feat(debian): ignore ssl errors when checking packages

feat(tamarin): use https to clone repository
feat(lets-encrypt): add r10/r11 intermediates certs
2024-09-19 13:41:34 +02:00 · 2024-09-19 11:19:01 +02:00 · 2024-08-20 11:16:39 +02:00 · 2024-05-13 09:16:20 +02:00 · 2024-04-11 14:27:17 +02:00 · 2023-11-29 12:20:39 +01:00
38 changed files with 2049 additions and 210 deletions
--- a/9
+++ b/9
@ -4,6 +4,10 @@ LIGHTHOUSE_COMMAND ?=
 LIGHTHOUSE_URL ?=
 PA11Y_URL ?=
 PA11Y_REPORTER ?=
+PA11Y_USERNAME ?=
+PA11Y_PASSWORD ?=
+PA11Y_STANDARD ?=
+PA11Y_COOKIE ?=

 image-w3af:
 	docker build \
@ -73,6 +77,11 @@ pa11y:
 		-e https_proxy=$(https_proxy) \
 		-e PA11Y_URL='$(PA11Y_URL)' \
 		-e PA11Y_REPORTER='$(PA11Y_REPORTER)' \
+		-e PA11Y_USERNAME='$(PA11Y_USERNAME)' \
+		-e PA11Y_PASSWORD='$(PA11Y_PASSWORD)' \
+		-e PA11Y_STANDARD='$(PA11Y_STANDARD)' \
+		-e PA11Y_COOKIE='$(PA11Y_COOKIE)' \
+		-e PA11Y_IGNORE='$(PA11Y_IGNORE)' \
 		-u $(shell id -u $(USER)):$(shell id -g $(USER)) \
 		-v "$(PWD)/data/pa11y/reports:/home/pa11y/reports" \
 		$(DOCKER_ARGS) \
--- a/README.md
+++ b/README.md
@ -2,29 +2,9 @@

 Utilitaires pour la création de pipeline Jenkins dans l'environnement Cadoles.

-## Pipelines
+## Documentation

- [Pipeline d'empaquetage Debian](./pipelines/debian-packaging.jenkinsfile)
-
-## Librairie
-
-### Méthodes exposées
-
-#### Création de paquets
-
- [`tamarin.buildPackage()`](./vars/tamarin.groovy#L48)
- [`tamarin.buildPackageWithCPKG()`](./vars/tamarin.groovy#L1)
-
-#### Publication de paquets
-
- [`vulcain.publish()`](./vars/vulcain.groovy#L1)
-
-#### Pilotage d'OpenNebula
-
- [`nebula.initWithCredentials()`](./vars/nebula.groovy#L125)
- [`nebula.runInNewVM() { client -> ... }`](./vars/nebula.groovy#L135)
- [`client.findVMTemplate()`](./vars/nebula.groovy#L65)
- [`client.withNewVM()`](./vars/nebula.groovy#L79)
+Voir le répertoire [`./doc`](./doc)

 ## Licence

--- a/doc/README.md
+++ b/doc/README.md
@ -0,0 +1,29 @@
+# Documentation
+
+## Tutoriels
+
+- [Utilisation du pipeline `standardMakePipeline()`](./tutorials/standard-make-pipeline.md)
+
+## Pipelines
+
+- [Pipeline d'empaquetage Debian](../pipelines/debian-packaging.jenkinsfile)
+
+## Librairie
+
+### Méthodes exposées
+
+#### Création de paquets
+
+- [`tamarin.buildPackage()`](../vars/tamarin.groovy#L48)
+- [`tamarin.buildPackageWithCPKG()`](../vars/tamarin.groovy#L1)
+
+#### Publication de paquets
+
+- [`vulcain.publish()`](../vars/vulcain.groovy#L1)
+
+#### Pilotage d'OpenNebula
+
+- [`nebula.initWithCredentials()`](../vars/nebula.groovy#L125)
+- [`nebula.runInNewVM() { client -> ... }`](../vars/nebula.groovy#L135)
+- [`client.findVMTemplate()`](../vars/nebula.groovy#L65)
+- [`client.withNewVM()`](../vars/nebula.groovy#L79)
--- a/doc/tutorials/standard-make-pipeline.md
+++ b/doc/tutorials/standard-make-pipeline.md
@ -0,0 +1,123 @@
+# Utilisation du pipeline `standardMakePipeline()`
+
+> **Note** Vous travaillez sur un projet Symfony ? Dans ce cas référez vous au tutoriel ["Utiliser le pipeline Symfony](https://forge.cadoles.com/Cadoles/Jenkins/wiki/Utiliser-le-pipeline-%22Symfony%22).
+
+Le pipeline [`standardMakePipeline()`](../../vars/standardMakePipeline.groovy) a pour objectif de permettre d'obtenir simplement et rapidement un pipeline générique pour un projet de développement ou d'intégration en utilisant et respectant quelques conventions de nommage dans ses tâches `Make`.
+
+Globalement, le pipeline exécute les opérations suivantes:
+
+- Il exécute la commande `make build` sur votre projet;
+- Il exécute la commande `make test` sur votre projet et si votre branche est une PR, il créait un commentaire sur celle ci avec la sortie de ces tests;
+- Si votre branche est une branche de "release" (par défaut les branches `develop`, `testing` et `stable`) il exécute la commande `make release` puis diffuse une notification sur le canal `#cadoles-jenkins`.
+
+Le pipeline ne présume pas des opérations réalisées par ces 3 tâches. Il ne fait que les exécuter en partant du principe que votre projet suit un cycle conventionnel de développement. Mais globalement ces tâches devraient:
+
+- `make build`: Construire votre projet (installer les dépendances, générer les assets, compiler le code source le cas échéant, etc);
+- `make test`: Exécuter les tests automatisés associés à votre projet (unitaire, intégration, etc);
+- `make release`: Diffuser une nouvelle version de votre projet (construire et déployer des artefacts comme des paquets ou des images de conteneur, exécuter un déploiement Ansible, etc).
+
+> **Note:** La gestion des dépendances des tâches est à la charge du développeur (voir "Comment installer les dépendances NPM avant une tâche ?" dans la FAQ pour un exemple).
+
+## Utilisation
+
+Afin d'utiliser le pipeline, vous devez effectuer les opérations suivantes à l'initialisation de votre projet:
+
+1. Créer votre fichier `Jenkinsfile` à la racine de votre projet
+
+    ```groovy
+    @Library("cadoles") _
+
+    standardMakePipeline()
+    ```
+
+2. Créer votre fichier `Makefile` à la racine de votre projet
+
+    ```makefile
+    test:
+        echo "Testing my project..."
+    
+    build:
+        echo "Building my project..."
+
+    release:
+        echo "Releasing my project..."
+    ```
+
+3. Ajouter les deux fichiers à votre historique Git (`commit`) et pousser sur la branche de développement.
+
+4. Accéder à [Jenkins](https://jenkins.cadol.es/) puis à l'organisation contenant votre projet. Dans la barre de gauche cliquer sur le bouton "Scan Gitea Organization Now"
+
+    > **Note:** Globalement un projet doit être partagé avec l'équipe "Bots" sur la forge afin que Jenkins puisse accéder aux sources de votre projet. Dans la majorité des organisations pré-existentes ce partage est déjà configuré.
+
+5. Votre pipeline devrait s'exécuter sur Jenkins !
+
+## Variables d'environnement pré-disponibles
+
+Le pipeline injecte directement dans l'environnement d'exécution une série de variables d'environnement:
+
+|Variable|Description|Valeurs possibles|
+|--------|-----------|-----------------|
+|`PROJECT_VERSION_TAG`|Tag conventionnel de la version du projet|Voir ["R14. Respecter le schéma d'identification des images publiées"](https://forge.cadoles.com/CadolesKube/KubeRules/wiki/Bonnes-pratiques-de-d%C3%A9veloppement-applicatif-en-vue-d%27un-d%C3%A9ploiement-sur-Kubernetes#r14-respecter-le-sch%C3%A9ma-d-identification-des-images-publi%C3%A9es)|
+|`PROJECT_VERSION_SHORT_TAG`|Tag court conventionnel de la version du projet|Voir ["R14. Respecter le schéma d'identification des images publiées"](https://forge.cadoles.com/CadolesKube/KubeRules/wiki/Bonnes-pratiques-de-d%C3%A9veloppement-applicatif-en-vue-d%27un-d%C3%A9ploiement-sur-Kubernetes#r14-respecter-le-sch%C3%A9ma-d-identification-des-images-publi%C3%A9es)|
+|`BRANCH_NAME`|Nom de la branche courante|Nom de la branche courante (préfixé par `PR-` le cas échéant)|
+|`IS_PR`|Est ce que l'exécution courante s'effectue pour une PR ?|`true` ou `false`|
+|`CI`|Est ce que l'exécution courante s'exécute sur le serveur d'intégration continue ?|`true`|
+## FAQ
+
+### Comment installer des dépendances supplémentaires dans l'environnement d'exécution ?
+
+Par défaut l'environnement d'exécution du pipeline est un conteneur basé sur une image Ubuntu LTS (22.04 à ce jour). Dans cette image sont installées [des dépendances de base](../../resources/com/cadoles/standard-make/Dockerfile) généralement utilisées par les projets de développement.
+
+Cependant si vous avez besoin d'autres dépendances systèmes il est possible d'étendre le fichier `Dockerfile` par défaut. Pour ce faire, éditer votre fichier `Jenkinsfile`:
+
+```groovy
+@Library("cadoles") _
+
+// Exemple: installation du paquet ansible-lint 
+// dans l'environnement d'exécution
+standardMakePipeline([
+    'dockerfileExtension': '''
+    RUN apt-get update -y \
+        && apt-get install -y ansible-lint
+    '''
+])
+```
+
+### Comment injecter des secrets dans l'environnement d'exécution ?
+
+Parfois vous aurez besoin d'utiliser des secrets afin d'accéder soit à des projets privés sur la forge, soit pour publier des paquets ou des images de conteneur. Jenkins intègre [une gestion des secrets](https://jenkins.cadol.es/manage/credentials/) et ceux ci peuvent être récupérés dans votre environnement d'exécution sous diverses formes (variable d'environnement, fichiers, etc).
+
+Pour ce faire, éditer votre fichier `Jenkinsfile`:
+
+```groovy
+@Library("cadoles") _
+
+// Exemple: récupération des identifiants du compte
+// "jenkins" sur la forge sous la forme des variables
+// d'environnement FORGE_USERNAME et FORGE_PASSWORD
+standardMakePipeline([
+    'credentials': [
+        usernamePassword([
+            credentialsId: 'forge-jenkins',
+            usernameVariable: 'FORGE_USERNAME',
+            passwordVariable: 'FORGE_PASSWORD',
+        ]),
+    ]
+])
+```
+
+Les différents types d'entrées possible pour le tableau `credentials` sont décris [sur cette page](https://www.jenkins.io/doc/pipeline/steps/credentials-binding/).
+
+### Comment installer les dépendances NPM avant une tâche ?
+
+Pour cela vous pouvez utiliser les mécanismes de gestion des dépendances intégrées à Make. Par exemple:
+
+```makefile
+test: node_modules
+    npm run test
+
+node_modules:
+    npm ci
+```
+
+De cette manière Make exécutera la commande `npm ci` si et seulement si le répertoire `node_modules` n'existe pas déjà.
--- a/misc/clean-worker.sh
+++ b/misc/clean-worker.sh
@ -0,0 +1,26 @@
+#!/bin/sh
+
+cleanup_docker() {
+    RUNNING_CONTAINERS=$(docker ps -q)
+    if [ ! -z "$RUNNING_CONTAINERS" ]; then
+        docker stop $RUNNING_CONTAINERS
+    fi
+
+    docker system prune -f -a --volumes
+    docker network prune -f
+
+    service docker restart
+}
+
+cleanup_old_workspaces() {
+    # Suppression des workspaces dont la dernière date
+    # de modification est supérieure à 7 jours.
+    find /workspace -maxdepth 1 -type d -mtime +7 -exec rm -rf {} \;
+}
+
+main() {
+    cleanup_docker
+    cleanup_old_workspaces
+}
+
+main
--- a/pipelines/debian-packaging.jenkinsfile
+++ b/pipelines/debian-packaging.jenkinsfile
@ -3,7 +3,7 @@
 pipeline {

