lenape/hello-codeartifact
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
04857fe955d31e39b06eb058a62fbdc58d6e9b06
hello-codeartifact/Jenkinsfile
lenape 04857fe955 automated terminal push
2025-06-29 15:39:27 +00:00

79 lines
2.3 KiB
Groovy
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

pipeline {
agent any
environment {
// Nonsecret config injected from Jenkins Credentials (Secret Text)
AWS_REGION = credentials('AWS_REGION')
AWS_ACCOUNT_ID = credentials('AWS_ACCOUNT_ID')
CODEART_DOMAIN = credentials('CODEART_DOMAIN')
CODEART_REPO = credentials('CODEART_REPO')
}
stages {
stage('Checkout') {
steps {
checkout scm
}
}
stage('Authenticate & Configure') {
steps {
// Use AWS Credentials Plugin to pick up your IAM user keys
withAWS(credentials: 'jenkins-codeartifact', region: "${AWS_REGION}") {
script {
// Fetch a shortlived CodeArtifact token
env.CODEART_TOKEN = sh(
script: """
aws codeartifact get-authorization-token \\
--domain ${CODEART_DOMAIN} \\
--domain-owner ${AWS_ACCOUNT_ID} \\
--query authorizationToken --output text
""", returnStdout: true
).trim()
}
// Point pip and twine at your CodeArtifact repo
sh '''
pip config set global.index-url \
"https://aws:${CODEART_TOKEN}@${CODEART_DOMAIN}-${AWS_ACCOUNT_ID}.d.codeartifact.${AWS_REGION}.amazonaws.com/pypi/${CODEART_REPO}/simple/"
cat > ~/.pypirc <<EOF
[distutils]
index-servers = codeartifact
[codeartifact]
repository = https://${CODEART_DOMAIN}-${AWS_ACCOUNT_ID}.d.codeartifact.${AWS_REGION}.amazonaws.com/pypi/${CODEART_REPO}/
username = aws
password = ${CODEART_TOKEN}
EOF
'''
}
}
}
stage('Build & Publish') {
steps {
sh '''
python3 -m pip install --upgrade setuptools wheel twine
python3 setup.py sdist bdist_wheel
twine upload --repository codeartifact dist/*
'''
}
}
stage('Trivy Scan') {
steps {
// Runs Trivy as a Docker container against your workspace
sh 'docker run --rm -v ${WORKSPACE}:/project aquasec/trivy:latest fs --severity HIGH,CRITICAL --exit-code 1 /project'
}
}
}
post {
success {
echo '✅ Build succeeded and package published to CodeArtifact.'
}
failure {
echo '❌ Build failed — check the console output for errors.'
}
}
}
Reference in New Issue View Git Blame Copy Permalink