From a6979805c16dc2307b87b82e4ff76f3a1d4c6457 Mon Sep 17 00:00:00 2001 From: Bram Date: Wed, 25 Mar 2026 18:57:44 +0100 Subject: [PATCH] Update jenkins file --- Jenkinsfile | 159 ++++------------------------------------------------ 1 file changed, 12 insertions(+), 147 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 78522f1..8a9020e 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -7,148 +7,23 @@ pipeline { } environment { - // --- Configure these for your registry --- - // For Gitea Container Registry (Packages), this is typically your Gitea host. - // Examples: - // REGISTRY = "git.brammie15.dev" (HTTPS) - // REGISTRY = "git.brammie15.dev:5050" (if your registry runs on a port) - REGISTRY = "git.brammie15.dev" - - // Image path in the registry. For Gitea/GitLab-style registries this is often: - // / (or sometimes //) - IMAGE_NAME = "brammie15/resendit" - - // Jenkins credential (Username/Password or token-as-password) that can push to the registry. - // Create it in Jenkins: Manage Jenkins -> Credentials + REGISTRY = "git.brammie15.dev" + IMAGE_NAME = "brammie15/resendit" REGISTRY_CREDS = "registry-creds" - - IMAGE = "${REGISTRY}/${IMAGE_NAME}" - - DD_URL = "https://DD.brammie15.dev" - DD_API_KEY = credentials('dd-api-key') - NVD_API_KEY = credentials("nvd-api-key") + IMAGE = "${REGISTRY}/${IMAGE_NAME}" + DD_URL = "https://DD.brammie15.dev" + DD_API_KEY = credentials('dd-api-key') + NVD_API_KEY = credentials("nvd-api-key") } stages { - pipeline { - agent any - - options { - timestamps() - disableConcurrentBuilds() - } - - environment { - // --- Configure these for your registry --- - // For Gitea Container Registry (Packages), this is typically your Gitea host. - // Examples: - // REGISTRY = "git.brammie15.dev" (HTTPS) - // REGISTRY = "git.brammie15.dev:5050" (if your registry runs on a port) - REGISTRY = "git.brammie15.dev" - - // Image path in the registry. For Gitea/GitLab-style registries this is often: - // / (or sometimes //) - IMAGE_NAME = "brammie15/resendit" - - // Jenkins credential (Username/Password or token-as-password) that can push to the registry. - // Create it in Jenkins: Manage Jenkins -> Credentials - REGISTRY_CREDS = "registry-creds" - - IMAGE = "${REGISTRY}/${IMAGE_NAME}" - - DD_URL = "https://DD.brammie15.dev" - DD_API_KEY = credentials('dd-api-key') - NVD_API_KEY = credentials("nvd-api-key") - } - - stages { - stage('Debug') { - steps { - sh 'echo "WORKSPACE: $WORKSPACE" && echo "PWD: $(pwd)" && ls -la' - } - } - - stage('Checkout') { - steps { - checkout scm - } - } - - stage('SAST - Semgrep') { - steps { - sh """ - docker run --rm -v "\$(pwd):/src" \ - returntocorp/semgrep \ - semgrep scan --config=auto /src - """ - } - } - - stage('Build image') { - steps { - script { - def shortSha = sh(script: 'git rev-parse --short=12 HEAD', returnStdout: true).trim() - env.IMAGE_TAG_SHA = shortSha - - sh """ - docker version - docker build \ - --build-arg GIT_COMMIT=${IMAGE_TAG_SHA} \ - -t ${IMAGE}:${IMAGE_TAG_SHA} . - """ - } - } - } - - stage('Login to registry') { - steps { - withCredentials([usernamePassword(credentialsId: "${REGISTRY_CREDS}", usernameVariable: 'REG_USER', passwordVariable: 'REG_PASS')]) { - sh """ - echo "$REG_PASS" | docker login ${REGISTRY} -u "$REG_USER" --password-stdin - """ - } - } - } - - stage('Push image') { - steps { - script { - // Always push the commit SHA tag - sh "docker push ${IMAGE}:${IMAGE_TAG_SHA}" - - // Also push a branch tag (handy for test environments) - def branch = (env.BRANCH_NAME ?: sh(script: 'git rev-parse --abbrev-ref HEAD', returnStdout: true).trim()) - def safeBranch = branch.replaceAll('[^a-zA-Z0-9_.-]', '-') - - sh """ - docker tag ${IMAGE}:${IMAGE_TAG_SHA} ${IMAGE}:${safeBranch} - docker push ${IMAGE}:${safeBranch} - """ - - // Only push 'latest' from master - if (branch == 'master') { - sh """ - docker tag ${IMAGE}:${IMAGE_TAG_SHA} ${IMAGE}:latest - docker push ${IMAGE}:latest - """ - } - } - } + stage('Debug') { + steps { + sh 'echo "WORKSPACE: $WORKSPACE" && echo "PWD: $(pwd)" && ls -la' } } - post { - always { - sh 'docker logout ${REGISTRY} || true' - // Keep agents from filling up over time - sh 'docker image rm -f ${IMAGE}:${IMAGE_TAG_SHA} || true' - sh 'docker image prune -f || true' - } - } - } - - stage('Checkout') { steps { checkout scm @@ -170,9 +45,7 @@ pipeline { script { def shortSha = sh(script: 'git rev-parse --short=12 HEAD', returnStdout: true).trim() env.IMAGE_TAG_SHA = shortSha - sh """ - docker version docker build \ --build-arg GIT_COMMIT=${IMAGE_TAG_SHA} \ -t ${IMAGE}:${IMAGE_TAG_SHA} . @@ -184,9 +57,7 @@ pipeline { stage('Login to registry') { steps { withCredentials([usernamePassword(credentialsId: "${REGISTRY_CREDS}", usernameVariable: 'REG_USER', passwordVariable: 'REG_PASS')]) { - sh """ - echo "$REG_PASS" | docker login ${REGISTRY} -u "$REG_USER" --password-stdin - """ + sh 'echo "$REG_PASS" | docker login ${REGISTRY} -u "$REG_USER" --password-stdin' } } } @@ -194,19 +65,13 @@ pipeline { stage('Push image') { steps { script { - // Always push the commit SHA tag sh "docker push ${IMAGE}:${IMAGE_TAG_SHA}" - - // Also push a branch tag (handy for test environments) def branch = (env.BRANCH_NAME ?: sh(script: 'git rev-parse --abbrev-ref HEAD', returnStdout: true).trim()) def safeBranch = branch.replaceAll('[^a-zA-Z0-9_.-]', '-') - sh """ docker tag ${IMAGE}:${IMAGE_TAG_SHA} ${IMAGE}:${safeBranch} docker push ${IMAGE}:${safeBranch} """ - - // Only push 'latest' from master if (branch == 'master') { sh """ docker tag ${IMAGE}:${IMAGE_TAG_SHA} ${IMAGE}:latest @@ -216,14 +81,14 @@ pipeline { } } } + } post { always { sh 'docker logout ${REGISTRY} || true' - // Keep agents from filling up over time sh 'docker image rm -f ${IMAGE}:${IMAGE_TAG_SHA} || true' sh 'docker image prune -f || true' } } -} +} \ No newline at end of file