2026-02-22 12:24:21 +01:00
5 changed files with 29 additions and 11 deletions
--- a/Jenkinsfile.cd
+++ b/Jenkinsfile.cd
@@ -74,6 +74,22 @@ pipeline {
      }
    }

+    /* =========================
+       TRIVY
+       ========================= */
+
+    stage('Security: Trivy job') {
+      agent any
+      steps {
+        build job: 'Trivy Scanner',
+          parameters: [
+            string(name: 'APP_VERSION', value: "${APP_VERSION}")
+          ],
+          propagate: true,
+          wait: true
+        }
+    }
+
    /* =========================
       DEPLOY
       ========================= */
--- a/backend/app/main.py
+++ b/backend/app/main.py
@@ -57,7 +57,7 @@ def health():
        "commit": settings.git_commit,
        "build": settings.build_number,
        "author": settings.commit_author,
-        "uptime_seconds": uptime()
+        "uptime_seconds": uptime(),
    }


--- a/backend/app/services/builds.py
+++ b/backend/app/services/builds.py
@@ -32,11 +32,13 @@ def normalize_build(build: Dict) -> Dict:

    for cs in changes:
        for item in cs.get("items", []):
-            commits.append({
-                "commit": item.get("commitId", "")[:7],
-                "message": item.get("msg", ""),
-                "author": item.get("author", {}).get("fullName", "unknown"),
-            })
+            commits.append(
+                {
+                    "commit": item.get("commitId", "")[:7],
+                    "message": item.get("msg", ""),
+                    "author": item.get("author", {}).get("fullName", "unknown"),
+                }
+            )

    return {
        "number": build.get("number"),
@@ -65,12 +67,13 @@ def fetch_builds(limit: int = 5) -> List[Dict]:
        "changesets[items[commitId,msg,author[fullName]]]]"
    )

-    resp = requests.get(url, headers = _auth_header(), timeout=5)
+    resp = requests.get(url, headers=_auth_header(), timeout=5)
    resp.raise_for_status()

    builds = resp.json().get("builds", [])
    return builds[:limit]

+
 def build_history() -> Dict:
    """Return Jenkins build history data."""
    builds = fetch_builds()
--- a/backend/app/services/menu.py
+++ b/backend/app/services/menu.py
@@ -54,6 +54,7 @@ def _pick_mains(count: int = ITEMS_PER_SECTION) -> List[str]:
    random.shuffle(mains)
    return mains

+
 def _pick_garnish() -> List[str]:
    garnish_options = MENU_SOURCE["mains"]["garnish"]

@@ -69,6 +70,7 @@ def _build_alternative() -> Dict:
        "note": alternative.get("note", ""),
    }

+
 def build_menu(items_per_section: int = ITEMS_PER_SECTION) -> Dict:
    today = datetime.now()

--- a/backend/app/settings.py
+++ b/backend/app/settings.py
@@ -24,10 +24,7 @@ class RuntimeConfig:
    git_commit: str = os.getenv("GIT_COMMIT", "local")
    build_number: str = os.getenv("BUILD_NUMBER", "-")
    commit_author: str = os.getenv("COMMIT_AUTHOR", "local")
-    jenkins_base_url: str = os.getenv(
-        "JENKINS_BASE_URL",
-        "http://localhost:8080"
-    ).rstrip("/")
+    jenkins_base_url: str = os.getenv("JENKINS_BASE_URL", "http://localhost:8080").rstrip("/")
    jenkins_job_name: str = os.getenv("JENKINS_JOB_NAME", "")
    jenkins_user: str = os.getenv("JENKINS_USER", "")
    jenkins_token: str = os.getenv("JENKINS_TOKEN", "")