brammie15/ReSendit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update jenkins file

Browse Source
This commit is contained in:
Bram
2026-03-25 18:57:44 +01:00
parent 644cf426d6
commit a6979805c1
1 changed files with 12 additions and 147 deletions
Download Patch File Download Diff File Expand all files Collapse all files

139
Jenkinsfile vendored
View File

@@ -7,23 +7,10 @@ pipeline {
} }
environment { environment {
// --- Configure these for your registry ---
// For Gitea Container Registry (Packages), this is typically your Gitea host.
// Examples:
// REGISTRY = "git.brammie15.dev" (HTTPS)
// REGISTRY = "git.brammie15.dev:5050" (if your registry runs on a port)
REGISTRY = "git.brammie15.dev" REGISTRY = "git.brammie15.dev"
// Image path in the registry. For Gitea/GitLab-style registries this is often:
// <owner>/<repo> (or sometimes <owner>/<repo>/<image>)
IMAGE_NAME = "brammie15/resendit" IMAGE_NAME = "brammie15/resendit"
// Jenkins credential (Username/Password or token-as-password) that can push to the registry.
// Create it in Jenkins: Manage Jenkins -> Credentials
REGISTRY_CREDS = "registry-creds" REGISTRY_CREDS = "registry-creds"
IMAGE = "${REGISTRY}/${IMAGE_NAME}" IMAGE = "${REGISTRY}/${IMAGE_NAME}"
DD_URL = "https://DD.brammie15.dev" DD_URL = "https://DD.brammie15.dev"
DD_API_KEY = credentials('dd-api-key') DD_API_KEY = credentials('dd-api-key')
NVD_API_KEY = credentials("nvd-api-key") NVD_API_KEY = credentials("nvd-api-key")
@@ -31,38 +18,6 @@ pipeline {
stages { stages {
pipeline {
agent any
options {
timestamps()
disableConcurrentBuilds()
}
environment {
// --- Configure these for your registry ---
// For Gitea Container Registry (Packages), this is typically your Gitea host.
// Examples:
// REGISTRY = "git.brammie15.dev" (HTTPS)
// REGISTRY = "git.brammie15.dev:5050" (if your registry runs on a port)
REGISTRY = "git.brammie15.dev"
// Image path in the registry. For Gitea/GitLab-style registries this is often:
// <owner>/<repo> (or sometimes <owner>/<repo>/<image>)
IMAGE_NAME = "brammie15/resendit"
// Jenkins credential (Username/Password or token-as-password) that can push to the registry.
// Create it in Jenkins: Manage Jenkins -> Credentials
REGISTRY_CREDS = "registry-creds"
IMAGE = "${REGISTRY}/${IMAGE_NAME}"
DD_URL = "https://DD.brammie15.dev"
DD_API_KEY = credentials('dd-api-key')
NVD_API_KEY = credentials("nvd-api-key")
}
stages {
stage('Debug') { stage('Debug') {
steps { steps {
sh 'echo "WORKSPACE: $WORKSPACE" && echo "PWD: $(pwd)" && ls -la' sh 'echo "WORKSPACE: $WORKSPACE" && echo "PWD: $(pwd)" && ls -la'
@@ -90,9 +45,7 @@ pipeline {
script { script {
def shortSha = sh(script: 'git rev-parse --short=12 HEAD', returnStdout: true).trim() def shortSha = sh(script: 'git rev-parse --short=12 HEAD', returnStdout: true).trim()
env.IMAGE_TAG_SHA = shortSha env.IMAGE_TAG_SHA = shortSha
sh """ sh """
docker version
docker build \ docker build \
--build-arg GIT_COMMIT=${IMAGE_TAG_SHA} \ --build-arg GIT_COMMIT=${IMAGE_TAG_SHA} \
-t ${IMAGE}:${IMAGE_TAG_SHA} . -t ${IMAGE}:${IMAGE_TAG_SHA} .
@@ -104,9 +57,7 @@ pipeline {
stage('Login to registry') { stage('Login to registry') {
steps { steps {
