Jenkins Docker Sidecar with Container Running a daemon command - docker

I want to run ZAP as a proxy in my pipeline, and run my selenium tests through the proxy. Im just using curl in a container in place of selenium for my testing and was able to make this work locally using docker.
In my pipeline, zap starts up, but the pipeline just sits in the zap container after that, never progressing to the second container. I understand why, Ive launched a process as a daemon, its never going to finish, so the step never finished. I just dont understand how to accomplish what I need in jenkins.
stage('Run Zap Proxy'){
docker.image('owasp/zap2docker-weekly').withRun('-p 8090:8090') { c ->
docker.image('owasp/zap2docker-weekly').inside("-v $WORKSPACE:/zap/wrk:rw") {
/* Wait until mysql service is up */
sh """
zap.sh -daemon -port 8090 -host 0.0.0.0 -newsession testing -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true -config api.disablekey=true
"""
}
docker.image('cfmanteiga/alpine-bash-curl-jq').inside("--link ${c.id}:proxy") {
sh 'curl -k -x http://proxy:8090 https://my.fqdn.net'
sh """
curl -k -x http://proxy:8090 \
-X POST https://my.fqdn.net/api/rest/sessions \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{"username":"username","password":"password"}'
"""
sh 'sleep 2m'
sh 'curl -o report.html http://zap/UI/core/other/htmlreport'
stash includes: 'report.html', name: 'report'
}
}
}
I essentially need to start zap with the command im using in the 'inside', and only kill the container when the second containers stages are complete.


You could directly pass the zap command in the withRun part:
stage('Run Zap Proxy'){
docker.image('owasp/zap2docker-weekly').withRun('-p 8090:8090 -v $WORKSPACE:/zap/wrk:rw', 'zap.sh -daemon -port 8090 -host 0.0.0.0 -newsession testing -config api.addrs.addr.name=.* -config api.addrs.addr.regex=true -config api.disablekey=true') { c ->
docker.image('cfmanteiga/alpine-bash-curl-jq').inside("--link ${c.id}:proxy") {
sh 'curl -k -x http://proxy:8090 https://my.fqdn.net'
sh """
curl -k -x http://proxy:8090 \
-X POST https://my.fqdn.net/api/rest/sessions \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{"username":"username","password":"password"}'
"""
sh 'sleep 2m'
sh 'curl -o report.html http://zap/UI/core/other/htmlreport'
stash includes: 'report.html', name: 'report'
}
}
}
withRun allows you to overwrite the CMD of the zap-container. Check this API-documentation.

Related

How to run a command inside a docker container from a jenkins script

I have a jenkins script that looks like this:
pipeline {
agent {
label 'machine'
}
stages {
stage('GC Open Build') {
steps {
sh '''
docker run -i --rm \
-u $(id -u):$(id -g) \
-e USER_NAME=$(id -un) \
-e GROUP_NAME=$(id -gn) \
-e HOME \
-v $HOME:$HOME \
-v /PROJ:/PROJ:shared \
-v /srv:/srv \
-w $PWD \
i-st-pd-docker-vxxxxxx
bash | hostname
'''
}
}
}
}
It executes successfully, but the hostname it displays is not the docker container, but the machine on which it runs.
If I try with '-t' in the docker run command, then I get "the input device is not a tty":
pipeline {
agent {
label 'machine'
}
stages {
stage('GC Open Build') {
steps {
sh '''
docker run -it --rm \
-u $(id -u):$(id -g) \
-e USER_NAME=$(id -un) \
-e GROUP_NAME=$(id -gn) \
-e HOME \
-v $HOME:$HOME \
-v /PROJ:/PROJ:shared \
-v /srv:/srv \
-w $PWD \
i-st-pd-docker-v.xxxx
bash | hostname
'''
}
}
}
}
the input device is not a TTY
ERROR: script returned exit code 1
Any suggestions to be able to run a set of commands (other than "hostname" from inside the docker container?
Thank you!

