jenkins-lib

Jenkins shared library
git clone https://git.in0rdr.ch/jenkins-lib.git
Log | Files | Refs | README

commit da293e1fde83dc443c7c9ee9bf41523af8c5490a
parent 439b5971be0820d3dc81ffa737924720fe71e6be
Author: Andreas Gruhler <andreas.gruhler@adfinis.com>
Date:   Wed,  5 Jun 2024 00:18:50 +0200

feat(gitleaks): revert to declarative syntax

The workspace is not cleared from previous archiveArtifacts and the
artifact is not updated in subsequent runs.

Diffstat:
Mvars/gitleaks.groovy | 41++++++++++++++++++++++++++++-------------
1 file changed, 28 insertions(+), 13 deletions(-)

diff --git a/vars/gitleaks.groovy b/vars/gitleaks.groovy @@ -1,19 +1,34 @@ def call() { - node('podman') { - stage('scan') { - docker.image('ghcr.io/gitleaks/gitleaks:v8.18.3').inside('-u root --entrypoint=""') { - sh returnStatus: true, script: ''' - gitleaks detect \ - --no-color --no-banner \ - --gitleaks-ignore-path .gitleaksignore \ - --report-path gitleaks-report.json - ''' - archiveArtifacts artifacts: 'gitleaks-report.json', fingerprint: true - def r = readJSON file: 'gitleaks-report.json' - if (!r.isEmpty()) { - unstable(message: "Secrets detected in ${BUILD_URL}") + pipeline { + agent { + docker { + label 'podman' + image 'ghcr.io/gitleaks/gitleaks:v8.18.3' + args '-u root --entrypoint=' + } + } + + stages { + stage('scan') { + steps { + script { + sh returnStatus: true, script: ''' + gitleaks detect \ + --no-color --no-banner \ + --report-path gitleaks-report.json + ''' + def r = readJSON file: 'gitleaks-report.json' + if (!r.isEmpty()) { + unstable(message: "Secrets detected in ${BUILD_URL}") + } + } } } } + post { + always { + archiveArtifacts artifacts: 'gitleaks-report.json', fingerprint: true + } + } } }