    agent {
-        label 'common'
+        label 'docker'
    }
    
    environment {
@ -20,6 +20,7 @@ pipeline {
        stage("Prepare build environment") {
            when {
                anyOf {
+                    triggeredBy cause: "UserIdCause", detail: "wpetit"
                    triggeredBy 'TimerTrigger'
                }   
            }
@ -42,7 +43,7 @@ pipeline {
                        checkout scm: 
                            [
                                $class: 'GitSCM', 
-                                userRemoteConfigs: [[url: env.repository_url, credentialsId: 'jenkins-forge-ssh']], 
+                                userRemoteConfigs: [[url: env.repository_url, credentialsId: 'jenkins-ssh-mse']], 
                                branches: [[name: env.ref]],
                                extensions: [
                                    [$class: 'RelativeTargetDirectory', relativeTargetDir: env.projectDir ],
@ -180,6 +181,7 @@ pipeline {
            post {
                always {
                    sh "rm -rf '${env.projectDir}'"
+                    cleanWs()
                }
            }
        }
@ -223,4 +225,4 @@ def waitForPackages(String tagRef, buildResults) {
            ])
        }
    }
-}
+}
--- a/pipelines/mse-rgaa.jenkinsfile
+++ b/pipelines/mse-rgaa.jenkinsfile
@ -1,15 +1,13 @@
 import hudson.tasks.test.AbstractTestResultAction

-@Library("cadoles") _
+@Library('cadoles') _

 pipeline {
-    
-  parameters { 
+  parameters {
    text(name: 'URLS', defaultValue: 'https://msedev.crous-toulouse.fr\nhttps://msedev.crous-toulouse.fr/envole/enregistrement\nhttps://msedev.crous-toulouse.fr/envole/page/faq\nhttps://msedev.crous-toulouse.fr/envole/page/?t=liens_utiles\nhttps://msedev.crous-toulouse.fr/envole/page/?t=mentions_legales\nhttps://msedev.crous-toulouse.fr/envole/message/new\nhttps://msedev.crous-toulouse.fr/envole/recuperation/email\nhttps://msedev.crous-toulouse.fr/envole/courriel/raz', description: 'Liste des URLs à tester, une par ligne')
-    string(name: 'USERNAME', defaultValue: '', description: "Nom d'utilisateur pour l'authentification Basic Auth, si nécessaire")
-    password(name: 'PASSWORD', defaultValue: '', description: "Mot de passe pour l'authentification Basic Auth, si nécessaire")
    booleanParam(name: 'INCLUDE_WARNINGS', defaultValue: false, description: 'Inclure les avertissements')
    booleanParam(name: 'INCLUDE_NOTICES', defaultValue: false, description: 'Inclure les notifications')
+    text(name: 'COOKIE_VALUE', defaultValue: 'mselang=fr_FR')
  }

  options {
@ -18,48 +16,56 @@ pipeline {

  agent {
    node {
-      label "docker"
+      label 'docker'
    }
  }

  stages {
-    stage("Run RGAA audit") {
+    stage('Run RGAA audit') {
        steps {
            script {
-                def urls = params.URLS.split('\n')
-                
-                def count = 0
-                urls.each { u ->
-                    stage("Audit page '${u}'") {
-                        def report = pa11y.audit(u.trim(), [
-                            reporter: 'junit',
-                            username: params.USERNAME,
-                            password: params.PASSWORD,
-                            standard: 'WCAG2AA',
-                            includeNotices: params.INCLUDE_NOTICES,
-                            includeWarnings: params.INCLUDE_WARNINGS,
-                        ]);
-        
-                        writeFile file:"./report_${count}.xml", text:report
-                        count++
-                    }
-                }
-                
-                junit "*.xml"
-                
-                rocketSend (
-                    channel: "#cnous-mse",
+          def urls = params.URLS.split('\n')
+
+          def count = 0
+          urls.each { u ->
+            stage("Audit page '${u}'") {
+              withCredentials([
+                  usernamePassword(
+                    credentialsId: 'msedev-basic-auth',
+                    usernameVariable: 'MSEDEV_USERNAME',
+                    passwordVariable: 'MSEDEV_PASSWORD'
+                  )
+              ]) {
+                def report = pa11y.audit(u.trim(), [
+                  reporter: 'junit',
+                  username: env.MSEDEV_USERNAME,
+                  password: env.MSEDEV_PASSWORD,
+                  standard: 'WCAG2AA',
+                  includeNotices: params.INCLUDE_NOTICES,
+                  includeWarnings: params.INCLUDE_WARNINGS,
+                  cookie_value: params.COOKIE_VALUE
+                ])
+
+                writeFile file:"./report_${count}.xml", text:report
+                count++
+              }
+            }
+          }
+
+          junit testResults: '*.xml', skipPublishingChecks: true
+
+          rocketSend(
+                    channel: '#cnous-mse',
                    avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png',
                    message: """
                    Audit RGAA | ${testStatuses()}
-        
+
                    - [Voir les tests](${env.RUN_DISPLAY_URL})

                    @here
                    """.stripIndent(),
                    rawMessage: true,
                )
-                
            }
        }
    }
@ -70,21 +76,18 @@ pipeline {
      cleanWs()
    }
  }
-
-  
-
 }

