forked from Enalean/tuleap
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathJenkinsfile-security-taint-analysis
80 lines (74 loc) · 2.44 KB
/
Jenkinsfile-security-taint-analysis
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
#!/usr/bin/env groovy
def actions
pipeline {
agent {
label 'docker'
}
triggers { cron('H 5 * * 1-5') }
stages {
stage('Checkout') {
steps {
checkout scm
}
}
stage('Prepare') {
steps {
dir ('results') {
deleteDir()
}
script { actions = load 'sources/tests/actions.groovy' }
dir ('sources') {
withCredentials([
usernamePassword(
credentialsId: 'nexus.enalean.com_readonly',
passwordVariable: 'NPM_PASSWORD',
usernameVariable: 'NPM_USER'
),
string(credentialsId: 'github-token-composer', variable: 'COMPOSER_GITHUB_AUTH')
]) {
script { actions.prepareSources('dev') }
}
}
}
}
stage('Psalm taint analysis') {
agent {
docker {
image 'ghcr.io/enalean/tuleap-test-phpunit:el9-php82'
reuseNode true
args '--network none'
}
}
steps {
script {
actions = load 'sources/tests/actions.groovy'
actions.runPsalmTaintAnalysis('tests/psalm/psalm.xml')
}
}
post {
always {
recordIssues enabledForFailure: true, minimumSeverity: 'NORMAL', tools: [checkStyle(id: 'checkstyle_psalm', pattern: 'results/psalm/checkstyle.xml')]
}
}
}
}
post {
always {
archiveArtifacts allowEmptyArchive: true, artifacts: 'results/'
}
failure {
withCredentials([string(credentialsId: 'email-notification-rd-team', variable: 'email')]) {
mail to: email,
subject: "${currentBuild.fullDisplayName} is broken",
body: "See ${env.BUILD_URL}"
}
}
unstable {
withCredentials([string(credentialsId: 'email-notification-rd-team', variable: 'email')]) {
mail to: email,
subject: "${currentBuild.fullDisplayName} is unstable",
body: "See ${env.BUILD_URL}"
}
}
}
}