From 85c8e3f2be0e1d1bab054f376c6d4a4708208b8b Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 10:55:51 -0500 Subject: [PATCH 01/37] Added comments to end of braces --- Jenkinsfile | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 30bf27c..4e2b367 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -11,7 +11,7 @@ pipeline { TWISTLOCK_USERNAME = 'jenkins-svc' TWISTLOCK_PASSWORD = 'redhat12' REMOTE_HOST = 'ec2-52-222-64-188.us-gov-west-1.compute.amazonaws.com' - } + } // environment parameters { choice(choices : 'All\nOpenSCAP\nTwistlock\nAnchore', description: "Which tools to run?", name: 'toolsToRun') @@ -19,7 +19,7 @@ pipeline { string(defaultValue: "up/ubi7-hardened-dev:latest", name: 'IMAGE_TAG', description: "Image tag to be used by Docker, Nexus and all Scanning tools") - } + } // parameters stages { @@ -40,8 +40,9 @@ pipeline { anyOf { environment name: "toolsToRun", value: "All" environment name: "toolsToRun", value: "OpenSCAP" - } - } + } // anyOf + } // when + steps { echo 'OpenSCAP Compliance Scan' script { @@ -77,8 +78,9 @@ pipeline { anyOf { environment name: "toolsToRun", value: "All" environment name: "toolsToRun", value: "Twistlock" - } - } + } // anyOf + } // when + steps { echo 'Twistlock Compliance Scan' // Using the OpenScap node to overcome docker inside docker limitations, @@ -112,8 +114,8 @@ pipeline { anyOf { environment name: "toolsToRun", value: "All" environment name: "toolsToRun", value: "Anchore" - } - } + } // anyOf + } // when steps { echo 'Anchore Scan' -- GitLab From 4f57edd984e2cee16177e55fd15714713f59d6b4 Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 11:58:11 -0500 Subject: [PATCH 02/37] Testing finding ISO time --- Jenkinsfile | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Jenkinsfile b/Jenkinsfile index 4e2b367..081dca7 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,3 +1,10 @@ +//Can run groovy code outside of pipeline +//Need to get ISO Time to use for storing artifacts +DATETIME_TAG = java.time.LocalDateTime.now() + + + + // Example Declarative Pipeline with Anchore Scans pipeline { agent { label 'master' } @@ -11,6 +18,8 @@ pipeline { TWISTLOCK_USERNAME = 'jenkins-svc' TWISTLOCK_PASSWORD = 'redhat12' REMOTE_HOST = 'ec2-52-222-64-188.us-gov-west-1.compute.amazonaws.com' + DATETIME_TAG = '${DATETIME_TAG}' + } // environment parameters { choice(choices : 'All\nOpenSCAP\nTwistlock\nAnchore', -- GitLab From e0b01f9382365d0ac602e98788ea9bb116d28ae4 Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 12:00:18 -0500 Subject: [PATCH 03/37] Printing ISO time --- Jenkinsfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Jenkinsfile b/Jenkinsfile index 081dca7..e643851 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -36,6 +36,7 @@ pipeline { //agent { label 'docker' } steps { echo "Pushing ${IMAGE_TAG} to Nexus Staging" + echo "ISO time is ${DATETIME_TAG}" //TODO Test docker on agent eventually /*withDockerRegistry([url: '${env.NEXUS_SERVER}', credentialsId: '${env.NEXUS_USERNAME}/${env.NEXUS_PASSWORD}']) { -- GitLab From 9dd0f2806e13affc59bfdec3307167bdd2f0c5a0 Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 12:05:44 -0500 Subject: [PATCH 04/37] Use timestamp in saving openscap report --- Jenkinsfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index e643851..5bcc077 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -69,8 +69,8 @@ pipeline { sshCommand remote: remote, command: "sudo docker pull ${NEXUS_SERVER}/${IMAGE_TAG}" sshCommand remote: remote, command: "sudo oscap-docker image ${NEXUS_SERVER}/${IMAGE_TAG} xccdf eval --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa --report /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml" sshCommand remote: remote, command: "sudo oscap-docker image-cve ${NEXUS_SERVER}/${IMAGE_TAG} --report /tmp/report-cve.html" - sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report-cve.html ${S3_REPORT_LOCATION}/openscap/report-cve.html" - sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report.html ${S3_REPORT_LOCATION}/openscap/report.html" + sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report-cve.html ${S3_REPORT_LOCATION}/${DATETIME_TAG}/openscap/report-cve.html" + sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report.html ${S3_REPORT_LOCATION}/${DATETIME_TAG}/openscap/report.html" sshGet remote: remote, from: "/tmp/report.html", into: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}/openscap-compliance-report.html", override: true sshGet remote: remote, from: "/tmp/report-cve.html", into: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}/openscap-cve-report.html", override: true publishHTML([alwaysLinkToLastBuild: false, keepAll: false, reportDir: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}", reportFiles: 'openscap-compliance-report.html', reportName: 'OpenSCAP Compliance Report', reportTitles: 'OpenSCAP Compliance Report']) -- GitLab From f43b3d721d7b870b3fccefe8c636d755efbb2df7 Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 12:35:52 -0500 Subject: [PATCH 05/37] Building full report location with ///_/ --- Jenkinsfile | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 5bcc077..3796b96 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -13,12 +13,12 @@ pipeline { NEXUS_SERVER = 'nexus-docker.52.61.140.4.nip.io' NEXUS_USERNAME = 'admin' NEXUS_PASSWORD = 'admin123' - S3_REPORT_LOCATION = 's3://dsop-pipeline-artifacts' TWISTLOCK_SERVER = 'https://twistlock-console-twistlock.us-gov-west-1.compute.internal' TWISTLOCK_USERNAME = 'jenkins-svc' TWISTLOCK_PASSWORD = 'redhat12' REMOTE_HOST = 'ec2-52-222-64-188.us-gov-west-1.compute.amazonaws.com' DATETIME_TAG = '${DATETIME_TAG}' + S3_REPORT_LOCATION = 's3://dsop-pipeline-artifacts/${VENDOR_PRODUCT}/${IMAGE_TAG}/${DATETIME_TAG}_${BUILD_NUMBER}' } // environment @@ -28,6 +28,9 @@ pipeline { string(defaultValue: "up/ubi7-hardened-dev:latest", name: 'IMAGE_TAG', description: "Image tag to be used by Docker, Nexus and all Scanning tools") + string(defaultValue: "RedHat", name: 'VENDOR_PRODUCT', + description: "What vendor is being scanned") + } // parameters stages { @@ -69,8 +72,8 @@ pipeline { sshCommand remote: remote, command: "sudo docker pull ${NEXUS_SERVER}/${IMAGE_TAG}" sshCommand remote: remote, command: "sudo oscap-docker image ${NEXUS_SERVER}/${IMAGE_TAG} xccdf eval --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa --report /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml" sshCommand remote: remote, command: "sudo oscap-docker image-cve ${NEXUS_SERVER}/${IMAGE_TAG} --report /tmp/report-cve.html" - sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report-cve.html ${S3_REPORT_LOCATION}/${DATETIME_TAG}/openscap/report-cve.html" - sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report.html ${S3_REPORT_LOCATION}/${DATETIME_TAG}/openscap/report.html" + sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report-cve.html ${S3_REPORT_LOCATION}/openscap/report-cve.html" + sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report.html ${S3_REPORT_LOCATION}/openscap/report.html" sshGet remote: remote, from: "/tmp/report.html", into: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}/openscap-compliance-report.html", override: true sshGet remote: remote, from: "/tmp/report-cve.html", into: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}/openscap-cve-report.html", override: true publishHTML([alwaysLinkToLastBuild: false, keepAll: false, reportDir: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}", reportFiles: 'openscap-compliance-report.html', reportName: 'OpenSCAP Compliance Report', reportTitles: 'OpenSCAP Compliance Report']) -- GitLab From f58a45a2a362432a4b0c8f70881f2b5b75ed5d4e Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 12:38:37 -0500 Subject: [PATCH 06/37] Echoing path to double check --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 3796b96..5e549dc 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -39,7 +39,7 @@ pipeline { //agent { label 'docker' } steps { echo "Pushing ${IMAGE_TAG} to Nexus Staging" - echo "ISO time is ${DATETIME_TAG}" + echo "Artifact path is ${S3_REPORT_LOCATION}" //TODO Test docker on agent eventually /*withDockerRegistry([url: '${env.NEXUS_SERVER}', credentialsId: '${env.NEXUS_USERNAME}/${env.NEXUS_PASSWORD}']) { -- GitLab From 6db889e705f972f43cc4b0831108ef75904fb307 Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 12:43:08 -0500 Subject: [PATCH 07/37] Fixing artifact path --- Jenkinsfile | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 5e549dc..cbcd252 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -13,13 +13,11 @@ pipeline { NEXUS_SERVER = 'nexus-docker.52.61.140.4.nip.io' NEXUS_USERNAME = 'admin' NEXUS_PASSWORD = 'admin123' + S3_REPORT_LOCATION = 's3://dsop-pipeline-artifacts' TWISTLOCK_SERVER = 'https://twistlock-console-twistlock.us-gov-west-1.compute.internal' TWISTLOCK_USERNAME = 'jenkins-svc' TWISTLOCK_PASSWORD = 'redhat12' REMOTE_HOST = 'ec2-52-222-64-188.us-gov-west-1.compute.amazonaws.com' - DATETIME_TAG = '${DATETIME_TAG}' - S3_REPORT_LOCATION = 's3://dsop-pipeline-artifacts/${VENDOR_PRODUCT}/${IMAGE_TAG}/${DATETIME_TAG}_${BUILD_NUMBER}' - } // environment parameters { choice(choices : 'All\nOpenSCAP\nTwistlock\nAnchore', @@ -39,7 +37,7 @@ pipeline { //agent { label 'docker' } steps { echo "Pushing ${IMAGE_TAG} to Nexus Staging" - echo "Artifact path is ${S3_REPORT_LOCATION}" + echo "Artifact path is ${S3_REPORT_LOCATION}/${VENDOR_PRODUCT}/${IMAGE_TAG}/${DATETIME_TAG}_${BUILD_NUMBER}" //TODO Test docker on agent eventually /*withDockerRegistry([url: '${env.NEXUS_SERVER}', credentialsId: '${env.NEXUS_USERNAME}/${env.NEXUS_PASSWORD}']) { @@ -72,8 +70,8 @@ pipeline { sshCommand remote: remote, command: "sudo docker pull ${NEXUS_SERVER}/${IMAGE_TAG}" sshCommand remote: remote, command: "sudo oscap-docker image ${NEXUS_SERVER}/${IMAGE_TAG} xccdf eval --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa --report /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml" sshCommand remote: remote, command: "sudo oscap-docker image-cve ${NEXUS_SERVER}/${IMAGE_TAG} --report /tmp/report-cve.html" - sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report-cve.html ${S3_REPORT_LOCATION}/openscap/report-cve.html" - sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report.html ${S3_REPORT_LOCATION}/openscap/report.html" + sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report-cve.html ${S3_REPORT_LOCATION}/${VENDOR_PRODUCT}/${IMAGE_TAG}/${DATETIME_TAG}_${BUILD_NUMBER}/openscap/report-cve.html" + sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report.html ${S3_REPORT_LOCATION}/${VENDOR_PRODUCT}/${IMAGE_TAG}/${DATETIME_TAG}_${BUILD_NUMBER}/openscap/report.html" sshGet remote: remote, from: "/tmp/report.html", into: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}/openscap-compliance-report.html", override: true sshGet remote: remote, from: "/tmp/report-cve.html", into: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}/openscap-cve-report.html", override: true publishHTML([alwaysLinkToLastBuild: false, keepAll: false, reportDir: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}", reportFiles: 'openscap-compliance-report.html', reportName: 'OpenSCAP Compliance Report', reportTitles: 'OpenSCAP Compliance Report']) -- GitLab From f29f67aa5ed42855cae51d8dd72baf3b196b105a Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 12:55:26 -0500 Subject: [PATCH 08/37] Breaking out IMAGE_TAG into REPO_NAME and IMAGE_TAG --- Jenkinsfile | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index cbcd252..7190af4 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -23,8 +23,11 @@ pipeline { parameters { choice(choices : 'All\nOpenSCAP\nTwistlock\nAnchore', description: "Which tools to run?", name: 'toolsToRun') - string(defaultValue: "up/ubi7-hardened-dev:latest", name: 'IMAGE_TAG', - description: "Image tag to be used by Docker, Nexus and all Scanning tools") + string(defaultValue: "up/ubi7-hardened-dev", name: 'REPO_NAME', + description: "Name of repo to be used by Docker, Nexus and all Scanning tools") + + string(defaultValue: "latest", name: 'IMAGE_TAG', + description: "Image tag to be used by Docker, Nexus and all Scanning tools") string(defaultValue: "RedHat", name: 'VENDOR_PRODUCT', description: "What vendor is being scanned") @@ -36,12 +39,12 @@ pipeline { stage('Pull from Staging') { //agent { label 'docker' } steps { - echo "Pushing ${IMAGE_TAG} to Nexus Staging" - echo "Artifact path is ${S3_REPORT_LOCATION}/${VENDOR_PRODUCT}/${IMAGE_TAG}/${DATETIME_TAG}_${BUILD_NUMBER}" + echo "Pushing ${REPO_NAME}:${IMAGE_TAG} to Nexus Staging" + echo "Artifact path is ${S3_REPORT_LOCATION}/${VENDOR_PRODUCT}/${REPO_NAME}/${IMAGE_TAG}/${DATETIME_TAG}_${BUILD_NUMBER}" //TODO Test docker on agent eventually /*withDockerRegistry([url: '${env.NEXUS_SERVER}', credentialsId: '${env.NEXUS_USERNAME}/${env.NEXUS_PASSWORD}']) { - sh "docker push ${NEXUS_SERVER}/${IMAGE_TAG}" + sh "docker push ${NEXUS_SERVER}/${REPO_NAME}:${IMAGE_TAG}" }*/ } } @@ -67,11 +70,11 @@ pipeline { remote.identityFile = identity stage('OpenSCAP Scan') { sshCommand remote: remote, command: "sudo docker login -u ${NEXUS_USERNAME} -p ${NEXUS_PASSWORD} ${NEXUS_SERVER}" - sshCommand remote: remote, command: "sudo docker pull ${NEXUS_SERVER}/${IMAGE_TAG}" - sshCommand remote: remote, command: "sudo oscap-docker image ${NEXUS_SERVER}/${IMAGE_TAG} xccdf eval --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa --report /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml" - sshCommand remote: remote, command: "sudo oscap-docker image-cve ${NEXUS_SERVER}/${IMAGE_TAG} --report /tmp/report-cve.html" - sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report-cve.html ${S3_REPORT_LOCATION}/${VENDOR_PRODUCT}/${IMAGE_TAG}/${DATETIME_TAG}_${BUILD_NUMBER}/openscap/report-cve.html" - sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report.html ${S3_REPORT_LOCATION}/${VENDOR_PRODUCT}/${IMAGE_TAG}/${DATETIME_TAG}_${BUILD_NUMBER}/openscap/report.html" + sshCommand remote: remote, command: "sudo docker pull ${NEXUS_SERVER}/${REPO_NAME}:${IMAGE_TAG}" + sshCommand remote: remote, command: "sudo oscap-docker image ${NEXUS_SERVER}/${REPO_NAME}:${IMAGE_TAG} xccdf eval --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa --report /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml" + sshCommand remote: remote, command: "sudo oscap-docker image-cve ${NEXUS_SERVER}/${REPO_NAME}:${IMAGE_TAG} --report /tmp/report-cve.html" + sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report-cve.html ${S3_REPORT_LOCATION}/${VENDOR_PRODUCT}/${REPO_NAME}/${IMAGE_TAG}/${DATETIME_TAG}_${BUILD_NUMBER}/openscap/report-cve.html" + sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report.html ${S3_REPORT_LOCATION}/${VENDOR_PRODUCT}/${REPO_NAME}/${IMAGE_TAG}/${DATETIME_TAG}_${BUILD_NUMBER}/openscap/report.html" sshGet remote: remote, from: "/tmp/report.html", into: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}/openscap-compliance-report.html", override: true sshGet remote: remote, from: "/tmp/report-cve.html", into: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}/openscap-cve-report.html", override: true publishHTML([alwaysLinkToLastBuild: false, keepAll: false, reportDir: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}", reportFiles: 'openscap-compliance-report.html', reportName: 'OpenSCAP Compliance Report', reportTitles: 'OpenSCAP Compliance Report']) @@ -108,7 +111,7 @@ pipeline { remote.identityFile = identity stage('SSH to Twistlock Node') { // Start the container, import the TwistCLI binary, scan image - sshCommand remote: remote, command: "sudo curl -k -ssl -u ${TWISTLOCK_USERNAME}:${TWISTLOCK_PASSWORD} ${TWISTLOCK_SERVER}/api/v1/util/twistcli -o twistcli && sudo chmod +x ./twistcli && sudo ./twistcli images scan ${IMAGE_TAG} --user ${TWISTLOCK_USERNAME} --password ${TWISTLOCK_PASSWORD} --address ${TWISTLOCK_SERVER} --details ${IMAGE_TAG}" + sshCommand remote: remote, command: "sudo curl -k -ssl -u ${TWISTLOCK_USERNAME}:${TWISTLOCK_PASSWORD} ${TWISTLOCK_SERVER}/api/v1/util/twistcli -o twistcli && sudo chmod +x ./twistcli && sudo ./twistcli images scan ${REPO_NAME}:${IMAGE_TAG} --user ${TWISTLOCK_USERNAME} --password ${TWISTLOCK_PASSWORD} --address ${TWISTLOCK_SERVER} --details ${REPO_NAME}:${IMAGE_TAG}" // Clean up // Stop or remove the container image if needed.. // ToDo - Catch, or call from the console, the twistcli scan results, and complile them with the rest of the pipeline @@ -131,7 +134,7 @@ pipeline { echo 'Anchore Scan' //Below is example command that will be needed in Push to Staging step. - sh "echo '${NEXUS_SERVER}/${IMAGE_TAG}' > anchore_images" + sh "echo '${NEXUS_SERVER}/${REPO_NAME}:${IMAGE_TAG}' > anchore_images" anchore bailOnFail: false, bailOnPluginFail: false, name: 'anchore_images' @@ -152,7 +155,7 @@ pipeline { stage('Push to External Registry (TODO)') { steps { - //input message: "Push image ${IMAGE_TAG} to registry?" + //input message: "Push image ${REPO_NAME}:${IMAGE_TAG} to registry?" echo 'Pushing to Registry' } // steps } // stage -- GitLab From 9ef267ff1cff0a6191d257ed464fa3baa4ebbab3 Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 13:30:46 -0500 Subject: [PATCH 09/37] Testing path and credentials --- Jenkinsfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 7190af4..f50910e 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,7 +1,7 @@ //Can run groovy code outside of pipeline //Need to get ISO Time to use for storing artifacts DATETIME_TAG = java.time.LocalDateTime.now() - +DATETIME_TAG = DATETIME_TAG.replaceAll(":", "") @@ -18,6 +18,7 @@ pipeline { TWISTLOCK_USERNAME = 'jenkins-svc' TWISTLOCK_PASSWORD = 'redhat12' REMOTE_HOST = 'ec2-52-222-64-188.us-gov-west-1.compute.amazonaws.com' + TEST_TWISTLOCK = 'credentials('Something')' } // environment parameters { choice(choices : 'All\nOpenSCAP\nTwistlock\nAnchore', @@ -41,6 +42,7 @@ pipeline { steps { echo "Pushing ${REPO_NAME}:${IMAGE_TAG} to Nexus Staging" echo "Artifact path is ${S3_REPORT_LOCATION}/${VENDOR_PRODUCT}/${REPO_NAME}/${IMAGE_TAG}/${DATETIME_TAG}_${BUILD_NUMBER}" + echo "test ${TEST_TWISTLOCK}" //TODO Test docker on agent eventually /*withDockerRegistry([url: '${env.NEXUS_SERVER}', credentialsId: '${env.NEXUS_USERNAME}/${env.NEXUS_PASSWORD}']) { -- GitLab From 7fbe77d039c8bd1b62744cf30f97c07ac65a0f8d Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 13:33:49 -0500 Subject: [PATCH 10/37] removing quotes --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index f50910e..dcfd60d 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -18,7 +18,7 @@ pipeline { TWISTLOCK_USERNAME = 'jenkins-svc' TWISTLOCK_PASSWORD = 'redhat12' REMOTE_HOST = 'ec2-52-222-64-188.us-gov-west-1.compute.amazonaws.com' - TEST_TWISTLOCK = 'credentials('Something')' + TEST_TWISTLOCK = credentials('Something') } // environment parameters { choice(choices : 'All\nOpenSCAP\nTwistlock\nAnchore', -- GitLab From 2cc22e2a0c27c276b49198fed1f508e599ea10e0 Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 13:39:31 -0500 Subject: [PATCH 11/37] fixing date conversion --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index dcfd60d..d9a8a41 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,6 +1,6 @@ //Can run groovy code outside of pipeline //Need to get ISO Time to use for storing artifacts -DATETIME_TAG = java.time.LocalDateTime.now() +DATETIME_TAG = java.time.LocalDateTime.now().getDateString() DATETIME_TAG = DATETIME_TAG.replaceAll(":", "") -- GitLab From e149f11fcbb254913135e8907046773574302a64 Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 13:40:44 -0500 Subject: [PATCH 12/37] fixing date conversion --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index d9a8a41..7bb362d 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,6 +1,6 @@ //Can run groovy code outside of pipeline //Need to get ISO Time to use for storing artifacts -DATETIME_TAG = java.time.LocalDateTime.now().getDateString() +DATETIME_TAG = java.time.LocalDateTime.now().getDateTimeString() DATETIME_TAG = DATETIME_TAG.replaceAll(":", "") -- GitLab From 376b82603d5e0bc237285588da90af20dd6dede0 Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 13:42:05 -0500 Subject: [PATCH 13/37] fixing date conversion --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 7bb362d..da858b4 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,6 +1,6 @@ //Can run groovy code outside of pipeline //Need to get ISO Time to use for storing artifacts -DATETIME_TAG = java.time.LocalDateTime.now().getDateTimeString() +DATETIME_TAG = java.time.LocalDateTime.now().getDateTimeString DATETIME_TAG = DATETIME_TAG.replaceAll(":", "") -- GitLab From 9cd0a7c0c4b6c0e4b6db602dc9e5c495e7ca8ede Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 13:42:54 -0500 Subject: [PATCH 14/37] fixing date conversion --- Jenkinsfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index da858b4..a7bd4bf 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,7 +1,7 @@ //Can run groovy code outside of pipeline //Need to get ISO Time to use for storing artifacts -DATETIME_TAG = java.time.LocalDateTime.now().getDateTimeString -DATETIME_TAG = DATETIME_TAG.replaceAll(":", "") +DATETIME_TAG = java.time.LocalDateTime.now() +DATETIME_TAG = DATETIME_TAG..getDateTimeString().replaceAll(":", "") -- GitLab From 9b41ffca848195bc02f7c39d13e61b17d01358e5 Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 13:47:17 -0500 Subject: [PATCH 15/37] fixing date conversion --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index a7bd4bf..1967124 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,7 +1,7 @@ //Can run groovy code outside of pipeline //Need to get ISO Time to use for storing artifacts DATETIME_TAG = java.time.LocalDateTime.now() -DATETIME_TAG = DATETIME_TAG..getDateTimeString().replaceAll(":", "") +DATETIME_TAG = DATETIME_TAG..toString().replaceAll(":", "") -- GitLab From 39b45380e88dd219641ca2045c14ccca9a6f9ef5 Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 13:48:24 -0500 Subject: [PATCH 16/37] fixing date conversion --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 1967124..14033cc 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,7 +1,7 @@ //Can run groovy code outside of pipeline //Need to get ISO Time to use for storing artifacts DATETIME_TAG = java.time.LocalDateTime.now() -DATETIME_TAG = DATETIME_TAG..toString().replaceAll(":", "") +DATETIME_TAG = DATETIME_TAG.toString().replaceAll(":", "") -- GitLab From 1bda3c132221cdd70c50dbee58c810f866a4895c Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 13:54:04 -0500 Subject: [PATCH 17/37] Moving Twistlock credentials to Jenkins credentials --- Jenkinsfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 14033cc..999c778 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -16,9 +16,8 @@ pipeline { S3_REPORT_LOCATION = 's3://dsop-pipeline-artifacts' TWISTLOCK_SERVER = 'https://twistlock-console-twistlock.us-gov-west-1.compute.internal' TWISTLOCK_USERNAME = 'jenkins-svc' - TWISTLOCK_PASSWORD = 'redhat12' + TWISTLOCK_PASSWORD = credentials('TwistLock_Password') REMOTE_HOST = 'ec2-52-222-64-188.us-gov-west-1.compute.amazonaws.com' - TEST_TWISTLOCK = credentials('Something') } // environment parameters { choice(choices : 'All\nOpenSCAP\nTwistlock\nAnchore', @@ -42,7 +41,6 @@ pipeline { steps { echo "Pushing ${REPO_NAME}:${IMAGE_TAG} to Nexus Staging" echo "Artifact path is ${S3_REPORT_LOCATION}/${VENDOR_PRODUCT}/${REPO_NAME}/${IMAGE_TAG}/${DATETIME_TAG}_${BUILD_NUMBER}" - echo "test ${TEST_TWISTLOCK}" //TODO Test docker on agent eventually /*withDockerRegistry([url: '${env.NEXUS_SERVER}', credentialsId: '${env.NEXUS_USERNAME}/${env.NEXUS_PASSWORD}']) { -- GitLab From 4c8be07a513dc3ad525bbaf914fb0af791e24b2f Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 14:01:22 -0500 Subject: [PATCH 18/37] Moving Twistlock credentials to Jenkins credentials --- Jenkinsfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 999c778..0b24aca 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -16,7 +16,6 @@ pipeline { S3_REPORT_LOCATION = 's3://dsop-pipeline-artifacts' TWISTLOCK_SERVER = 'https://twistlock-console-twistlock.us-gov-west-1.compute.internal' TWISTLOCK_USERNAME = 'jenkins-svc' - TWISTLOCK_PASSWORD = credentials('TwistLock_Password') REMOTE_HOST = 'ec2-52-222-64-188.us-gov-west-1.compute.amazonaws.com' } // environment @@ -111,7 +110,7 @@ pipeline { remote.identityFile = identity stage('SSH to Twistlock Node') { // Start the container, import the TwistCLI binary, scan image - sshCommand remote: remote, command: "sudo curl -k -ssl -u ${TWISTLOCK_USERNAME}:${TWISTLOCK_PASSWORD} ${TWISTLOCK_SERVER}/api/v1/util/twistcli -o twistcli && sudo chmod +x ./twistcli && sudo ./twistcli images scan ${REPO_NAME}:${IMAGE_TAG} --user ${TWISTLOCK_USERNAME} --password ${TWISTLOCK_PASSWORD} --address ${TWISTLOCK_SERVER} --details ${REPO_NAME}:${IMAGE_TAG}" + sshCommand remote: remote, command: "sudo curl -k -ssl -u ${TWISTLOCK_USERNAME}:${$TwistLock_Password} ${TWISTLOCK_SERVER}/api/v1/util/twistcli -o twistcli && sudo chmod +x ./twistcli && sudo ./twistcli images scan ${REPO_NAME}:${IMAGE_TAG} --user ${TWISTLOCK_USERNAME} --password ${$TwistLock_Password} --address ${TWISTLOCK_SERVER} --details ${REPO_NAME}:${IMAGE_TAG}" // Clean up // Stop or remove the container image if needed.. // ToDo - Catch, or call from the console, the twistcli scan results, and complile them with the rest of the pipeline -- GitLab From f85e0757aa4a20faf462809c9811b6f4c2e8b8b2 Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 14:03:49 -0500 Subject: [PATCH 19/37] Moving Twistlock credentials to Jenkins credentials --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 0b24aca..6cd3676 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -110,7 +110,7 @@ pipeline { remote.identityFile = identity stage('SSH to Twistlock Node') { // Start the container, import the TwistCLI binary, scan image - sshCommand remote: remote, command: "sudo curl -k -ssl -u ${TWISTLOCK_USERNAME}:${$TwistLock_Password} ${TWISTLOCK_SERVER}/api/v1/util/twistcli -o twistcli && sudo chmod +x ./twistcli && sudo ./twistcli images scan ${REPO_NAME}:${IMAGE_TAG} --user ${TWISTLOCK_USERNAME} --password ${$TwistLock_Password} --address ${TWISTLOCK_SERVER} --details ${REPO_NAME}:${IMAGE_TAG}" + sshCommand remote: remote, command: "sudo curl -k -ssl -u ${TWISTLOCK_USERNAME}:${TwistLock_Password} ${TWISTLOCK_SERVER}/api/v1/util/twistcli -o twistcli && sudo chmod +x ./twistcli && sudo ./twistcli images scan ${REPO_NAME}:${IMAGE_TAG} --user ${TWISTLOCK_USERNAME} --password ${TwistLock_Password} --address ${TWISTLOCK_SERVER} --details ${REPO_NAME}:${IMAGE_TAG}" // Clean up // Stop or remove the container image if needed.. // ToDo - Catch, or call from the console, the twistcli scan results, and complile them with the rest of the pipeline -- GitLab From faad04c4448f9d1bfb4b0cfbdec2258b9a0147ff Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 14:16:42 -0500 Subject: [PATCH 20/37] Moving Twistlock credentials to Jenkins credentials --- Jenkinsfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 6cd3676..22ec83f 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -15,7 +15,6 @@ pipeline { NEXUS_PASSWORD = 'admin123' S3_REPORT_LOCATION = 's3://dsop-pipeline-artifacts' TWISTLOCK_SERVER = 'https://twistlock-console-twistlock.us-gov-west-1.compute.internal' - TWISTLOCK_USERNAME = 'jenkins-svc' REMOTE_HOST = 'ec2-52-222-64-188.us-gov-west-1.compute.amazonaws.com' } // environment @@ -110,7 +109,9 @@ pipeline { remote.identityFile = identity stage('SSH to Twistlock Node') { // Start the container, import the TwistCLI binary, scan image - sshCommand remote: remote, command: "sudo curl -k -ssl -u ${TWISTLOCK_USERNAME}:${TwistLock_Password} ${TWISTLOCK_SERVER}/api/v1/util/twistcli -o twistcli && sudo chmod +x ./twistcli && sudo ./twistcli images scan ${REPO_NAME}:${IMAGE_TAG} --user ${TWISTLOCK_USERNAME} --password ${TwistLock_Password} --address ${TWISTLOCK_SERVER} --details ${REPO_NAME}:${IMAGE_TAG}" + withCredentials([usernamePassword(credentialsId: 'TwistLock', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) { + sshCommand remote: remote, command: "sudo curl -k -ssl -u ${USERNAME}:${PASSWORD} ${TWISTLOCK_SERVER}/api/v1/util/twistcli -o twistcli && sudo chmod +x ./twistcli && sudo ./twistcli images scan ${REPO_NAME}:${IMAGE_TAG} --user ${USERNAME} --password ${PASSWORD} --address ${TWISTLOCK_SERVER} --details ${REPO_NAME}:${IMAGE_TAG}" + }// withCredentials // Clean up // Stop or remove the container image if needed.. // ToDo - Catch, or call from the console, the twistcli scan results, and complile them with the rest of the pipeline -- GitLab From 03be97c173fdef116d4697cf9b4e79c34032814e Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 14:25:25 -0500 Subject: [PATCH 21/37] Moving Twistlock credentials to Jenkins credentials --- Jenkinsfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 22ec83f..cb2110d 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -110,7 +110,8 @@ pipeline { stage('SSH to Twistlock Node') { // Start the container, import the TwistCLI binary, scan image withCredentials([usernamePassword(credentialsId: 'TwistLock', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) { - sshCommand remote: remote, command: "sudo curl -k -ssl -u ${USERNAME}:${PASSWORD} ${TWISTLOCK_SERVER}/api/v1/util/twistcli -o twistcli && sudo chmod +x ./twistcli && sudo ./twistcli images scan ${REPO_NAME}:${IMAGE_TAG} --user ${USERNAME} --password ${PASSWORD} --address ${TWISTLOCK_SERVER} --details ${REPO_NAME}:${IMAGE_TAG}" + password_escaped = PASSWORD.replaceAll(":", "") + sshCommand remote: remote, command: "sudo curl -k -ssl -u ${USERNAME}:${PASSWORD} ${TWISTLOCK_SERVER}/api/v1/util/twistcli -o twistcli && sudo chmod +x ./twistcli && sudo ./twistcli images scan ${REPO_NAME}:${IMAGE_TAG} --user ${USERNAME} --password ${password_escaped} --address ${TWISTLOCK_SERVER} --details ${REPO_NAME}:${IMAGE_TAG}" }// withCredentials // Clean up // Stop or remove the container image if needed.. -- GitLab From a2a3d07f7d6f330b9b74b6ed3c51de8decf6b457 Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 14:27:30 -0500 Subject: [PATCH 22/37] Moving Twistlock credentials to Jenkins credentials --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index cb2110d..627e26e 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -110,7 +110,7 @@ pipeline { stage('SSH to Twistlock Node') { // Start the container, import the TwistCLI binary, scan image withCredentials([usernamePassword(credentialsId: 'TwistLock', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) { - password_escaped = PASSWORD.replaceAll(":", "") + password_escaped = PASSWORD.replaceAll("&", "\&") sshCommand remote: remote, command: "sudo curl -k -ssl -u ${USERNAME}:${PASSWORD} ${TWISTLOCK_SERVER}/api/v1/util/twistcli -o twistcli && sudo chmod +x ./twistcli && sudo ./twistcli images scan ${REPO_NAME}:${IMAGE_TAG} --user ${USERNAME} --password ${password_escaped} --address ${TWISTLOCK_SERVER} --details ${REPO_NAME}:${IMAGE_TAG}" }// withCredentials // Clean up -- GitLab From 3c4e774b771e41918366c20abfd3e505a0df50d1 Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 14:28:29 -0500 Subject: [PATCH 23/37] Moving Twistlock credentials to Jenkins credentials --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 627e26e..919140f 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -110,7 +110,7 @@ pipeline { stage('SSH to Twistlock Node') { // Start the container, import the TwistCLI binary, scan image withCredentials([usernamePassword(credentialsId: 'TwistLock', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) { - password_escaped = PASSWORD.replaceAll("&", "\&") + password_escaped = PASSWORD.replaceAll("&", "\\&") sshCommand remote: remote, command: "sudo curl -k -ssl -u ${USERNAME}:${PASSWORD} ${TWISTLOCK_SERVER}/api/v1/util/twistcli -o twistcli && sudo chmod +x ./twistcli && sudo ./twistcli images scan ${REPO_NAME}:${IMAGE_TAG} --user ${USERNAME} --password ${password_escaped} --address ${TWISTLOCK_SERVER} --details ${REPO_NAME}:${IMAGE_TAG}" }// withCredentials // Clean up -- GitLab From c29f0775041c20d3d15885f1e125436ca92abeb4 Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 14:35:53 -0500 Subject: [PATCH 24/37] Moving Twistlock credentials to Jenkins credentials --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 919140f..e2ad35f 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -110,7 +110,7 @@ pipeline { stage('SSH to Twistlock Node') { // Start the container, import the TwistCLI binary, scan image withCredentials([usernamePassword(credentialsId: 'TwistLock', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) { - password_escaped = PASSWORD.replaceAll("&", "\\&") + password_escaped = PASSWORD.replaceAll("&", "/\\&/") sshCommand remote: remote, command: "sudo curl -k -ssl -u ${USERNAME}:${PASSWORD} ${TWISTLOCK_SERVER}/api/v1/util/twistcli -o twistcli && sudo chmod +x ./twistcli && sudo ./twistcli images scan ${REPO_NAME}:${IMAGE_TAG} --user ${USERNAME} --password ${password_escaped} --address ${TWISTLOCK_SERVER} --details ${REPO_NAME}:${IMAGE_TAG}" }// withCredentials // Clean up -- GitLab From