conjur-debify 3.0.3.pre.145 → 3.0.3.pre.216
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Jenkinsfile +75 -44
- data/VERSION +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a67cda7bff727c277d5265ce52db2bff433d1037f00127c89f0d3741cb4fd301
|
|
4
|
+
data.tar.gz: 44fcf54fc677d908deed4a07bad5d4c2a7275a3e0e659db5538c0dce42f9de5d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9675f380f690a261d7c9f1cd76045600745f92dc4ad1388b9f462ebb3c5ed36a1d11ad3c5be937a40ee3afbc9f595557d6f74ed91e0cb0c044f2153b0543df9e
|
|
7
|
+
data.tar.gz: 05767c19f4e97a04c71da31c2a8d0e7079a2b979b19a48779ce625e8351b6c8a44066362ee939b579c03058177f21a6eda0ad59379728e56b33cf9000a13d6b9
|
data/Jenkinsfile
CHANGED
|
@@ -1,5 +1,10 @@
|
|
|
1
1
|
#!/usr/bin/env groovy
|
|
2
2
|
|
|
3
|
+
@Library("product-pipelines-shared-library") _
|
|
4
|
+
|
|
5
|
+
def productName = 'Debify'
|
|
6
|
+
def productTypeName = 'Conjur Internal'
|
|
7
|
+
|
|
3
8
|
// Automated release, promotion and dependencies
|
|
4
9
|
properties([
|
|
5
10
|
// Include the automated release parameters for the build
|
|
@@ -16,6 +21,33 @@ if (params.MODE == "PROMOTE") {
|
|
|
16
21
|
// Any publishing of targetVersion artifacts occur here
|
|
17
22
|
// Anything added to assetDirectory will be attached to the Github Release
|
|
18
23
|
|
|
24
|
+
env.INFRAPOOL_PRODUCT_NAME = "${productName}"
|
|
25
|
+
env.INFRAPOOL_DD_PRODUCT_TYPE_NAME = "${productTypeName}"
|
|
26
|
+
|
|
27
|
+
def scans = [:]
|
|
28
|
+
|
|
29
|
+
scans["AMD64"] = {
|
|
30
|
+
stage("Scan Docker image (AMD64 based)") {
|
|
31
|
+
runSecurityScans(infrapool,
|
|
32
|
+
image: "registry.tld/conjurinc/debify:${sourceVersion}-amd64",
|
|
33
|
+
buildMode: params.MODE,
|
|
34
|
+
branch: env.BRANCH_NAME,
|
|
35
|
+
architecure: 'linux/amd64')
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
|
|
39
|
+
scans["ARM64"] = {
|
|
40
|
+
stage("Scan Docker image (ARM64 based)") {
|
|
41
|
+
runSecurityScans(infrapool,
|
|
42
|
+
image: "registry.tld/conjurinc/debify:${sourceVersion}-arm64",
|
|
43
|
+
buildMode: params.MODE,
|
|
44
|
+
branch: env.BRANCH_NAME,
|
|
45
|
+
architecure: 'linux/arm64')
|
|
46
|
+
}
|
|
47
|
+
}
|
|
48
|
+
|
|
49
|
+
parallel(scans)
|
|
50
|
+
|
|
19
51
|
//Note: assetDirectory is on the infrapool agent, not the local Jenkins agent.
|
|
20
52
|
infrapool.agentSh './publish-rubygem.sh'
|
|
21
53
|
}
|
|
@@ -38,6 +70,10 @@ pipeline {
|
|
|
38
70
|
environment {
|
|
39
71
|
// Sets the MODE to the specified or autocalculated value as appropriate
|
|
40
72
|
MODE = release.canonicalizeMode()
|
|
73
|
+
|
|
74
|
+
// Values to direct scan results to the right place in DefectDojo
|
|
75
|
+
INFRAPOOL_PRODUCT_NAME = "${productName}"
|
|
76
|
+
INFRAPOOL_DD_PRODUCT_TYPE_NAME = "${productTypeName}"
|
|
41
77
|
}
|
|
42
78
|
|
|
43
79
|
stages {
|
|
@@ -103,82 +139,77 @@ pipeline {
|
|
|
103
139
|
}
|
|
104
140
|
}
|
|
105
141
|
}
|
|
106
|
-
stage('
|
|
142
|
+
stage('Push Docker image') {
|
|
107
143
|
parallel {
|
|
108
|
-
stage('
|
|
109
|
-
steps{
|
|
110
|
-
script {
|
|
111
|
-
VERSION = INFRAPOOL_EXECUTORV2_AGENT_0.agentSh(returnStdout: true, script: 'cat VERSION')
|
|
112
|
-
}
|
|
113
|
-
scanAndReport(INFRAPOOL_EXECUTORV2_AGENT_0, "debify:${VERSION}", "HIGH", false)
|
|
114
|
-
}
|
|
115
|
-
}
|
|
116
|
-
stage('Scan Docker image for all issues (AMD64 based)') {
|
|
117
|
-
steps{
|
|
118
|
-
script {
|
|
119
|
-
VERSION = INFRAPOOL_EXECUTORV2_AGENT_0.agentSh(returnStdout: true, script: 'cat VERSION')
|
|
120
|
-
}
|
|
121
|
-
scanAndReport(INFRAPOOL_EXECUTORV2_AGENT_0, "debify:${VERSION}", "NONE", true)
|
|
122
|
-
}
|
|
123
|
-
}
|
|
124
|
-
stage('Scan Docker image for fixable issues (ARM64 based)') {
|
|
125
|
-
steps{
|
|
144
|
+
stage('Push AMD64 image') {
|
|
145
|
+
