From ed4d0cc5822b22f3fe44f2c466486a281e4ec39b Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Mon, 7 Nov 2022 23:05:19 +0000 Subject: [PATCH] cleanup Jenkinsfile --- Jenkinsfile | 41 +---------------------------------------- 1 file changed, 1 insertion(+), 40 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 79bb9c6..641d6cf 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -60,39 +60,6 @@ pipeline { sh 'docker buildx ls' sh "docker buildx build --platform linux/amd64 -t ${imagename} --load ." sh "docker buildx build --platform linux/arm64 -t ${imagename}:arm64 --load ." - -// echo "Starting security scan..." -// // Install trivy and HTML template -// sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.31.1' -// sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/html.tpl > html.tpl' - -// // Scan container for all vulnerability levels -// echo "Scanning for all vulnerabilities..." -// sh 'mkdir -p reports' - -// sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan.html ${imagename}" - -// sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan.html ${imagename}:arm64" -// publishHTML target : [ -// allowMissing: true, -// alwaysLinkToLastBuild: true, -// keepAll: true, -// reportDir: 'reports', -// reportFiles: 'container-scan.html', -// reportName: 'Security Scan', -// reportTitles: 'Security Scan' -// ] - -// // Scan again and fail on CRITICAL vulns -// //below can be temporarily commented to prevent build from failing -// echo "Scanning for CRITICAL vulnerabilities only (fatal)..." -// sh "trivy image --ignore-unfixed --vuln-type os,library --exit-code 1 --severity CRITICAL ${imagename}" -// sh "trivy image --ignore-unfixed --vuln-type os,library --exit-code 1 --severity CRITICAL ${imagename}:arm64" -// //echo "Skipping scan for CRITICAL vulnerabilities (temporary)..." - - -// echo "Pushing image to dockerhub..." -// sh "docker buildx build --push --platform linux/arm64,linux/amd64 -t i2incommon/shib-idp:$tag ." } catch(error) { def error_details = readFile('./debug'); def message = "BUILD ERROR: There was a problem building ${maintainer}/${imagename}:${tag}. \n\n ${error_details}" @@ -123,7 +90,6 @@ pipeline { steps { script { try { -// echo "Skipping security scan here, was done earlier..." echo "Starting security scan..." // Install trivy and HTML template sh 'curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.31.1' @@ -132,7 +98,6 @@ pipeline { // Scan container for all vulnerability levels echo "Scanning for all vulnerabilities..." sh 'mkdir -p reports' - // sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan.html ${maintainer}/${imagename}:${tag}" sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan.html ${imagename}" sh "trivy image --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan-arm.html ${imagename}:arm64" publishHTML target : [ @@ -171,11 +136,7 @@ pipeline { stage('Push') { steps { script { - // statically defining jenkins credential value dockerhub-tier - docker.withRegistry('https://registry.hub.docker.com/', "dockerhub-tier") { - // baseImg.push("$tag") - // echo "already pushed to Dockerhub" - sh "docker login -u tieradmin -p $DOCKERHUBPW" + sh 'docker login -u tieradmin -p $DOCKERHUBPW' // fails if already exists sh 'docker buildx create --use --name multiarch --append' sh 'docker buildx inspect --bootstrap'