-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathJenkinsfile
More file actions
65 lines (65 loc) · 2.39 KB
/
Jenkinsfile
File metadata and controls
65 lines (65 loc) · 2.39 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
pipeline {
agent any
environment {
DOCKER_IMAGE = 'jasgida/devsecops-app:15'
}
stages {
stage('Setup') {
steps {
sh 'docker --version'
sh 'docker-compose --version'
sh 'trivy --version'
}
}
stage('Checkout Main') {
steps {
cleanWs()
git branch: 'main', url: 'https://github.com/Jasgida/DevSecOps-App.git'
}
}
stage('Build & Test') {
steps {
script {
sh 'docker-compose -f docker-compose.yml build app'
sh 'docker run --rm ${DOCKER_IMAGE} ls -la /app /app/app /app/tests'
sh '''
docker run --rm -e PYTHONPATH=/app -e PATH=/home/appuser/.local/bin:$PATH ${DOCKER_IMAGE} pytest tests/ -v --import-mode=importlib --cache-clear || {
echo "Tests failed. Check pytest output above for details."
exit 1
}
'''
}
}
}
stage('Security Scan') {
steps {
sh '''
trivy image --exit-code 1 --severity CRITICAL --ignorefile .trivyignore ${DOCKER_IMAGE} || {
echo "Security scan found critical vulnerabilities. Review Trivy output."
exit 1
}
'''
sh 'trivy fs --scanners misconfig ./app'
}
}
stage('Deploy') {
steps {
withCredentials([usernamePassword(credentialsId: 'dockerhub-creds', usernameVariable: 'DOCKER_USER', passwordVariable: 'DOCKER_PASS')]) {
sh 'echo $DOCKER_PASS | docker login -u $DOCKER_USER --password-stdin'
sh 'docker tag ${DOCKER_IMAGE} jasgida/devsecops-app:latest'
sh 'docker push ${DOCKER_IMAGE}'
sh 'docker push jasgida/devsecops-app:latest'
sh 'docker stop devsecops-app-main || true'
sh 'docker rm devsecops-app-main || true'
sh 'docker-compose -f docker-compose.yml up -d --remove-orphans'
}
}
}
}
post {
always {
cleanWs()
sh 'docker system prune -af'
}
}
}