steps {
|
|
126
146
|
script {
|
|
127
|
-
|
|
147
|
+
INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './push-image.sh amd64'
|
|
128
148
|
}
|
|
129
|
-
scanAndReport(INFRAPOOL_EXECUTORV2ARM_AGENT_0, "debify:${VERSION}", "HIGH", false)
|
|
130
149
|
}
|
|
131
150
|
}
|
|
132
|
-
|
|
133
|
-
|
|
151
|
+
|
|
152
|
+
stage('Push ARM64 image') {
|
|
153
|
+
steps {
|
|
134
154
|
script {
|
|
135
|
-
|
|
155
|
+
INFRAPOOL_EXECUTORV2ARM_AGENT_0.agentSh './push-image.sh arm64'
|
|
136
156
|
}
|
|
137
|
-
scanAndReport(INFRAPOOL_EXECUTORV2ARM_AGENT_0, "debify:${VERSION}", "NONE", true)
|
|
138
157
|
}
|
|
139
158
|
}
|
|
140
159
|
}
|
|
141
160
|
}
|
|
142
161
|
|
|
143
|
-
stage('
|
|
162
|
+
stage('Push Docker manifest with multi-arch') {
|
|
144
163
|
steps {
|
|
145
164
|
script {
|
|
146
|
-
INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './
|
|
147
|
-
INFRAPOOL_EXECUTORV2_AGENT_0.agentStash name: 'test-results', includes: 'features/reports/*.xml'
|
|
165
|
+
INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './push-manifest.sh'
|
|
148
166
|
}
|
|
149
167
|
}
|
|
150
|
-
post { always {
|
|
151
|
-
unstash 'test-results'
|
|
152
|
-
junit 'features/reports/*.xml'
|
|
153
|
-
}}
|
|
154
168
|
}
|
|
155
|
-
|
|
156
|
-
stage('Push Docker image') {
|
|
169
|
+
stage('Scan Docker image') {
|
|
157
170
|
parallel {
|
|
158
|
-
stage('
|
|
159
|
-
steps
|
|
171
|
+
stage('Scan Docker image (AMD64 based)') {
|
|
172
|
+
steps{
|
|
160
173
|
script {
|
|
161
|
-
|
|
174
|
+
// Take the first value of the image-tags output
|
|
175
|
+
VERSION = INFRAPOOL_EXECUTORV2_AGENT_0.agentSh(returnStdout: true, script: './image-tags | cut -d" " -f1')
|
|
162
176
|
}
|
|
177
|
+
runSecurityScans(INFRAPOOL_EXECUTORV2_AGENT_0,
|
|
178
|
+
image: "registry.tld/conjurinc/debify:${VERSION}",
|
|
179
|
+
buildMode: MODE,
|
|
180
|
+
branch: env.BRANCH_NAME,
|
|
181
|
+
arch: "linux/amd64"
|
|
182
|
+
)
|
|
163
183
|
}
|
|
164
184
|
}
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
steps {
|
|
185
|
+
stage('Scan Docker image (ARM64 based)') {
|
|
186
|
+
steps{
|
|
168
187
|
script {
|
|
169
|
-
|
|
188
|
+
// Take the first value of the image-tags output
|
|
189
|
+
VERSION = INFRAPOOL_EXECUTORV2ARM_AGENT_0.agentSh(returnStdout: true, script: './image-tags | cut -d" " -f1')
|
|
170
190
|
}
|
|
191
|
+
runSecurityScans(INFRAPOOL_EXECUTORV2ARM_AGENT_0,
|
|
192
|
+
image: "registry.tld/conjurinc/debify:${VERSION}",
|
|
193
|
+
buildMode: MODE,
|
|
194
|
+
branch: env.BRANCH_NAME,
|
|
195
|
+
arch: "linux/arm64"
|
|
196
|
+
)
|
|
171
197
|
}
|
|
172
198
|
}
|
|
173
199
|
}
|
|
174
200
|
}
|
|
175
201
|
|
|
176
|
-
stage('
|
|
202
|
+
stage('Run feature tests') {
|
|
177
203
|
steps {
|
|
178
204
|
script {
|
|
179
|
-
INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './
|
|
205
|
+
INFRAPOOL_EXECUTORV2_AGENT_0.agentSh './test.sh'
|
|
206
|
+
INFRAPOOL_EXECUTORV2_AGENT_0.agentStash name: 'test-results', includes: 'features/reports/*.xml'
|
|
180
207
|
}
|
|
181
208
|
}
|
|
209
|
+
post { always {
|
|
210
|
+
unstash 'test-results'
|
|
211
|
+
junit 'features/reports/*.xml'
|
|
212
|
+
}}
|
|
182
213
|
}
|
|
183
214
|
|
|
184
215
|
stage('Release') {
|
|
@@ -216,4 +247,4 @@ pipeline {
|
|
|
216
247
|
releaseInfraPoolAgent()
|
|
217
248
|
}
|
|
218
249
|
}
|
|
219
|
-
}
|
|
250
|
+
}
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
3.0.3-
|
|
1
|
+
3.0.3-216
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: conjur-debify
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.0.3.pre.
|
|
4
|
+
version: 3.0.3.pre.216
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- CyberArk Software, Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-10-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: gli
|