diff --git a/Jenkinsfile b/Jenkinsfile index 6c8531343..50a9715c2 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -31,9 +31,11 @@ node ('lagoon-images') { // in order to have the newest images from upstream (with all the security updates) we clean our local docker cache on tag deployments // we don't do this all the time to still profit from image layer caching // but we want this on tag deployments in order to ensure that we publish images always with the newest possible images. - if (env.TAG_NAME) { + if (env.TAG_NAME || env.SAFEBRANCH_NAME == 'main') { stage ('clean docker image cache') { + sh script: "make docker-buildx-remove", label: "removing leftover buildx" sh script: "docker image prune -af", label: "Pruning images" + sh script: "docker buildx prune -af", label: "Pruning builder cache" } } @@ -145,7 +147,7 @@ node ('lagoon-images') { ) } - if (env.TAG_NAME || env.SAFEBRANCH_NAME == 'testing-scans') { + if (env.TAG_NAME || env.SAFEBRANCH_NAME == 'main' || env.SAFEBRANCH_NAME == 'testing-scans' ) { stage ('scan built images') { sh script: 'make scan-images', label: "perform scan routines" sh script: 'find ./scans/*trivy* -type f | xargs tail -n +1', label: "Show Trivy vulnerability scan results" diff --git a/Makefile b/Makefile index e5301035c..8e76f0c37 100644 --- a/Makefile +++ b/Makefile @@ -82,6 +82,7 @@ docker_buildx_two = docker buildx build $(DOCKER_BUILD_PARAMS) \ --build-arg BUILDKIT_INLINE_CACHE=1 \ --build-arg LAGOON_VERSION=$(LAGOON_VERSION) \ --build-arg IMAGE_REPO=localhost:5000/testlagoon \ + --pull \ --cache-from=type=registry,ref=localhost:5000/testlagoon/$(1) \ --push \ -t localhost:5000/testlagoon/$(1) \ @@ -94,6 +95,7 @@ docker_buildx_three = docker buildx build $(DOCKER_BUILD_PARAMS) \ --build-arg BUILDKIT_INLINE_CACHE=1 \ --build-arg LAGOON_VERSION=$(LAGOON_VERSION) \ --build-arg IMAGE_REPO=localhost:5000/uselagoon \ + --pull \ --cache-from=type=registry,ref=localhost:5000/testlagoon/$(1) \ --push \ -t localhost:5000/uselagoon/$(1) \