conjur-debify 3.0.3.pre.145 → 3.0.3.pre.216

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/Jenkinsfile +75 -44
  3. data/VERSION +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 749d66a8a64cbc22abc88af81e4f1851ee888d178c875d8c384da86e9c84a472
4
- data.tar.gz: 7d0713e5b38339ce6ac39d4c6714593d00ace8f6515e8c8d3f5b0914a2a14d48
3
+ metadata.gz: a67cda7bff727c277d5265ce52db2bff433d1037f00127c89f0d3741cb4fd301
4
+ data.tar.gz: 44fcf54fc677d908deed4a07bad5d4c2a7275a3e0e659db5538c0dce42f9de5d
5
5
  SHA512:
6
- metadata.gz: '07198fe9a64df0947c30bf59ec95af4c63ca81abbfc7dff9d46188b480f21e373bbcccdd84ff3be97b0c37d41db7dd4f05f34ed82376de62f28206c23423c2b0'
7
- data.tar.gz: 2ac3dc9e0bbda1d32a046fcd376f5b8aabf24df4b1a09695a3300e935e3d4ed8ab301e0cf6ae8a1af12c8de84554375b9971d92deec45011fc1e67f357e41314
6
+ metadata.gz: 9675f380f690a261d7c9f1cd76045600745f92dc4ad1388b9f462ebb3c5ed36a1d11ad3c5be937a40ee3afbc9f595557d6f74ed91e0cb0c044f2153b0543df9e
7
+ data.tar.gz: 05767c19f4e97a04c71da31c2a8d0e7079a2b979b19a48779ce625e8351b6c8a44066362ee939b579c03058177f21a6eda0ad59379728e56b33cf9000a13d6b9
data/Jenkinsfile CHANGED
@@ -1,5 +1,10 @@
1
1
  #!/usr/bin/env groovy
2
2
 
3
+ @Library("product-pipelines-shared-library") _
4
+
5
+ def productName = 'Debify'
6
+ def productTypeName = 'Conjur Internal'
7
+
3
8
  // Automated release, promotion and dependencies
4
9
  properties([
5
10
  // Include the automated release parameters for the build
@@ -16,6 +21,33 @@ if (params.MODE == "PROMOTE") {
16
21
  // Any publishing of targetVersion artifacts occur here
17
22
  // Anything added to assetDirectory will be attached to the Github Release
18
23
 
24
+ env.INFRAPOOL_PRODUCT_NAME = "${productName}"
25
+ env.INFRAPOOL_DD_PRODUCT_TYPE_NAME = "${productTypeName}"
26
+
27
+ def scans = [:]
28
+
29
+ scans["AMD64"] = {
30
+ stage("Scan Docker image (AMD64 based)") {
31
+ runSecurityScans(infrapool,
32
+ image: "registry.tld/conjurinc/debify:${sourceVersion}-amd64",
33
+ buildMode: params.MODE,
34
+ branch: env.BRANCH_NAME,
35
+ architecure: 'linux/amd64')
36
+ }
37
+ }
38
+
39
+ scans["ARM64"] = {
40
+ stage("Scan Docker image (ARM64 based)") {
41
+ runSecurityScans(infrapool,
42
+ image: "registry.tld/conjurinc/debify:${sourceVersion}-arm64",
43
+ buildMode: params.MODE,
44
+ branch: env.BRANCH_NAME,
45
+ architecure: 'linux/arm64')
46
+ }
47
+ }
48
+
49
+ parallel(scans)
50
+
19
51
  //Note: assetDirectory is on the infrapool agent, not the local Jenkins agent.
20
52
  infrapool.agentSh './publish-rubygem.sh'
21
53
  }
@@ -38,6 +70,10 @@ pipeline {
38
70
  environment {
39
71
  // Sets the MODE to the specified or autocalculated value as appropriate
40
72
  MODE = release.canonicalizeMode()
73
+
74
+ // Values to direct scan results to the right place in DefectDojo
75
+ INFRAPOOL_PRODUCT_NAME = "${productName}"
76
+ INFRAPOOL_DD_PRODUCT_TYPE_NAME = "${productTypeName}"
41
77
  }
42
78
 
