-
Notifications
You must be signed in to change notification settings - Fork 31
/
Jenkinsfile
74 lines (68 loc) · 2.3 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
/*
* Copyright (c) 2017-present Sonatype, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
@Library(['private-pipeline-library', 'jenkins-shared']) _
import com.sonatype.jenkins.shared.Expectation
void configureBranchJob() {
String projName = currentBuild.fullProjectName
if (projName.endsWith('main')) {
properties([
disableConcurrentBuilds(),
pipelineTriggers([cron('@daily')])
])
}
}
String deployBranch = 'main'
String imageName = 'sonatype/nexus-iq-server'
configureBranchJob()
dockerizedBuildPipeline(
deployBranch: deployBranch,
deployCondition: { return true }, // always run the deploy stage
prepare: {
githubStatusUpdate('pending')
},
lint: {
hadolint(['./Dockerfile'])
},
buildAndTest: {
def expectations = load 'expectations.groovy'
validateExpectations(expectations.containerExpectations())
},
deploy: {
// Hijacking deploy step to run the docker buildx build to make sure it is working
withSonatypeDockerRegistry() {
sh "docker buildx create --driver-opt=\"image=${sonatypeDockerRegistryId()}/moby/buildkit\" --use"
sh "docker buildx build --platform linux/amd64,linux/arm64 " +
"--tag ${sonatypeDockerRegistryId()}/${imageName}:${env.BUILD_NUMBER} ."
}
},
vulnerabilityScan: {
def theStage = env.BRANCH_NAME == deployBranch ? 'build' : 'develop'
nexusPolicyEvaluation(
iqApplication: 'docker-nexus-iq-server',
iqScanPatterns: [[scanPattern: "container:${env.DOCKER_IMAGE_ID}"]],
iqStage: theStage)
},
onUnstable: {
if (env.BRANCH_NAME == deployBranch) {
notifyChat(currentBuild: currentBuild, env: env, room: 'iq-builds')
}
},
onFailure: {
if (env.BRANCH_NAME == deployBranch) {
notifyChat(currentBuild: currentBuild, env: env, room: 'iq-builds')
}
}
)