From 9e0ce9fc0fb08a66251186209e0c915eefb30d36 Mon Sep 17 00:00:00 2001
From: jnach <jnachbar@redhat.com>
Date: Fri, 26 Apr 2019 16:40:47 +0000
Subject: [PATCH 1/6] add cleanup stage

---
 Jenkinsfile | 33 +++++++++++++++++++++++++++++++--
 1 file changed, 31 insertions(+), 2 deletions(-)

diff --git a/Jenkinsfile b/Jenkinsfile
index 0eb8b20..ca8fb40 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -98,8 +98,6 @@ pipeline {
                 sshCommand remote: remote, command: "sudo curl -k -ssl -u ${TWISTLOCK_USERNAME}:${TWISTLOCK_PASSWORD} ${TWISTLOCK_SERVER}/api/v1/util/twistcli -o twistcli && sudo chmod +x ./twistcli && sudo ./twistcli images scan ${IMAGE_TAG} --user ${TWISTLOCK_USERNAME} --password ${TWISTLOCK_PASSWORD} --address ${TWISTLOCK_SERVER} --details ${IMAGE_TAG}"
 		// Pull latest report from the twistlock console
 		sshCommand remote: remote, command: "curl -k -s -u ${TWISTLOCK_USERNAME}:${TWISTLOCK_PASSWORD} -H 'Content-Type: application/json' -X GET '${TWISTLOCK_SERVER}/api/v1/scans?search=${NEXUS_SERVER}/${IMAGE_TAG}&limit=1&reverse=true&type=twistcli' | python -m json.tool | /usr/sbin/aws s3 cp - ${S3_REPORT_LOCATION}/twistlock/${IMAGE_TAG}.json"
-                // Clean up
-		sshCommand remote: remote, command: "sudo docker rmi ${NEXUS_SERVER}/${IMAGE_TAG}"
               } // script
             } // stage
           } // withCredentials
@@ -144,6 +142,37 @@ pipeline {
       } // steps
     } // stage
 
+    stage('Clean up Docker artifacts') {
+      steps {
+	 when {
+        anyOf {
+          environment name: "toolsToRun", value: "All"
+          environment name: "toolsToRun", value: "Twistlock"
+        } // anyOf
+      } // when
+      steps {
+        echo 'Cleaning up docker artifacts'
+        // this may use a dedicated node eventually, or be refactored to follow best practice TBD
+        script {
+          def remote = [:]
+          remote.name = "node"
+          remote.host = "${env.REMOTE_HOST}"
+          remote.allowAnyHosts = true
+          node {
+                // using the oscap user, this is temporary
+            withCredentials([sshUserPrivateKey(credentialsId: 'oscap', keyFileVariable: 'identity', usernameVariable: 'userName')]) {
+              remote.user = userName
+              remote.identityFile = identity
+              stage('SSH to worker Node') {
+                // clean up all docker artifacts
+                sshCommand remote: remote, command: "sudo docker rm $(docker ps -a -q) && sudo docker rmi $(docker images -q)"
+	      } // stage
+	    } //withCredentials
+	} // node
+      } // steps
+    } // stage
+
+
   } // stages
 
 } // pipeline
-- 
GitLab


From 07328b5e2474b6f4f1afc92712dd388b88d832af Mon Sep 17 00:00:00 2001
From: jnach <jnachbar@redhat.com>
Date: Fri, 26 Apr 2019 16:42:02 +0000
Subject: [PATCH 2/6] escape dollar signs

---
 Jenkinsfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Jenkinsfile b/Jenkinsfile
index ca8fb40..92035e5 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -165,7 +165,7 @@ pipeline {
               remote.identityFile = identity
               stage('SSH to worker Node') {
                 // clean up all docker artifacts
-                sshCommand remote: remote, command: "sudo docker rm $(docker ps -a -q) && sudo docker rmi $(docker images -q)"
+                sshCommand remote: remote, command: "sudo docker rm \$(docker ps -a -q) && sudo docker rmi \$(docker images -q)"
 	      } // stage
 	    } //withCredentials
 	} // node
-- 
GitLab


From b1a3e5fcd4c7f7e4d0c9a565c4701e72cef6482e Mon Sep 17 00:00:00 2001
From: jnach <jnachbar@redhat.com>
Date: Fri, 26 Apr 2019 16:44:43 +0000
Subject: [PATCH 3/6] remove when stanza for clean

