {
          steps {
            sh 'make build GIT_BRANCH=$GIT_BRANCH'
          }
        }

        stage('Test') {
          steps {
            sh 'make test'
          }
        }

        // Scan via trivy
        stage('Scan') {
          environment {
            TRIVY_FORMAT = "template"
            TRIVY_OUTPUT = "reports/trivy.html"
          }
          steps {
            sh 'mkdir -p reports && make scan'
            publishHTML target: [
              allowMissing: true,
              alwaysLinkToLastBuild: true,
              keepAll: true,
              reportDir: 'reports',
              reportFiles: 'trivy.html',
              reportName: 'TrivyScan',
              reportTitles: 'TrivyScan'
            ]

            // Scan again and fail on CRITICAL vulns, if not overridden
            script {
              if (config.trivyFail == 'NONE') {
                echo 'trivyFail == NONE, review Trivy report manually. Proceeding ...'
              } else {
                sh "TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=${config.trivyFail} make scan"
              }
            }
          }
        }

        // Push to container registry if not PR
        // incl. basic registry retention removing any untagged images
        stage('Push') {
          when { not { changeRequest() } }
          steps {
            sh 'make push'
            sh 'make rm-remote-untagged'
          }
        }

        // generic clean
        stage('cleanup') {
          steps {
            sh 'make clean'
          }
        }
      }
    }
  }
feat: initial commit 2022-02-11 16:47:10 +00:00			`// Common container builder by ZeroDownTime`

