Update Jenkinsfile

2026-03-25 18:54:06 +01:00
parent f11c758008
commit 644cf426d6
1 changed files with 119 additions and 0 deletions
--- a/119
+++ b/119
@@ -30,6 +30,125 @@ pipeline {
  }

  stages {
+
+  pipeline {
+    agent any
+
+    options {
+      timestamps()
+      disableConcurrentBuilds()
+    }
+
+    environment {
+      // --- Configure these for your registry ---
+      // For Gitea Container Registry (Packages), this is typically your Gitea host.
+      // Examples:
+      //   REGISTRY = "git.brammie15.dev"           (HTTPS)
+      //   REGISTRY = "git.brammie15.dev:5050"     (if your registry runs on a port)
+      REGISTRY   = "git.brammie15.dev"
+
+      // Image path in the registry. For Gitea/GitLab-style registries this is often:
+      //   <owner>/<repo>  (or sometimes <owner>/<repo>/<image>)
+      IMAGE_NAME = "brammie15/resendit"
+
+      // Jenkins credential (Username/Password or token-as-password) that can push to the registry.
+      // Create it in Jenkins: Manage Jenkins -> Credentials
+      REGISTRY_CREDS = "registry-creds"
+
+      IMAGE = "${REGISTRY}/${IMAGE_NAME}"
+
+      DD_URL = "https://DD.brammie15.dev"
+      DD_API_KEY = credentials('dd-api-key')
+      NVD_API_KEY = credentials("nvd-api-key")
+    }
+
+    stages {
+        stage('Debug') {
+          steps {
+            sh 'echo "WORKSPACE: $WORKSPACE" && echo "PWD: $(pwd)" && ls -la'
+          }
+        }
+
+      stage('Checkout') {
+        steps {
+          checkout scm
+        }
+      }
+
+      stage('SAST - Semgrep') {
+        steps {
+          sh """
+            docker run --rm -v "\$(pwd):/src" \
+              returntocorp/semgrep \
+              semgrep scan --config=auto /src
+          """
+        }
+      }
+
+      stage('Build image') {
+        steps {
+          script {
+            def shortSha = sh(script: 'git rev-parse --short=12 HEAD', returnStdout: true).trim()
+            env.IMAGE_TAG_SHA = shortSha
+
+            sh """
+              docker version
+              docker build \
+                --build-arg GIT_COMMIT=${IMAGE_TAG_SHA} \
+                -t ${IMAGE}:${IMAGE_TAG_SHA} .
+            """
+          }
+        }
+      }
+
+      stage('Login to registry') {
+        steps {
+          withCredentials([usernamePassword(credentialsId: "${REGISTRY_CREDS}", usernameVariable: 'REG_USER', passwordVariable: 'REG_PASS')]) {
+            sh """
+              echo "$REG_PASS" | docker login ${REGISTRY} -u "$REG_USER" --password-stdin
+            """
+          }
+        }
+      }
+
+      stage('Push image') {
+        steps {
+          script {
+            // Always push the commit SHA tag
+            sh "docker push ${IMAGE}:${IMAGE_TAG_SHA}"
+
+            // Also push a branch tag (handy for test environments)
+            def branch = (env.BRANCH_NAME ?: sh(script: 'git rev-parse --abbrev-ref HEAD', returnStdout: true).trim())
+            def safeBranch = branch.replaceAll('[^a-zA-Z0-9_.-]', '-')
+
+            sh """
+              docker tag ${IMAGE}:${IMAGE_TAG_SHA} ${IMAGE}:${safeBranch}
+              docker push ${IMAGE}:${safeBranch}
+            """
+
+            // Only push 'latest' from master
+            if (branch == 'master') {
+              sh """
+                docker tag ${IMAGE}:${IMAGE_TAG_SHA} ${IMAGE}:latest
+                docker push ${IMAGE}:latest
+              """
+            }
+          }
+        }
+      }
+    }
+
+    post {
+      always {
+        sh 'docker logout ${REGISTRY} || true'
+        // Keep agents from filling up over time
+        sh 'docker image rm -f ${IMAGE}:${IMAGE_TAG_SHA} || true'
+        sh 'docker image prune -f || true'
+      }
+    }
+  }
+
+
    stage('Checkout') {
      steps {
        checkout scm