@NonCPS
 def testStatuses() {
-    def testStatus = ""
-    AbstractTestResultAction testResultAction = currentBuild.rawBuild.getAction(AbstractTestResultAction.class)
-    if (testResultAction != null) {
-        def total = testResultAction.totalCount
-        def failed = testResultAction.failCount
-        def skipped = testResultAction.skipCount
-        def passed = total - failed - skipped
-        testStatus = "Passant(s): ${passed}, Échoué(s): ${failed} ${testResultAction.failureDiffString}, Désactivé(s): ${skipped}"
-    }
-    return testStatus
-}
+  def testStatus = ''
+  AbstractTestResultAction testResultAction = currentBuild.rawBuild.getAction(AbstractTestResultAction.class)
+  if (testResultAction != null) {
+    def total = testResultAction.totalCount
+    def failed = testResultAction.failCount
+    def skipped = testResultAction.skipCount
+    def passed = total - failed - skipped
+    testStatus = "Passant(s): ${passed}, Échoué(s): ${failed} ${testResultAction.failureDiffString}, Désactivé(s): ${skipped}"
+  }
+  return testStatus
+}
--- a/resources/com/cadoles/common/add-letsencrypt-ca.sh
+++ b/resources/com/cadoles/common/add-letsencrypt-ca.sh
@ -2,8 +2,24 @@

 set -eo pipefail

-DESTDIR=/usr/local/share/ca-certificates
+declare -a DESTDIR_PATHS=(
+    "/usr/local/share/ca-certificates" 
+    "/etc/ca-certificates/trust-source/anchors" 
+    "/etc/pki/ca-trust/source/anchors"
+)
+
+for path in "${DESTDIR_PATHS[@]}"; do
+    if [ -d "$path" ]; then
+        DESTDIR=$path
+        break
+    fi
+done
+
 UPDATE_CERTS_CMD=update-ca-certificates
+if [ -z "$(which $UPDATE_CERTS_CMD)" ]; then
+	UPDATE_CERTS_CMD="update-ca-trust extract"
+fi
+
 CERTS="$(cat <<EOF
 https://letsencrypt.org/certs/isrgrootx1.pem
 https://letsencrypt.org/certs/isrg-root-x2.pem
@ -11,6 +27,8 @@ https://letsencrypt.org/certs/lets-encrypt-r3.pem
 https://letsencrypt.org/certs/lets-encrypt-e1.pem
 https://letsencrypt.org/certs/lets-encrypt-r4.pem
 https://letsencrypt.org/certs/lets-encrypt-e2.pem
+https://letsencrypt.org/certs/2024/r10.pem
+https://letsencrypt.org/certs/2024/r11.pem
 EOF
 )"

