ES-657: add auto import and snyk scanning for c4 corda community docker images (#7415)

This commit is contained in:
Ronan Browne 2023-07-17 18:27:28 +01:00 committed by GitHub
parent 45c021326f
commit 306951c97d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -6,9 +6,11 @@
@Library('corda-shared-build-pipeline-steps') @Library('corda-shared-build-pipeline-steps')
import com.r3.build.utils.GitUtils import com.r3.build.utils.GitUtils
import com.r3.build.enums.SnykOrganisation
import com.r3.build.utils.SnykUtils
GitUtils gitUtils = new GitUtils(this) GitUtils gitUtils = new GitUtils(this)
SnykUtils snykUtils = new SnykUtils(this)
/** /**
* Sense environment * Sense environment
*/ */
@ -59,8 +61,9 @@ pipeline {
CORDA_USE_CACHE = "corda-remotes" CORDA_USE_CACHE = "corda-remotes"
DOCKER_URL = "https://index.docker.io/v1/" DOCKER_URL = "https://index.docker.io/v1/"
EMAIL_RECIPIENTS = credentials('corda4-email-recipient') EMAIL_RECIPIENTS = credentials('corda4-email-recipient')
INTEGRATION_ID = credentials('snyk-artifactory-c4')
SNYK_API_KEY = "c4-os-snyk" //Jenkins credential type: Snyk Api token SNYK_API_KEY = "c4-os-snyk" //Jenkins credential type: Snyk Api token
SNYK_API_TOKEN = credentials('c4-os-snyk-api-token-secret') //Jenkins credential type: Secret text SNYK_TOKEN = credentials('c4-os-snyk-api-token-secret') //Jenkins credential type: Secret text
C4_OS_SNYK_ORG_ID = credentials('corda4-os-snyk-org-id') C4_OS_SNYK_ORG_ID = credentials('corda4-os-snyk-org-id')
} }
@ -106,7 +109,7 @@ pipeline {
expression { isReleaseTag || isReleaseCandidate || isReleaseBranch } expression { isReleaseTag || isReleaseCandidate || isReleaseBranch }
} }
steps { steps {
snykLicenseGeneration(env.SNYK_API_TOKEN, env.C4_OS_SNYK_ORG_ID) snykLicenseGeneration(env.SNYK_TOKEN, env.C4_OS_SNYK_ORG_ID)
} }
post { post {
always { always {
@ -391,6 +394,13 @@ pipeline {
if (isReleaseTag || isReleaseCandidate || isReleaseBranch) { if (isReleaseTag || isReleaseCandidate || isReleaseBranch) {
snykSecurityScan.generateHtmlElements() snykSecurityScan.generateHtmlElements()
} }
if (isReleaseTag || isReleaseCandidate) {
// auto import and scanning of Docker images tag is dictated by below properties, so retrieve these first to scan the approproate tag
String cordaVersion = sh(script: 'grep "cordaVersion" constants.properties | awk -F= \'{print $2}\'', returnStdout: true).trim()
String versionSuffix = sh(script: 'grep "versionSuffix" constants.properties | awk -F= \'{print $2}\'', returnStdout: true).trim()
snykUtils.SnykApiImport(!versionSuffix.isEmpty() ? "${cordaVersion}-${versionSuffix}" : cordaVersion, SnykOrganisation.CORDA_4_OS, env.C4_OS_SNYK_ORG_ID)
}
} }
} }
unstable { unstable {