pipeline {
agent { label 'docker-paas-agent' }
environment {
ORCHENT_AGENT_ACCOUNT='infn-cloud'
ORCHENT_URL='https://my.cloud.infn.it/orchestrator'
}
stages {
stage ('Test environment'){
steps {
withCredentials([
usernamePassword(credentialsId: "jenkins_scans_creds", usernameVariable: 'GMP_USER', passwordVariable: 'GMP_PASSWORD')
]) {
sh '''#!/bin/bash
eval `oidc-agent-service use`
oidc-add infn-cloud-ops
env
# Orchent connection test
orchent depls > depls.output
if cat depls.output | grep -q ERROR
then
echo "orchent depls: NOT ok"
cat depls.output
exit 1
else
echo "orchent depls: ok"
fi
which gvm-cli
# Greenbone connection test
/var/lib/jenkins/.local/bin/gvm-cli --gmp-username $GMP_USER --gmp-password $GMP_PASSWORD tls --hostname $HOST_IP --xml "<get_version/>"
'''
}
}
}
stage ('Create test deployment'){
steps {
sh '''#!/bin/bash
eval `oidc-agent-service use`
oidc-add infn-cloud-ops
wget -O site.yaml "${PLAYBOOK_URL}"
ansible-playbook site.yaml --extra-vars "paas_ci_test_step='create_deployment'"
'''
}
}
stage ('Scan endpoints'){
steps {
withCredentials([
sshUserPrivateKey(credentialsId: "ssh_scans", keyFileVariable: 'keyfile'),
usernamePassword(credentialsId: "jenkins_scans_creds", usernameVariable: 'GMP_USER', passwordVariable: 'GMP_PASSWORD')
]) {
sh '''#!/bin/bash
eval `oidc-agent-service use`
oidc-add infn-cloud-ops
cp ${keyfile} /home/jenkins/.ssh/id_rsa
ansible-playbook site.yaml --extra-vars "paas_ci_test_step='scan'"
'''
}
}
post {
failure {
archiveArtifacts artifacts: '*report.txt', allowEmptyArchive: true
emailext attachmentsPattern: '*report.txt', body: '$DEFAULT_CONTENT', subject: '$PROJECT_NAME - Build # $BUILD_NUMBER: Vulnerabilities detected!', to: '$DEFAULT_RECIPIENTS'
}
}
}
}
post {
always {
sh '''#!/bin/bash
eval `oidc-agent-service use`
oidc-add infn-cloud-ops
ansible-playbook site.yaml --extra-vars "paas_ci_test_step='clean'"
'''
}
failure {
script {
if ( fileExists ('severity.json')) {
emailext body: '$DEFAULT_CONTENT', subject: '$DEFAULT_SUBJECT', to: '$DEFAULT_RECIPIENTS'
}
}
}
}
}