-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathJenkinsfile
83 lines (81 loc) · 3.77 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
pipeline {
agent { label 'nomad' }
options {
ansiColor('xterm')
}
stages {
stage('Checkout VCS') {
steps {
git branch: 'main', changelog: false, poll: false, url: 'https://github.com/djschnei21/hashistack-image-factory.git'
}
}
stage('Build Golden Ubuntu') {
steps {
sh '''
set +x
echo "Building Golden Ubuntu..."
cd packer-templates/golden-image
echo "Requesting CSP Credentials from Vault..."
eval $(vault read -format=json aws-lab/creds/packer-role | jq -r '"export AWS_DEFAULT_REGION=us-east-2 AWS_ACCESS_KEY_ID=\\(.data.access_key) AWS_SECRET_ACCESS_KEY=\\(.data.secret_key) AWS_SECRET_LEASE_ID=\\(.data.lease_id)"')
eval $(vault read -format=json azure-lab/creds/packer | jq -r '"export ARM_CLIENT_ID=\\(.data.client_id) ARM_CLIENT_SECRET=\\(.data.client_secret) AZURE_SECRET_LEASE_ID=\\(.data.lease_id)"')
echo "Credentials Successfully Retrieved!"
sleep 5
echo "Executing Packer Build..."
packer init .
packer build -var "azure_client_id=$ARM_CLIENT_ID" -var "azure_client_secret=$ARM_CLIENT_SECRET" golden-ubuntu.pkr.hcl
echo "Invalidating CSP Credentials..."
vault lease revoke $AWS_SECRET_LEASE_ID
vault lease revoke $AZURE_SECRET_LEASE_ID
'''
}
}
stage('Golden Ubuntu - Scan Results') {
steps {
sh '''
set +x
echo "Golden Ubuntu - Scan Results..."
cd packer-templates/golden-image
for file in *-summary.json; do
filename="${file%.*}"
summary=$(cat "$file")
echo "$filename: $summary"
done
'''
}
}
stage('Build Apache Ubuntu') {
steps {
sh '''
set +x
echo "Building Apache..."
cd packer-templates/apache-image
echo "Requesting CSP Credentials from Vault..."
eval $(vault read -format=json aws-lab/creds/packer-role | jq -r '"export AWS_DEFAULT_REGION=us-east-2 AWS_ACCESS_KEY_ID=\\(.data.access_key) AWS_SECRET_ACCESS_KEY=\\(.data.secret_key) AWS_SECRET_LEASE_ID=\\(.data.lease_id)"')
eval $(vault read -format=json azure-lab/creds/packer | jq -r '"export ARM_CLIENT_ID=\\(.data.client_id) ARM_CLIENT_SECRET=\\(.data.client_secret) AZURE_SECRET_LEASE_ID=\\(.data.lease_id)"')
echo "Credentials Successfully Retrieved!"
sleep 5
echo "Executing Packer Build..."
packer init .
packer build -var "azure_client_id=$ARM_CLIENT_ID" -var "azure_client_secret=$ARM_CLIENT_SECRET" Apache-ubuntu.pkr.hcl
echo "Invalidating CSP Credentials..."
vault lease revoke $AWS_SECRET_LEASE_ID
vault lease revoke $AZURE_SECRET_LEASE_ID
'''
}
}
stage('Apache Ubuntu - Scan Results') {
steps {
sh '''
set +x
echo "Apache Ubuntu - Scan Results..."
cd packer-templates/apache-image
for file in *-summary.json; do
filename="${file%.*}"
summary=$(cat "$file")
echo "$filename: $summary"
done
'''
}
}
}
}