Compare commits
5 Commits
renovate/g
...
main
Author | SHA1 | Date | |
---|---|---|---|
979e58cdbc | |||
44766a1df0 | |||
b65dbcbc43 | |||
49c1615436 | |||
a72e3ae519 |
|
@ -46,7 +46,7 @@ test:: ## test built artificats
|
|||
|
||||
scan: ## Scan image using trivy
|
||||
echo "Scanning $(IMAGE):$(TAG)-$(_ARCH) using Trivy $(TRIVY_REMOTE)"
|
||||
trivy image $(TRIVY_OPTS) localhost/$(IMAGE):$(TAG)-$(_ARCH)
|
||||
trivy image $(TRIVY_OPTS) --quiet --no-progress localhost/$(IMAGE):$(TAG)-$(_ARCH)
|
||||
|
||||
# first tag and push all actual images
|
||||
# create new manifest for each tag and add all available TAG-ARCH before pushing
|
||||
|
|
|
@ -2,6 +2,9 @@
|
|||
|
||||
def call(Map config=[:]) {
|
||||
pipeline {
|
||||
options {
|
||||
disableConcurrentBuilds()
|
||||
}
|
||||
agent {
|
||||
node {
|
||||
label 'podman-aws-trivy'
|
||||
|
@ -10,6 +13,8 @@ def call(Map config=[:]) {
|
|||
stages {
|
||||
stage('Prepare') {
|
||||
steps {
|
||||
sh 'mkdir -p reports'
|
||||
|
||||
// we set pull tags as project adv. options
|
||||
// pull tags
|
||||
//withCredentials([gitUsernamePassword(credentialsId: 'gitea-jenkins-user')]) {
|
||||
|
@ -35,12 +40,13 @@ def call(Map config=[:]) {
|
|||
|
||||
// Scan via trivy
|
||||
stage('Scan') {
|
||||
environment {
|
||||
TRIVY_FORMAT = "template"
|
||||
TRIVY_OUTPUT = "reports/trivy.html"
|
||||
}
|
||||
steps {
|
||||
sh 'mkdir -p reports && make scan'
|
||||
// we always scan and create the full json report
|
||||
sh 'TRIVY_FORMAT=json TRIVY_OUTPUT="reports/trivy.json" make scan'
|
||||
|
||||
// render custom full html report
|
||||
sh 'trivy convert -f template -t @/home/jenkins/html.tpl -o reports/trivy.html reports/trivy.json'
|
||||
|
||||
publishHTML target: [
|
||||
allowMissing: true,
|
||||
alwaysLinkToLastBuild: true,
|
||||
|
@ -50,13 +56,12 @@ def call(Map config=[:]) {
|
|||
reportName: 'TrivyScan',
|
||||
reportTitles: 'TrivyScan'
|
||||
]
|
||||
sh 'echo "Trivy report at: $BUILD_URL/TrivyScan"'
|
||||
|
||||
// Scan again and fail on CRITICAL vulns, if not overridden
|
||||
// fail build if issues found above trivy threshold
|
||||
script {
|
||||
if (config.trivyFail == 'NONE') {
|
||||
echo 'trivyFail == NONE, review Trivy report manually. Proceeding ...'
|
||||
} else {
|
||||
sh "TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=${config.trivyFail} make scan"
|
||||
if ( config.trivyFail ) {
|
||||
sh "TRIVY_SEVERITY=${config.trivyFail} trivy convert --report summary --exit-code 1 reports/trivy.json"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
15
Dockerfile
15
Dockerfile
|
@ -1,21 +1,16 @@
|
|||
FROM golang:1.19-alpine3.17 as builder
|
||||
|
||||
RUN apk add --no-cache git make gcc libc-dev
|
||||
|
||||
WORKDIR /github.com/vadv/prometheus-exporter-merger
|
||||
COPY go.mod .
|
||||
COPY go.sum .
|
||||
RUN go mod download
|
||||
FROM golang:1.20-alpine as builder
|
||||
|
||||
WORKDIR /prometheus-exporter-merger
|
||||
COPY . .
|
||||
RUN go build --ldflags "-s -w -linkmode external -extldflags -static" --tags netcgo -o /prometheus-exporter-merger
|
||||
|
||||
RUN CGO_ENABLED=0 go build -ldflags "-s -w" .
|
||||
|
||||
FROM scratch
|
||||
USER nobody
|
||||
|
||||
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
|
||||
COPY --from=builder /etc/passwd /etc/passwd
|
||||
COPY --from=builder /prometheus-exporter-merger /prometheus-exporter-merger
|
||||
COPY --from=builder /prometheus-exporter-merger/prometheus-exporter-merger /prometheus-exporter-merger
|
||||
|
||||
EXPOSE 8080
|
||||
CMD ["/prometheus-exporter-merger", "--config", "/config/prometheus-exporter-merger.yaml"]
|
||||
|
|
2
go.mod
2
go.mod
|
@ -7,5 +7,5 @@ require (
|
|||
github.com/prometheus/client_model v0.2.0
|
||||
github.com/prometheus/common v0.10.0
|
||||
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4
|
||||
gopkg.in/yaml.v2 v2.2.4
|
||||
gopkg.in/yaml.v2 v2.4.0
|
||||
)
|
||||
|
|
2
go.sum
2
go.sum
|
@ -63,3 +63,5 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8
|
|||
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
|
||||
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
|
||||
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
|
||||
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
|
||||
|
|
Loading…
Reference in New Issue
Block a user