Jenkins has native Docker support available for declarative pipelines. So you can either use your Docker image as an agent or you can use the Docker step.
Using the image as an agent.
pipeline {
agent any
stages {
stage('Build') {
agent {
docker {
image 'gradle:6.7-jdk11'
// Run the container on the node specified at the
// top-level of the Pipeline, in the same workspace,
// rather than on a new node entirely:
reuseNode true
}
}
steps {
sh 'gradle --version'
}
}
}
}
Using docker step
docker.image('mysql:5').inside("--link ${c.id}:db") {
/* Wait until mysql service is up */
sh 'while ! mysqladmin ping -hdb --silent; do sleep 1; done'
}

Upload Trivy result.json file to DefectDojo

I am using trivy to do docker scanning and then saving the output into result.json file. Now I am trying to send the file to DefectDojo to visualize it there, how can I do that?

Go to "Products"
, Select a product,
in the "Findings" tab > "Import Scan Results"
or use API:
create an engagement:
curl -X POST "https://dojo:8080/api/v2/engagements/" -H "Authorization: Token <your token>" -F "name=Test" -F "product=<Product ID>" -F "target_start=2022-06-14" -F "target_end=2022-06-14"
Import Scan:
curl -X POST "https://dojo:8080/api/v2/import-scan/" -H "accept: application/json" -H "Content-Type: multipart/form-data" -H "Authorization: Token <your token>" -F "minimum_severity=Info" -F "active=true" -F "verified=true" -F "scan_type=Trivy Scan" -F "close_old_findings=false" -F "push_to_jira=false" -F "file=#result.json" -F "product_name=Test" -F "scan_date=2022-06-14" -F "engagement_name=Test"

Docker exec. How to use shell-commands in container without entering?

Can someone explain me, how can I use sh-commands inside container without enter that container?
I use a shell script at my host. I want this shell-script to enter one of my container and then curl post to another container through overall network. So, my problem is that when i tring to do something like:
docker exec -ti nodejs sh "curl -X POST \
http://tgbot:3017/deploy \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'cache-control: no-cache' \
-d 'message=Prod has been updated!'"
I have in console:
sh: 0: Can't open curl -X POST http://tgbot:3017/ -H 'Content-Type: application/x-www-form-urlencoded' -H 'cache-control: no-cache' -d 'message=Prod has been updated!'
failed to resize tty, using default size
Or mayby I can curl into docker network right from host somehow?

You can just use Docker exec command on the host machine.
docker exec -it <container name> <command>

How to execute "docker checkpoint create container_id checkpoint_id" using curl?

At the moment of writing, docker checkpoint feature is still in experimental phase so there is no official (HTTP) API documentation. Nonetheless, there is an endpoint on the docker daemon that can accept an HTTP request, as it is the one that docker cli uses.
Based on the related docker source code it should be something like
sudo curl -X POST --unix-socket /var/run/docker.sock http://localhost/v1.32/containers/20fb4f16ff10/checkpoints
but this does not work. Any ideas what I may be missing?

The create options is missing.
curl --unix-socket /var/run/docker.sock \
-H "Content-Type: application/json" \
-d '{"CheckpointID": "noting"}' \
-X POST http:/v1.32/containers/20fb4f16ff10/checkpoints

Creating defects in QC from Jenkins when build fails

I'm running Jenkins in Linux and I want to raise defects in QC when the build fails. What's the easiest way to do that?

QC has a REST API that you can use, actually with anything that talks via HTTP, e.g.
curl -b qc_cookies -c qc_cookies -u <USERNAME:PASSWORD> http://<QC_SERVER:PORT>/qcbin/authentication-point/authenticate
curl -b qc_cookies -c qc_cookies -H "Content-Type: application/xml" -X POST -d #<QC_DEFECT_PAYLOAD.xml> http://<QC_SERVER:PORT>/qcbin/rest/domains/<DOMAIN>/projects/<PROJECT>/defects
curl -b qc_cookies -c qc_cookies http://<QC_SERVER:PORT>/qcbin/authentication-point/logout
More details on how to use it with Jenkins can be found at http://antagonisticpleiotropy.blogspot.com.au/2014/02/jenkins-hps-alm-quality-center-qc-rest.html

Resources