Update to handle new haproxy image location

Vitaly Korolev · Vitaly Korolev · commit cba408fff988 · 2025-05-27T13:41:57.000-07:00
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -6,7 +6,7 @@
 import groovy.json.JsonSlurperClassic
 
 emailList = 'vitaly.korolev@progress.com, sumanth.ravipati@progress.com, peng.zhou@progress.com, fayez.saliba@progress.com, barkha.choithani@progress.com, romain.winieski@progress.com'
-emailSecList = 'Rangan.Doreswamy@progress.com, Mahalakshmi.Srinivasan@progress.com'
+emailSecList = 'Mahalakshmi.Srinivasan@progress.com'
 gitCredID = 'marklogic-builder-github'
 JIRA_ID = ''
 JIRA_ID_PATTERN = /(?i)(MLE)-\d{3,6}/
@@ -103,7 +103,7 @@ def getReviewState() {
     return reviewState
 }
 
-void resultNotification(message) {
+void resultNotification(status) {
     def author, authorEmail, emailList
     if (env.CHANGE_AUTHOR) {
         author = env.CHANGE_AUTHOR.toString().trim().toLowerCase()
@@ -117,11 +117,11 @@ void resultNotification(message) {
     jira_email_body = "${email_body} <br><br><b>Jira URL: </b><br><a href='${jira_link}'>${jira_link}</a>"
 
     if (JIRA_ID) {
-        def comment = [ body: "Jenkins pipeline build result: ${message}" ]
+        def comment = [ body: "Jenkins pipeline build result: ${status}" ]
         jiraAddComment site: 'JIRA', idOrKey: JIRA_ID, failOnError: false, input: comment
-        mail charset: 'UTF-8', mimeType: 'text/html', to: "${emailList}", body: "${jira_email_body}", subject: "${message}: ${env.JOB_NAME} #${env.BUILD_NUMBER} - ${JIRA_ID}"
+        mail charset: 'UTF-8', mimeType: 'text/html', to: "${emailList}", body: "${jira_email_body}", subject: "🥷 ${status}: ${env.JOB_NAME} #${env.BUILD_NUMBER} - ${JIRA_ID}"
     } else {
-        mail charset: 'UTF-8', mimeType: 'text/html', to: "${emailList}", body: "${email_body}", subject: "${message}: ${env.JOB_NAME} #${env.BUILD_NUMBER}"
+        mail charset: 'UTF-8', mimeType: 'text/html', to: "${emailList}", body: "${email_body}", subject: "🥷 ${status}: ${env.JOB_NAME} #${env.BUILD_NUMBER}"
     }
 }
 
@@ -147,6 +147,10 @@ void imageScan() {
     }
 
     sh '''rm -f dep-image-scan.txt'''
+
+    // trigger BlackDuck scan
+    def imageList = readFile(file: 'helm_image.list').trim()
+    build job: 'securityscans/Blackduck/KubeNinjas/kubernetes-helm', wait: false, parameters: [ string(name: 'branch', value: "${env.BRANCH_NAME}"), string(name: 'CONTAINER_IMAGES', value: "${imageList}") ]
 }
 
