Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
205 lines (166 sloc) 6.01 KB
def template = 'https://raw.githubusercontent.com/redhat-cop/image-scanning-signing-service/master/examples/image-signing-request-template.yml'
def scanTemplate = 'https://raw.githubusercontent.com/redhat-cop/image-scanning-signing-service/master/examples/image-scanning-request-template.yml'
openshift.withCluster() {
env.NAMESPACE = openshift.project()
env.APP_NAME = "${env.JOB_NAME}".replaceAll(/-?${env.NAMESPACE}-?/, '').replaceAll(/-?pipeline-?/, '').replaceAll('/', '')
echo "begin build of " + env.APP_NAME
}
pipeline {
agent { label 'maven' }
stages {
stage('Code Checkout') {
steps {
git url: "${SOURCE_CODE_URL}", branch: "${SOURCE_CODE_REF}"
}
}
stage('Code Build') {
steps {
sh "mvn clean package"
}
}
stage('Image Build') {
steps {
echo 'Building Image from Jar File'
sh """
set +x
rm -rf oc-build && mkdir -p oc-build/deployments
for t in \$(echo "jar;war;ear" | tr ";" "\\n"); do
cp -rfv ./target/*.\$t oc-build/deployments/ 2> /dev/null || echo "No \$t files"
done
"""
script {
openshift.withCluster() {
build = openshift.startBuild("${APP_NAME}", "--from-dir=oc-build")
timeout(10) {
build.untilEach {
def phase = it.object().status.phase
echo "Build Status: ${phase}"
if (phase == "Complete") {
return true
}
else if (phase == "Failed") {
currentBuild.result = "FAILURE"
buildErrorLog = it.logs().actions[0].err
return true
}
else {
return false
}
}
}
if (currentBuild.result == 'FAILURE') {
error(buildErrorLog)
return
}
}
}
}
}
stage('Scan Image') {
steps {
script {
def obj = "${APP_NAME}-${env.BUILD_NUMBER}"
openshift.withCluster() {
def created = openshift.create(openshift.process(scanTemplate, "-p IMAGE_SCANNING_REQUEST_NAME=${obj} -p IMAGE_STREAM_TAG=${APP_NAME}:${BUILD_APP_TAG}"))
def imagescanningrequest = created.narrow('imagescanningrequest').name();
echo "ImageScanningRequest ${imagescanningrequest.split('/')[1]} Created"
timeout(time: 10, unit: 'MINUTES') {
waitUntil() {
def isr = openshift.selector("${imagescanningrequest}")
if(isr.object().status) {
def phase = isr.object().status.phase
if(phase == "Failed") {
echo "Scanning Action Failed: ${isr.object().status.message}"
currentBuild.result = "FAILURE"
return true
}
else if(phase == "Completed") {
echo "Scanning Action Completed!"
echo "Failed Rules: ${isr.object().status.scanResult.failedRules}"
echo "Passed Rules: ${isr.object().status.scanResult.passedRules}"
echo "Total Rules: ${isr.object().status.scanResult.totalRules}"
env.FAILED_RULES = "${isr.object().status.scanResult.failedRules}"
return true
}
}
else {
echo "Status is null"
}
return false
}
}
}
def failedRules = "${env.FAILED_RULES}" as int
if(failedRules > 0) {
if("true" == "${env.SKIP_FAILED_SCANS}") {
echo "Scan Contains ${failedRules} Rules! Failure Bypass Parameter Set. Continuing Build."
}
else {
error("Scan Contains ${failedRules} Rules! Failing Build!")
}
}
}
}
}
stage('Sign Image') {
steps {
script {
def obj = "${APP_NAME}-${env.BUILD_NUMBER}"
openshift.withCluster() {
def created = openshift.create(openshift.process(template, "-p IMAGE_SIGNING_REQUEST_NAME=${obj} -p IMAGE_STREAM_TAG=${APP_NAME}:${BUILD_APP_TAG}"))
def imagesigningrequest = created.narrow('imagesigningrequest').name();
echo "ImageSigningRequest ${imagesigningrequest.split('/')[1]} Created"
timeout(time: 10, unit: 'MINUTES') {
waitUntil() {
def isr = openshift.selector("${imagesigningrequest}")
if(isr.object().status) {
def phase = isr.object().status.phase
if(phase == "Failed") {
echo "Signing Action Failed: ${isr.object().status.message}"
currentBuild.result = "FAILURE"
return true
}
else if(phase == "Completed") {
env.SIGNED_IMAGE = isr.object().status.signedImage
echo "Signing Action Completed. Signed Image: ${SIGNED_IMAGE}"
return true
}
}
else {
echo "Status is null"
}
return false
}
}
}
}
}
}
stage('Tag Image') {
steps {
script {
openshift.withCluster() {
openshift.tag("${APP_NAME}@${SIGNED_IMAGE}", "${APP_NAME}:${DEPLOY_APP_TAG}")
}
}
}
}
stage('Rollout Application') {
steps {
script {
openshift.withCluster() {
def result = null
deploymentConfig = openshift.selector("dc", "${APP_NAME}")
deploymentConfig.rollout().latest()
timeout(10) {
result = deploymentConfig.rollout().status("-w")
}
if (result.status != 0) {
error(result.err)
}
}
}
}
}
}
}
You can’t perform that action at this time.