--- a/resources/com/cadoles/gitea/gitea-download.sh
+++ b/resources/com/cadoles/gitea/gitea-download.sh
@ -0,0 +1,181 @@
+#!/bin/bash
+
+set -eo pipefail
+
+GITEA_DOWNLOAD_PROJECT=${GITEA_DOWNLOAD_PROJECT}
+GITEA_DOWNLOAD_ORG=${GITEA_DOWNLOAD_ORG}
+GITEA_DOWNLOAD_BASE_URL=${GITEA_BASE_URL:-https://forge.cadoles.com}
+GITEA_DOWNLOAD_ANONYMOUS=${GITEA_DOWNLOAD_ANONYMOUS:-no}
+GITEA_DOWNLOAD_USERNAME=${GITEA_DOWNLOAD_USERNAME}
+GITEA_DOWNLOAD_PASSWORD=${GITEA_DOWNLOAD_PASSWORD}
+GITEA_DOWNLOAD_RELEASE_NAME=${GITEA_DOWNLOAD_RELEASE_NAME:-latest}
+GITEA_DOWNLOAD_TARGET_DIRECTORY=${GITEA_DOWNLOAD_TARGET_DIRECTORY:-gitea-dl}
+GITEA_DOWNLOAD_ATTACHMENTS_FILTER="${GITEA_DOWNLOAD_ATTACHMENTS_FILTER:-.*}"
+
+function check_dependencies {
+    assert_command_available 'curl'
+    assert_command_available 'jq'
+}
+
+function assert_command_available {
+    local command=$1
+    local command_path=$(which $command)
+
+    if [ -z "$command_path" ]; then
+        echo "The '$command' command could not be found. Please install it before using this script." 1>&2
+        exit 1
+    fi
+}
+
+function check_environment {
+    assert_environment GITEA_DOWNLOAD_PROJECT
+    assert_environment GITEA_DOWNLOAD_ORG
+    assert_environment GITEA_DOWNLOAD_BASE_URL
+}
+
+function source_env_file {
+    if [ ! -f '.env' ]; then
+        return 0
+    fi
+    set -o allexport
+    source .env
+    set +o allexport
+}
+
+function assert_environment {
+    local name=$1
+    local value=${!name}
+
+    if [ -z "$value" ]; then
+        echo "The $"$name" environment variable is empty." 1>&2
+        exit 1
+    fi
+}
+
+function ask_credentials {
+    if [ "${GITEA_DOWNLOAD_ANONYMOUS}" == "yes" ]; then
+        return
+    fi
+
+    if [ -z "$GITEA_DOWNLOAD_USERNAME" ]; then
+        echo -n "Username: "
+        read GITEA_DOWNLOAD_USERNAME
+        
+    fi
+    if [ -z "$GITEA_DOWNLOAD_PASSWORD" ]; then
+        echo -n "Password: "
+        stty -echo
+        read GITEA_DOWNLOAD_PASSWORD
+        stty echo 
+        echo
+    fi
+}
+
+function retrieve_release_name {
+    if [ ! -z "$GITEA_DOWNLOAD_RELEASE_NAME" ]; then
+        return
+    fi
+
+    echo -n "Release name: "
+    read GITEA_DOWNLOAD_RELEASE_NAME
+}
+
+function retrieve_target_directory {
+    if [ ! -z "$GITEA_DOWNLOAD_TARGET_DIRECTORY" ]; then
+        return
+    fi
+
+    echo -n "Target directory: "
+    read GITEA_DOWNLOAD_TARGET_DIRECTORY
+}
+
+function json_set {
+    local data=$1
+    local key=$2
+    local value=$3
+    local use_raw_file=$4
+
+    if [ "$use_raw_file" != "true" ]; then
+        echo $data | jq -cr --argjson v "$value" --arg k "$key" '.[$k] = $v'
+    else
+        local tmpfile=$(mktemp)
+        echo "$value" > "$tmpfile"
+        echo $data | jq -cr --rawfile v "$tmpfile" --arg k "$key" '.[$k] = $v'
+        rm -f "$tmpfile"
+    fi
+}
+
+function gitea_api {
+    local path=$1
+    local args=${@:2}
+
+    if [ "${GITEA_DOWNLOAD_ANONYMOUS}" != 'yes' ]; then
+        args="-u "$GITEA_DOWNLOAD_USERNAME:$GITEA_DOWNLOAD_PASSWORD" ${args}"
+    fi
+
+    curl -L \
+        --fail \
+        --ipv4 \
+        -k \
+        ${args} \
+        "$GITEA_DOWNLOAD_BASE_URL/api/v1$path"
+}
+
+function gitea_download {
+    local attachment_id=$1
+    local output=$2
+
+    if [ "${GITEA_DOWNLOAD_ANONYMOUS}" != 'yes' ]; then
+        GITEA_DOWNLOAD_CURL_ARGS="-u "$GITEA_DOWNLOAD_USERNAME:$GITEA_DOWNLOAD_PASSWORD" ${GITEA_DOWNLOAD_CURL_ARGS}"
+    fi
+
+    curl -L \
+        --fail \
+        --ipv4 \
+        -k \
+        --output "$output" \
+        $GITEA_DOWNLOAD_CURL_ARGS \
+        "$GITEA_DOWNLOAD_BASE_URL/attachments/$attachment_id"
+}
+
+function download_release_files {
+    local releases=$(gitea_api "/repos/${GITEA_DOWNLOAD_ORG}/${GITEA_DOWNLOAD_PROJECT}/releases")
+
+    local assets
+    if [ "$GITEA_DOWNLOAD_RELEASE_NAME" == "latest" ]; then
+        assets=$(echo $releases | jq -r '. | sort_by(.id) | reverse | .[0].assets')
+    else
+        assets=$(echo $releases | jq -r --arg name "$GITEA_DOWNLOAD_RELEASE_NAME" '. | map(select( .name == $name)) | .[0].assets')
+    fi
+
+    if [ "$assets" == "null" ]; then
+        echo 1>&2 "No release found."
+        exit 1
+    fi
+
+    mkdir -p "$GITEA_DOWNLOAD_TARGET_DIRECTORY"
+
+    local attachment_uuids=$(echo $assets | jq -r '.[].uuid')
+    for uuid in $attachment_uuids; do
+        local filename=$(echo $assets | jq -r --arg uuid "$uuid" '. | map(select( .uuid == $uuid)) | .[0].name')        
+        
+        if [[ "$filename" =~ $GITEA_DOWNLOAD_ATTACHMENTS_FILTER ]]; then
+            echo "Downloading attachment '$filename'"
+            gitea_download "$uuid" "$GITEA_DOWNLOAD_TARGET_DIRECTORY/$filename"
+        else
+            echo "Ignoring attachment '$filename'"
+        fi
+    done
+}
+
+function main {
+    check_dependencies
+    source_env_file
+    check_environment
+    ask_credentials
+    retrieve_release_name
+    retrieve_target_directory
+    download_release_files
+}
+
+main
--- a/resources/com/cadoles/gitea/gitea-package.sh
+++ b/resources/com/cadoles/gitea/gitea-package.sh
@ -0,0 +1,161 @@
+#!/bin/bash
+
+set -eo pipefail
+
+GITEA_PACKAGE_ORG=${GITEA_PACKAGE_ORG}
+GITEA_PACKAGE_BASE_URL=${GITEA_BASE_URL:-https://forge.cadoles.com}
+GITEA_PACKAGE_USERNAME=${GITEA_PACKAGE_USERNAME}
+GITEA_PACKAGE_PASSWORD=${GITEA_PACKAGE_PASSWORD}
+GITEA_PACKAGE_FILE=${GITEA_PACKAGE_FILE}
+GITEA_PACKAGE_CURL_MAX_RETRY=${GITEA_PACKAGE_CURL_MAX_RETRY:-3}
+GITEA_PACKAGE_FORCE_OVERWRITE=${GITEA_PACKAGE_FORCE_UPLOAD:-yes}
+
+GITEA_PACKAGE_DEBIAN_DISTRIBUTION=${GITEA_PACKAGE_DEBIAN_DISTRIBUTION:-latest}
+GITEA_PACKAGE_DEBIAN_COMPONENT=${GITEA_PACKAGE_DEBIAN_COMPONENT:-main}
+
+GITEA_PACKAGE_ALPINE_BRANCH=${GITEA_PACKAGE_ALPINE_BRANCH:-latest}
+GITEA_PACKAGE_ALPINE_REPOSITORY=${GITEA_PACKAGE_ALPINE_REPOSITORY:-main}
+
+function check_dependencies {
+    assert_command_available 'curl'
+}
+
+function assert_command_available {
+    local command=$1
+    local command_path=$(which $command)
+
+    if [ -z "$command_path" ]; then
+        echo "The '$command' command could not be found. Please install it before using this script." 1>&2
+        exit 1
+    fi
+}
+
+function check_environment {
+    assert_environment GITEA_PACKAGE_ORG
+    assert_environment GITEA_PACKAGE_BASE_URL
+}
+
+function source_env_file {
+    if [ ! -f '.env' ]; then
+        return 0
+    fi
+    set -o allexport
+    source .env
+    set +o allexport
+}
+
+function assert_environment {
+    local name=$1
+    local value=${!name}
+
+    if [ -z "$value" ]; then
+        echo "The $"$name" environment variable is empty." 1>&2
+        exit 1
+    fi
+}
+
+function ask_credentials {
+    if [ -z "$GITEA_PACKAGE_USERNAME" ]; then
+        echo -n "Username: "
+        read GITEA_PACKAGE_USERNAME
+        
+    fi
+    if [ -z "$GITEA_PACKAGE_PASSWORD" ]; then
+        echo -n "Password: "
+        stty -echo
+        read GITEA_PACKAGE_PASSWORD
+        stty echo 
+        echo
+    fi
+}
+
+function ask_package_type {
+    local available_types="debian alpine redhat"
+    local match=$( ( echo "$available_types" | grep -qw "$GITEA_PACKAGE_TYPE" ) && echo yes || echo no )
+    while [ "$match" == "no" ] || [ -z $GITEA_PACKAGE_TYPE ]; do
+        echo -n "Package type ($available_types): "
+        read GITEA_PACKAGE_TYPE
+        match=$( ( echo "$available_types" | grep -qw "$GITEA_PACKAGE_TYPE" ) && echo yes || echo no )
+    done
+}
+
+function ask_package_file {
+    while [ ! -f "$GITEA_PACKAGE_FILE" ]; do
+        echo -n "Package file (must be a valid path to a supported package file): "
+        read GITEA_PACKAGE_FILE
+    done
+
+    if [ -z $GITEA_PACKAGE_TYPE ]; then
+        local filename=$(basename -- "$GITEA_PACKAGE_FILE")
+        local extension="${filename##*.}"
+
+        case $extension in
+            deb)
+                GITEA_PACKAGE_TYPE=debian
+            ;;
+            apk)
+                GITEA_PACKAGE_TYPE=alpine
+            ;;
+            rpm)
+                GITEA_PACKAGE_TYPE=redhat
+            ;;
+        esac
+    fi
+}
+
+function upload_debian_package {
+    gitea_api "/api/packages/$GITEA_PACKAGE_ORG/debian/pool/$GITEA_PACKAGE_DEBIAN_DISTRIBUTION/$GITEA_PACKAGE_DEBIAN_COMPONENT/upload" \
+        --upload-file "$GITEA_PACKAGE_FILE"
+}
+
+function upload_alpine_package {
+    gitea_api "/api/packages/$GITEA_PACKAGE_ORG/alpine/$GITEA_PACKAGE_ALPINE_BRANCH/$GITEA_PACKAGE_ALPINE_REPOSITORY" \
+        --upload-file "$GITEA_PACKAGE_FILE"
+}
+
+function upload_redhat_package {
+    gitea_api "/api/packages/$GITEA_PACKAGE_ORG/rpm/upload" \
+        --upload-file "$GITEA_PACKAGE_FILE"
+}
+
+
+function gitea_api {
+    local path=$1
+    local args=${@:2}
+
+    curl -L \
+        --fail \
+        --ipv4 \
+        --progress-bar \
+        --retry "$GITEA_PACKAGE_CURL_MAX_RETRY" \
+        -u "$GITEA_PACKAGE_USERNAME:$GITEA_PACKAGE_PASSWORD" \
+        $GITEA_PACKAGE_CURL_ARGS \
+        ${args} \
+        "$GITEA_PACKAGE_BASE_URL$path"
+}
+
+function main {
+    check_dependencies
+    source_env_file
+    check_environment
+    ask_credentials
+    ask_package_file
+    ask_package_type
+    case $GITEA_PACKAGE_TYPE in
+        debian)
+            upload_debian_package
+        ;;
+        alpine)
+            upload_alpine_package
+        ;;
+        redhat)
+            upload_redhat_package
+        ;;
+        *)
+            echo "Package type '$GITEA_PACKAGE_TYPE' is not yet supported" 1>&2
+            exit 1
+        ;;
+    esac
+}
+
+main
--- a/resources/com/cadoles/gitea/gitea-release.sh
+++ b/resources/com/cadoles/gitea/gitea-release.sh
@ -7,12 +7,17 @@ GITEA_RELEASE_ORG=${GITEA_RELEASE_ORG}
 GITEA_RELEASE_BASE_URL=${GITEA_BASE_URL:-https://forge.cadoles.com}
 GITEA_RELEASE_USERNAME=${GITEA_RELEASE_USERNAME}
 GITEA_RELEASE_PASSWORD=${GITEA_RELEASE_PASSWORD}
+GITEA_RELEASE_NAME=${GITEA_RELEASE_NAME}
 GITEA_RELEASE_VERSION=${GITEA_RELEASE_VERSION}
 GITEA_RELEASE_COMMITISH_TARGET=${GITEA_RELEASE_COMMITISH_TARGET}
 GITEA_RELEASE_IS_DRAFT=${GITEA_RELEASE_IS_DRAFT:-false}
 GITEA_RELEASE_IS_PRERELEASE=${GITEA_RELEASE_IS_PRERELEASE:-true}
 GITEA_RELEASE_BODY=${GITEA_RELEASE_BODY}
 GITEA_RELEASE_ATTACHMENTS=${GITEA_RELEASE_ATTACHMENTS}
+GITEA_RELEASE_CURL_MAX_RETRY=${GITEA_RELEASE_CURL_MAX_RETRY:-3}
+
+GITEA_RELEASE_CLEANUP_PRERELEASES=${GITEA_RELEASE_CLEANUP_PRERELEASES:-true}
+GITEA_RELEASE_CLEANUP_KEPT_PRERELEASES=${GITEA_RELEASE_CLEANUP_KEPT_PRERELEASES:-3}

 function check_dependencies {
    assert_command_available 'curl'
@ -91,28 +96,48 @@ function retrieve_commitish_target {
 function create_release {
    local payload={}

