OpenBokeron/TallerCiCd
10
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Merge pull request 'Add Trivy stage to CD' (#37) from feature/main-36-AddTrivyJob into main

Browse Source 
Reviewed-on: #37
This commit was merged in pull request #37.
This commit is contained in:
Jose
2026-02-22 12:24:21 +01:00
parent f9185e0f21 bd769b0eb0
commit 6660035fa3
5 changed files with 29 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
Jenkinsfile.cd
View File

@@ -74,6 +74,22 @@ pipeline {
} }
} }
/* =========================
TRIVY
========================= */
stage('Security: Trivy job') {
agent any
steps {
build job: 'Trivy Scanner',
parameters: [
string(name: 'APP_VERSION', value: "${APP_VERSION}")
],
propagate: true,
wait: true
}
}
/* ========================= /* =========================
DEPLOY DEPLOY
========================= */ ========================= */

2
backend/app/main.py
View File

@@ -57,7 +57,7 @@ def health():
"commit": settings.git_commit, "commit": settings.git_commit,
"build": settings.build_number, "build": settings.build_number,
"author": settings.commit_author, "author": settings.commit_author,
"uptime_seconds": uptime() "uptime_seconds": uptime(),
} }

15
backend/app/services/builds.py
View File

@@ -32,11 +32,13 @@ def normalize_build(build: Dict) -> Dict:
for cs in changes: for cs in changes:
for item in cs.get("items", []): for item in cs.get("items", []):
commits.append({ commits.append(
"commit": item.get("commitId", "")[:7], {
"message": item.get("msg", ""), "commit": item.get("commitId", "")[:7],
"author": item.get("author", {}).get("fullName", "unknown"), "message": item.get("msg", ""),
}) "author": item.get("author", {}).get("fullName", "unknown"),
}
)
return { return {
"number": build.get("number"), "number": build.get("number"),
@@ -65,12 +67,13 @@ def fetch_builds(limit: int = 5) -> List[Dict]:
"changesets[items[commitId,msg,author[fullName]]]]" "changesets[items[commitId,msg,author[fullName]]]]"
) )
resp = requests.get(url, headers = _auth_header(), timeout=5) resp = requests.get(url, headers=_auth_header(), timeout=5)
resp.raise_for_status() resp.raise_for_status()
builds = resp.json().get("builds", []) builds = resp.json().get("builds", [])
return builds[:limit] return builds[:limit]
def build_history() -> Dict: def build_history() -> Dict:
"""Return Jenkins build history data.""" """Return Jenkins build history data."""
builds = fetch_builds() builds = fetch_builds()

2
backend/app/services/menu.py
View File

@@ -54,6 +54,7 @@ def _pick_mains(count: int = ITEMS_PER_SECTION) -> List[str]:
random.shuffle(mains) random.shuffle(mains)
return mains return mains
def _pick_garnish() -> List[str]: def _pick_garnish() -> List[str]:
garnish_options = MENU_SOURCE["mains"]["garnish"] garnish_options = MENU_SOURCE["mains"]["garnish"]
@@ -69,6 +70,7 @@ def _build_alternative() -> Dict:
"note": alternative.get("note", ""), "note": alternative.get("note", ""),
} }
def build_menu(items_per_section: int = ITEMS_PER_SECTION) -> Dict: def build_menu(items_per_section: int = ITEMS_PER_SECTION) -> Dict:
today = datetime.now() today = datetime.now()

5
backend/app/settings.py
View File

@@ -24,10 +24,7 @@ class RuntimeConfig:
git_commit: str = os.getenv("GIT_COMMIT", "local") git_commit: str = os.getenv("GIT_COMMIT", "local")
build_number: str = os.getenv("BUILD_NUMBER", "-") build_number: str = os.getenv("BUILD_NUMBER", "-")
commit_author: str = os.getenv("COMMIT_AUTHOR", "local") commit_author: str = os.getenv("COMMIT_AUTHOR", "local")
jenkins_base_url: str = os.getenv( jenkins_base_url: str = os.getenv("JENKINS_BASE_URL", "http://localhost:8080").rstrip("/")
"JENKINS_BASE_URL",
"http://localhost:8080"
).rstrip("/")
jenkins_job_name: str = os.getenv("JENKINS_JOB_NAME", "") jenkins_job_name: str = os.getenv("JENKINS_JOB_NAME", "")
jenkins_user: str = os.getenv("JENKINS_USER", "") jenkins_user: str = os.getenv("JENKINS_USER", "")
jenkins_token: str = os.getenv("JENKINS_TOKEN", "") jenkins_token: str = os.getenv("JENKINS_TOKEN", "")