-
Notifications
You must be signed in to change notification settings - Fork 7
/
Jenkinsfile-base
48 lines (39 loc) · 1.91 KB
/
Jenkinsfile-base
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
node('docker') {
stage('Git checkout') {
git branch: 'master', credentialsId: 'gihub-key', url: 'git@github.com:stuartshay/AzureDevOpsKats.git'
}
stage('Docker build base image') {
sh '''mv docker/azuredevopskats-web-base.dockerfile/.dockerignore .dockerignore
docker build -f docker/azuredevopskats-web-base.dockerfile/Dockerfile --build-arg BUILD_NUMBER=${BUILD_NUMBER} -t stuartshay/azuredevopskats:2.2.2-base .'''
withCredentials([usernamePassword(credentialsId: 'docker-hub-navigatordatastore', usernameVariable: 'DOCKER_HUB_LOGIN', passwordVariable: 'DOCKER_HUB_PASSWORD')]) {
sh "docker login -u ${DOCKER_HUB_LOGIN} -p ${DOCKER_HUB_PASSWORD}"
}
sh '''docker push stuartshay/azuredevopskats:2.2.2-base'''
}
stage('Docker Scanning') {
echo "Docker vulnerability scanning"
def score = 0
try {
sh """#!/bin/sh
docker rm -f clair_scan clair_db >/dev/null 2>&1 || /bin/true
docker run -d --name clair_db arminc/clair-db
docker run -d --link clair_db:postgres --name clair_scan arminc/clair-local-scan:v2.0.1
"""
score = sh(returnStatus: true, script: 'docker run --rm -i --link clair_scan:clair-scan -v "$(pwd)/.yair-config.yaml:/opt/yair/config/config.yaml:ro" intersoftlab/yair stuartshay/azuredevopskats:2.1.1-base |tee > yair.log; exit ${PIPESTATUS[0]}')
sh 'cat yair.log'
} finally {
echo "Score:" + score
sh """#!/bin/sh
docker rm -f clair_scan clair_db >/dev/null 2>&1 || /bin/true
"""
archiveArtifacts 'yair.log'
if (score < 2){
currentBuild.result = 'SUCCESS'
} else if (score == 2){
currentBuild.result = 'UNSTABLE'
} else {
currentBuild.result = 'FAILURE'
}
}
}
}