-
Notifications
You must be signed in to change notification settings - Fork 6
/
Jenkinsfile
76 lines (75 loc) · 2.16 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
import groovy.json.JsonBuilder
node('jenkins-jenkins-slave') {
withEnv(['REPOSITORY=c1-app-sec-moneyx']) {
stage('Pull Image from Git') {
script {
git (url: "${scm.userRemoteConfigs[0].url}", credentialsId: "github-auth")
}
}
stage('Build Image') {
script {
dbuild = docker.build("${REPOSITORY}:$BUILD_NUMBER")
}
}
parallel (
"Test": {
//script {
// sh "python tests/test_app.py"
//}
echo 'All functional tests passed'
},
"Check Image (pre-Registry)": {
smartcheckScan([
imageName: "${REPOSITORY}:$BUILD_NUMBER",
smartcheckHost: "${DSSC_SERVICE}",
smartcheckCredentialsId: "smartcheck-auth",
insecureSkipTLSVerify: true,
insecureSkipRegistryTLSVerify: true,
preregistryScan: true,
preregistryHost: "${DSSC_REGISTRY}",
preregistryCredentialsId: "preregistry-auth",
findingsThreshold: new groovy.json.JsonBuilder([
malware: 0,
vulnerabilities: [
defcon1: 10,
critical: 100,
high: 105,
medium: 200,
low: 100
],
contents: [
defcon1: 0,
critical: 0,
high: 0,
],
checklists: [
defcon1: 0,
critical: 0,
high: 0,
],
]).toString(),
])
}
)
stage('Push Image to Registry') {
script {
docker.withRegistry("https://${K8S_REGISTRY}", 'registry-auth') {
dbuild.push('$BUILD_NUMBER')
dbuild.push('latest')
}
}
}
stage('Deploy App to Kubernetes') {
script {
// secretNamespace: "default",
// secretName: "cluster-registry2",
kubernetesDeploy(configs: "app.yml",
kubeconfigId: "kubeconfig",
enableConfigSubstitution: true,
dockerCredentials: [
[credentialsId: "registry-auth", url: "https://${K8S_REGISTRY}"],
])
}
}
}
}