diff --git a/Dockerfile b/Dockerfile index 35997a3..5675d9c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM registry.cloudogu.com/official/base-debian:12.6-1 +FROM registry.cloudogu.com/official/base-debian:12.7-3 LABEL MAINTAINER="hello@cloudogu.com" \ NAME="official/mysql" \ diff --git a/Jenkinsfile b/Jenkinsfile index 75517e1..37475a0 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,5 +1,5 @@ #!groovy -@Library(['github.com/cloudogu/ces-build-lib@v1.48.0', 'github.com/cloudogu/dogu-build-lib@v1.5.1']) _ +@Library(['github.com/cloudogu/ces-build-lib@4.0.1', 'github.com/cloudogu/dogu-build-lib@v3.0.0']) import com.cloudogu.ces.cesbuildlib.* import com.cloudogu.ces.dogubuildlib.* @@ -47,13 +47,23 @@ timestamps { // Keep only the last x builds to preserve space buildDiscarder(logRotator(numToKeepStr: '10')), // Don't run concurrent builds for a branch, because they use the same workspace directory - disableConcurrentBuilds() + disableConcurrentBuilds(), + parameters([ + booleanParam(defaultValue: true, description: 'Enables cypress to record video of the integration tests.', name: 'EnableVideoRecording'), + booleanParam(defaultValue: true, description: 'Enables cypress to take screenshots of failing integration tests.', name: 'EnableScreenshotRecording'), + choice(name: 'TrivySeverityLevels', choices: [TrivySeverityLevel.CRITICAL, TrivySeverityLevel.HIGH_AND_ABOVE, TrivySeverityLevel.MEDIUM_AND_ABOVE, TrivySeverityLevel.ALL], description: 'The levels to scan with trivy', defaultValue: TrivySeverityLevel.CRITICAL), + choice(name: 'TrivyStrategy', choices: [TrivyScanStrategy.UNSTABLE, TrivyScanStrategy.FAIL, TrivyScanStrategy.IGNORE], description: 'Define whether the build should be unstable, fail or whether the error should be ignored if any vulnerability was found.', defaultValue: TrivyScanStrategy.UNSTABLE), + ]) ]) EcoSystem ecoSystem = new EcoSystem(this, 'gcloud-ces-operations-internal-packer', 'jenkins-gcloud-ces-operations-internal') try { stage('Provision') { + // change namespace to prerelease_namespace if in develop-branch + if (gitflow.isPreReleaseBranch()) { + sh "make prerelease_namespace" + } ecoSystem.provision(doguDirectory) } @@ -73,6 +83,15 @@ timestamps { ecoSystem.build(doguDirectory) } + stage('Trivy scan') { + ecoSystem.copyDoguImageToJenkinsWorker("/dogu") + Trivy trivy = new Trivy(this) + trivy.scanDogu(".", params.TrivySeverityLevels, params.TrivyStrategy) + trivy.saveFormattedTrivyReport(TrivyScanFormat.TABLE) + trivy.saveFormattedTrivyReport(TrivyScanFormat.JSON) + trivy.saveFormattedTrivyReport(TrivyScanFormat.HTML) + } + stage('Verify') { ecoSystem.verify(doguDirectory) } @@ -108,7 +127,12 @@ timestamps { stage('Add Github-Release') { github.createReleaseWithChangelog(releaseVersion, changelog, "main") } - } + } else if (gitflow.isPreReleaseBranch()) { + // push to registry in prerelease_namespace + stage('Push Prerelease Dogu to registry') { + ecoSystem.pushPreRelease("/dogu") + } + } } finally { stage('Clean') { diff --git a/installation-scripts/install-mysql.sh b/installation-scripts/install-mysql.sh index 1dbd997..ad56990 100755 --- a/installation-scripts/install-mysql.sh +++ b/installation-scripts/install-mysql.sh @@ -2,10 +2,10 @@ set -o errexit set -o nounset set -o pipefail -DEBIAN_SHA_256_SUM="df9c563abd70bb9b2fb1be7d11868a300bd60023bcd60700f24430008059a704" +DEBIAN_SHA_256_SUM="455ec3690765cff58a4123ba498921fb58fb76c46465e9659180848e997452b6" # Version of debian file containing the installation files for mysql in different versions # This is NOT the actual mysql version to install -VERSION="0.8.32-1" +VERSION="0.8.33-1" # see for latest version: https://dev.mysql.com/downloads/repo/apt/ wget "https://dev.mysql.com/get/mysql-apt-config_${VERSION}_all.deb" echo "${DEBIAN_SHA_256_SUM} mysql-apt-config_${VERSION}_all.deb" | sha256sum -c - diff --git a/mysql-apt-config_0.8.33-1_all.deb b/mysql-apt-config_0.8.33-1_all.deb new file mode 100644 index 0000000..7859015 Binary files /dev/null and b/mysql-apt-config_0.8.33-1_all.deb differ