-
Notifications
You must be signed in to change notification settings - Fork 0
/
Jenkinsfile
138 lines (125 loc) · 5.13 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
pipeline {
agent any
environment {
GITHUB_CREDENTIALS_ID = 'github-pat'
HELM_VERSION = '3.5.4'
DOCKER_CREDENTIALS_ID = 'docker-cred'
}
options {
skipDefaultCheckout(true)
}
triggers {
githubPush()
}
stages {
stage('Checkout') {
steps {
script {
// Checkout the code
git credentialsId: GITHUB_CREDENTIALS_ID, url: 'https://github.com/csye7125-su24-team17/webapp-cve-processor.git', branch: 'main'
}
}
}
stage('Fetch and Checkout PR Branch') {
when {
expression {
return env.CHANGE_ID != null
}
}
steps {
script {
// Fetch the latest changes from the origin using credentials
withCredentials([usernamePassword(credentialsId: GITHUB_CREDENTIALS_ID, usernameVariable: 'GITHUB_USER', passwordVariable: 'GITHUB_TOKEN')]) {
sh 'git config --global credential.helper store'
sh 'echo "https://${GITHUB_USER}:${GITHUB_TOKEN}@github.com" > ~/.git-credentials'
// Fetch all branches including PR branches
sh 'git fetch origin +refs/pull/*/head:refs/remotes/origin/pr/*'
// Dynamically fetch the current PR branch name using environment variables
def prBranch = env.CHANGE_BRANCH
echo "PR Branch: ${prBranch}"
// Checkout the PR branch
sh "git checkout -B ${prBranch} origin/pr/${env.CHANGE_ID}"
}
}
}
}
stage('Lint Commit Messages') {
when {
expression {
return env.CHANGE_ID != null
}
}
steps {
script {
// Fetch the latest commit message in the PR branch
def latestCommitMessage = sh(script: "git log -1 --pretty=format:%s", returnStdout: true).trim()
echo "Latest commit message: ${latestCommitMessage}"
// Regex for Conventional Commits
def pattern = ~/^\s*(feat|fix|docs|style|refactor|perf|test|chore|revert|ci|build)(\(.+\))?: .+\s*$/
// Check the latest commit message
if (!pattern.matcher(latestCommitMessage).matches()) {
error "Commit message does not follow Conventional Commits: ${latestCommitMessage}"
}
}
}
}
stage('Determine Semantic Version') {
when {
allOf {
branch 'main'
not { changeRequest() }
}
}
steps {
script {
withCredentials([usernamePassword(credentialsId: GITHUB_CREDENTIALS_ID, usernameVariable: 'GH_USERNAME', passwordVariable: 'GH_TOKEN')]) {
env.GIT_LOCAL_BRANCH = 'main'
def releaseOutput = sh(script: 'npx semantic-release --dry-run --json', returnStdout: true).trim()
def versionLine = releaseOutput.find(/Published release (\d+\.\d+\.\d+) on default channel/)
if (versionLine) {
// Extract the new version
env.NEW_VERSION = (versionLine =~ /(\d+\.\d+\.\d+)/)[0][0]
echo "Determined new version: v${env.NEW_VERSION}"
} else {
error "Failed to capture the new version from semantic-release."
}
}
}
}
}
stage('Build and push Docker Image using buildx') {
when {
allOf {
branch 'main'
not { changeRequest() }
}
}
steps {
script {
// Use withCredentials to securely inject the username and password
withCredentials([usernamePassword(credentialsId: DOCKER_CREDENTIALS_ID, usernameVariable: 'DOCKER_USERNAME', passwordVariable: 'DOCKER_PASSWORD')]) {
sh 'echo $DOCKER_PASSWORD | docker login -u $DOCKER_USERNAME --password-stdin'
sh 'docker buildx create --use'
// Build and push Docker images with semantic version and latest tags
sh """
docker buildx build --platform linux/amd64,linux/arm64 -t $DOCKER_USERNAME/cve-processor:${env.NEW_VERSION} --push .
docker logout
"""
}
}
}
}
}
post {
failure {
script {
echo "Pipeline failed."
}
}
success {
script {
echo "Pipeline succeeded."
}
}
}
}