-    payload=$(json_set "$payload" body "\"$GITEA_RELEASE_BODY\"")
+    payload=$(json_set "$payload" body "$GITEA_RELEASE_BODY" true)
    payload=$(json_set "$payload" draft $GITEA_RELEASE_IS_DRAFT)
-    payload=$(json_set "$payload" name "\"$GITEA_RELEASE_VERSION\"")
+    payload=$(json_set "$payload" name "\"${GITEA_RELEASE_NAME:-$GITEA_RELEASE_VERSION}\"")
    payload=$(json_set "$payload" prerelease $GITEA_RELEASE_IS_PRERELEASE)
    payload=$(json_set "$payload" tag_name "\"${GITEA_RELEASE_VERSION:-$GITEA_RELEASE_COMMITISH_TARGET}\"")
    payload=$(json_set "$payload" target_commitish "\"$GITEA_RELEASE_COMMITISH_TARGET\"")

+    local existing_release=$(gitea_api "/repos/$GITEA_RELEASE_ORG/$GITEA_RELEASE_PROJECT/releases" -XGET | jq -e ".[] | select(.tag_name == \"${GITEA_RELEASE_VERSION}\") | .id")
+
+    if [ ! -z "${existing_release}" ]; then
+        gitea_api "/repos/$GITEA_RELEASE_ORG/$GITEA_RELEASE_PROJECT/releases/${existing_release}" -XDELETE
+    fi
+
+    local tmpfile=$(mktemp)
+
+    echo "$payload" > "$tmpfile"
+
    gitea_api "/repos/$GITEA_RELEASE_ORG/$GITEA_RELEASE_PROJECT/releases" \
        -H "Content-Type:application/json" \
-        -d "$payload"
+        -d "@$tmpfile"
+
+    rm -f "$tmpfile"
 }

 function json_set {
    local data=$1
    local key=$2
    local value=$3
-    echo $data | jq -cr --argjson v "$value" --arg k "$key" '.[$k] = $v'
+    local use_raw_file=$4
+
+    if [ "$use_raw_file" != "true" ]; then
+        echo $data | jq -cr --argjson v "$value" --arg k "$key" '.[$k] = $v'
+    else
+        local tmpfile=$(mktemp)
+        echo "$value" > "$tmpfile"
+        echo $data | jq -cr --rawfile v "$tmpfile" --arg k "$key" '.[$k] = $v'
+        rm -f "$tmpfile"
+    fi
 }

 function upload_release_attachments {
-    local release="$1"
-    local release_id=$(echo "$release" | jq -r .id)
+    local release_id="$1"

    if [ -z "$GITEA_RELEASE_ATTACHMENTS" ]; then
        set +e
@ -134,11 +159,32 @@ function gitea_api {

    curl -L \
        --fail \
+        --ipv4 \
+        --progress-bar \
+        --retry "$GITEA_RELEASE_CURL_MAX_RETRY" \
        -u "$GITEA_RELEASE_USERNAME:$GITEA_RELEASE_PASSWORD" \
+        $GITEA_RELEASE_CURL_ARGS \
        ${args} \
        "$GITEA_RELEASE_BASE_URL/api/v1$path"
 }

+function clean_prereleases {
+    if [ "$GITEA_RELEASE_CLEANUP_PRERELEASES" != "true" ]; then
+        return
+    fi
+
+    local releases=$(gitea_api "/repos/$GITEA_RELEASE_ORG/$GITEA_RELEASE_PROJECT/releases")
+    local to_delete=$(echo "$releases" | jq -r --arg index "$GITEA_RELEASE_CLEANUP_KEPT_PRERELEASES" '[.[] | select(.prerelease == true)] | sort_by(.created_at, .id) | reverse | .[$index | tonumber:] | .[].id')
+
+    echo $to_delete
+
+    for release_id in $to_delete; do
+        gitea_api "/repos/$GITEA_RELEASE_ORG/$GITEA_RELEASE_PROJECT/releases/$release_id" \
+            -X DELETE \
+            -H "Content-Type:application/json"
+    done
+}
+
 function main {
    check_dependencies
    source_env_file
@ -147,7 +193,10 @@ function main {
    retrieve_commitish_target
    retrieve_version
    local release=$(create_release)
-    upload_release_attachments "$release"
+    local release_id=$(echo "$release" | jq -r .id)
+    sleep 1 # Wait for release creation
+    upload_release_attachments "$release_id"
+    clean_prereleases
 }

 main
--- a/resources/com/cadoles/lighthouse/Dockerfile
+++ b/resources/com/cadoles/lighthouse/Dockerfile
@ -1,4 +1,4 @@
-FROM golang:1.15 as envtpl
+FROM reg.cadoles.com/proxy_cache/library/golang:1.15 as envtpl

 ARG HTTP_PROXY=
 ARG HTTPS_PROXY=
@ -14,7 +14,7 @@ RUN git clone https://github.com/subfuzion/envtpl /src \
    -ldflags "-X main.AppVersionMetadata=$(date -u +%s)" \
    -a -installsuffix cgo -o ./bin/envtpl ./cmd/envtpl/.

-FROM alpine:3.13
+FROM reg.cadoles.com/proxy_cache/library/alpine:3.13

 ARG HTTP_PROXY=
 ARG HTTPS_PROXY=
--- a/resources/com/cadoles/pa11y/Dockerfile
+++ b/resources/com/cadoles/pa11y/Dockerfile
@ -1,4 +1,4 @@
-FROM golang:1.13 as envtpl
+FROM reg.cadoles.com/proxy_cache/library/golang:1.13 as envtpl

 ARG HTTP_PROXY=
 ARG HTTPS_PROXY=
@ -14,7 +14,7 @@ RUN git clone https://github.com/subfuzion/envtpl /src \
    -ldflags "-X main.AppVersionMetadata=$(date -u +%s)" \
    -a -installsuffix cgo -o ./bin/envtpl ./cmd/envtpl/.

-FROM alpine:3.10
+FROM alpine:3.16

 ARG HTTP_PROXY=
 ARG HTTPS_PROXY=
@ -33,11 +33,16 @@ RUN apk add --no-cache \
    nodejs \
    npm \
    chromium \
-    bash
+    bash \
+    curl \
+    openssl \
+    git

-RUN PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=1 npm install -g pa11y@^5.0.0 pa11y-reporter-html@^1.0.0 pa11y-reporter-junit
+RUN curl -k https://forge.cadoles.com/Cadoles/Jenkins/raw/branch/master/resources/com/cadoles/common/add-letsencrypt-ca.sh | bash

-RUN adduser -D pa11y   
+RUN PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true npm install -g pa11y  git+https://forge.cadoles.com/rmasson/junit-reporter-fork.git
+
+RUN adduser -D pa11y

 COPY run-audit.sh /usr/local/bin/run-audit
 RUN chmod +x /usr/local/bin/run-audit
--- a/resources/com/cadoles/pa11y/patty.json.tmpl
+++ b/resources/com/cadoles/pa11y/patty.json.tmpl
@ -6,7 +6,10 @@
    "headers": {
        {{if not (empty .PA11Y_USERNAME)}}
        {{ $credentials := print .PA11Y_USERNAME ":" .PA11Y_PASSWORD }}
-        "Authorization": "Basic {{b64enc $credentials}}"
+        "Authorization": "Basic {{b64enc $credentials}}" {{if not (empty .PA11Y_COOKIE)}},{{end}}
+        {{end}}
+        {{if not (empty .PA11Y_COOKIE)}}
+        "Cookie": "{{print .PA11Y_COOKIE}}"
        {{end}}
    }
 }
--- a/resources/com/cadoles/pa11y/run-audit.sh
+++ b/resources/com/cadoles/pa11y/run-audit.sh
@ -9,7 +9,8 @@ cd reports

 export PUPPETEER_EXECUTABLE_PATH=$(which chromium-browser)
 export PA11Y_REPORTER="${PA11Y_REPORTER:-html}"
-export PA11Y_STANDARD=${PA11Y_STANDARD:-WCAG2AA}
+export PA11Y_STANDARD="${PA11Y_STANDARD:-WCAG2AA}"
+export PA11Y_IGNORE="${PA11Y_IGNORE}"

 PA11Y_ARGS=""

