generated from cyberark/conjur-template
-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathJenkinsfile
102 lines (90 loc) · 2.37 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
// Automated release, promotion and dependencies
properties([
release.addParams()
])
if (params.MODE == "PROMOTE") {
release.promote(params.VERSION_TO_PROMOTE) { sourceVersion, targetVersion, assetDirectory ->
// Nothing to do here except the promote() automation itself
}
return
}
pipeline {
agent { label 'executor-v2' }
environment {
MODE = release.canonicalizeMode()
}
triggers {
parameterizedCron(getDailyCronString("%MODE=RELEASE"))
}
stages {
stage ("Skip build if triggering job didn't create a release") {
when {
expression {
MODE == "SKIP"
}
}
steps {
script {
currentBuild.result = 'ABORTED'
error("Aborting build because this build was triggered from upstream, but no release was built")
}
}
}
stage ('Prepare pipeline') {
steps {
updateVersion("CHANGELOG.md", "${BUILD_NUMBER}")
}
}
stage ('Build, Test, and Scan images') {
parallel {
stage ('Build, Test, and Scan ubuntu-ruby-fips image') {
steps {
buildTestAndScanImage('ubuntu-ruby-fips')
}
}
stage ('Build, Test, and Scan ubi-ruby-fips image') {
steps {
buildTestAndScanImage('ubi-ruby-fips')
}
}
stage ('Build, Test, and Scan ubi-nginx image') {
steps {
buildTestAndScanImage('ubi-nginx')
}
}
}
}
stage ('Publish images') {
when {
expression {
MODE == "RELEASE"
}
}
steps {
release {
// Push internal images
sh "./ubuntu-ruby-fips/push.sh registry.tld"
sh "./ubi-ruby-fips/push.sh registry.tld"
sh "./ubi-nginx/push.sh registry.tld"
// Push Dockerhub images
sh "./ubuntu-ruby-fips/push.sh"
sh "./ubi-ruby-fips/push.sh"
sh "./ubi-nginx/push.sh"
}
}
}
}
post {
always {
archiveArtifacts allowEmptyArchive: true, artifacts: 'test-results/**/*.xml', fingerprint: true
junit 'test-results/**/*.xml'
cleanupAndNotify(currentBuild.currentResult, "#development")
}
}
}
def buildTestAndScanImage(name) {
sh "./${name}/build.sh"
sh "./${name}/test.sh"
scanAndReport("${name}:latest", "HIGH", false)
scanAndReport("${name}:latest", "NONE", true)
}