57 lines
1.9 KiB
Groovy
57 lines
1.9 KiB
Groovy
// Job definition to test PostgreSQL connector against different PostgreSQL versions
|
|
folder("release") {
|
|
description("This folder contains all jobs used by developers for upstream release and all relevant stuff")
|
|
displayName("Release")
|
|
}
|
|
|
|
freeStyleJob('release/tools-debezium-source-clear') {
|
|
|
|
displayName('Vulnerability scan')
|
|
description('Executes SourceClear vulnerability scan of Debezium sources and binaries')
|
|
label('Slave')
|
|
|
|
properties {
|
|
githubProjectUrl('https://github.com/debezium/debezium')
|
|
}
|
|
|
|
logRotator {
|
|
daysToKeep(7)
|
|
numToKeep(10)
|
|
}
|
|
|
|
wrappers {
|
|
timeout {
|
|
noActivity(900)
|
|
}
|
|
|
|
credentialsBinding {
|
|
string('SRCCLR_TOKEN', 'debezium-srcclr-token')
|
|
string('SOURCE_MAVEN_REPO', 'debezium-prod-repo')
|
|
}
|
|
}
|
|
|
|
publishers {
|
|
mailer('jpechane@redhat.com', false, true)
|
|
}
|
|
|
|
parameters {
|
|
stringParam('BUILD_VERSION', '', "Maven artifact id of the product binaries")
|
|
stringParam('PRODUCT_VERSION', '', "Product version")
|
|
stringParam('SOURCE_TAG', "", "Tagged version of source code to scan")
|
|
booleanParam('BINARY', false, "Scan binary artifacts")
|
|
stringParam('PLUGINS', "mysql postgres mongodb sqlserver oracle db2 vitess", "The plugins whose binaries should be scanned")
|
|
}
|
|
|
|
steps {
|
|
shell('''
|
|
if [ "$BINARY" = "false" ]; then
|
|
docker run -e SRCCLR_TOKEN="$SRCCLR_TOKEN" quay.io/debezium/vulnerability-scan scm https://github.com/debezium/debezium.git "$PRODUCT_VERSION" "$SOURCE_TAG"
|
|
else
|
|
for CONNECTOR in $PLUGINS; do
|
|
docker run -e SRCCLR_TOKEN="$SRCCLR_TOKEN" quay.io/debezium/vulnerability-scan binary "$SOURCE_MAVEN_REPO/debezium-connector-$CONNECTOR/$BUILD_VERSION/debezium-connector-$CONNECTOR-${BUILD_VERSION}-plugin.zip" "$PRODUCT_VERSION" "$SOURCE_TAG"
|
|
done
|
|
fi
|
|
''')
|
|
}
|
|
}
|