@ -26,4 +27,5 @@ pa11y \
    ${PA11Y_ARGS} \
    --reporter "${PA11Y_REPORTER}" \
    --standard "${PA11Y_STANDARD}" \
+    --ignore "${PA11Y_IGNORE}" \
    "$PA11Y_URL" || exit 0
--- a/resources/com/cadoles/podman/nfpm.yaml.gotmpl
+++ b/resources/com/cadoles/podman/nfpm.yaml.gotmpl
@ -0,0 +1,25 @@
+{{ $serviceName := index ( .Env.IMAGE_NAME | strings.Split "/" | coll.Reverse ) 0 }}
+name: "cadoles-pod-{{ $serviceName }}"
+arch: amd64
+platform: linux
+version: "{{ strings.TrimPrefix "v" ( getenv "IMAGE_TAG" "latest" ) }}"
+version_schema: none
+version_metadata: git
+section: "{{ getenv "PACKAGE_SECTION" "default" }}"
+priority: "{{ getenv "PACKAGE_PRIORITY" "optional" }}"
+maintainer: "{{ getenv "PACKAGE_MAINTAINER" "contact@cadoles.com" }}"
+description: "{{ getenv "PACKAGE_DESCRIPTION" "" }}"
+homepage: "{{ getenv "PACKAGE_HOMEPAGE" "https://forge.cadoles.com" }}"
+license: "{{ getenv "PACKAGE_LICENCE" "GPL-3.0" }}"
+depends:
+  - podman
+scripts:
+    postinstall: post-install.sh
+contents:
+  - packager: deb
+    src: pod.service
+    dst: "/usr/lib/systemd/system/cadoles-pod-{{ $serviceName }}.service"
+  - packager: deb
+    src: pod.conf
+    dst: /etc/cadoles-pod-{{ $serviceName }}.conf
+    type: config|noreplace
--- a/resources/com/cadoles/podman/pod.conf.gotmpl
+++ b/resources/com/cadoles/podman/pod.conf.gotmpl
@ -0,0 +1 @@
+PODMAN_ARGS="{{ getenv "PODMAN_ARGS" "" }}"
--- a/resources/com/cadoles/podman/pod.service.gotmpl
+++ b/resources/com/cadoles/podman/pod.service.gotmpl
@ -0,0 +1,24 @@
+[Unit]
+Description={{ .Env.IMAGE_NAME }} pod service
+Wants=network-online.target
+After=network-online.target
+RequiresMountsFor=/run/containers/storage
+
+[Service]
+Type=simple
+Environment=PODMAN_SYSTEMD_UNIT=%n
+EnvironmentFile=-/etc/cadoles-pod-{{ .Env.IMAGE_NAME }}.conf
+Environment=IMAGE_NAME={{ .Env.IMAGE_NAME }} IMAGE_TAG={{ .Env.IMAGE_TAG }}
+PassEnvironment=PODMAN_ARGS IMAGE_NAME IMAGE_TAG
+Restart=on-failure
+TimeoutStopSec=70
+{{ if getenv "SYSTEMD_EXEC_STARTPRE" "" }}
+ExecStartPre={{ .Env.SYSTEMD_EXEC_STARTPRE }}
+{{ end }}
+ExecStart=/bin/sh -c "podman run ${PODMAN_ARGS} '${IMAGE_NAME}:${IMAGE_TAG}'"
+{{ if getenv "SYSTEMD_EXEC_STARTPOST" "" }}
+ExecStartPost={{ .Env.SYSTEMD_EXEC_STARTPOST }}
+{{ end }}
+
+[Install]
+WantedBy=default.target
--- a/resources/com/cadoles/podman/post-install.sh.gotmpl
+++ b/resources/com/cadoles/podman/post-install.sh.gotmpl
@ -0,0 +1,79 @@
+#!/bin/sh
+
+# Adapted from https://nfpm.goreleaser.com/tips/
+
+use_systemctl="True"
+systemd_version=0
+if ! command -V systemctl >/dev/null 2>&1; then
+  use_systemctl="False"
+else
+  systemd_version=$( systemctl --version | head -1 | sed 's/systemd //g' | cut -d' ' -f1 )
+fi
+
+SERVICE_NAME="cadoles-pod-{{ .Env.IMAGE_NAME }}"
+
+cleanup() {
+  if [ "${use_systemctl}" = "False" ]; then
+    rm -f /usr/lib/systemd/system/$SERVICE_NAME.service
+  else
+    rm -f /etc/chkconfig/$SERVICE_NAME
+    rm -f /etc/init.d/$SERVICE_NAME
+  fi
+}
+
+cleanInstall() {
+  if [ "${use_systemctl}" = "False" ]; then
+    if command -V chkconfig >/dev/null 2>&1; then
+      chkconfig --add $SERVICE_NAME
+    fi
+
+    service $SERVICE_NAME restart ||:
+  else
+    if [ "${systemd_version}" -lt 231 ]; then
+      printf "\033[31m systemd version %s is less then 231, fixing the service file \033[0m\n" "${systemd_version}"
+      sed -i "s/=+/=/g" /usr/lib/systemd/system/$SERVICE_NAME.service
+    fi
+    systemctl daemon-reload ||:
+    systemctl unmask $SERVICE_NAME ||:
+    systemctl preset $SERVICE_NAME ||:
+    systemctl enable $SERVICE_NAME ||:
+    systemctl restart $SERVICE_NAME ||:
+  fi
+}
+
+upgrade() {
+  if [ "${use_systemctl}" = "False" ]; then
+    service $SERVICE_NAME restart ||:
+  else
+    if [ "${systemd_version}" -lt 231 ]; then
+      printf "\033[31m systemd version %s is less then 231, fixing the service file \033[0m\n" "${systemd_version}"
+      sed -i "s/=+/=/g" /usr/lib/systemd/system/$SERVICE_NAME.service
+    fi
+    systemctl daemon-reload ||:
+    systemctl restart $SERVICE_NAME ||:
+  fi
+
+  echo 'Cleaning up unused images...'
+  podman image prune -f --filter "reference={{ .Env.IMAGE_NAME }}"
+}
+
+action="$1"
+if  [ "$1" = "configure" ] && [ -z "$2" ]; then
+  action="install"
+elif [ "$1" = "configure" ] && [ -n "$2" ]; then
+  action="upgrade"
+fi
+
+case "$action" in
+  "1" | "install")
+    cleanInstall
+    ;;
+  "2" | "upgrade")
+    upgrade
+    ;;
+  *)
+    cleanInstall
+    ;;
+esac
+
+cleanup
--- a/resources/com/cadoles/standard-make/Dockerfile
+++ b/resources/com/cadoles/standard-make/Dockerfile
@ -0,0 +1,26 @@
+ARG JQ_VERSION=1.6
+
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y \
+        wget tar curl ca-certificates \
+        openssl bash git unzip build-essential gnupg
+        
+COPY add-letsencrypt-ca.sh /root/add-letsencrypt-ca.sh
+
+RUN bash /root/add-letsencrypt-ca.sh \
+    && rm -f /root/add-letsencrypt-ca.sh
+
+# Install JQ
+RUN wget -O /usr/local/bin/jq https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64 \
+    && chmod +x /usr/local/bin/jq
+
+# Install Docker client
+RUN install -m 0755 -d /etc/apt/keyrings \
+    && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg \
+    && chmod a+r /etc/apt/keyrings/docker.gpg \
+    && echo \
+        "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
+        "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
+        tee /etc/apt/sources.list.d/docker.list > /dev/null \
+    && apt-get update \
+    && apt-get install -y docker-ce-cli
--- a/resources/com/cadoles/symfony/Dockerfile
+++ b/resources/com/cadoles/symfony/Dockerfile
@ -1,7 +1,7 @@
 ARG PHP_SECURITY_CHECKER_VERSION=1.0.0
 ARG JQ_VERSION=1.6

-RUN apt update && \
+RUN apt-get update && \
    DEBIAN_FRONTEND=noninteractive apt-get install -y \
        wget tar curl ca-certificates \
        openssl bash git unzip \
@ -39,4 +39,9 @@ RUN mkdir --parents /tools/phpstan \
    && composer require --working-dir=/tools/phpstan phpstan/phpstan \
    && ln -s /tools/phpstan/vendor/bin/phpstan /usr/local/bin/phpstan \
    && composer require --working-dir=/tools/phpstan phpstan/phpstan-symfony \
-    && composer require --working-dir=/tools/phpstan phpstan/phpstan-doctrine    
+    && composer require --working-dir=/tools/phpstan phpstan/phpstan-doctrine
+
+# Install Symfony
+RUN curl -1sLf 'https://dl.cloudsmith.io/public/symfony/stable/setup.deb.sh' | bash \
+    && apt update \
+    && DEBIAN_FRONTEND=noninteractive apt-get install -y symfony-cli
--- a/resources/com/cadoles/tamarin/Dockerfile
+++ b/resources/com/cadoles/tamarin/Dockerfile
@ -1,4 +1,4 @@
-FROM alpine:3.12
+FROM reg.cadoles.com/proxy_cache/library/alpine:3.20