 void publishTestResults() {
@@ -261,13 +265,16 @@ pipeline {
             sh "rm -rf $WORKSPACE/test/test_results/"
         }
         success {
-            resultNotification('BUILD SUCCESS ✅')
+            resultNotification('✅ Success')
         }
         failure {
-            resultNotification('BUILD ERROR ❌')
+            resultNotification('❌ Failure')
         }
         unstable {
-            resultNotification('BUILD UNSTABLE ❌')
+            resultNotification('⚠️ Unstable')
+        }
+        aborted {
+            resultNotification('🚫 Aborted')
         }
     }
 }
diff --git a/makefile b/makefile
@@ -232,11 +232,11 @@ upgrade-test: prepare
 ## * [saveOutput] optional. Save the output to a text file. Example: saveOutput=true
 .PHONY: image-scan
 image-scan:
+	@rm -f helm_image.list dep-image-scan.txt
 	@$(if $(saveOutput), > dep-image-scan.txt)
-	@echo "=====Scan dependent Docker images in charts/values.yaml and charts/charts/haproxy/values.yaml" $(if $(saveOutput), | tee -a dep-image-scan.txt,)
+	@echo "=====Scan dependent Docker images in charts/values.yaml" $(if $(saveOutput), | tee -a dep-image-scan.txt,)
 	set -e; \
 	scanned_images_tracker_file="$$(mktemp)"; \
-	trap 'rm -f "$$scanned_images_tracker_file"' EXIT; \
 	scan_image() { \
 	  img="$$1"; \
 	  src_file="$$2"; \
@@ -275,7 +275,7 @@ image-scan:
 	  else \
 	    scan_out_body=$$(echo "$$grype_json_output" | jq -r 'def sevorder: {Critical:0, High:1, Medium:2, Low:3, Negligible:4, Unknown:5}; [.matches[]? | {pkg: .artifact.name, ver: .artifact.version, cve: .vulnerability.id, sev: .vulnerability.severity}] | map(. + {sort_key: sevorder[.sev // "Unknown"]}) | sort_by(.sort_key) | .[] | [.pkg // "N/A", .ver // "N/A", .cve // "N/A", .sev // "N/A"] | @tsv'); \
 	    if [ -n "$$scan_out_body" ]; then \
-	      (echo -e "Package\tVersion\tCVE\tSeverity"; echo "$$scan_out_body") | column -t -s $$'\t' $(if $(saveOutput), | tee -a dep-image-scan.txt,); \
+	      (echo "Package\tVersion\tCVE\tSeverity"; echo "$$scan_out_body") | column -t -s $$'\t' $(if $(saveOutput), | tee -a dep-image-scan.txt,); \
 	    else \
 	      echo "No vulnerability details to display for $$img (though summary reported counts)." $(if $(saveOutput), | tee -a dep-image-scan.txt,); \
 	    fi; \
@@ -284,11 +284,10 @@ image-scan:
 	}; \
 	util_image=$$(grep -A2 'utilContainer:' charts/values.yaml | grep 'image:' | sed 's/.*image:[[:space:]]*//g' | sed 's/"//g' | xargs); \
 	scan_image "$$util_image" "charts/values.yaml"; \
-	haproxy_image=$$(grep -A2 'image:' charts/charts/haproxy/values.yaml | grep 'repository:' | sed 's/.*repository:[[:space:]]*//g' | sed 's/"//g' | sed 's/#.*//g' | xargs); \
-	haproxy_tag=$$(grep -A2 'image:' charts/charts/haproxy/values.yaml | grep 'tag:' | sed 's/.*tag:[[:space:]]*//g' | sed 's/"//g' | sed 's/{{.*}}/latest/' | sed 's/#.*//g' | xargs); \
-	scan_image "$$haproxy_image:$$haproxy_tag" "charts/charts/haproxy/values.yaml"; \
-	for extra_image in $$(grep -v '^\s*#' charts/charts/haproxy/values.yaml | grep -E 'image:[[:space:]]*[^[:space:]]+' | grep -v 'repository:' | grep -v 'tag:' | sed 's/.*image:[[:space:]]*//g' | sed 's/"//g' | sed 's/#.*//g' | xargs -n1); do \
-	  if [ -n "$$extra_image" ] && [ "$$extra_image" != "image:" ]; then \
-	    scan_image "$${extra_image}" "charts/charts/haproxy/values.yaml"; \
-	  fi; \
-	done
+	haproxy_image=$$(grep -A 3 '^haproxy:' charts/values.yaml | grep -A 1 '^\s*image:' | grep '^\s*repository:' | sed 's/.*repository:[[:space:]]*//g' | sed 's/"//g' | sed 's/#.*//g' | xargs); \
+	haproxy_tag=$$(grep -A 4 '^haproxy:' charts/values.yaml | grep -A 2 '^\s*image:' | grep '^\s*tag:' | sed 's/.*tag:[[:space:]]*//g' | sed 's/"//g' | sed 's/{{.*}}/latest/' | sed 's/#.*//g' | xargs); \
+	scan_image "$$haproxy_image:$$haproxy_tag" "charts/values.yaml";
+	@# Remove trailing comma from helm_image.list if present
+	@if [ -f helm_image.list ]; then \
+		sed -i '' -e 's/,\s*$$//' helm_image.list; \
+	fi

