brammie15/ReSendit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update JenkinsFile

Browse Source 
Update Jenkinsfile

Update jenkins file

Update Jenkins

fix paths

Add semgrep

fix fail

god i hate docker

attempt to fix paths

Revert "attempt to fix paths"

This reverts commit 6d60a8663e.

try to fix

asdasd

another update ah

fix config

true fix
This commit is contained in:
Bram
2026-03-25 11:34:17 +01:00
parent bfeeaa1190
commit ead2b18991
1 changed files with 47 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
Jenkinsfile vendored
View File

@@ -7,39 +7,65 @@ pipeline {
}
environment {
// --- Configure these for your registry ---
// For Gitea Container Registry (Packages), this is typically your Gitea host.
// Examples:
// REGISTRY = "git.brammie15.dev" (HTTPS)
// REGISTRY = "git.brammie15.dev:5050" (if your registry runs on a port)
REGISTRY = "git.brammie15.dev"
// Image path in the registry. For Gitea/GitLab-style registries this is often:
// <owner>/<repo> (or sometimes <owner>/<repo>/<image>)
IMAGE_NAME = "brammie15/resendit"
// Jenkins credential (Username/Password or token-as-password) that can push to the registry.
// Create it in Jenkins: Manage Jenkins -> Credentials
REGISTRY = "git.brammie15.dev"
IMAGE_NAME = "brammie15/resendit"
REGISTRY_CREDS = "registry-creds"
IMAGE = "${REGISTRY}/${IMAGE_NAME}"
IMAGE = "${REGISTRY}/${IMAGE_NAME}"
DD_URL = "https://DD.brammie15.dev"
DD_API_KEY = credentials('dd-api-key')
NVD_API_KEY = credentials("nvd-api-key")
}
stages {
stage('Debug') {
steps {
sh 'echo "WORKSPACE: $WORKSPACE" && echo "PWD: $(pwd)" && ls -la'
}
}
stage('Checkout') {
steps {
checkout scm
}
}
stage('SAST - Semgrep') {
steps {
sh """
docker run --rm -v "\$(pwd):/src" \
returntocorp/semgrep \
semgrep scan --config=p/ci --debug \
--sarif --output /src/semgrep.sarif \
/src/internal /src/cmd || true
echo "After semgrep:"
ls -la
"""
}
}
stage('Upload to DefectDojo') {
steps {
sh """
curl -X POST "${DD_URL}/api/v2/import-scan/" \
-H "Authorization: Token ${DD_API_KEY}" \
-F "scan_type=SARIF" \
-F "file=@\$(pwd)/semgrep.sarif" \
-F "product_name=ReSendit" \
-F "engagement_name=Jenkins-CI" \
-F "auto_create_context=true" \
-F "close_old_findings=true"
"""
}
}
stage('Build image') {
steps {
script {
def shortSha = sh(script: 'git rev-parse --short=12 HEAD', returnStdout: true).trim()
env.IMAGE_TAG_SHA = shortSha
sh """
docker version
docker build \
--build-arg GIT_COMMIT=${IMAGE_TAG_SHA} \
-t ${IMAGE}:${IMAGE_TAG_SHA} .
@@ -51,9 +77,7 @@ pipeline {
stage('Login to registry') {
steps {
withCredentials([usernamePassword(credentialsId: "${REGISTRY_CREDS}", usernameVariable: 'REG_USER', passwordVariable: 'REG_PASS')]) {
sh """
echo "$REG_PASS" | docker login ${REGISTRY} -u "$REG_USER" --password-stdin
"""
sh 'echo "$REG_PASS" | docker login ${REGISTRY} -u "$REG_USER" --password-stdin'
}
}
}
@@ -61,19 +85,13 @@ pipeline {
stage('Push image') {
steps {
script {
// Always push the commit SHA tag
sh "docker push ${IMAGE}:${IMAGE_TAG_SHA}"
// Also push a branch tag (handy for test environments)
def branch = (env.BRANCH_NAME ?: sh(script: 'git rev-parse --abbrev-ref HEAD', returnStdout: true).trim())
def safeBranch = branch.replaceAll('[^a-zA-Z0-9_.-]', '-')
sh """
docker tag ${IMAGE}:${IMAGE_TAG_SHA} ${IMAGE}:${safeBranch}
docker push ${IMAGE}:${safeBranch}
"""
// Only push 'latest' from master
if (branch == 'master') {
sh """
docker tag ${IMAGE}:${IMAGE_TAG_SHA} ${IMAGE}:latest
@@ -83,14 +101,15 @@ pipeline {
}
}
}
}
post {
always {
sh 'docker logout ${REGISTRY} || true'
// Keep agents from filling up over time
sh 'docker image rm -f ${IMAGE}:${IMAGE_TAG_SHA} || true'
sh 'docker image prune -f || true'
// sh 'rm -f semgrep.sarif || true'
}
}
}