brammie15/ReSendit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b4bbaf25c99ebac1969f7c1863e847ddcabe96a2
ReSendit/Jenkinsfile
Bram b4bbaf25c9 another update ah
2026-03-25 20:46:10 +01:00

115 lines
2.9 KiB
Groovy
Raw Blame History

pipeline {
agent any
options {
timestamps()
disableConcurrentBuilds()
}
environment {
REGISTRY = "git.brammie15.dev"
IMAGE_NAME = "brammie15/resendit"
REGISTRY_CREDS = "registry-creds"
IMAGE = "${REGISTRY}/${IMAGE_NAME}"
DD_URL = "https://DD.brammie15.dev"
DD_API_KEY = credentials('dd-api-key')
NVD_API_KEY = credentials("nvd-api-key")
}
stages {
stage('Debug') {
steps {
sh 'echo "WORKSPACE: $WORKSPACE" && echo "PWD: $(pwd)" && ls -la'
}
}
stage('Checkout') {
steps {
checkout scm
}
}
stage('SAST - Semgrep') {
steps {
sh """
docker run --rm -v "\$(pwd):/src" \
returntocorp/semgrep \
semgrep scan --config=auto --debug \
--sarif --output /src/semgrep.sarif \
/src/internal /src/cmd
echo "After semgrep:"
ls -la
"""
}
}
stage('Upload to DefectDojo') {
steps {
sh """
curl -X POST "${DD_URL}/api/v2/import-scan/" \
-H "Authorization: Token ${DD_API_KEY}" \
-F "scan_type=SARIF" \
-F "file=@\$(pwd)/semgrep.sarif" \
-F "product_name=ReSendit" \
-F "engagement_name=Jenkins-CI" \
-F "auto_create_context=true" \
-F "close_old_findings=true"
"""
}
}
stage('Build image') {
steps {
script {
def shortSha = sh(script: 'git rev-parse --short=12 HEAD', returnStdout: true).trim()
env.IMAGE_TAG_SHA = shortSha
sh """
docker build \
--build-arg GIT_COMMIT=${IMAGE_TAG_SHA} \
-t ${IMAGE}:${IMAGE_TAG_SHA} .
"""
}
}
}
stage('Login to registry') {
steps {
withCredentials([usernamePassword(credentialsId: "${REGISTRY_CREDS}", usernameVariable: 'REG_USER', passwordVariable: 'REG_PASS')]) {
sh 'echo "$REG_PASS" | docker login ${REGISTRY} -u "$REG_USER" --password-stdin'
}
}
}
stage('Push image') {
steps {
script {
sh "docker push ${IMAGE}:${IMAGE_TAG_SHA}"
def branch = (env.BRANCH_NAME ?: sh(script: 'git rev-parse --abbrev-ref HEAD', returnStdout: true).trim())
def safeBranch = branch.replaceAll('[^a-zA-Z0-9_.-]', '-')
sh """
docker tag ${IMAGE}:${IMAGE_TAG_SHA} ${IMAGE}:${safeBranch}
docker push ${IMAGE}:${safeBranch}
"""
if (branch == 'master') {
sh """
docker tag ${IMAGE}:${IMAGE_TAG_SHA} ${IMAGE}:latest
docker push ${IMAGE}:latest
"""
}
}
}
}
}
post {
always {
sh 'docker logout ${REGISTRY} || true'
sh 'docker image rm -f ${IMAGE}:${IMAGE_TAG_SHA} || true'
sh 'docker image prune -f || true'
// sh 'rm -f semgrep.sarif || true'
}
}
}
Reference in New Issue View Git Blame Copy Permalink