From 711ac5b767396cfb88aa4fc7c36b0304c629bb77 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Fri, 11 Feb 2022 17:52:46 +0100 Subject: [PATCH] ci: first try to use shared CI toolchain --- Jenkinsfile | 59 ++++------------------------------------------------- Makefile | 49 +------------------------------------------- 2 files changed, 5 insertions(+), 103 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 80d65e2..18c124c 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,56 +1,5 @@ -pipeline { - agent { node { label 'podman-aws-trivy' } } +library identifier: 'zdt-lib@master', retriever: modernSCM( + [$class: 'GitSCMSource', + remote: 'git@git.zero-downtime.net:ZeroDownTime/ci-tools-lib.git']) - stages { - stage('Prepare'){ - // get tags - steps { - sh 'git fetch -q --tags ${GIT_URL} +refs/heads/${BRANCH_NAME}:refs/remotes/origin/${BRANCH_NAME}' - } - } - - // Build using rootless podman - stage('Build'){ - steps { - sh 'make build' - } - } - - stage('Test'){ - steps { - sh 'make test' - } - } - - // Scan via trivy - stage('Scan'){ - environment { - TRIVY_FORMAT = "template" - TRIVY_OUTPUT = "reports/trivy.html" - } - steps { - sh 'mkdir -p reports' - sh 'make scan' - publishHTML target : [ - allowMissing: true, - alwaysLinkToLastBuild: true, - keepAll: true, - reportDir: 'reports', - reportFiles: 'trivy.html', - reportName: 'TrivyScan', - reportTitles: 'TrivyScan' - ] - - // Scan again and fail on CRITICAL vulns - sh 'TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=CRITICAL make scan' - } - } - - // Push to ECR - stage('Push'){ - steps { - sh 'make push' - } - } - } -} +buildPodman name: 'sns-alert-hub' diff --git a/Makefile b/Makefile index 9752148..ab67e12 100644 --- a/Makefile +++ b/Makefile @@ -2,51 +2,4 @@ REGISTRY := public.ecr.aws/zero-downtime IMAGE := sns-alert-hub REGION := us-east-1 -# Parse version from latest git semver tag -GTAG=$(shell git describe --tags --match v*.*.* 2>/dev/null || git rev-parse --short HEAD 2>/dev/null) -TAG ?= $(shell echo $(GTAG) | awk -F '-' '{ print $$1 "-" $$2 }' | sed -e 's/-$$//') - -ifeq ($(TRIVY_REMOTE),) - TRIVY_OPTS := image -else - TRIVY_OPTS := client --remote ${TRIVY_REMOTE} -endif - -.PHONY: build test scan push clean - -all: test - - -build: - docker image exists $(IMAGE):$(TAG) || \ - docker build --rm -t $(IMAGE):$(TAG) --build-arg TAG=$(TAG) . - -test: build rm-test-image - docker build --rm -t $(IMAGE):$(TAG)-test --from=$(IMAGE):$(TAG) -f Dockerfile.test . - -scan: build - trivy $(TRIVY_OPTS) $(IMAGE):$(TAG) - -push: scan - @aws ecr-public get-login-password --region $(REGION) | docker login --username AWS --password-stdin $(REGISTRY) - @docker tag $(IMAGE):$(TAG) $(REGISTRY)/$(IMAGE):$(TAG) $(REGISTRY)/$(IMAGE):latest - docker push $(REGISTRY)/$(IMAGE):$(TAG) - docker push $(REGISTRY)/$(IMAGE):latest - # Delete all untagged images - # aws ecr-public batch-delete-image --repository-name $(IMAGE) --region $(REGION) --image-ids $$(for image in $$(aws ecr-public describe-images --repository-name $(IMAGE) --region $(REGION) --output json | jq -r '.imageDetails[] | select(.imageTags | not ).imageDigest'); do echo -n "imageDigest=$$image "; done) - -clean: rm-test-image rm-image - -.PHONY: rm-image -rm-image: - @test -z "$$(docker image ls -q $(IMAGE):$(TAG))" || docker image rm -f $(IMAGE):$(TAG) > /dev/null - @test -z "$$(docker image ls -q $(IMAGE):$(TAG))" || echo "Error: Removing image failed" - -# Ensure we run the tests by removing any previous runs -.PHONY: rm-test-image -rm-test-image: - @test -z "$$(docker image ls -q $(IMAGE):$(TAG)-test)" || docker image rm -f $(IMAGE):$(TAG)-test > /dev/null - @test -z "$$(docker image ls -q $(IMAGE):$(TAG)-test)" || echo "Error: Removing test image failed" - -.DEFAULT: - @echo "$@ not implemented. NOOP" +include .ci/podman.mk