 ARG HTTP_PROXY=
 ARG HTTPS_PROXY=
@ -11,7 +11,7 @@ RUN apk add --no-cache git docker python3 bash openssl curl

 RUN curl -k https://forge.cadoles.com/Cadoles/Jenkins/raw/branch/master/resources/com/cadoles/common/add-letsencrypt-ca.sh | bash

-RUN git clone http://forge.cadoles.com/Cadoles/Tamarin /tamarin\
+RUN git clone https://forge.cadoles.com/Cadoles/Tamarin /tamarin\
  && cd /tamarin\
  && git checkout ${TAMARIN_VERSION}

--- a/resources/com/cadoles/trivy/templates/markdown.tpl
+++ b/resources/com/cadoles/trivy/templates/markdown.tpl
@ -0,0 +1,56 @@
+{{- if . }}
+{{- range . }}
+<h3>Target <code>{{ escapeXML .Target }}</code></h3>
+{{- if (eq (len .Vulnerabilities) 0) }}
+<h4>No Vulnerabilities found</h4>
+{{- else }}
+<h4>Vulnerabilities ({{ len .Vulnerabilities }})</h4>
+<table>
+    <tr>
+        <th>Package</th>
+        <th>ID</th>
+        <th>Severity</th>
+        <th>Installed Version</th>
+        <th>Fixed Version</th>
+    </tr>
+    {{- range .Vulnerabilities }}
+    <tr>
+        <td><code>{{ escapeXML .PkgName }}</code></td>
+        <td>{{ escapeXML .VulnerabilityID }}</td>
+        <td>{{ escapeXML .Severity }}</td>
+        <td>{{ escapeXML .InstalledVersion }}</td>
+        <td>{{ escapeXML .FixedVersion }}</td>
+    </tr>
+    {{- end }}
+</table>
+{{- end }}
+{{- if (eq (len .Misconfigurations ) 0) }}
+<h4>No Misconfigurations found</h4>
+{{- else }}
+<h4>Misconfigurations</h4>
+<table>
+    <tr>
+        <th>Type</th>
+        <th>ID</th>
+        <th>Check</th>
+        <th>Severity</th>
+        <th>Message</th>
+    </tr>
+    {{- range .Misconfigurations }}
+    <tr>
+        <td>{{ escapeXML .Type }}</td>
+        <td>{{ escapeXML .ID }}</td>
+        <td>{{ escapeXML .Title }}</td>
+        <td>{{ escapeXML .Severity }}</td>
+        <td>
+          {{ escapeXML .Message }}
+          <br><a href={{ escapeXML .PrimaryURL | printf "%q" }}>{{ escapeXML .PrimaryURL }}</a></br>
+        </td>
+    </tr>
+    {{- end }}
+</table>
+{{- end }}
+{{- end }}
+{{- else }}
+<h3>Trivy Returned Empty Report</h3>
+{{- end }}
--- a/resources/com/cadoles/w3af/Dockerfile
+++ b/resources/com/cadoles/w3af/Dockerfile
@ -1,4 +1,4 @@
-FROM golang:1.11.4 as envtpl
+FROM reg.cadoles.com/proxy_cache/library/golang:1.11.4 as envtpl

 ARG HTTP_PROXY=
 ARG HTTPS_PROXY=
@ -14,7 +14,7 @@ RUN git clone https://github.com/subfuzion/envtpl /src \
    -ldflags "-X main.AppVersionMetadata=$(date -u +%s)" \
    -a -installsuffix cgo -o ./bin/envtpl ./cmd/envtpl/.

