This is an example repo of docker image hardening Jenkins Pipeline.
Step1, Prepare git repo to host jenkins scripts:
- Duplicate this GitHub Repo, give it a name like
ise-hardened-${your-docker-image-descriptor} - Update
Dockerfile, put your source docker image atFROM, update other metadata.
Step2, Setup Jenkins pipeline in Consol
- Go to Jenkins Console ->
New Item-> ChoosePipelineorMultibranch Pipelineproject. - Configure Parameters:
- Click This Project is parameterized
- Add
artifactoryURL,artifactoryRegistry, ... parameters. Basically these parameters are the arguments defined in our jenkins shared library -hardenDockerImage.groovy. For full list of parameters, please check https://github.com/GSA/ise-jenkins-shared-library/blob/main/vars/hardenDockerImage.groovy
- Configure SCM:
- Pipeline -> Pipeline script from SCM -> Git, fill in Git URL, credentials, branch. You can define a parameter
gitBranchand use*/${gitBranch}inBranch Specifier input box-> setScript PathJenkinsfile -> UncheckLightweight Checkout(otherwise you cannot usegitBranchparameter to control what branch you want to build from.
- Pipeline -> Pipeline script from SCM -> Git, fill in Git URL, credentials, branch. You can define a parameter
Step3, Import Jenkins Shared Library into Jenkins System
Jenkins -> Manage Jenkins -> Configure System -> Search: Global Pipeline Libraries
Fill in https://github.com/GSA/ise-jenkins-shared-library url, it will load the latest jenkins shared library into the runtime, so you can start using those libraries in Jenkinsfile. Check "Load Implicitly" (if not check, you need to manually declare @Library("${LibraryName}") at begin of your Jenkinsfile).