azure-pipelines.yml

trigger:
  - master

resources:
  - repo: self

pool:
  vmImage: "ubuntu-18.04"

variables:
  trivyVersion: 0.9.1
  imageName: "nikasproject/server"
  DOCKER_BUILDKIT: 1
  currentDate: "-"
  version: "latest"

stages:
  - stage: Test
    jobs:
      - job: Dependencies
        steps:
          - script: |
              sudo apt-get update
              sudo apt-get install python3 python3-setuptools python3-virtualenv python3-dev python3-pip sqlite -y
              pip3 install nose wheel
              python3 setup.py install
              python3 setup.py nosetests --with-xunit
            displayName: Test project

  - stage: Build
    dependsOn: Test
    condition: succeeded()
    displayName: Build, Scan and Push image
    jobs:
      - job: Build
        displayName: Build, Scan and Push
        steps:
          - task: CmdLine@2.212.0
            displayName: "Show build info"
            inputs:
              script: |
                echo $(date +'%Y-%m-%d')
                echo $(cat version.env)
                echo "##vso[task.setvariable variable=version]$(cat version.env)"
                echo "##vso[task.setvariable variable=currentDate]$(date +'%Y-%m-%d')"

          - task: Docker@2.212.1
            displayName: Build docker image
            inputs:
              containerRegistry: "DockerHub"
              repository: $(imageName)
              command: build
              Dockerfile: "$(Build.SourcesDirectory)/Dockerfile"
              tags: $(version)
              arguments: "--build-arg DATE_CREATED=$(currentDate) --build-arg VERSION=$(version)"

          - script: |
              sudo apt-get install rpm
              wget https://github.com/aquasecurity/trivy/releases/download/v$(trivyVersion)/trivy_$(trivyVersion)_Linux-64bit.deb
              sudo dpkg -i trivy_$(trivyVersion)_Linux-64bit.deb
              trivy -v
            displayName: "Download and install Trivy"

          - task: CmdLine@2.212.0
            displayName: "Run trivy scan"
            inputs:
              script: |
                trivy image --download-db-only
                trivy image --exit-code 0 --severity LOW,MEDIUM $(imageName):$(version)
                trivy image --exit-code 1 --severity HIGH,CRITICAL $(imageName):$(version)
                trivy image --clear-cache