hello-codeartifact/Jenkinsfile

pipeline {
  agent any
  environment {
    // Non-secret config injected from Jenkins Credentials (Secret Text)
    AWS_REGION     = credentials('AWS_REGION')
    AWS_ACCOUNT_ID = credentials('AWS_ACCOUNT_ID')
    CODEART_DOMAIN = credentials('CODEART_DOMAIN')
    CODEART_REPO   = credentials('CODEART_REPO')
  }
  stages {
    stage('Checkout') {
      steps {
        checkout scm
      }
    }
    stage('Authenticate & Configure') {
      steps {
        // Use AWS Steps Plugin to pick up your IAM user keys
        withAWS(credentials: 'jenkins-codeartifact', region: "${AWS_REGION}") {
          script {
            // Fetch a short-lived CodeArtifact token
            env.CODEART_TOKEN = sh(
              script: """
                aws codeartifact get-authorization-token \\
                  --domain ${CODEART_DOMAIN} \\
                  --domain-owner ${AWS_ACCOUNT_ID} \\
                  --query authorizationToken --output text
              """, returnStdout: true
            ).trim()
          }
          // Point pip and twine at your CodeArtifact repo
          sh '''
            pip config set global.index-url \
"https://aws:${CODEART_TOKEN}@${CODEART_DOMAIN}-${AWS_ACCOUNT_ID}.d.codeartifact.${AWS_REGION}.amazonaws.com/pypi/${CODEART_REPO}/simple/"
            cat > ~/.pypirc <<EOF
[distutils]
index-servers = codeartifact
[codeartifact]
repository = https://${CODEART_DOMAIN}-${AWS_ACCOUNT_ID}.d.codeartifact.${AWS_REGION}.amazonaws.com/pypi/${CODEART_REPO}/
username = aws
password = ${CODEART_TOKEN}
EOF
          '''
        }
      }
    }
    stage('Build') {
      steps {
        sh '''
          python3 -m pip install --upgrade setuptools wheel twine
          python3 setup.py sdist bdist_wheel
        '''
      }
    }
    stage('Trivy Security Scan') {
      steps {
        // Runs Trivy as a Docker container against your workspace
        // This will fail the build if HIGH or CRITICAL vulnerabilities are found
        sh 'docker run --rm -v ${WORKSPACE}:/project aquasec/trivy:latest fs --severity HIGH,CRITICAL --exit-code 1 /project'
      }
    }
    stage('Publish') {
      steps {
        // Only publish if security scan passes
        sh '''
          twine upload --repository codeartifact dist/*
        '''
      }
    }
  }
  post {
    success {
      echo '✅ Build succeeded and package published to CodeArtifact.'
    }
    failure {
      echo '❌ Build failed — check the console output for errors.'
    }
  }
}
automated terminal push 2025-06-29 15:39:27 +00:00			`pipeline {`
			`agent any`
			`environment {`
automated terminal push 2025-06-29 15:49:37 +00:00			`// Non-secret config injected from Jenkins Credentials (Secret Text)`
automated terminal push 2025-06-29 15:39:27 +00:00			`AWS_REGION = credentials('AWS_REGION')`
			`AWS_ACCOUNT_ID = credentials('AWS_ACCOUNT_ID')`
			`CODEART_DOMAIN = credentials('CODEART_DOMAIN')`
			`CODEART_REPO = credentials('CODEART_REPO')`
			`}`
			`stages {`
			`stage('Checkout') {`
			`steps {`
			`checkout scm`
			`}`
			`}`
			`stage('Authenticate & Configure') {`
			`steps {`
automated terminal push 2025-06-29 16:12:42 +00:00			`// Use AWS Steps Plugin to pick up your IAM user keys`
			`withAWS(credentials: 'jenkins-codeartifact', region: "${AWS_REGION}") {`
automated terminal push 2025-06-29 15:39:27 +00:00			`script {`
automated terminal push 2025-06-29 15:49:37 +00:00			`// Fetch a short-lived CodeArtifact token`
automated terminal push 2025-06-29 15:39:27 +00:00			`env.CODEART_TOKEN = sh(`
			`script: """`
			`aws codeartifact get-authorization-token \\`
			`--domain ${CODEART_DOMAIN} \\`
			`--domain-owner ${AWS_ACCOUNT_ID} \\`
			`--query authorizationToken --output text`
			`""", returnStdout: true`
			`).trim()`
			`}`
			`// Point pip and twine at your CodeArtifact repo`
			`sh '''`
			`pip config set global.index-url \`
			`"https://aws:${CODEART_TOKEN}@${CODEART_DOMAIN}-${AWS_ACCOUNT_ID}.d.codeartifact.${AWS_REGION}.amazonaws.com/pypi/${CODEART_REPO}/simple/"`
			`cat > ~/.pypirc <<EOF`
automated terminal push 2025-06-29 15:49:37 +00:00			`[distutils]`
			`index-servers = codeartifact`
			`[codeartifact]`
			`repository = https://${CODEART_DOMAIN}-${AWS_ACCOUNT_ID}.d.codeartifact.${AWS_REGION}.amazonaws.com/pypi/${CODEART_REPO}/`
			`username = aws`
			`password = ${CODEART_TOKEN}`
automated terminal push 2025-06-29 15:39:27 +00:00			`EOF`
			`'''`
			`}`
			`}`
			`}`
automated terminal push 2025-06-29 15:49:37 +00:00			`stage('Build') {`
automated terminal push 2025-06-29 15:39:27 +00:00			`steps {`
			`sh '''`
			`python3 -m pip install --upgrade setuptools wheel twine`
			`python3 setup.py sdist bdist_wheel`
			`'''`
			`}`
			`}`
automated terminal push 2025-06-29 15:49:37 +00:00			`stage('Trivy Security Scan') {`
automated terminal push 2025-06-29 15:39:27 +00:00			`steps {`
			`// Runs Trivy as a Docker container against your workspace`
automated terminal push 2025-06-29 15:49:37 +00:00			`// This will fail the build if HIGH or CRITICAL vulnerabilities are found`
automated terminal push 2025-06-29 15:39:27 +00:00			`sh 'docker run --rm -v ${WORKSPACE}:/project aquasec/trivy:latest fs --severity HIGH,CRITICAL --exit-code 1 /project'`
			`}`
			`}`
automated terminal push 2025-06-29 15:49:37 +00:00			`stage('Publish') {`
			`steps {`
			`// Only publish if security scan passes`
			`sh '''`
			`twine upload --repository codeartifact dist/*`
			`'''`
			`}`
			`}`
automated terminal push 2025-06-29 15:39:27 +00:00			`}`
			`post {`
			`success {`
			`echo '✅ Build succeeded and package published to CodeArtifact.'`
			`}`
			`failure {`
			`echo '❌ Build failed — check the console output for errors.'`
			`}`
			`}`
automated terminal push 2025-06-29 15:49:37 +00:00			`}`