mirror of
https://github.com/corda/corda.git
synced 2025-01-25 21:59:22 +00:00
ES-657: add auto import and snyk scanning for c4 corda community docker images (#7415)
This commit is contained in:
parent
45c021326f
commit
306951c97d
16
.ci/dev/regression/Jenkinsfile
vendored
16
.ci/dev/regression/Jenkinsfile
vendored
@ -6,9 +6,11 @@
|
|||||||
@Library('corda-shared-build-pipeline-steps')
|
@Library('corda-shared-build-pipeline-steps')
|
||||||
|
|
||||||
import com.r3.build.utils.GitUtils
|
import com.r3.build.utils.GitUtils
|
||||||
|
import com.r3.build.enums.SnykOrganisation
|
||||||
|
import com.r3.build.utils.SnykUtils
|
||||||
|
|
||||||
GitUtils gitUtils = new GitUtils(this)
|
GitUtils gitUtils = new GitUtils(this)
|
||||||
|
SnykUtils snykUtils = new SnykUtils(this)
|
||||||
/**
|
/**
|
||||||
* Sense environment
|
* Sense environment
|
||||||
*/
|
*/
|
||||||
@ -59,8 +61,9 @@ pipeline {
|
|||||||
CORDA_USE_CACHE = "corda-remotes"
|
CORDA_USE_CACHE = "corda-remotes"
|
||||||
DOCKER_URL = "https://index.docker.io/v1/"
|
DOCKER_URL = "https://index.docker.io/v1/"
|
||||||
EMAIL_RECIPIENTS = credentials('corda4-email-recipient')
|
EMAIL_RECIPIENTS = credentials('corda4-email-recipient')
|
||||||
|
INTEGRATION_ID = credentials('snyk-artifactory-c4')
|
||||||
SNYK_API_KEY = "c4-os-snyk" //Jenkins credential type: Snyk Api token
|
SNYK_API_KEY = "c4-os-snyk" //Jenkins credential type: Snyk Api token
|
||||||
SNYK_API_TOKEN = credentials('c4-os-snyk-api-token-secret') //Jenkins credential type: Secret text
|
SNYK_TOKEN = credentials('c4-os-snyk-api-token-secret') //Jenkins credential type: Secret text
|
||||||
C4_OS_SNYK_ORG_ID = credentials('corda4-os-snyk-org-id')
|
C4_OS_SNYK_ORG_ID = credentials('corda4-os-snyk-org-id')
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -106,7 +109,7 @@ pipeline {
|
|||||||
expression { isReleaseTag || isReleaseCandidate || isReleaseBranch }
|
expression { isReleaseTag || isReleaseCandidate || isReleaseBranch }
|
||||||
}
|
}
|
||||||
steps {
|
steps {
|
||||||
snykLicenseGeneration(env.SNYK_API_TOKEN, env.C4_OS_SNYK_ORG_ID)
|
snykLicenseGeneration(env.SNYK_TOKEN, env.C4_OS_SNYK_ORG_ID)
|
||||||
}
|
}
|
||||||
post {
|
post {
|
||||||
always {
|
always {
|
||||||
@ -391,6 +394,13 @@ pipeline {
|
|||||||
if (isReleaseTag || isReleaseCandidate || isReleaseBranch) {
|
if (isReleaseTag || isReleaseCandidate || isReleaseBranch) {
|
||||||
snykSecurityScan.generateHtmlElements()
|
snykSecurityScan.generateHtmlElements()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (isReleaseTag || isReleaseCandidate) {
|
||||||
|
// auto import and scanning of Docker images tag is dictated by below properties, so retrieve these first to scan the approproate tag
|
||||||
|
String cordaVersion = sh(script: 'grep "cordaVersion" constants.properties | awk -F= \'{print $2}\'', returnStdout: true).trim()
|
||||||
|
String versionSuffix = sh(script: 'grep "versionSuffix" constants.properties | awk -F= \'{print $2}\'', returnStdout: true).trim()
|
||||||
|
snykUtils.SnykApiImport(!versionSuffix.isEmpty() ? "${cordaVersion}-${versionSuffix}" : cordaVersion, SnykOrganisation.CORDA_4_OS, env.C4_OS_SNYK_ORG_ID)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
unstable {
|
unstable {
|
||||||
|
Loading…
x
Reference in New Issue
Block a user