lenape/hello-codeartifact
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

automated terminal push

Browse Source
This commit is contained in:
lenape
2025-06-29 15:49:37 +00:00
parent 04857fe955
commit 2d9eccf9fc
1 changed files with 24 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
Jenkinsfile vendored
View File

@@ -1,27 +1,24 @@
pipeline { pipeline {
agent any agent any
environment { environment {
// Nonsecret config injected from Jenkins Credentials (Secret Text) // Non-secret config injected from Jenkins Credentials (Secret Text)
AWS_REGION = credentials('AWS_REGION') AWS_REGION = credentials('AWS_REGION')
AWS_ACCOUNT_ID = credentials('AWS_ACCOUNT_ID') AWS_ACCOUNT_ID = credentials('AWS_ACCOUNT_ID')
CODEART_DOMAIN = credentials('CODEART_DOMAIN') CODEART_DOMAIN = credentials('CODEART_DOMAIN')
CODEART_REPO = credentials('CODEART_REPO') CODEART_REPO = credentials('CODEART_REPO')
} }
stages { stages {
stage('Checkout') { stage('Checkout') {
steps { steps {
checkout scm checkout scm
} }
} }
stage('Authenticate & Configure') { stage('Authenticate & Configure') {
steps { steps {
// Use AWS Credentials Plugin to pick up your IAM user keys // Use AWS Credentials Plugin to pick up your IAM user keys
withAWS(credentials: 'jenkins-codeartifact', region: "${AWS_REGION}") { withAWS(credentials: 'jenkins-codeartifact', region: "${AWS_REGION}") {
script { script {
// Fetch a shortlived CodeArtifact token // Fetch a short-lived CodeArtifact token
env.CODEART_TOKEN = sh( env.CODEART_TOKEN = sh(
script: """ script: """
aws codeartifact get-authorization-token \\ aws codeartifact get-authorization-token \\
@@ -36,37 +33,41 @@ pipeline {
pip config set global.index-url \ pip config set global.index-url \
"https://aws:${CODEART_TOKEN}@${CODEART_DOMAIN}-${AWS_ACCOUNT_ID}.d.codeartifact.${AWS_REGION}.amazonaws.com/pypi/${CODEART_REPO}/simple/" "https://aws:${CODEART_TOKEN}@${CODEART_DOMAIN}-${AWS_ACCOUNT_ID}.d.codeartifact.${AWS_REGION}.amazonaws.com/pypi/${CODEART_REPO}/simple/"
cat > ~/.pypirc <<EOF cat > ~/.pypirc <<EOF
[distutils] [distutils]
index-servers = codeartifact index-servers = codeartifact
[codeartifact]
[codeartifact] repository = https://${CODEART_DOMAIN}-${AWS_ACCOUNT_ID}.d.codeartifact.${AWS_REGION}.amazonaws.com/pypi/${CODEART_REPO}/
repository = https://${CODEART_DOMAIN}-${AWS_ACCOUNT_ID}.d.codeartifact.${AWS_REGION}.amazonaws.com/pypi/${CODEART_REPO}/ username = aws
username = aws password = ${CODEART_TOKEN}
password = ${CODEART_TOKEN}
EOF EOF
''' '''
} }
} }
} }
stage('Build') {
stage('Build & Publish') {
steps { steps {
sh ''' sh '''
python3 -m pip install --upgrade setuptools wheel twine python3 -m pip install --upgrade setuptools wheel twine
python3 setup.py sdist bdist_wheel python3 setup.py sdist bdist_wheel
'''
}
}
stage('Trivy Security Scan') {
steps {
// Runs Trivy as a Docker container against your workspace
// This will fail the build if HIGH or CRITICAL vulnerabilities are found
sh 'docker run --rm -v ${WORKSPACE}:/project aquasec/trivy:latest fs --severity HIGH,CRITICAL --exit-code 1 /project'
}
}
stage('Publish') {
steps {
// Only publish if security scan passes
sh '''
twine upload --repository codeartifact dist/* twine upload --repository codeartifact dist/*
''' '''
} }
} }
stage('Trivy Scan') {
steps {
// Runs Trivy as a Docker container against your workspace
sh 'docker run --rm -v ${WORKSPACE}:/project aquasec/trivy:latest fs --severity HIGH,CRITICAL --exit-code 1 /project'
}
}
} }
post { post {
success { success {
echo '✅ Build succeeded and package published to CodeArtifact.' echo '✅ Build succeeded and package published to CodeArtifact.'
@@ -75,4 +76,4 @@ EOF
echo '❌ Build failed — check the console output for errors.' echo '❌ Build failed — check the console output for errors.'
} }
} }
} }