pipeline { agent none environment { HOME = "${env.WORKSPACE}" PYTHON_IMAGE = 'python:3.10-slim-bullseye' CREDENTIALS_ID = 'digital-ocean-ailuridae-registry' REGISTRY = 'https://registry.digitalocean.com' IMAGE_NAME = 'registry.digitalocean.com/ailuridae-registry/ailuridae.io/everybodymov' IMAGE_BUILD = '' } stages { stage('Setup') { agent { docker { image env.PYTHON_IMAGE args '--rm' } } steps { sh 'python -m pip install --no-cache-dir --upgrade --user pip' sh 'python -m pip install --no-cache-dir pipenv --user' sh 'python -m pipenv install --dev' } } stage('Check') { agent { docker { image env.PYTHON_IMAGE args '--rm' } } steps { sh 'python -m pipenv verify' sh 'python -m pipenv check --clear' sh 'python -m pipenv run bandit *.py' } } stage('Build') { agent { label 'main' } steps { script { IMAGE_BUILD = docker.build("${IMAGE_NAME}") } } } stage('Publish') { agent { label 'main' } when { branch 'main' } steps { script { // withCredentials annoyingly required to mask token. withCredentials([usernamePassword( credentialsId: env.CREDENTIALS_ID, usernameVariable: 'API_TOKEN_USER', passwordVariable: 'API_TOKEN_PASS' )]) { docker.withRegistry(env.REGISTRY, env.CREDENTIALS_ID) { IMAGE_BUILD.push("${BUILD_NUMBER}") IMAGE_BUILD.push('latest') } } } } } } post { always { node('main') { cleanWs() } } } }