pipeline { agent none environment { HOME = "${env.WORKSPACE}" PYTHON_IMAGE = 'python:3.10-slim-bullseye' CREDENTIALS_ID = 'digital-ocean-ailuridae-registry' REGISTRY = 'https://registry.digitalocean.com' IMAGE_NAME = 'registry.digitalocean.com/ailuridae-registry/ailuridae.io/everybodymov' IMAGE_BUILD = '' APP_ID = credentials('digital-ocean-app-id') } stages { stage('Check') { agent { docker { image env.PYTHON_IMAGE args '--rm' } } steps { sh 'python -m pip install --no-cache-dir --upgrade --user pip' sh 'python -m pip install --no-cache-dir --user pipenv' sh 'python -m pipenv install --dev --deploy' sh 'python -m pipenv check --clear' sh 'python -m pipenv run bandit *.py' } } stage('Build') { agent { label 'main' } steps { script { IMAGE_BUILD = docker.build("${IMAGE_NAME}") } } } stage('Publish') { agent { label 'main' } when { branch 'main' } steps { script { // withCredentials is annoyingly required to mask token occurrences. withCredentials([usernamePassword( credentialsId: env.CREDENTIALS_ID, usernameVariable: 'API_TOKEN_USER', passwordVariable: 'API_TOKEN_PASS' )]) { docker.withRegistry(env.REGISTRY, env.CREDENTIALS_ID) { IMAGE_BUILD.push("${BUILD_NUMBER}") IMAGE_BUILD.push('latest') } } } } } stage('Deploy') { agent { label 'main' } // when { // branch 'main' // } steps { script { withCredentials([usernamePassword( credentialsId: env.CREDENTIALS_ID, usernameVariable: 'API_TOKEN_USER', passwordVariable: 'API_TOKEN_PASS' )]) { sh ''' curl -H 'Authorization: Bearer $API_TOKEN_PASS' -H 'Content-Type: application/json' \ -X POST 'https://api.digitalocean.com/v2/apps/$APP_ID/deployments' -d '{ "force_build" : true }' ''' } } } } } post { always { node('main') { cleanWs() } } } }