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@`
`6`	`6`	`import groovy.json.JsonSlurperClassic`
`7`	`7`
`8`	`8`	`emailList = '[email protected], [email protected], [email protected], [email protected], [email protected], [email protected]'`
`9`		`-emailSecList = '[email protected], [email protected]'`
	`9`	`+emailSecList = '[email protected]'`
`10`	`10`	`gitCredID = 'marklogic-builder-github'`
`11`	`11`	`JIRA_ID = ''`
`12`	`12`	`JIRA_ID_PATTERN = /(?i)(MLE)-\d{3,6}/`
`@@ -103,7 +103,7 @@ def getReviewState() {`
`103`	`103`	`return reviewState`
`104`	`104`	`}`
`105`	`105`
`106`		`-void resultNotification(message) {`
	`106`	`+void resultNotification(status) {`
`107`	`107`	`def author, authorEmail, emailList`
`108`	`108`	`if (env.CHANGE_AUTHOR) {`
`109`	`109`	`author = env.CHANGE_AUTHOR.toString().trim().toLowerCase()`
`@@ -117,11 +117,11 @@ void resultNotification(message) {`
`117`	`117`	`jira_email_body = "${email_body} <br><br><b>Jira URL: </b><br><a href='${jira_link}'>${jira_link}</a>"`
`118`	`118`
`119`	`119`	`if (JIRA_ID) {`
`120`		`- def comment = [ body: "Jenkins pipeline build result: ${message}" ]`
	`120`	`+ def comment = [ body: "Jenkins pipeline build result: ${status}" ]`
`121`	`121`	`jiraAddComment site: 'JIRA', idOrKey: JIRA_ID, failOnError: false, input: comment`
`122`		`- mail charset: 'UTF-8', mimeType: 'text/html', to: "${emailList}", body: "${jira_email_body}", subject: "${message}: ${env.JOB_NAME} #${env.BUILD_NUMBER} - ${JIRA_ID}"`
	`122`	`+ mail charset: 'UTF-8', mimeType: 'text/html', to: "${emailList}", body: "${jira_email_body}", subject: "🥷 ${status}: ${env.JOB_NAME} #${env.BUILD_NUMBER} - ${JIRA_ID}"`
`123`	`123`	`} else {`
`124`		`- mail charset: 'UTF-8', mimeType: 'text/html', to: "${emailList}", body: "${email_body}", subject: "${message}: ${env.JOB_NAME} #${env.BUILD_NUMBER}"`
	`124`	`+ mail charset: 'UTF-8', mimeType: 'text/html', to: "${emailList}", body: "${email_body}", subject: "🥷 ${status}: ${env.JOB_NAME} #${env.BUILD_NUMBER}"`
`125`	`125`	`}`
`126`	`126`	`}`
`127`	`127`
`@@ -147,6 +147,10 @@ void imageScan() {`
`147`	`147`	`}`
`148`	`148`
`149`	`149`	`sh '''rm -f dep-image-scan.txt'''`
	`150`	`+`
	`151`	`+ // trigger BlackDuck scan`
	`152`	`+ def imageList = readFile(file: 'helm_image.list').trim()`
	`153`	`+ build job: 'securityscans/Blackduck/KubeNinjas/kubernetes-helm', wait: false, parameters: [ string(name: 'branch', value: "${env.BRANCH_NAME}"), string(name: 'CONTAINER_IMAGES', value: "${imageList}") ]`
`150`	`154`	`}`
`151`	`155`
`152`	`156`	`void publishTestResults() {`
`@@ -261,13 +265,16 @@ pipeline {`
`261`	`265`	`sh "rm -rf $WORKSPACE/test/test_results/"`
`262`	`266`	`}`
`263`	`267`	`success {`
`264`		`- resultNotification('BUILD SUCCESS ✅')`
	`268`	`+ resultNotification('✅ Success')`
`265`	`269`	`}`
`266`	`270`	`failure {`
`267`		`- resultNotification('BUILD ERROR ❌')`
	`271`	`+ resultNotification('❌ Failure')`
`268`	`272`	`}`
`269`	`273`	`unstable {`
`270`		`- resultNotification('BUILD UNSTABLE ❌')`
	`274`	`+ resultNotification('⚠️ Unstable')`
	`275`	`+ }`
	`276`	`+ aborted {`
	`277`	`+ resultNotification('🚫 Aborted')`
`271`	`278`	`}`
`272`	`279`	`}`
`273`	`280`	`}`