automated terminal push
This commit is contained in:
lenape
78
Jenkinsfile
vendored
Normal file
78
Jenkinsfile
vendored
Normal file
@@ -0,0 +1,78 @@
|
|||||||
|
pipeline {
|
||||||
|
agent any
|
||||||
|
|
||||||
|
environment {
|
||||||
|
// Non‑secret config injected from Jenkins Credentials (Secret Text)
|
||||||
|
AWS_REGION = credentials('AWS_REGION')
|
||||||
|
AWS_ACCOUNT_ID = credentials('AWS_ACCOUNT_ID')
|
||||||
|
CODEART_DOMAIN = credentials('CODEART_DOMAIN')
|
||||||
|
CODEART_REPO = credentials('CODEART_REPO')
|
||||||
|
}
|
||||||
|
|
||||||
|
stages {
|
||||||
|
stage('Checkout') {
|
||||||
|
steps {
|
||||||
|
checkout scm
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
stage('Authenticate & Configure') {
|
||||||
|
steps {
|
||||||
|
// Use AWS Credentials Plugin to pick up your IAM user keys
|
||||||
|
withAWS(credentials: 'jenkins-codeartifact', region: "${AWS_REGION}") {
|
||||||
|
script {
|
||||||
|
// Fetch a short‑lived CodeArtifact token
|
||||||
|
env.CODEART_TOKEN = sh(
|
||||||
|
script: """
|
||||||
|
aws codeartifact get-authorization-token \\
|
||||||
|
--domain ${CODEART_DOMAIN} \\
|
||||||
|
--domain-owner ${AWS_ACCOUNT_ID} \\
|
||||||
|
--query authorizationToken --output text
|
||||||
|
""", returnStdout: true
|
||||||
|
).trim()
|
||||||
|
}
|
||||||
|
// Point pip and twine at your CodeArtifact repo
|
||||||
|
sh '''
|
||||||
|
pip config set global.index-url \
|
||||||
|
"https://aws:${CODEART_TOKEN}@${CODEART_DOMAIN}-${AWS_ACCOUNT_ID}.d.codeartifact.${AWS_REGION}.amazonaws.com/pypi/${CODEART_REPO}/simple/"
|
||||||
|
cat > ~/.pypirc <<EOF
|
||||||
|
[distutils]
|
||||||
|
index-servers = codeartifact
|
||||||
|
|
||||||
|
[codeartifact]
|
||||||
|
repository = https://${CODEART_DOMAIN}-${AWS_ACCOUNT_ID}.d.codeartifact.${AWS_REGION}.amazonaws.com/pypi/${CODEART_REPO}/
|
||||||
|
username = aws
|
||||||
|
password = ${CODEART_TOKEN}
|
||||||
|
EOF
|
||||||
|
'''
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
stage('Build & Publish') {
|
||||||
|
steps {
|
||||||
|
sh '''
|
||||||
|
python3 -m pip install --upgrade setuptools wheel twine
|
||||||
|
python3 setup.py sdist bdist_wheel
|
||||||
|
twine upload --repository codeartifact dist/*
|
||||||
|
'''
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
stage('Trivy Scan') {
|
||||||
|
steps {
|
||||||
|
// Runs Trivy as a Docker container against your workspace
|
||||||
|
sh 'docker run --rm -v ${WORKSPACE}:/project aquasec/trivy:latest fs --severity HIGH,CRITICAL --exit-code 1 /project'
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
post {
|
||||||
|
success {
|
||||||
|
echo '✅ Build succeeded and package published to CodeArtifact.'
|
||||||
|
}
|
||||||
|
failure {
|
||||||
|
echo '❌ Build failed — check the console output for errors.'
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user