Overview
Automating the Jenkins build enables an automated application build when changes occur in your source code repository. When Jenkins detects source code changes, the application is automatically built and scanned using the Hub Docker scan client.
Automating the Jenkins build
- In Jenkins, click Manage Jenkins > Configure System > Credentials > Global Credentials (Unrestricted) > Add Credentials.
- Select:
- Kind as Username with Password.
- Scope as Global.
- Provide your GitHub credentials.
- Click OK.
Setting the Hub password in the Jenkins environment variable
Add the environment variable BD_HUB_PASSWORD in Manage Jenkins > Configure System > Global properties.
Creating the project in Jenkins
Source Code Management
For this example, configure the GIT repository as follows:
- Provide the GIT Repository URL.
- Select the Credentials.
- Add branches to the Branches to build field.
Build triggers
In this build triggers example, the GIT repository is polled every five minutes to detect changes.
Build environment
Changes detected in the source code triggers the build. Add the following steps in Build > Add Build Step > Execute Shell:
- Set the GCloud project.
- Set the image tag.
- Set the Hub URL (Hub versions 4.1.0 and higher).
- Set the Hub scheme.
- Build the image for the modified code.
- Download the Hub Docker scan client, based on your operating system.
- Scan the built image using the downloaded Hub Docker scan client.
- Remove the downloaded Hub Docker scan client.
- Push the built image to Google cloud.
- Remove the local image.
#!/bin/bash set -e # Set current project PROJECT_ID=eng-dev # Set the latest image tag IMAGE_TAG=us.gcr.io/${PROJECT_ID}/redmine:${GIT_BRANCH#*/}-${GIT_COMMIT:0:7} # Set the Hub Url HUB_URL=bizdevhub.blackducksoftware.com # Set the Hub Scheme HUB_SCHEME=https # Build image echo "Docker build started" docker build -t $IMAGE_TAG . echo "Docker build completed" # Download the BlackDuck Hub scan client based on the OS and unzip it case "$OSTYPE" in darwin*) curl -LOk $HUB_SCHEME://$HUB_URL/download/scan.cli-macosx.zip ;; linux*) curl -LOk $HUB_SCHEME://$HUB_URL/download/scan.cli.zip ;; msys*) curl -LOk $HUB_SCHEME://$HUB_URL/download/scan.cli-windows.zip ;; *) echo "BlackDuck Scan client is unavailable for : $OSTYPE" ;; esac echo "Scan client download completed" unzip scan.cli*.zip echo "Scan client unzip done" # Call the BlackDuck Hub scan docker script cd scan.cli-*/bin echo "change directory done" ./scan.docker.sh --image $IMAGE_TAG --host $HUB_URL --username sysadmin --scheme $HUB_SCHEME --use-local echo "Scan completed" # remove zip file and folder cd ../.. rm -rf scan.cli-* echo "Removed the client files" # Push image gcloud docker -- push $IMAGE_TAG echo "GCloud docker push completed" # Remove the local image docker rmi $IMAGE_TAG echo "Removed local docker image"
After this step, the scans upload to the Hub.