feat: revert extraSteps for now 2022-02-14 12:15:52 +00:00			`def call(Map config=[:]) {`
chore: groovy formating 2022-02-11 17:13:04 +00:00			`pipeline {`
			`agent {`
			`node {`
			`label 'podman-aws-trivy'`
			`}`
			`}`
			`stages {`
			`stage('Prepare') {`
			`steps {`
Squashed '.ci/' changes from 79eebe4..38a9cda 38a9cda Debug CI pipeline 3efcc81 Debug CI pipeline 5023473 Make branch detection work for tagged commits cdc32e0 Improve cleanup flow 8df60af Fix derp 748a4bd Migrate to :: to allow custom make steps, add generic stubs 955afa7 Apply pep8 5819ded Improve ECR public lifecycle handling via python script 5d4e4ad Make rm-remote-untagged less noisy f00e541 Add cleanup step to remove untagged images by default 0821e91 Ensure tag names are valid for remote branches like PRs git-subtree-dir: .ci git-subtree-split: 38a9cda825c6f0de518782a9a7e98254d62c44ce 2023-08-16 10:50:25 +00:00			`// we set pull tags as project adv. options`
Squashed '.ci/' changes from 8fb40c7..63421d1 63421d1 fix: prevent branch_name equals tag 47140c2 feat: append branch into tags if not main 4b62ada chore: improve messaging a49cc0c chore: improve messaging 194afb4 chore: get ci working again 8ec9769 chore: get ci working again fef4968 fix: do NOT push PRs to registry, other fixes 50a6d67 feat: ensure ARCH is only set to defined values git-subtree-dir: .ci git-subtree-split: 63421d1fab0d2546de343697cbd1424914db6c31 2023-04-25 10:49:36 +00:00			`// pull tags`
Squashed '.ci/' changes from 79eebe4..38a9cda 38a9cda Debug CI pipeline 3efcc81 Debug CI pipeline 5023473 Make branch detection work for tagged commits cdc32e0 Improve cleanup flow 8df60af Fix derp 748a4bd Migrate to :: to allow custom make steps, add generic stubs 955afa7 Apply pep8 5819ded Improve ECR public lifecycle handling via python script 5d4e4ad Make rm-remote-untagged less noisy f00e541 Add cleanup step to remove untagged images by default 0821e91 Ensure tag names are valid for remote branches like PRs git-subtree-dir: .ci git-subtree-split: 38a9cda825c6f0de518782a9a7e98254d62c44ce 2023-08-16 10:50:25 +00:00			`//withCredentials([gitUsernamePassword(credentialsId: 'gitea-jenkins-user')]) {`
			`// sh 'git fetch -q --tags ${GIT_URL}'`
			`//}`
			`// Optional project specific preparations`
			`sh 'make prepare'`
chore: groovy formating 2022-02-11 17:13:04 +00:00			`}`
			`}`
feat: initial commit 2022-02-11 16:47:10 +00:00
chore: groovy formating 2022-02-11 17:13:04 +00:00			`// Build using rootless podman`
			`stage('Build') {`
			`steps {`
Squashed '.ci/' changes from 79eebe4..38a9cda 38a9cda Debug CI pipeline 3efcc81 Debug CI pipeline 5023473 Make branch detection work for tagged commits cdc32e0 Improve cleanup flow 8df60af Fix derp 748a4bd Migrate to :: to allow custom make steps, add generic stubs 955afa7 Apply pep8 5819ded Improve ECR public lifecycle handling via python script 5d4e4ad Make rm-remote-untagged less noisy f00e541 Add cleanup step to remove untagged images by default 0821e91 Ensure tag names are valid for remote branches like PRs git-subtree-dir: .ci git-subtree-split: 38a9cda825c6f0de518782a9a7e98254d62c44ce 2023-08-16 10:50:25 +00:00			`sh 'make build GIT_BRANCH=$GIT_BRANCH'`
chore: groovy formating 2022-02-11 17:13:04 +00:00			`}`
			`}`
feat: initial commit 2022-02-11 16:47:10 +00:00
chore: groovy formating 2022-02-11 17:13:04 +00:00			`stage('Test') {`
			`steps {`
			`sh 'make test'`
			`}`
			`}`
feat: initial commit 2022-02-11 16:47:10 +00:00
chore: groovy formating 2022-02-11 17:13:04 +00:00			`// Scan via trivy`
			`stage('Scan') {`
			`environment {`
			`TRIVY_FORMAT = "template"`
			`TRIVY_OUTPUT = "reports/trivy.html"`
			`}`
			`steps {`
Squashed '.ci/' changes from 8fb40c7..63421d1 63421d1 fix: prevent branch_name equals tag 47140c2 feat: append branch into tags if not main 4b62ada chore: improve messaging a49cc0c chore: improve messaging 194afb4 chore: get ci working again 8ec9769 chore: get ci working again fef4968 fix: do NOT push PRs to registry, other fixes 50a6d67 feat: ensure ARCH is only set to defined values git-subtree-dir: .ci git-subtree-split: 63421d1fab0d2546de343697cbd1424914db6c31 2023-04-25 10:49:36 +00:00			`sh 'mkdir -p reports && make scan'`
chore: groovy formating 2022-02-11 17:13:04 +00:00			`publishHTML target: [`
