#!/usr/bin/groovy

@Library('test-shared-library') _

def dockerImage
def trivyVersion = "0.54.1"

pipeline {
    agent { node { label 'h2o-3' } }

    options {
        ansiColor('xterm')
        timestamps()
    }

    environment {
        PRISMA_SERVER = "prisma.internal.devops.net"
        PRISMA_PORT = "8083"
    }

    stages {
        stage('0. Init'){
            steps{
                script{
                    dir("docker/prisma"){
                        dockerImage = docker.build("node-java","-f Dockerfile .")
                    }
                    sh "wget https://github.com/aquasecurity/trivy/releases/download/v${trivyVersion}/trivy_${trivyVersion}_Linux-64bit.tar.gz"
                    sh "tar -zxvf trivy_${trivyVersion}_Linux-64bit.tar.gz"
                    sh "chmod +x ./trivy"
                }
            }
        }
        stage('1. Build jars') {
            steps {
                script{
                    dockerImage.inside(){
                        sh "./gradlew :h2o-assemblies:steam:shadowJar"
                        sh "./gradlew :h2o-assemblies:main:shadowJar"
                        archiveArtifacts artifacts: "h2o-assemblies/steam/build/libs/*.jar"
                        archiveArtifacts artifacts: "h2o-assemblies/main/build/libs/*.jar"
                    }
                }
            }
        }
        stage('2. Steam assembly jar') {
            steps {
                setScanningStages("steam", 2)
            }
        }
        stage('3. Main assembly jar') {
            steps {
                setScanningStages("main", 3)
            }
        }
    }
    post {
      always {
        cleanWs()
      }
    }
}

def setScanningStages(assemblyType, stageIndex) {
    def branchName = "${env.BRANCH_NAME}".replace('/', '-')
    def assemblyImage = "h2o-assemblies/${assemblyType}:${BUILD_NUMBER}-${branchName}"
    
    stage("${stageIndex}.A. Build image for ${assemblyType}") {
        script {
            sh "docker build . -t ${assemblyImage} -f ./docker/prisma/Dockerfile.${assemblyType}jars"
        }
    }
    
    stage ("${stageIndex}.B. Scan ${assemblyType} jar using Trivy") {
        script {
            sh "./trivy image ${assemblyImage} --output ${assemblyImage}-trivy.out"
            // Replace special characters with * to display properly in browser
            sh """
                sed -i 's/─/*/g' ${assemblyImage}-trivy.out
                sed -i 's/│/*/g' ${assemblyImage}-trivy.out
                sed -i 's/┤/*/g' ${assemblyImage}-trivy.out
                sed -i 's/├/*/g' ${assemblyImage}-trivy.out
                sed -i 's/┼/*/g' ${assemblyImage}-trivy.out
                sed -i 's/┐/*/g' ${assemblyImage}-trivy.out
                sed -i 's/┌/*/g' ${assemblyImage}-trivy.out
                sed -i 's/└/*/g' ${assemblyImage}-trivy.out
                sed -i 's/┘/*/g' ${assemblyImage}-trivy.out
                sed -i 's/┬/*/g' ${assemblyImage}-trivy.out
                sed -i 's/┴/*/g' ${assemblyImage}-trivy.out
            """
        }
        archiveArtifacts artifacts: "${assemblyImage}-trivy.out"
    }
}
