pipeline {
agent { label 'docker-paas-agent' }
environment {
ORCHENT_AGENT_ACCOUNT='infn-cloud'
ORCHENT_URL='https://my.cloud.infn.it/orchestrator'
PASS=''
}
stages {
stage ('Create test deployment'){
steps {
sh '''#!/bin/bash
eval `oidc-agent-service use`
oidc-add infn-cloud-ops --pw-env=PASS
wget -O site.yaml "${PLAYBOOK_URL}"
ansible-playbook site.yaml --extra-vars "paas_ci_test_step='create_deployment'"
'''
}
}
stage ('Scan endpoints'){
steps {
withCredentials([
sshUserPrivateKey(credentialsId: "ssh_scans", keyFileVariable: 'keyfile'),
usernamePassword(credentialsId: "jenkins_scans_creds", usernameVariable: 'GMP_USER', passwordVariable: 'GMP_PASSWORD')
]) {
sh '''#!/bin/bash
eval `oidc-agent-service use`
oidc-add infn-cloud-ops --pw-env=PASS
cp ${keyfile} /home/jenkins/.ssh/id_rsa
ansible-playbook site.yaml --extra-vars "paas_ci_test_step='scan'"
'''
}
}
post {
failure {
archiveArtifacts artifacts: '*report.txt', allowEmptyArchive: true
emailext attachmentsPattern: '*report.txt', body: '$DEFAULT_CONTENT', subject: '$PROJECT_NAME - Build # $BUILD_NUMBER: Vulnerabilities detected!', to: '$DEFAULT_RECIPIENTS'
}
}
}
}
post {
always {
sh '''#!/bin/bash
eval `oidc-agent-service use`
oidc-add infn-cloud-ops --pw-env=PASS
ansible-playbook site.yaml --extra-vars "paas_ci_test_step='clean'"
'''
}
failure {
script {
if ( fileExists ('severity.json')) {
emailext body: '$DEFAULT_CONTENT', subject: '$DEFAULT_SUBJECT', to: '$DEFAULT_RECIPIENTS'
}
}
}
}
}