forked from darinpope/jenkins-example-cosign
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathJenkinsfile-2
49 lines (49 loc) · 1.18 KB
/
Jenkinsfile-2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
pipeline {
agent any
environment {
GITHUB_TOKEN=credentials('github-token')
IMAGE_NAME='sschubertchainguard/jenkins-example-cosign'
IMAGE_VERSION='8.5-204'
COSIGN_PASSWORD=credentials('cosign-password')
COSIGN_PRIVATE_KEY=credentials('cosign-private-key')
}
stages {
stage('cleanup') {
steps {
sh 'docker system prune -a --volumes --force'
}
}
stage('build image') {
steps {
sh 'docker build -t $IMAGE_NAME:$IMAGE_VERSION .'
}
}
stage('login to GHCR') {
steps {
sh 'echo "$GITHUB_TOKEN_PSW" | docker login ghcr.io -u $GITHUB_TOKEN_USR --password-stdin'
}
}
stage('tag image') {
steps {
sh 'docker tag $IMAGE_NAME:$IMAGE_VERSION ghcr.io/$IMAGE_NAME:$IMAGE_VERSION'
}
}
stage('push image') {
steps {
sh 'docker push ghcr.io/$IMAGE_NAME:$IMAGE_VERSION'
}
}
stage('sign the container image') {
steps {
sh 'cosign version'
sh 'echo $COSIGN_PASSWORD'
sh 'cosign sign --key $COSIGN_PRIVATE_KEY -y ghcr.io/$IMAGE_NAME:$IMAGE_VERSION'
}
}
}
post {
always {
sh 'docker logout'
}
}
}