withCredentials([usernamePassword(credentialsId: "${REGISTRY_CREDS}", usernameVariable: 'REG_USER', passwordVariable: 'REG_PASS')]) { withCredentials([usernamePassword(credentialsId: "${REGISTRY_CREDS}", usernameVariable: 'REG_USER', passwordVariable: 'REG_PASS')]) {
sh """ sh 'echo "$REG_PASS" | docker login ${REGISTRY} -u "$REG_USER" --password-stdin'
echo "$REG_PASS" | docker login ${REGISTRY} -u "$REG_USER" --password-stdin
"""
} }
} }
} }
@@ -114,19 +65,13 @@ pipeline {
stage('Push image') { stage('Push image') {
steps { steps {
script { script {
// Always push the commit SHA tag
sh "docker push ${IMAGE}:${IMAGE_TAG_SHA}" sh "docker push ${IMAGE}:${IMAGE_TAG_SHA}"
// Also push a branch tag (handy for test environments)
def branch = (env.BRANCH_NAME ?: sh(script: 'git rev-parse --abbrev-ref HEAD', returnStdout: true).trim()) def branch = (env.BRANCH_NAME ?: sh(script: 'git rev-parse --abbrev-ref HEAD', returnStdout: true).trim())
def safeBranch = branch.replaceAll('[^a-zA-Z0-9_.-]', '-') def safeBranch = branch.replaceAll('[^a-zA-Z0-9_.-]', '-')
sh """ sh """
docker tag ${IMAGE}:${IMAGE_TAG_SHA} ${IMAGE}:${safeBranch} docker tag ${IMAGE}:${IMAGE_TAG_SHA} ${IMAGE}:${safeBranch}
docker push ${IMAGE}:${safeBranch} docker push ${IMAGE}:${safeBranch}
""" """
// Only push 'latest' from master
if (branch == 'master') { if (branch == 'master') {
sh """ sh """
docker tag ${IMAGE}:${IMAGE_TAG_SHA} ${IMAGE}:latest docker tag ${IMAGE}:${IMAGE_TAG_SHA} ${IMAGE}:latest
@@ -136,92 +81,12 @@ pipeline {
} }
} }
} }
} }
post { post {
always { always {
sh 'docker logout ${REGISTRY} || true' sh 'docker logout ${REGISTRY} || true'
// Keep agents from filling up over time
sh 'docker image rm -f ${IMAGE}:${IMAGE_TAG_SHA} || true'
sh 'docker image prune -f || true'
}
}
}
stage('Checkout') {
steps {
checkout scm
}
}
stage('SAST - Semgrep') {
steps {
sh """
docker run --rm -v "\$(pwd):/src" \
returntocorp/semgrep \
semgrep scan --config=auto /src
"""
}
}
stage('Build image') {
steps {
script {
def shortSha = sh(script: 'git rev-parse --short=12 HEAD', returnStdout: true).trim()
env.IMAGE_TAG_SHA = shortSha
sh """
docker version
docker build \
--build-arg GIT_COMMIT=${IMAGE_TAG_SHA} \
-t ${IMAGE}:${IMAGE_TAG_SHA} .
"""
}
}
}
stage('Login to registry') {
steps {
withCredentials([usernamePassword(credentialsId: "${REGISTRY_CREDS}", usernameVariable: 'REG_USER', passwordVariable: 'REG_PASS')]) {
sh """
echo "$REG_PASS" | docker login ${REGISTRY} -u "$REG_USER" --password-stdin
"""
}
}
}
stage('Push image') {
steps {
script {
// Always push the commit SHA tag
sh "docker push ${IMAGE}:${IMAGE_TAG_SHA}"
// Also push a branch tag (handy for test environments)
def branch = (env.BRANCH_NAME ?: sh(script: 'git rev-parse --abbrev-ref HEAD', returnStdout: true).trim())
def safeBranch = branch.replaceAll('[^a-zA-Z0-9_.-]', '-')
sh """
docker tag ${IMAGE}:${IMAGE_TAG_SHA} ${IMAGE}:${safeBranch}
docker push ${IMAGE}:${safeBranch}
"""
// Only push 'latest' from master
if (branch == 'master') {
sh """
docker tag ${IMAGE}:${IMAGE_TAG_SHA} ${IMAGE}:latest
docker push ${IMAGE}:latest
"""
}
}
}
}
}
post {
always {
sh 'docker logout ${REGISTRY} || true'
// Keep agents from filling up over time
sh 'docker image rm -f ${IMAGE}:${IMAGE_TAG_SHA} || true' sh 'docker image rm -f ${IMAGE}:${IMAGE_TAG_SHA} || true'
sh 'docker image prune -f || true' sh 'docker image prune -f || true'
} }