b926213987f5ca384153aa161e2898bcac47c4ae Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 14:37:24 -0500 Subject: [PATCH 25/37] Moving Twistlock credentials to Jenkins credentials --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index e2ad35f..6da50a4 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -110,7 +110,7 @@ pipeline { stage('SSH to Twistlock Node') { // Start the container, import the TwistCLI binary, scan image withCredentials([usernamePassword(credentialsId: 'TwistLock', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) { - password_escaped = PASSWORD.replaceAll("&", "/\\&/") + password_escaped = PASSWORD.replaceAll("&", "\\\\&") sshCommand remote: remote, command: "sudo curl -k -ssl -u ${USERNAME}:${PASSWORD} ${TWISTLOCK_SERVER}/api/v1/util/twistcli -o twistcli && sudo chmod +x ./twistcli && sudo ./twistcli images scan ${REPO_NAME}:${IMAGE_TAG} --user ${USERNAME} --password ${password_escaped} --address ${TWISTLOCK_SERVER} --details ${REPO_NAME}:${IMAGE_TAG}" }// withCredentials // Clean up -- GitLab From 500b3e5a5a64484e93ea4ccba40960d9e14a87bf Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 14:40:03 -0500 Subject: [PATCH 26/37] Moving Twistlock credentials to Jenkins credentials --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 6da50a4..ed7224e 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -111,7 +111,7 @@ pipeline { // Start the container, import the TwistCLI binary, scan image withCredentials([usernamePassword(credentialsId: 'TwistLock', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) { password_escaped = PASSWORD.replaceAll("&", "\\\\&") - sshCommand remote: remote, command: "sudo curl -k -ssl -u ${USERNAME}:${PASSWORD} ${TWISTLOCK_SERVER}/api/v1/util/twistcli -o twistcli && sudo chmod +x ./twistcli && sudo ./twistcli images scan ${REPO_NAME}:${IMAGE_TAG} --user ${USERNAME} --password ${password_escaped} --address ${TWISTLOCK_SERVER} --details ${REPO_NAME}:${IMAGE_TAG}" + sshCommand remote: remote, command: "sudo curl -k -ssl -u ${USERNAME}:${PASSWORD} ${TWISTLOCK_SERVER}/api/v1/util/twistcli -o twistcli && sudo chmod +x ./twistcli && sudo ./twistcli images scan ${REPO_NAME}:${IMAGE_TAG} --user ${USERNAME} --password '${PASSWORD}'' --address ${TWISTLOCK_SERVER} --details ${REPO_NAME}:${IMAGE_TAG}" }// withCredentials // Clean up // Stop or remove the container image if needed.. -- GitLab From b1e0d8c92c1295bddc219fd406ca3a0e8850f086 Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 14:41:28 -0500 Subject: [PATCH 27/37] Moving Twistlock credentials to Jenkins credentials --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index ed7224e..a6c28e2 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -111,7 +111,7 @@ pipeline { // Start the container, import the TwistCLI binary, scan image withCredentials([usernamePassword(credentialsId: 'TwistLock', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) { password_escaped = PASSWORD.replaceAll("&", "\\\\&") - sshCommand remote: remote, command: "sudo curl -k -ssl -u ${USERNAME}:${PASSWORD} ${TWISTLOCK_SERVER}/api/v1/util/twistcli -o twistcli && sudo chmod +x ./twistcli && sudo ./twistcli images scan ${REPO_NAME}:${IMAGE_TAG} --user ${USERNAME} --password '${PASSWORD}'' --address ${TWISTLOCK_SERVER} --details ${REPO_NAME}:${IMAGE_TAG}" + sshCommand remote: remote, command: "sudo curl -k -ssl -u ${USERNAME}:${PASSWORD} ${TWISTLOCK_SERVER}/api/v1/util/twistcli -o twistcli && sudo chmod +x ./twistcli && sudo ./twistcli images scan ${REPO_NAME}:${IMAGE_TAG} --user ${USERNAME} --password '${PASSWORD}' --address ${TWISTLOCK_SERVER} --details ${REPO_NAME}:${IMAGE_TAG}" }// withCredentials // Clean up // Stop or remove the container image if needed.. -- GitLab From b0f5b6ef97a62b19eea711b1c2960b2913ae7963 Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 14:43:05 -0500 Subject: [PATCH 28/37] Moving Twistlock credentials to Jenkins credentials --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index a6c28e2..e370fcd 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -111,7 +111,7 @@ pipeline { // Start the container, import the TwistCLI binary, scan image withCredentials([usernamePassword(credentialsId: 'TwistLock', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) { password_escaped = PASSWORD.replaceAll("&", "\\\\&") - sshCommand remote: remote, command: "sudo curl -k -ssl -u ${USERNAME}:${PASSWORD} ${TWISTLOCK_SERVER}/api/v1/util/twistcli -o twistcli && sudo chmod +x ./twistcli && sudo ./twistcli images scan ${REPO_NAME}:${IMAGE_TAG} --user ${USERNAME} --password '${PASSWORD}' --address ${TWISTLOCK_SERVER} --details ${REPO_NAME}:${IMAGE_TAG}" + sshCommand remote: remote, command: "sudo curl -k -ssl -u ${USERNAME}:${password_escaped} ${TWISTLOCK_SERVER}/api/v1/util/twistcli -o twistcli && sudo chmod +x ./twistcli && sudo ./twistcli images scan ${REPO_NAME}:${IMAGE_TAG} --user ${USERNAME} --password '${PASSWORD}' --address ${TWISTLOCK_SERVER} --details ${REPO_NAME}:${IMAGE_TAG}" }// withCredentials // Clean up // Stop or remove the container image if needed.. -- GitLab From 4e66f2983d0ee75418985c4441f9715d6a1e160f Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 14:44:44 -0500 Subject: [PATCH 29/37] Moving Twistlock credentials to Jenkins credentials --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index e370fcd..2526041 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -111,7 +111,7 @@ pipeline { // Start the container, import the TwistCLI binary, scan image withCredentials([usernamePassword(credentialsId: 'TwistLock', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) { password_escaped = PASSWORD.replaceAll("&", "\\\\&") - sshCommand remote: remote, command: "sudo curl -k -ssl -u ${USERNAME}:${password_escaped} ${TWISTLOCK_SERVER}/api/v1/util/twistcli -o twistcli && sudo chmod +x ./twistcli && sudo ./twistcli images scan ${REPO_NAME}:${IMAGE_TAG} --user ${USERNAME} --password '${PASSWORD}' --address ${TWISTLOCK_SERVER} --details ${REPO_NAME}:${IMAGE_TAG}" + sshCommand remote: remote, command: "sudo curl -k -ssl -u ${USERNAME}:'${PASSWORD}' ${TWISTLOCK_SERVER}/api/v1/util/twistcli -o twistcli && sudo chmod +x ./twistcli && sudo ./twistcli images scan ${REPO_NAME}:${IMAGE_TAG} --user ${USERNAME} --password '${PASSWORD}' --address ${TWISTLOCK_SERVER} --details ${REPO_NAME}:${IMAGE_TAG}" }// withCredentials // Clean up // Stop or remove the container image if needed.. -- GitLab From cccbacf09d97cb3a5d0fcc13dca3239badf697f6 Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 14:52:09 -0500 Subject: [PATCH 30/37] Moving Nexus credentials to Jenkins credentials --- Jenkinsfile | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 2526041..080f967 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -11,8 +11,6 @@ pipeline { environment { NEXUS_SERVER = 'nexus-docker.52.61.140.4.nip.io' - NEXUS_USERNAME = 'admin' - NEXUS_PASSWORD = 'admin123' S3_REPORT_LOCATION = 's3://dsop-pipeline-artifacts' TWISTLOCK_SERVER = 'https://twistlock-console-twistlock.us-gov-west-1.compute.internal' REMOTE_HOST = 'ec2-52-222-64-188.us-gov-west-1.compute.amazonaws.com' @@ -67,7 +65,11 @@ pipeline { remote.user = userName remote.identityFile = identity stage('OpenSCAP Scan') { - sshCommand remote: remote, command: "sudo docker login -u ${NEXUS_USERNAME} -p ${NEXUS_PASSWORD} ${NEXUS_SERVER}" + + withCredentials([usernamePassword(credentialsId: 'TwistLock', usernameVariable: 'NEXUS_USERNAME', passwordVariable: 'NEXUS_PASSWORD')]) { + sshCommand remote: remote, command: "sudo docker login -u ${NEXUS_USERNAME} -p '${NEXUS_PASSWORD}' ${NEXUS_SERVER}" + } + sshCommand remote: remote, command: "sudo docker pull ${NEXUS_SERVER}/${REPO_NAME}:${IMAGE_TAG}" sshCommand remote: remote, command: "sudo oscap-docker image ${NEXUS_SERVER}/${REPO_NAME}:${IMAGE_TAG} xccdf eval --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa --report /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml" sshCommand remote: remote, command: "sudo oscap-docker image-cve ${NEXUS_SERVER}/${REPO_NAME}:${IMAGE_TAG} --report /tmp/report-cve.html" @@ -110,7 +112,6 @@ pipeline { stage('SSH to Twistlock Node') { // Start the container, import the TwistCLI binary, scan image withCredentials([usernamePassword(credentialsId: 'TwistLock', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) { - password_escaped = PASSWORD.replaceAll("&", "\\\\&") sshCommand remote: remote, command: "sudo curl -k -ssl -u ${USERNAME}:'${PASSWORD}' ${TWISTLOCK_SERVER}/api/v1/util/twistcli -o twistcli && sudo chmod +x ./twistcli && sudo ./twistcli images scan ${REPO_NAME}:${IMAGE_TAG} --user ${USERNAME} --password '${PASSWORD}' --address ${TWISTLOCK_SERVER} --details ${REPO_NAME}:${IMAGE_TAG}" }// withCredentials // Clean up -- GitLab From 5d6ece43e26811071f17de219d8c4246f50b5b2b Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 14:53:44 -0500 Subject: [PATCH 31/37] Moving Nexus credentials to Jenkins credentials --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 080f967..8819311 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -67,7 +67,7 @@ pipeline { stage('OpenSCAP Scan') { withCredentials([usernamePassword(credentialsId: 'TwistLock', usernameVariable: 'NEXUS_USERNAME', passwordVariable: 'NEXUS_PASSWORD')]) { - sshCommand remote: remote, command: "sudo docker login -u ${NEXUS_USERNAME} -p '${NEXUS_PASSWORD}' ${NEXUS_SERVER}" + sshCommand remote: remote, command: "sudo docker login -u ${NEXUS_USERNAME} -p ${NEXUS_PASSWORD} ${NEXUS_SERVER}" } sshCommand remote: remote, command: "sudo docker pull ${NEXUS_SERVER}/${REPO_NAME}:${IMAGE_TAG}" -- GitLab From 3bb0b52ebd0b8b5ed5377f91e048c64e10c112c0 Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 14:57:35 -0500 Subject: [PATCH 32/37] Moving Nexus credentials to Jenkins credentials --- Jenkinsfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 8819311..0a7babb 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -66,8 +66,8 @@ pipeline { remote.identityFile = identity stage('OpenSCAP Scan') { - withCredentials([usernamePassword(credentialsId: 'TwistLock', usernameVariable: 'NEXUS_USERNAME', passwordVariable: 'NEXUS_PASSWORD')]) { - sshCommand remote: remote, command: "sudo docker login -u ${NEXUS_USERNAME} -p ${NEXUS_PASSWORD} ${NEXUS_SERVER}" + withCredentials([usernamePassword(credentialsId: 'Nexus', usernameVariable: 'NEXUS_USERNAME', passwordVariable: 'NEXUS_PASSWORD')]) { + sshCommand remote: remote, command: "sudo docker login -u ${NEXUS_USERNAME} -p '${NEXUS_PASSWORD}' ${NEXUS_SERVER}" } sshCommand remote: remote, command: "sudo docker pull ${NEXUS_SERVER}/${REPO_NAME}:${IMAGE_TAG}" -- GitLab From 862af1d5677c064683a909387855d2cecb8f0b26 Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 15:01:32 -0500 Subject: [PATCH 33/37] Changed S3_REPORT_LOCATION to S3_REPORT_BUCKET to make clearer --- Jenkinsfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 0a7babb..cc98b55 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -11,7 +11,7 @@ pipeline { environment { NEXUS_SERVER = 'nexus-docker.52.61.140.4.nip.io' - S3_REPORT_LOCATION = 's3://dsop-pipeline-artifacts' + S3_REPORT_BUCKET = 's3://dsop-pipeline-artifacts' TWISTLOCK_SERVER = 'https://twistlock-console-twistlock.us-gov-west-1.compute.internal' REMOTE_HOST = 'ec2-52-222-64-188.us-gov-west-1.compute.amazonaws.com' } // environment @@ -36,7 +36,7 @@ pipeline { //agent { label 'docker' } steps { echo "Pushing ${REPO_NAME}:${IMAGE_TAG} to Nexus Staging" - echo "Artifact path is ${S3_REPORT_LOCATION}/${VENDOR_PRODUCT}/${REPO_NAME}/${IMAGE_TAG}/${DATETIME_TAG}_${BUILD_NUMBER}" + echo "Artifact path is ${S3_REPORT_BUCKET}/${VENDOR_PRODUCT}/${REPO_NAME}/${IMAGE_TAG}/${DATETIME_TAG}_${BUILD_NUMBER}" //TODO Test docker on agent eventually /*withDockerRegistry([url: '${env.NEXUS_SERVER}', credentialsId: '${env.NEXUS_USERNAME}/${env.NEXUS_PASSWORD}']) { @@ -73,8 +73,8 @@ pipeline { sshCommand remote: remote, command: "sudo docker pull ${NEXUS_SERVER}/${REPO_NAME}:${IMAGE_TAG}" sshCommand remote: remote, command: "sudo oscap-docker image ${NEXUS_SERVER}/${REPO_NAME}:${IMAGE_TAG} xccdf eval --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa --report /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml" sshCommand remote: remote, command: "sudo oscap-docker image-cve ${NEXUS_SERVER}/${REPO_NAME}:${IMAGE_TAG} --report /tmp/report-cve.html" - sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report-cve.html ${S3_REPORT_LOCATION}/${VENDOR_PRODUCT}/${REPO_NAME}/${IMAGE_TAG}/${DATETIME_TAG}_${BUILD_NUMBER}/openscap/report-cve.html" - sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report.html ${S3_REPORT_LOCATION}/${VENDOR_PRODUCT}/${REPO_NAME}/${IMAGE_TAG}/${DATETIME_TAG}_${BUILD_NUMBER}/openscap/report.html" + sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report-cve.html ${S3_REPORT_BUCKET}/${VENDOR_PRODUCT}/${REPO_NAME}/${IMAGE_TAG}/${DATETIME_TAG}_${BUILD_NUMBER}/openscap/report-cve.html" + sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report.html ${S3_REPORT_BUCKET}/${VENDOR_PRODUCT}/${REPO_NAME}/${IMAGE_TAG}/${DATETIME_TAG}_${BUILD_NUMBER}/openscap/report.html" sshGet remote: remote, from: "/tmp/report.html", into: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}/openscap-compliance-report.html", override: true sshGet remote: remote, from: "/tmp/report-cve.html", into: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}/openscap-cve-report.html", override: true publishHTML([alwaysLinkToLastBuild: false, keepAll: false, reportDir: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}", reportFiles: 'openscap-compliance-report.html', reportName: 'OpenSCAP Compliance Report', reportTitles: 'OpenSCAP Compliance Report']) -- GitLab From b03f60874f6e04709d86464691b9d2da09db6c02 Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 15:20:58 -0500 Subject: [PATCH 34/37] Generating openscap artifact path at start of block --- Jenkinsfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index cc98b55..fb739da 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -62,6 +62,7 @@ pipeline { remote.allowAnyHosts = true node { withCredentials([sshUserPrivateKey(credentialsId: 'oscap', keyFileVariable: 'identity', usernameVariable: 'userName')]) { + openscap_artifact_path = "${S3_REPORT_BUCKET}/${VENDOR_PRODUCT}/${REPO_NAME}/${IMAGE_TAG}/${DATETIME_TAG}_${BUILD_NUMBER}/openscap/" remote.user = userName remote.identityFile = identity stage('OpenSCAP Scan') { @@ -74,7 +75,7 @@ pipeline { sshCommand remote: remote, command: "sudo oscap-docker image ${NEXUS_SERVER}/${REPO_NAME}:${IMAGE_TAG} xccdf eval --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa --report /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml" sshCommand remote: remote, command: "sudo oscap-docker image-cve ${NEXUS_SERVER}/${REPO_NAME}:${IMAGE_TAG} --report /tmp/report-cve.html" sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report-cve.html ${S3_REPORT_BUCKET}/${VENDOR_PRODUCT}/${REPO_NAME}/${IMAGE_TAG}/${DATETIME_TAG}_${BUILD_NUMBER}/openscap/report-cve.html" - sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report.html ${S3_REPORT_BUCKET}/${VENDOR_PRODUCT}/${REPO_NAME}/${IMAGE_TAG}/${DATETIME_TAG}_${BUILD_NUMBER}/openscap/report.html" + sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report.html ${openscap_artifact_path}/report.html" sshGet remote: remote, from: "/tmp/report.html", into: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}/openscap-compliance-report.html", override: true sshGet remote: remote, from: "/tmp/report-cve.html", into: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}/openscap-cve-report.html", override: true publishHTML([alwaysLinkToLastBuild: false, keepAll: false, reportDir: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}", reportFiles: 'openscap-compliance-report.html', reportName: 'OpenSCAP Compliance Report', reportTitles: 'OpenSCAP Compliance Report']) -- GitLab From 41e76ce6aea89012fa4674d25afb293e4dcb27fd Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 15:24:43 -0500 Subject: [PATCH 35/37] Generating full image path at start of block --- Jenkinsfile | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index fb739da..26b5e44 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -63,6 +63,7 @@ pipeline { node { withCredentials([sshUserPrivateKey(credentialsId: 'oscap', keyFileVariable: 'identity', usernameVariable: 'userName')]) { openscap_artifact_path = "${S3_REPORT_BUCKET}/${VENDOR_PRODUCT}/${REPO_NAME}/${IMAGE_TAG}/${DATETIME_TAG}_${BUILD_NUMBER}/openscap/" + image_full_path = "${NEXUS_SERVER}/${REPO_NAME}:${IMAGE_TAG}" remote.user = userName remote.identityFile = identity stage('OpenSCAP Scan') { @@ -71,11 +72,11 @@ pipeline { sshCommand remote: remote, command: "sudo docker login -u ${NEXUS_USERNAME} -p '${NEXUS_PASSWORD}' ${NEXUS_SERVER}" } - sshCommand remote: remote, command: "sudo docker pull ${NEXUS_SERVER}/${REPO_NAME}:${IMAGE_TAG}" - sshCommand remote: remote, command: "sudo oscap-docker image ${NEXUS_SERVER}/${REPO_NAME}:${IMAGE_TAG} xccdf eval --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa --report /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml" - sshCommand remote: remote, command: "sudo oscap-docker image-cve ${NEXUS_SERVER}/${REPO_NAME}:${IMAGE_TAG} --report /tmp/report-cve.html" - sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report-cve.html ${S3_REPORT_BUCKET}/${VENDOR_PRODUCT}/${REPO_NAME}/${IMAGE_TAG}/${DATETIME_TAG}_${BUILD_NUMBER}/openscap/report-cve.html" - sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report.html ${openscap_artifact_path}/report.html" + sshCommand remote: remote, command: "sudo docker pull ${image_full_path}" + sshCommand remote: remote, command: "sudo oscap-docker image ${image_full_path} xccdf eval --profile xccdf_org.ssgproject.content_profile_stig-rhel7-disa --report /tmp/report.html /usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml" + sshCommand remote: remote, command: "sudo oscap-docker image-cve ${image_full_path} --report /tmp/report-cve.html" + sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report-cve.html ${openscap_artifact_path}report-cve.html" + sshCommand remote: remote, command: "/usr/sbin/aws s3 cp /tmp/report.html ${openscap_artifact_path}report.html" sshGet remote: remote, from: "/tmp/report.html", into: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}/openscap-compliance-report.html", override: true sshGet remote: remote, from: "/tmp/report-cve.html", into: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}/openscap-cve-report.html", override: true publishHTML([alwaysLinkToLastBuild: false, keepAll: false, reportDir: "/var/lib/jenkins/jobs/${env.JOB_NAME}/builds/${env.BUILD_NUMBER}", reportFiles: 'openscap-compliance-report.html', reportName: 'OpenSCAP Compliance Report', reportTitles: 'OpenSCAP Compliance Report']) -- GitLab From a099ae8ffc3eb65bce1f81710df0779dcdc3a916 Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 16:34:17 -0500 Subject: [PATCH 36/37] Seeing if gpg available --- Jenkinsfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Jenkinsfile b/Jenkinsfile index 26b5e44..16b1fbd 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -157,10 +157,14 @@ pipeline { } // steps } // stage + + + stage('Push to External Registry (TODO)') { steps { //input message: "Push image ${REPO_NAME}:${IMAGE_TAG} to registry?" echo 'Pushing to Registry' + sh "gpg --list-keys" } // steps } // stage -- GitLab From b84df31e5439b29528fe3f6750ea4f2af9158d63 Mon Sep 17 00:00:00 2001 From: Will Bunker Date: Fri, 26 Apr 2019 16:36:40 -0500 Subject: [PATCH 37/37] removing test to form another branch --- Jenkinsfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 16b1fbd..28caca3 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -164,7 +164,6 @@ pipeline { steps { //input message: "Push image ${REPO_NAME}:${IMAGE_TAG} to registry?" echo 'Pushing to Registry' - sh "gpg --list-keys" } // steps } // stage -- GitLab