diff --git a/Jenkinsfile b/Jenkinsfile
index d1dc047..182c621 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -6,7 +6,7 @@
import groovy.json.JsonSlurperClassic
emailList = 'vitaly.korolev@progress.com, sumanth.ravipati@progress.com, peng.zhou@progress.com, fayez.saliba@progress.com, barkha.choithani@progress.com, romain.winieski@progress.com'
-emailSecList = 'Rangan.Doreswamy@progress.com, Mahalakshmi.Srinivasan@progress.com'
+emailSecList = 'Mahalakshmi.Srinivasan@progress.com'
gitCredID = 'marklogic-builder-github'
JIRA_ID = ''
JIRA_ID_PATTERN = /(?i)(MLE)-\d{3,6}/
@@ -103,7 +103,7 @@ def getReviewState() {
return reviewState
}
-void resultNotification(message) {
+void resultNotification(status) {
def author, authorEmail, emailList
if (env.CHANGE_AUTHOR) {
author = env.CHANGE_AUTHOR.toString().trim().toLowerCase()
@@ -117,11 +117,11 @@ void resultNotification(message) {
jira_email_body = "${email_body}
Jira URL:
${jira_link}"
if (JIRA_ID) {
- def comment = [ body: "Jenkins pipeline build result: ${message}" ]
+ def comment = [ body: "Jenkins pipeline build result: ${status}" ]
jiraAddComment site: 'JIRA', idOrKey: JIRA_ID, failOnError: false, input: comment
- mail charset: 'UTF-8', mimeType: 'text/html', to: "${emailList}", body: "${jira_email_body}", subject: "${message}: ${env.JOB_NAME} #${env.BUILD_NUMBER} - ${JIRA_ID}"
+ mail charset: 'UTF-8', mimeType: 'text/html', to: "${emailList}", body: "${jira_email_body}", subject: "🥷 ${status}: ${env.JOB_NAME} #${env.BUILD_NUMBER} - ${JIRA_ID}"
} else {
- mail charset: 'UTF-8', mimeType: 'text/html', to: "${emailList}", body: "${email_body}", subject: "${message}: ${env.JOB_NAME} #${env.BUILD_NUMBER}"
+ mail charset: 'UTF-8', mimeType: 'text/html', to: "${emailList}", body: "${email_body}", subject: "🥷 ${status}: ${env.JOB_NAME} #${env.BUILD_NUMBER}"
}
}
@@ -147,6 +147,11 @@ void imageScan() {
}
sh '''rm -f dep-image-scan.txt'''
+
+ // trigger BlackDuck scan
+ def rawImageList = readFile(file: 'helm_image.list').trim()
+ def imageList = rawImageList.endsWith(',') ? rawImageList[0..-2] : rawImageList
+ build job: 'securityscans/Blackduck/KubeNinjas/kubernetes-helm', wait: false, parameters: [ string(name: 'branch', value: "${env.BRANCH_NAME}"), string(name: 'CONTAINER_IMAGES', value: "${imageList}") ]
}
void publishTestResults() {
@@ -261,13 +266,16 @@ pipeline {
sh "rm -rf $WORKSPACE/test/test_results/"
}
success {
- resultNotification('BUILD SUCCESS ✅')
+ resultNotification('✅ Success')
}
failure {
- resultNotification('BUILD ERROR ❌')
+ resultNotification('❌ Failure')
}
unstable {
- resultNotification('BUILD UNSTABLE ❌')
+ resultNotification('⚠️ Unstable')
+ }
+ aborted {
+ resultNotification('🚫 Aborted')
}
}
}
\ No newline at end of file
diff --git a/makefile b/makefile
index a5c5cf2..2e36e5f 100644
--- a/makefile
+++ b/makefile
@@ -233,8 +233,10 @@ upgrade-test: prepare
.PHONY: image-scan
image-scan:
+ @rm -f helm_image.list dep-image-scan.txt
@echo "=====Scan dependent Docker images in charts/values.yaml" $(if $(saveOutput), | tee -a dep-image-scan.txt,)
@for depImage in $(shell grep -E "^\s*\bimage:\s+(.*)" charts/values.yaml | sed 's/image: //g' | sed 's/"//g'); do\
+ echo -n "$${depImage}," >> helm_image.list ; \
echo "= $${depImage}:" $(if $(saveOutput), | tee -a dep-image-scan.txt,) ; \
docker run --rm -v /var/run/docker.sock:/var/run/docker.sock anchore/grype:latest --output json $${depImage} | jq -r '[(.matches[] | [.artifact.name, .artifact.version, .vulnerability.id, .vulnerability.severity])] | .[] | @tsv' | sort -k4 | column -t $(if $(saveOutput), | tee -a dep-image-scan.txt,);\
echo $(if $(saveOutput), | tee -a dep-image-scan.txt,) ;\