Jenkinsfile

pipeline {
    agent { label 'docker-paas-agent-04 || docker-paas-agent' }
    
    environment {
        ORCHENT_AGENT_ACCOUNT='infn-cloud-ops'
        ORCHENT_URL='https://my.cloud.infn.it/orchestrator'
    }
    
    stages {
        stage ('Test environment'){
            steps {
                withCredentials([
                    sshUserPrivateKey(credentialsId: "ssh_scans", keyFileVariable: 'keyfile'),
                    usernamePassword(credentialsId: "jenkins_scans_creds", usernameVariable: 'GMP_USER', passwordVariable: 'GMP_PASSWORD')
                ]) {
                    sh '''#!/bin/bash
                        env 

                        # Orchent connection test
                        orchent depls > depls.output
                        if grep -q ERROR depls.output
                        then 
                            echo "orchent depls: NOT ok" 
                            cat depls.output 
                            exit 1
                        else 
                            echo "orchent depls: OK" 
                        fi

                        # Create ssh tunnel
                        cp ${keyfile} /home/jenkins/.ssh/id_rsa
                        ssh -o StrictHostKeyChecking=no -f -N -L localhost:9390:192.168.235.234:9390 jenkins@scans.cloud.infn.it 

                        # Greenbone connection test
                        /usr/local/bin/gvm-cli --gmp-username $GMP_USER --gmp-password $GMP_PASSWORD tls --hostname 127.0.0.1 --xml "<get_version/>" > gvm.output
                        if grep -q OK gvm.output
                        then 
                            echo "gvm check: OK" 
                        else 
                            echo "gvm check: NOT ok" 
                            cat gvm.output 
                            exit 1
                        fi
                    '''
                }
            }
            post {
                failure {
                    emailext body: '$DEFAULT_CONTENT', subject: '$PROJECT_NAME - Build # $BUILD_NUMBER: Error during environmenti checking!', to: '$RECIPIENTS'
                }
            }
        }
        stage ('Create test deployment'){
            steps {
                sh '''#!/bin/bash
                    wget -O site.yaml "${PLAYBOOK_URL}"
                    ansible-playbook site.yaml --extra-vars "paas_ci_test_step='create_deployment'"  
                '''
            }
            post {
                failure {
                    archiveArtifacts artifacts: '*deployment.txt', allowEmptyArchive: true
                    emailext attachmentsPattern: '*deployment.txt', body: '$DEFAULT_CONTENT', subject: '$PROJECT_NAME - Build # $BUILD_NUMBER: Error during deployment!', to: '$RECIPIENTS'
                }
            }
        }         
        stage ('Scan endpoints'){
            steps {
                withCredentials([
                    sshUserPrivateKey(credentialsId: "ssh_scans", keyFileVariable: 'keyfile'),
                    usernamePassword(credentialsId: "jenkins_scans_creds", usernameVariable: 'GMP_USER', passwordVariable: 'GMP_PASSWORD'),
                    usernamePassword(credentialsId: "security-scans-cred", usernameVariable: 'GIT_SEC_USER', passwordVariable: 'GIT_SEC_TOKEN')
                ]) {
                    sh '''#!/bin/bash   
                        cp ${keyfile} /home/jenkins/.ssh/id_rsa
                        export ANSIBLE_STDOUT_CALLBACK=debug
                        ansible-playbook site.yaml --extra-vars "paas_ci_test_step='scan'"  
                    '''
                }
            }
            post {
                failure {
                    archiveArtifacts artifacts: '*report.pdf, oids.txt', allowEmptyArchive: true
                    emailext attachmentsPattern: '*report.pdf, oids.txt', body: '$DEFAULT_CONTENT', subject: '$PROJECT_NAME - Build # $BUILD_NUMBER: Vulnerabilities detected!', to: '$RECIPIENTS'
                }
            }
        }    
    }
    post { 
        always { 
            sh '''#!/bin/bash
            ansible-playbook site.yaml --extra-vars "paas_ci_test_step='clean'" 
            '''
        }
        failure {
            script {
                if ( fileExists ('severity.json')) {
                    emailext body: '$DEFAULT_CONTENT', subject: '$DEFAULT_SUBJECT', to: '$RECIPIENTS'
                }    
            }    
        }
    }   
}