def label = "${UUID.randomUUID().toString()}" podTemplate( label: label, name: "pipeline-runner", yaml: """--- apiVersion: v1 kind: Pod spec: containers: - name: golang image: docker.io/golang:latest tty: true command: - cat - name: sonarscanner imagePullPolicy: Always image: registry.test-chamber-13.lan:5000/sonarscanner:latest tty: true command: - cat - name: kaniko imagePullPolicy: Always image: gcr.io/kaniko-project/executor:debug tty: true command: - /busybox/cat """, ) { node (label) { def workspace = pwd() def shortCommit stage('Clone Repository') { git url: 'ssh://git@gitlab.smoothnet.org:31822/The_Spider/certificate-monitor.git', credentialsId: 'sonarqube-read-access', branch: 'master' shortCommit = sh(returnStdout: true, script: "git log -n 1 --pretty=format:'%h'").trim() } stage('Prepare SonarScanner') { def sonarScannerConfig = """ sonar.projectKey=${env.JOB_BASE_NAME} sonar.projectVersion=${shortCommit} sonar.sources=. sonar.exclusions=**/*_test.go,**/vendor/**,**/testdata/* sonar.tests=. sonar.test.inclusions=**/*_test.go sonar.test.exclusions=**/vendor/** sonar.go.coverage.reportPaths=cover.out """ writeFile file: 'sonar-project.properties', text: sonarScannerConfig } stage('Run Tests') { container('golang') { sh """ go get -u github.com/jstemmer/go-junit-report ln -s "${workspace}" "/go/src/${env.JOB_BASE_NAME}" cd "/go/src/${env.JOB_BASE_NAME}" go get -d -v ./... go install -v ./... go test -short -coverprofile=cover.out `go list ./... | grep -v vendor/` go test -v 2>&1 | go-junit-report > report.xml """ } } stage('SonarQube Analysis') { container('sonarscanner') { withSonarQubeEnv('SonarQube') { sh "sonar-scanner --define sonar.host.url=https://sonar.cluster.test-chamber-13.lan" } } } stage('Build COntainer') { container('kaniko') { def dockerfile = """ FROM golang:alpine AS BUILDER RUN apk --no-cache add git upx WORKDIR /go/src/app COPY . . RUN go get -d -v ./... && \\ go install -v ./... && \\ go build -ldflags="-s -w" -o app ./ && \\ upx --brute app FROM alpine:latest RUN apk add --no-cache ca-certificates && \\ addgroup -S -g 1000 app && \\ adduser -S app -G app -h /app -u 1000 && \\ printf '%s\\n' \\ "-----BEGIN CERTIFICATE-----" \\ "MIICLTCCAbOgAwIBAgIDAYagMAoGCCqGSM49BAMEME0xCzAJBgNVBAYTAlVTMScw" \\ "JQYDVQQKDB5UZXN0IENoYW1iZXIgMTMgVHJ1c3QgU2VydmljZXMxFTATBgNVBAMM" \\ "DFRDMTMgUm9vdCBSMTAgFw0xOTAxMDEwMDAwMDBaGA8yMDUwMDEwMTAwMDAwMFow" \\ "TTELMAkGA1UEBhMCVVMxJzAlBgNVBAoMHlRlc3QgQ2hhbWJlciAxMyBUcnVzdCBT" \\ "ZXJ2aWNlczEVMBMGA1UEAwwMVEMxMyBSb290IFIxMHYwEAYHKoZIzj0CAQYFK4EE" \\ "ACIDYgAE8+/J1ECc0VHxTtGXFLnHJ3NGZ2SW38pp9wI58L5EQbHRLiezYuvkUbI/" \\ "XGJjLnFdpgjo7W1FFlyhx5ITlCstUX5Sn9bLZiA0+mE0n6b8VwhXwkHlnIeRo7od" \\ "Zu/OfSFjo2MwYTAdBgNVHQ4EFgQUrGqUJhyRp93wXF645VNtYatRk/AwHwYDVR0j" \\ "BBgwFoAUrGqUJhyRp93wXF645VNtYatRk/AwDwYDVR0TAQH/BAUwAwEB/zAOBgNV" \\ "HQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwQDaAAwZQIxAJdgskimDJkf/MGVRrKotmNC" \\ "xdH/UVQfQppjIR9FAiGeFDr47thclYrzIL6yCkV7nwIwYjf3MbOm/yWblzqe3Uyw" \\ "UOemMEg3PjcKNsN65W2WVon5HIZx2XVfGRPjf5ZTVWzZ" \\ "-----END CERTIFICATE-----" > /usr/local/share/ca-certificates/test-chamber-13.lan.crt && \\ update-ca-certificates USER app WORKDIR /app COPY --from=BUILDER /go/src/app/app /app/ ENTRYPOINT ./app """ writeFile file: workspace + '/Dockerfile', text: dockerfile sh '/kaniko/executor --insecure --skip-tls-verify --context "' + workspace + '" -f "' + workspace + '/Dockerfile" --destination registry.test-chamber-13.lan:5000/certificate-monitor:latest' } } stage('Submit Testing Report to Jenkins') { junit 'report.xml' } } }