mirror of
https://github.com/corda/corda.git
synced 2025-01-11 23:43:03 +00:00
ES-657: add auto import and snyk scanning for c4 corda community docker images (#7415)
This commit is contained in:
parent
45c021326f
commit
306951c97d
16
.ci/dev/regression/Jenkinsfile
vendored
16
.ci/dev/regression/Jenkinsfile
vendored
@ -6,9 +6,11 @@
|
||||
@Library('corda-shared-build-pipeline-steps')
|
||||
|
||||
import com.r3.build.utils.GitUtils
|
||||
import com.r3.build.enums.SnykOrganisation
|
||||
import com.r3.build.utils.SnykUtils
|
||||
|
||||
GitUtils gitUtils = new GitUtils(this)
|
||||
|
||||
SnykUtils snykUtils = new SnykUtils(this)
|
||||
/**
|
||||
* Sense environment
|
||||
*/
|
||||
@ -59,8 +61,9 @@ pipeline {
|
||||
CORDA_USE_CACHE = "corda-remotes"
|
||||
DOCKER_URL = "https://index.docker.io/v1/"
|
||||
EMAIL_RECIPIENTS = credentials('corda4-email-recipient')
|
||||
INTEGRATION_ID = credentials('snyk-artifactory-c4')
|
||||
SNYK_API_KEY = "c4-os-snyk" //Jenkins credential type: Snyk Api token
|
||||
SNYK_API_TOKEN = credentials('c4-os-snyk-api-token-secret') //Jenkins credential type: Secret text
|
||||
SNYK_TOKEN = credentials('c4-os-snyk-api-token-secret') //Jenkins credential type: Secret text
|
||||
C4_OS_SNYK_ORG_ID = credentials('corda4-os-snyk-org-id')
|
||||
}
|
||||
|
||||
@ -106,7 +109,7 @@ pipeline {
|
||||
expression { isReleaseTag || isReleaseCandidate || isReleaseBranch }
|
||||
}
|
||||
steps {
|
||||
snykLicenseGeneration(env.SNYK_API_TOKEN, env.C4_OS_SNYK_ORG_ID)
|
||||
snykLicenseGeneration(env.SNYK_TOKEN, env.C4_OS_SNYK_ORG_ID)
|
||||
}
|
||||
post {
|
||||
always {
|
||||
@ -391,6 +394,13 @@ pipeline {
|
||||
if (isReleaseTag || isReleaseCandidate || isReleaseBranch) {
|
||||
snykSecurityScan.generateHtmlElements()
|
||||
}
|
||||
|
||||
if (isReleaseTag || isReleaseCandidate) {
|
||||
// auto import and scanning of Docker images tag is dictated by below properties, so retrieve these first to scan the approproate tag
|
||||
String cordaVersion = sh(script: 'grep "cordaVersion" constants.properties | awk -F= \'{print $2}\'', returnStdout: true).trim()
|
||||
String versionSuffix = sh(script: 'grep "versionSuffix" constants.properties | awk -F= \'{print $2}\'', returnStdout: true).trim()
|
||||
snykUtils.SnykApiImport(!versionSuffix.isEmpty() ? "${cordaVersion}-${versionSuffix}" : cordaVersion, SnykOrganisation.CORDA_4_OS, env.C4_OS_SNYK_ORG_ID)
|
||||
}
|
||||
}
|
||||
}
|
||||
unstable {
|
||||
|
Loading…
Reference in New Issue
Block a user