43
79
  stages {
@@ -103,82 +139,77 @@ pipeline {
103
139
  }
104
140
  }
105
141
  }
106
- stage('Scan Docker image') {
142
+ stage('Push Docker image') {
107
143
  parallel {
108
- stage('Scan Docker image for fixable issues (AMD64 based)') {
109
- steps{
110
- script {
111
- VERSION = INFRAPOOL_EXECUTORV2_AGENT_0.agentSh(returnStdout: true, script: 'cat VERSION')
112
- }
113
- scanAndReport(INFRAPOOL_EXECUTORV2_AGENT_0, "debify:${VERSION}", "HIGH", false)
114
- }
115
- }
116
- stage('Scan Docker image for all issues (AMD64 based)') {
117
- steps{
118
- script {
119
- VERSION = INFRAPOOL_EXECUTORV2_AGENT_0.agentSh(returnStdout: true, script: 'cat VERSION')
120
- }
121
- scanAndReport(INFRAPOOL_EXECUTORV2_AGENT_0, "debify:${VERSION}", "NONE", true)
122
- }
123
- }
124
- stage('Scan Docker image for fixable issues (ARM64 based)') {
125
- steps{
144
+ stage('Push AMD64 image') {
145
+ steps {
126
146
  script {
127
- VERSION = INFRAPOOL_EXECUTORV2ARM_AGENT_0.agentSh(returnStdout: true, script: 'cat VERSION')
147
+ INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './push-image.sh amd64'
128
148
  }
129
- scanAndReport(INFRAPOOL_EXECUTORV2ARM_AGENT_0, "debify:${VERSION}", "HIGH", false)
130
149
  }
131
150
  }
132
- stage('Scan Docker image for all issues (ARM64 based)') {
133
- steps{
151
+
152
+ stage('Push ARM64 image') {
153
+ steps {
134
154
  script {
135
- VERSION = INFRAPOOL_EXECUTORV2ARM_AGENT_0.agentSh(returnStdout: true, script: 'cat VERSION')
155
+ INFRAPOOL_EXECUTORV2ARM_AGENT_0.agentSh './push-image.sh arm64'
136
156
  }
137
- scanAndReport(INFRAPOOL_EXECUTORV2ARM_AGENT_0, "debify:${VERSION}", "NONE", true)
138
157
  }
139
158
  }
140
159
  }
141
160
  }
142
161
 
143
- stage('Run feature tests') {
162
+ stage('Push Docker manifest with multi-arch') {
144
163
  steps {
145
164
  script {
146
- INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './test.sh'
147
- INFRAPOOL_EXECUTORV2_AGENT_0.agentStash name: 'test-results', includes: 'features/reports/*.xml'
165
+ INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './push-manifest.sh'
148
166
  }
149
167
  }
150
- post { always {
151
- unstash 'test-results'
152
- junit 'features/reports/*.xml'
153
- }}
154
168
  }
155
-
156
- stage('Push Docker image') {
169
+ stage('Scan Docker image') {
157
170
  parallel {
158
- stage('Push AMD64 image') {
159
- steps {
171
+ stage('Scan Docker image (AMD64 based)') {
172
+ steps{
160
173
  script {
161
- INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './push-image.sh amd64'
174
+ // Take the first value of the image-tags output
175
+ VERSION = INFRAPOOL_EXECUTORV2_AGENT_0.agentSh(returnStdout: true, script: './image-tags | cut -d" " -f1')
162
176
  }
177
+ runSecurityScans(INFRAPOOL_EXECUTORV2_AGENT_0,
178
+ image: "registry.tld/conjurinc/debify:${VERSION}",
179
+ buildMode: MODE,
180
+ branch: env.BRANCH_NAME,
181
+ arch: "linux/amd64"
182
+ )
163
183
  }
164
184
  }
165
-
166
- stage('Push ARM64 image') {
167
- steps {
185
+ stage('Scan Docker image (ARM64 based)') {
186
+ steps{
168
187
  script {
169
- INFRAPOOL_EXECUTORV2ARM_AGENT_0.agentSh './push-image.sh arm64'
188
+ // Take the first value of the image-tags output
189
+ VERSION = INFRAPOOL_EXECUTORV2ARM_AGENT_0.agentSh(returnStdout: true, script: './image-tags | cut -d" " -f1')
170
190
  }
191
+ runSecurityScans(INFRAPOOL_EXECUTORV2ARM_AGENT_0,
192
+ image: "registry.tld/conjurinc/debify:${VERSION}",
193
+ buildMode: MODE,
194
+ branch: env.BRANCH_NAME,
195
+ arch: "linux/arm64"
196
+ )
171
197
  }
172
198
  }
173
199
  }
174
200
  }
175
201
 
176
- stage('Push Docker manifest with multi-arch') {
202
+ stage('Run feature tests') {
177
203
  steps {
178
204
  script {
179
- INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './push-manifest.sh'
205
+ INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './test.sh'
206
+ INFRAPOOL_EXECUTORV2_AGENT_0.agentStash name: 'test-results', includes: 'features/reports/*.xml'
180
207
  }
181
208
  }
209
+ post { always {
210
+ unstash 'test-results'
211
+ junit 'features/reports/*.xml'
212
+ }}
182
213
  }
183
214
 
184
215
  stage('Release') {
@@ -216,4 +247,4 @@ pipeline {
216
247
  releaseInfraPoolAgent()
217
248
  }
218
249
  }
219
- }
250
+ }
data/VERSION CHANGED
@@ -1 +1 @@
1
- 3.0.3-145
1
+ 3.0.3-216
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: conjur-debify
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.3.pre.145
4
+ version: 3.0.3.pre.216
5
5
  platform: ruby
6
6
  authors:
7
7
  - CyberArk Software, Inc.
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-07-17 00:00:00.000000000 Z
11
+ date: 2024-10-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: gli