---
 Jenkinsfile | 15 +++------------
 1 file changed, 3 insertions(+), 12 deletions(-)

diff --git a/Jenkinsfile b/Jenkinsfile
index 92035e5..2c6b254 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -143,13 +143,6 @@ pipeline {
     } // stage
 
     stage('Clean up Docker artifacts') {
-      steps {
-	 when {
-        anyOf {
-          environment name: "toolsToRun", value: "All"
-          environment name: "toolsToRun", value: "Twistlock"
-        } // anyOf
-      } // when
       steps {
         echo 'Cleaning up docker artifacts'
         // this may use a dedicated node eventually, or be refactored to follow best practice TBD
@@ -168,11 +161,9 @@ pipeline {
                 sshCommand remote: remote, command: "sudo docker rm \$(docker ps -a -q) && sudo docker rmi \$(docker images -q)"
 	      } // stage
 	    } //withCredentials
-	} // node
+	  } // node
+        } // script
+      } // steps
       } // steps
-    } // stage
-
-
   } // stages
-
 } // pipeline
-- 
GitLab


From 89cf61e9b6a360e702213b5369d5ffe24bbf396b Mon Sep 17 00:00:00 2001
From: jnach <jnachbar@redhat.com>
Date: Fri, 26 Apr 2019 16:47:14 +0000
Subject: [PATCH 4/6] add priv escalation for docker

---
 Jenkinsfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Jenkinsfile b/Jenkinsfile
index 2c6b254..02ad594 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -158,7 +158,7 @@ pipeline {
               remote.identityFile = identity
               stage('SSH to worker Node') {
                 // clean up all docker artifacts
-                sshCommand remote: remote, command: "sudo docker rm \$(docker ps -a -q) && sudo docker rmi \$(docker images -q)"
+                sshCommand remote: remote, command: "sudo docker rm \$(sudo docker ps -a -q) && sudo docker rmi \$(sudo docker images -q)"
 	      } // stage
 	    } //withCredentials
 	  } // node
-- 
GitLab


From 6d4ef1e02b61d6beda3b465449b1d2b02cef66e0 Mon Sep 17 00:00:00 2001
From: jnach <jnachbar@redhat.com>
Date: Fri, 26 Apr 2019 17:01:47 +0000
Subject: [PATCH 5/6] add conditionals for cleanup

---
 Jenkinsfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Jenkinsfile b/Jenkinsfile
index 02ad594..87e12b7 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -158,7 +158,7 @@ pipeline {
               remote.identityFile = identity
               stage('SSH to worker Node') {
                 // clean up all docker artifacts
-                sshCommand remote: remote, command: "sudo docker rm \$(sudo docker ps -a -q) && sudo docker rmi \$(sudo docker images -q)"
+                sshCommand remote: remote, command: "if [[ \$(sudo docker images -q) ]]; then sudo docker rmi \$(sudo docker images -q) --force; fi && if [[ \$(sudo docker ps -a -q) ]]; then sudo docker rm \$(sudo docker ps -a -q); fi"
 	      } // stage
 	    } //withCredentials
 	  } // node
-- 
GitLab


From 6c6b066fe359041d8768b31f3664ff37c2196348 Mon Sep 17 00:00:00 2001
From: jnach <jnachbar@redhat.com>
Date: Fri, 26 Apr 2019 17:06:18 +0000
Subject: [PATCH 6/6] fix comments

---
 Jenkinsfile | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Jenkinsfile b/Jenkinsfile
index 87e12b7..ad3873e 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -98,10 +98,10 @@ pipeline {
                 sshCommand remote: remote, command: "sudo curl -k -ssl -u ${TWISTLOCK_USERNAME}:${TWISTLOCK_PASSWORD} ${TWISTLOCK_SERVER}/api/v1/util/twistcli -o twistcli && sudo chmod +x ./twistcli && sudo ./twistcli images scan ${IMAGE_TAG} --user ${TWISTLOCK_USERNAME} --password ${TWISTLOCK_PASSWORD} --address ${TWISTLOCK_SERVER} --details ${IMAGE_TAG}"
 		// Pull latest report from the twistlock console
 		sshCommand remote: remote, command: "curl -k -s -u ${TWISTLOCK_USERNAME}:${TWISTLOCK_PASSWORD} -H 'Content-Type: application/json' -X GET '${TWISTLOCK_SERVER}/api/v1/scans?search=${NEXUS_SERVER}/${IMAGE_TAG}&limit=1&reverse=true&type=twistcli' | python -m json.tool | /usr/sbin/aws s3 cp - ${S3_REPORT_LOCATION}/twistlock/${IMAGE_TAG}.json"
-              } // script
-            } // stage
-          } // withCredentials
-        } //node
+              } // stage
+            } // withCredentials
+          } // node
+        } // script
       } // steps
     } // stage
 
-- 
GitLab