-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy pathJenkinsfile
More file actions
57 lines (55 loc) · 1.97 KB
/
Jenkinsfile
File metadata and controls
57 lines (55 loc) · 1.97 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
pipeline {
agent any
environment {
GIT_REPO = 'https://github.com/amitopenwriteup/upgrad.git'
GIT_BRANCH = 'main'
DOCKER_REGISTRY = 'localhost:5000'
IMAGE_NAME = 'myimage'
IMAGE_TAG = 'latest'
DOCKERFILE_PATH = 'dockerfile'
}
stages {
stage('Checkout the Git repository') {
steps {
git branch: "${GIT_BRANCH}", url: "${GIT_REPO}"
}
}
stage('Build Docker Image') {
steps {
script {
def dockerImage = docker.build("${DOCKER_REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG}", "-f ${DOCKERFILE_PATH} .")
dockerImage.push()
}
}
}
stage('Trivy Scan') {
steps {
script {
// Run Trivy scan and output results to a file
def scanResult = sh(script: "trivy image --exit-code 1 --severity HIGH,CRITICAL ${DOCKER_REGISTRY}/${IMAGE_NAME}:${IMAGE_TAG} | tee trivy_report.txt", returnStatus: true)
// Check if vulnerabilities were found
if (scanResult == 1) {
error "Trivy scan found HIGH/CRITICAL vulnerabilities. Review the 'trivy_report.txt' log for details."
}
}
}
}
stage('Deploy or Push to Production') {
when {
expression { currentBuild.result == null || currentBuild.result == 'SUCCESS' }
}
steps {
echo "No critical vulnerabilities found, proceeding with deployment."
sh 'docker run -dit -p 8000:8000 localhost:5010/myimage'
}
}
}
post {
always {
archiveArtifacts artifacts: 'trivy_report.txt', fingerprint: true
}
failure {
echo "Pipeline failed due to vulnerabilities. Check 'trivy_report.txt'."
}
}
}