ci: first try to use shared CI toolchain

Jenkinsfile

@@ -1,56 +1,5 @@
-pipeline {
-  agent { node { label 'podman-aws-trivy' } }
+library identifier: 'zdt-lib@master', retriever: modernSCM(
+  [$class: 'GitSCMSource',
+   remote: 'git@git.zero-downtime.net:ZeroDownTime/ci-tools-lib.git'])
 
-  stages {
-    stage('Prepare'){
-        // get tags
-        steps {
-            sh 'git fetch -q --tags ${GIT_URL} +refs/heads/${BRANCH_NAME}:refs/remotes/origin/${BRANCH_NAME}'
-        }
-    }
-
-    // Build using rootless podman
-    stage('Build'){
-        steps {
-            sh 'make build'
-        }
-    }
-
-    stage('Test'){
-        steps {
-            sh 'make test'
-        }
-    }
-
-    // Scan via trivy
-    stage('Scan'){
-        environment { 
-            TRIVY_FORMAT = "template"
-            TRIVY_OUTPUT = "reports/trivy.html"
-        }
-        steps {
-            sh 'mkdir -p reports'
-            sh 'make scan'
-            publishHTML target : [
-                allowMissing: true,
-                alwaysLinkToLastBuild: true,
-                keepAll: true,
-                reportDir: 'reports',
-                reportFiles: 'trivy.html',
-                reportName: 'TrivyScan',
-                reportTitles: 'TrivyScan'
-            ]
-
-            // Scan again and fail on CRITICAL vulns
-            sh 'TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=CRITICAL make scan'
-        }
-    }
-
-    // Push to ECR
-    stage('Push'){
-        steps {
-            sh 'make push'
-        }
-    }
-  }
-}
+buildPodman name: 'sns-alert-hub'

Makefile

@@ -2,51 +2,4 @@ REGISTRY := public.ecr.aws/zero-downtime
 IMAGE := sns-alert-hub
 REGION := us-east-1
 
-# Parse version from latest git semver tag
-GTAG=$(shell git describe --tags --match v*.*.* 2>/dev/null || git rev-parse --short HEAD 2>/dev/null)
-TAG ?= $(shell echo $(GTAG) | awk -F '-' '{ print $$1 "-" $$2 }' | sed -e 's/-$$//')
-
-ifeq ($(TRIVY_REMOTE),)
-  TRIVY_OPTS := image
-else
-  TRIVY_OPTS := client --remote ${TRIVY_REMOTE}
-endif
-
-.PHONY: build test scan push clean
-
-all: test
-
-
-build:
-	docker image exists $(IMAGE):$(TAG) || \
-		docker build --rm -t $(IMAGE):$(TAG) --build-arg TAG=$(TAG) .
-
-test: build rm-test-image
-	docker build --rm -t $(IMAGE):$(TAG)-test --from=$(IMAGE):$(TAG) -f Dockerfile.test .
-
-scan: build
-	trivy $(TRIVY_OPTS) $(IMAGE):$(TAG)
-
-push: scan
-	@aws ecr-public get-login-password --region $(REGION) | docker login --username AWS --password-stdin $(REGISTRY)
-	@docker tag $(IMAGE):$(TAG) $(REGISTRY)/$(IMAGE):$(TAG) $(REGISTRY)/$(IMAGE):latest
-	docker push $(REGISTRY)/$(IMAGE):$(TAG)
-	docker push $(REGISTRY)/$(IMAGE):latest
-	# Delete all untagged images
-	# aws ecr-public batch-delete-image --repository-name $(IMAGE) --region $(REGION) --image-ids $$(for image in $$(aws ecr-public describe-images --repository-name $(IMAGE) --region $(REGION) --output json | jq -r '.imageDetails[] | select(.imageTags | not ).imageDigest'); do echo -n "imageDigest=$$image "; done)
-
-clean: rm-test-image rm-image
-
-.PHONY: rm-image
-rm-image:
-	@test -z "$$(docker image ls -q $(IMAGE):$(TAG))" || docker image rm -f $(IMAGE):$(TAG) > /dev/null
-	@test -z "$$(docker image ls -q $(IMAGE):$(TAG))" || echo "Error: Removing image failed"
-
-# Ensure we run the tests by removing any previous runs
-.PHONY: rm-test-image
-rm-test-image:
-	@test -z "$$(docker image ls -q $(IMAGE):$(TAG)-test)" || docker image rm -f $(IMAGE):$(TAG)-test > /dev/null
-	@test -z "$$(docker image ls -q $(IMAGE):$(TAG)-test)" || echo "Error: Removing test image failed"
-
-.DEFAULT:
-	@echo "$@ not implemented. NOOP"
+include .ci/podman.mk