			`allowMissing: true,`
			`alwaysLinkToLastBuild: true,`
			`keepAll: true,`
			`reportDir: 'reports',`
			`reportFiles: 'trivy.html',`
			`reportName: 'TrivyScan',`
			`reportTitles: 'TrivyScan'`
			`]`
feat: initial commit 2022-02-11 16:47:10 +00:00
feat: improve messaging if Trivy fail is skipped 2022-02-14 13:13:11 +00:00			`// Scan again and fail on CRITICAL vulns, if not overridden`
			`script {`
			`if (config.trivyFail == 'NONE') {`
			`echo 'trivyFail == NONE, review Trivy report manually. Proceeding ...'`
			`} else {`
			`sh "TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=${config.trivyFail} make scan"`
			`}`
			`}`
chore: groovy formating 2022-02-11 17:13:04 +00:00			`}`
			`}`
feat: initial commit 2022-02-11 16:47:10 +00:00
Squashed '.ci/' changes from 79eebe4..38a9cda 38a9cda Debug CI pipeline 3efcc81 Debug CI pipeline 5023473 Make branch detection work for tagged commits cdc32e0 Improve cleanup flow 8df60af Fix derp 748a4bd Migrate to :: to allow custom make steps, add generic stubs 955afa7 Apply pep8 5819ded Improve ECR public lifecycle handling via python script 5d4e4ad Make rm-remote-untagged less noisy f00e541 Add cleanup step to remove untagged images by default 0821e91 Ensure tag names are valid for remote branches like PRs git-subtree-dir: .ci git-subtree-split: 38a9cda825c6f0de518782a9a7e98254d62c44ce 2023-08-16 10:50:25 +00:00			`// Push to container registry if not PR`
			`// incl. basic registry retention removing any untagged images`
chore: groovy formating 2022-02-11 17:13:04 +00:00			`stage('Push') {`
Squashed '.ci/' changes from 8fb40c7..63421d1 63421d1 fix: prevent branch_name equals tag 47140c2 feat: append branch into tags if not main 4b62ada chore: improve messaging a49cc0c chore: improve messaging 194afb4 chore: get ci working again 8ec9769 chore: get ci working again fef4968 fix: do NOT push PRs to registry, other fixes 50a6d67 feat: ensure ARCH is only set to defined values git-subtree-dir: .ci git-subtree-split: 63421d1fab0d2546de343697cbd1424914db6c31 2023-04-25 10:49:36 +00:00			`when { not { changeRequest() } }`
chore: groovy formating 2022-02-11 17:13:04 +00:00			`steps {`
Squashed '.ci/' changes from 8fb40c7..63421d1 63421d1 fix: prevent branch_name equals tag 47140c2 feat: append branch into tags if not main 4b62ada chore: improve messaging a49cc0c chore: improve messaging 194afb4 chore: get ci working again 8ec9769 chore: get ci working again fef4968 fix: do NOT push PRs to registry, other fixes 50a6d67 feat: ensure ARCH is only set to defined values git-subtree-dir: .ci git-subtree-split: 63421d1fab0d2546de343697cbd1424914db6c31 2023-04-25 10:49:36 +00:00			`sh 'make push'`
Squashed '.ci/' changes from 79eebe4..38a9cda 38a9cda Debug CI pipeline 3efcc81 Debug CI pipeline 5023473 Make branch detection work for tagged commits cdc32e0 Improve cleanup flow 8df60af Fix derp 748a4bd Migrate to :: to allow custom make steps, add generic stubs 955afa7 Apply pep8 5819ded Improve ECR public lifecycle handling via python script 5d4e4ad Make rm-remote-untagged less noisy f00e541 Add cleanup step to remove untagged images by default 0821e91 Ensure tag names are valid for remote branches like PRs git-subtree-dir: .ci git-subtree-split: 38a9cda825c6f0de518782a9a7e98254d62c44ce 2023-08-16 10:50:25 +00:00			`sh 'make rm-remote-untagged'`
chore: groovy formating 2022-02-11 17:13:04 +00:00			`}`
			`}`
feat: add ability to execute custom extraSteps 2022-02-14 12:13:28 +00:00
Squashed '.ci/' changes from 79eebe4..38a9cda 38a9cda Debug CI pipeline 3efcc81 Debug CI pipeline 5023473 Make branch detection work for tagged commits cdc32e0 Improve cleanup flow 8df60af Fix derp 748a4bd Migrate to :: to allow custom make steps, add generic stubs 955afa7 Apply pep8 5819ded Improve ECR public lifecycle handling via python script 5d4e4ad Make rm-remote-untagged less noisy f00e541 Add cleanup step to remove untagged images by default 0821e91 Ensure tag names are valid for remote branches like PRs git-subtree-dir: .ci git-subtree-split: 38a9cda825c6f0de518782a9a7e98254d62c44ce 2023-08-16 10:50:25 +00:00			`// generic clean`
			`stage('cleanup') {`
			`steps {`
			`sh 'make clean'`
			`}`
			`}`
chore: groovy formating 2022-02-11 17:13:04 +00:00			`}`
			`}`
			`}`