upgrade ks-jenkins to v4.1.0-2.346.3 #99
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: PR Check | |
on: | |
pull_request: | |
branches: | |
- master | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v1 | |
- name: Docker meta for kubesphere | |
id: meta | |
uses: docker/metadata-action@v3 | |
with: | |
images: | | |
kubespheredev/ks-jenkins | |
tags: | | |
type=schedule | |
type=ref,event=branch | |
type=ref,event=pr | |
type=semver,pattern=v{{major}}.{{minor}}.{{patch}} | |
- name: Cache | |
uses: actions/[email protected] | |
with: | |
path: ~/.m2 | |
key: maven | |
restore-keys: maven | |
- name: Dependency | |
run: | | |
wget https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-linux-x86_64.tar.bz2 | |
tar xvjf phantomjs-2.1.1-linux-x86_64.tar.bz2 | |
ls -ahl | |
wget https://github.com/kubesphere/ks-jenkins/releases/download/v4.0.0-2.346.3/com.atlassian.platform-platform.3.1.7.tar.gz | |
tar -zxvf com.atlassian.platform-platform.3.1.7.tar.gz | |
mkdir -p ~/.m2/repository/com/atlassian | |
mv platform ~/.m2/repository/com/atlassian/ | |
# v2.0-alpha-6 is a pre-release, jcli is not able to download it automatically. | |
mkdir -p ~/.jenkins-cli | |
curl https://github.com/LinuxSuRen/custom-war-packager/releases/download/v2.0-alpha-6/custom-war-packager-cli-2.0-alpha-7-20210527.031403-1-jar-with-dependencies.jar \ | |
-L --output ~/.jenkins-cli/cwp-cli.jar | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v1 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Build env | |
id: build_env | |
shell: bash | |
run: | | |
echo "::set-output name=version::${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}" | |
- name: Build | |
shell: bash | |
run: | | |
curl -L https://github.com/jenkins-zh/jenkins-cli/releases/latest/download/jcli-linux-amd64.tar.gz|tar xzv | |
export PATH=.:$PATH:phantomjs/bin | |
jcli cwp --install-artifacts --config-path formula.yaml \ | |
--value-set output=load \ | |
--value-set tag=kubespheredev/ks-jenkins:v${{ steps.build_env.outputs.version }} \ | |
--value-set platform=linux/amd64 | |
trivy-scan: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v1 | |
- name: Docker meta for kubesphere | |
id: meta | |
uses: docker/metadata-action@v3 | |
with: | |
images: | | |
kubespheredev/ks-jenkins | |
tags: | | |
type=schedule | |
type=ref,event=branch | |
type=ref,event=pr | |
type=semver,pattern=v{{major}}.{{minor}}.{{patch}} | |
- name: Cache | |
uses: actions/[email protected] | |
with: | |
path: ~/.m2 | |
key: maven | |
restore-keys: maven | |
- name: Dependency | |
run: | | |
wget https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-2.1.1-linux-x86_64.tar.bz2 | |
tar xvjf phantomjs-2.1.1-linux-x86_64.tar.bz2 | |
ls -ahl | |
# v2.0-alpha-6 is a pre-release, jcli is not able to download it automatically. | |
mkdir -p ~/.jenkins-cli | |
curl https://github.com/LinuxSuRen/custom-war-packager/releases/download/v2.0-alpha-6/custom-war-packager-cli-2.0-alpha-7-20210527.031403-1-jar-with-dependencies.jar \ | |
-L --output ~/.jenkins-cli/cwp-cli.jar | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v1 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Build env | |
id: build_env | |
shell: bash | |
run: | | |
echo "::set-output name=version::${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}" | |
- name: Build | |
shell: bash | |
run: | | |
curl -L https://github.com/jenkins-zh/jenkins-cli/releases/latest/download/jcli-linux-amd64.tar.gz|tar xzv | |
export PATH=.:$PATH:phantomjs/bin | |
jcli cwp --install-artifacts --config-path formula.yaml \ | |
--value-set output=load \ | |
--value-set tag=kubespheredev/ks-jenkins:${{ steps.build_env.outputs.version }} \ | |
--value-set platform=linux/amd64 | |
- name: Run Trivy vulnerability scanner | |
uses: aquasecurity/trivy-action@master | |
env: | |
TRIVY_OFFLINE_SCAN: true | |
if: github.event_name == 'pull_request' | |
with: | |
image-ref: 'kubespheredev/ks-jenkins:${{ steps.build_env.outputs.version }}' | |
timeout: 10m | |
format: 'table' | |
exit-code: '1' | |
ignore-unfixed: true | |
vuln-type: 'os,library' | |
severity: 'CRITICAL,HIGH' |