Last active
April 1, 2023 14:49
-
-
Save vincent-zurczak/7d975d1a70d2fa3dbf48fef9f140272a to your computer and use it in GitHub Desktop.
Shared Libraries for Jenkins Pipelines (build/reuse and control Docker images)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // In vars/allInOne.groovy (shared library that defines the generic pipeline) | |
| def call(Map config) { | |
| node { | |
| def timeStamp = Calendar.getInstance().getTime().format('YYYYMMdd-hhmmss', TimeZone.getTimeZone('Europe/Paris')) | |
| def buildId = "${config.imageVersion}-${timeStamp}" | |
| stage('Checkout') { | |
| echo "Checking out the sources..." | |
| checkout scm | |
| } | |
| stage('Build Image') { | |
| // Enforce the shape of the repository and assume the Dockerfile is always under image/ | |
| sh 'docker build -t "${config.imageName}:${buildId}" image/' | |
| } | |
| stage('Project tests') { | |
| def scriptFileContent = libraryResource( 'com/linagora/execute-project-tests.sh' ) | |
| sh scriptFileContent | |
| } | |
| stage('Security checks') { | |
| echo "Checking security..." | |
| securityInspection( "${config.imageName}", "${buildId}" ) | |
| } | |
| stage('Software Governance') { | |
| echo "Handling Software checks..." | |
| softwareCheck( "${config.imageName}", "${buildId}" ) | |
| } | |
| stage('Promotion') { | |
| echo "Promoting the local image to a trusted repository..." | |
| def scriptFileContent = libraryResource( 'com/linagora/promote-image.sh' ) | |
| sh scriptFileContent | |
| } | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // In vars/allInOne.groovy (shared library that defines the generic pipeline, upgraded to support existing images) | |
| def call(Map config) { | |
| node { | |
| def timeStamp = Calendar.getInstance().getTime().format('YYYYMMdd-hhmmss', TimeZone.getTimeZone('Europe/Paris')) | |
| def buildId = "${config.imageVersion}-${timeStamp}" | |
| // Alway checkout the sources, as they may include tests | |
| stage('Checkout') { | |
| echo "Checking out the sources..." | |
| checkout scm | |
| } | |
| if (config.existing == true) { | |
| stage('Docker pull') { | |
| def buildId = "${config.imageVersion}" | |
| sh 'docker pull "${config.imageName}:${buildId}"' | |
| } | |
| } | |
| if (config.existing != true) { | |
| stage('Build Image') { | |
| // Enforce the shape of the repository and assume it is always under image/ | |
| sh 'docker build -t "${config.imageName}:${buildId}" image/' | |
| } | |
| } | |
| stage('Project tests') { | |
| def scriptFileContent = libraryResource( 'com/linagora/execute-project-tests.sh' ) | |
| sh scriptFileContent | |
| } | |
| stage('Security checks') { | |
| echo "Checking security..." | |
| securityInspection( "${config.imageName}", "${buildId}" ) | |
| } | |
| stage('Software Governance') { | |
| echo "Handling Software checks..." | |
| softwareCheck( "${config.imageName}", "${buildId}" ) | |
| } | |
| stage('Promotion') { | |
| echo "Promoting the local image to a trusted repository..." | |
| def scriptFileContent = libraryResource( 'com/linagora/promote-image.sh' ) | |
| sh scriptFileContent | |
| } | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // In vars/securityInspection.groovy (shared library for the security role) | |
| def call(String imageName, String buildId) { | |
| // We assume clair-scanner is available in the path | |
| def host = sh(returnStdout: true, script: 'hostname -i').trim() | |
| clair-scanner -c <CLAIR_SERVER_URL> --ip ${host} --t High ${imageName}:${buildId} | |
| } | |
| // If you use Dadgda instead of Clair, you simply run a Python script. | |
| // The installation is a little bit different, but the pipeline step would remain simple. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // In vars/softwareCheck.groovy (shared library for the Software Governance role) | |
| def call(String imageName, String buildId) { | |
| def scriptFileContent = libraryResource( 'com/linagora/analyze-dockerfile.sh' ) | |
| sh scriptFileContent | |
| sh 'echo "imageName: ${imageName}" >> /tmp/gov.results.txt' | |
| sh 'echo "imageVersion: ${buildId}" >> /tmp/gov.results.txt' | |
| sh 'curl --data-binary "@/tmp/gov.results.txt" -X POST...' | |
| sh 'rm -rf /tmp/gov.results.txt' | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment