Jenkinsfile (1253B)
1 @Library('in0rdr-jenkins-lib@master') _ 2 3 def updatecli = new Updatecli(this) 4 def trivy = new Trivy(this) 5 def buildahbud = new BuildahBud(this) 6 def buildahpush = new BuildahPush(this) 7 8 // https://plugins.jenkins.io/hashicorp-vault-plugin/#user-content-usage-via-jenkinsfile 9 def secrets = [ 10 [path: 'kv/jenkins-secrets/git', secretValues: [ 11 [envVar: 'GIT_USERNAME', vaultKey: 'username'], 12 [envVar: 'GIT_PASSWORD', vaultKey: 'password'] 13 ]] 14 ] 15 16 node('podman'){ 17 scmVars = checkout(scm) 18 gitleaks() 19 20 withVault([vaultSecrets: secrets]) { 21 updatecli.run('apply') 22 trivy.vuln() 23 trivy.sbom() 24 } 25 26 // build with image context and name 27 buildahbud.execute([:], '.', 'myheats-api', "${scmVars.GIT_COMMIT}", 'dockerfiles/api/Dockerfile') 28 buildahpush.execute('myheats-api', "${scmVars.GIT_COMMIT}") 29 30 buildahbud.execute([ 31 VITE_API_URI: "https://myheats-demo.p0c.ch", 32 VITE_API_PORT: 443, 33 VITE_APP_DOC_TITLE: "MyHeats Demo", 34 VITE_SESSION_TTL: 259200, // 72h 35 VITE_WS_URI: "wss://myheats-demo.p0c.ch", 36 VITE_WS_PORT: 443, 37 VITE_LOCALE: "de-CH" 38 ], '.', 'myheats-frontend', "${scmVars.GIT_COMMIT}", 'dockerfiles/frontend/Dockerfile') 39 buildahpush.execute('myheats-frontend', "${scmVars.GIT_COMMIT}") 40 }