-FROM alpine:3.9
+FROM reg.cadoles.com/proxy_cache/library/alpine:3.9

 ARG HTTP_PROXY=
 ARG HTTPS_PROXY=
--- a/vars/container.groovy
+++ b/vars/container.groovy
@ -0,0 +1,245 @@
+/**
+* Construit, valide et publie (optionnellement) une image Docker sur le registre Cadoles (par défaut)
+*
+* Options disponibles:
+*
+* - dockerfile - String - Chemin vers le fichier Dockerfile à utiliser pour construire l'image, par défaut "./Dockerfile"
+* - contextDir - String - Répertoire servant de "contexte" pour la construction de l'image, par défault "./"
+* - imageName - String - Nom de l'image à construire, par défaut ""
+* - imageTags - String - Tag(s) apposé(s) sur l'image après construction, par défaut tags générés par la méthode utils.getProjectVersionTags()
+* - gitCredentialsId - String - Identifiant des "credentials" Jenkins utilisés pour cloner le dépôt Git, par défaut "forge-jenkins"
+* - dockerRepository - String - Nom d'hôte du registre Docker sur lequel publier l'image, par défaut "reg.cadoles.com"
+* - dockerRepositoryCredentialsId - String - Identifiant des "credentials" Jenkins utilisés pour déployer l'image sur le registre Docker, par défault "reg.cadoles.com-jenkins"
+* - dryRun - Boolean - Désactiver/activer la publication de l'image sur le registre Docker, par défaut "true"
+* - skipVerifications - Boolean - Désactiver/activer les étapes de vérifications de qualité/sécurité de l'image Docker, par défaut "false"
+*/
+String buildAndPublishImage(Map options = [:]) {
+    String dockerfile = options.get('dockerfile', './Dockerfile')
+    String contextDir = options.get('contextDir', '.')
+    String imageName = options.get('imageName', '')
+    String gitRef = sh(returnStdout: true, script: 'git describe --always').trim()
+
+    List<String> defaultImageTags = utils.getProjectVersionTags() + [ "${utils.getProjectVersionDefaultChannel()}-latest" ]
+    List<String> imageTags = options.get('imageTags', defaultImageTags)
+    // Handle legacy imageTag parameter
+    if (options.containsKey('imageTag')) {
+        imageTags = [ options.get("imageTag", gitRef) ]
+    }
+
+    String gitCredentialsId = options.get('gitCredentialsId', 'forge-jenkins')
+    String dockerRepository = options.get('dockerRepository', 'reg.cadoles.com')
+    String dockerRepositoryCredentialsId = options.get('dockerRepositoryCredentialsId', 'reg.cadoles.com-jenkins')
+    Boolean dryRun = options.get('dryRun', true)
+    Boolean skipVerifications = options.get('skipVerification', false)
+
+    String projectRepository = env.JOB_NAME
+    if (env.BRANCH_NAME ==~ /^PR-.*$/) {
+        projectRepository = env.JOB_NAME - "/${env.JOB_BASE_NAME}"
+    }
+    projectRepository = options.get('projectRepository', projectRepository)
+
+    withCredentials([
+        usernamePassword([
+            credentialsId: dockerRepositoryCredentialsId,
+            usernameVariable: 'HUB_USERNAME',
+            passwordVariable: 'HUB_PASSWORD'
+        ]),
+    ]) {
+        stage('Validate Dockerfile with Hadolint') {
+            utils.when(!skipVerifications) {
+                runHadolintCheck(dockerfile, projectRepository)
+            }
+        }
+
+        String primaryImageTag = imageTags[0]
+
+        stage("Build image '${imageName}:${primaryImageTag}'") {
+            git.withHTTPCredentials(gitCredentialsId) {
+                sh """
+                docker build \
+                    --build-arg="GIT_USERNAME=${env.GIT_USERNAME}" \
+                    --build-arg="GIT_PASSWORD=${env.GIT_PASSWORD}" \
+                    -t '${imageName}:${primaryImageTag}' \
+                    -f '${dockerfile}' \
+                    '${contextDir}'
+                """
+            }
+        }
+
+        stage('Validate image with Trivy') {
+            utils.when(!skipVerifications) {
+                runTrivyCheck("${imageName}:${primaryImageTag}", projectRepository)
+            }
+        }
+
+       stage("Login with image repository") {
+            utils.when(!dryRun) {
+                sh """
+                echo ${env.HUB_PASSWORD} | docker login -u '${env.HUB_USERNAME}' --password-stdin '${dockerRepository}'
+                """
+            }
+       }
+
+        imageTags.each { imageTag ->
+            stage("Publish image '${imageName}:${imageTag}'") {
+                utils.when(!dryRun) {
+                    sh """
+                    docker tag "${imageName}:${primaryImageTag}" "${imageName}:${imageTag}"
+                    """
+                    retry(2) {
+                        sh """
+                        docker push '${imageName}:${imageTag}'
+                        """
+                    }
+                }
+            }
+        }    
+
+    }
+}
+
+void runHadolintCheck(String dockerfile, String projectRepository) {
+    String reportFile = ".hadolint-report-${currentBuild.startTimeInMillis}.txt"
+
+    try {
+        validateDockerfileWithHadolint(dockerfile, ['reportFile': reportFile])
+    } catch (err) {
+        unstable("Dockerfile '${dockerfile}' failed linting !")
+    } finally {
+        String lintReport = ''
+
+        if (fileExists(reportFile)) {
+            String report = readFile(reportFile)
+
+            lintReport = """${lintReport}
+            |
+            |```
+            |${report.trim() ? report : "Rien à signaler."}
+            |```"""
+        } else {
+            lintReport = """${lintReport}
+            |
+            |_Vérification échouée mais aucun rapport trouvé !?_ :thinking:"""
+        }
+
+        String defaultReport = '_Rien à signaler !_ :thumbsup:'
+        String report = """## Rapport d'analyse du fichier `${dockerfile}` avec [Hadolint](https://github.com/hadolint/hadolint)
+        |
+        |${lintReport ?: defaultReport}
+        """.stripMargin()
+
+        print report
+
+        if (env.CHANGE_ID) {
+            gitea.commentPullRequest(projectRepository, env.CHANGE_ID, report)
+        }
+    }
+}
+
+String validateDockerfileWithHadolint(String dockerfile, Map options = [:]) {
+    String hadolintBin = getOrInstallHadolint(options)
+    String hadolintArgs = options.get('hadolintArgs', '--no-color')
+    String reportFile = options.get('reportFile', ".hadolint-report-${currentBuild.startTimeInMillis}.txt")
+
+    sh("""#!/bin/bash
+    set -eo pipefail
+    '${hadolintBin}' '${dockerfile}' ${hadolintArgs} | tee '${reportFile}'
+    """)
+
+    return reportFile
+}
+
+void runTrivyCheck(String imageName, String projectRepository, Map options = [:]) {
+    String reportFile = ".trivy-report-${currentBuild.startTimeInMillis}.txt"
+
+    try {
+        validateImageWithTrivy(imageName, ['reportFile': reportFile])
+    } catch (err) {
+        unstable("Image '${imageName}' failed validation !")
+    } finally {
+        String lintReport = ''
+
+        if (fileExists(reportFile)) {
+            lintReport = """${lintReport}
+            |
+            |${readFile(reportFile)}
+            |"""
+        } else {
+            lintReport = """${lintReport}
+            |
+            |_Vérification échouée mais aucun rapport trouvé !?_ :thinking:"""
+        }
+
+        String defaultReport = '_Rien à signaler !_ :thumbsup:'
+        String report = """## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy)
+        |
+        |${lintReport ?: defaultReport}
+        """.stripMargin()
+
+        print report
+
+        if (env.CHANGE_ID) {
+            gitea.commentPullRequest(projectRepository, env.CHANGE_ID, report)
+        }
+    }
+}
+
+String validateImageWithTrivy(String imageName, Map options = [:]) {
+    String trivyBin = getOrInstallTrivy(options)
+    String trivyArgs = options.get('trivyArgs', '--exit-code 1')
+    String cacheDirectory = options.get('cacheDirectory', '.trivy/.cache')
+    String cacheDefaultBranch = options.get('cacheDefaultBranch', 'develop')
+    Integer cacheMaxSize = options.get('cacheMaxSize', 250)
+    String reportFile = options.get('reportFile', ".trivy-report-${currentBuild.startTimeInMillis}.txt")
+    
+    String markdownTemplate = libraryResource 'com/cadoles/trivy/templates/markdown.tpl'
+    writeFile file:'.trivy-markdown.tpl', text: markdownTemplate
+    
+    cache(maxCacheSize: cacheMaxSize, defaultBranch: cacheDefaultBranch, caches: [
+        [$class: 'ArbitraryFileCache', path: cacheDirectory, compressionMethod: 'TARGZ']
+    ]) {
+        sh("'${trivyBin}' --cache-dir '${cacheDirectory}' image --ignorefile .trivyignore.yaml --format template --template '@.trivy-markdown.tpl' -o '${reportFile}' ${trivyArgs} '${imageName}'")
+    }
+
+    return reportFile
+}
+
+String getOrInstallHadolint(Map options = [:]) {
+    String installDir = options.get('installDir', '/usr/local/bin')
+    String version = options.get('version', '2.12.0')
+    String forceDownload = options.get('forceDownload', false)
+    String downloadUrl = options.get('downloadUrl', "https://github.com/hadolint/hadolint/releases/download/v${version}/hadolint-Linux-x86_64")
+
+    String hadolintBin = sh(returnStdout: true, script: 'which hadolint || exit 0').trim()
+    if (hadolintBin == '' || forceDownload) {
+        sh("""
+        mkdir -p '${installDir}'
+        curl -o '${installDir}/hadolint' -sSL '${downloadUrl}'
+        chmod +x '${installDir}/hadolint'
+        """)
+
+        hadolintBin = "${installDir}/hadolint"
+    }
+
+    return hadolintBin
+}
+
+String getOrInstallTrivy(Map options = [:]) {
+    String installDir = options.get('installDir', '/usr/local/bin')
+    String version = options.get('version', '0.47.0')
+    String forceDownload = options.get('forceDownload', false)
+    String installScriptDownloadUrl = options.get('downloadUrl', 'https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh')
+
+    String trivyBin = sh(returnStdout: true, script: 'which trivy || exit 0').trim()
+    if (trivyBin == '' || forceDownload) {
+        sh("""
+        mkdir -p '${installDir}'
+        curl -sfL '${installScriptDownloadUrl}'  | sh -s -- -b '${installDir}' v${version}
+        chmod +x '${installDir}/trivy'
+        """)
+
+        trivyBin = "${installDir}/trivy"
+    }
+
+    return trivyBin
+}
--- a/vars/cpkg.groovy
+++ b/vars/cpkg.groovy
@ -1,8 +1,8 @@
+import java.util.regex.Matcher
+
 // Basic port of https://forge.cadoles.com/Cadoles/cpkg
 def call(Map params = [:]) {
-
    def currentRef = sh(script: 'git rev-parse HEAD', returnStdout: true).trim()
-    def baseRef = params.baseRef ? params.baseRef : currentRef
    def distRepo = params.distRepo ? params.distRepo : 'dev'
    def dist = params.dist ? params.dist : 'eole'
    def distVersion = params.distVersion ? params.distVersion : '2.7.0'
@ -12,7 +12,7 @@ def call(Map params = [:]) {
    def gitEmail = params.gitEmail ? params.gitEmail : 'jenkins@cadoles.com'
    def gitUsername = params.gitUsername ? params.gitUsername : 'Jenkins'
    def skipCi = params.containsKey('skipCi') ? params.skipCi : false
-    def skipPush = params.containsKey('skipPush') ? params.skipPush: true
+    def skipPush = params.containsKey('skipPush') ? params.skipPush : true

    // Define dist branch based on provided informations and base branch name
    def distBranch = "dist/${dist}/${distVersion}/${distBranchName}"
@ -28,7 +28,7 @@ def call(Map params = [:]) {
        sh("git config --add remote.origin.fetch +refs/heads/${distBranch}:refs/remotes/origin/${distBranch}")

        // Update branches
-        sh("git fetch --all")
+        sh('git fetch --all')

        // Merge currentRef into distBranch and push
        sh("git checkout -b '${distBranch}' 'origin/${distBranch}'")
@ -40,11 +40,11 @@ def call(Map params = [:]) {
        sh("git merge ${currentRef}")

        if (!skipPush) {
-            sh("git push")
+            sh('git push')
        } else {
            println("Skipping push. Set skipPush param to 'true' to enable remote repository update.")
        }
-        
+
        // Retrieve last tag matching pattern pkg/${distRepo}/${dist}-${distVersion}/*
        def lastTag = sh(
            script: "git tag -l 'pkg/${distRepo}/${dist}-${distVersion}/*' --sort=v:refname | tail -n 1",
@ -61,7 +61,25 @@ def call(Map params = [:]) {

        println("Last version number is '${lastVersionNumber}'")

-        def versionNumber = incrementVersionNumber(lastVersionNumber)
+        String versionRoot = extractVersionRoot(lastVersionNumber)
+        String versionNumber = ''
+
+        if (versionRoot) {
+            versionNumber = versionRoot
+        } else {
+            versionNumber = sh(
+                script: "git describe --always ${currentRef}",
+                returnStdout: true,
+            ).split('/').last().trim()
+
+            Boolean isCommitRef = !versionNumber.matches(/^[0-9]+\.[0-9]+\.[0-9]+.*$/)
+
+            if (isCommitRef) {
+                versionNumber = "0.0.0-${versionNumber}"
+            }
+        }
+
+        versionNumber = "${versionNumber}-${env.BUILD_NUMBER}"

        println("New version number will be '${versionNumber}'")
        result['newVersionNumber'] = versionNumber
@ -71,16 +89,16 @@ def call(Map params = [:]) {

        result['newTag'] = tag

-        def tagComment="Build ${versionNumber} ${distRepo} package for ${dist}-${distVersion}."
+        def tagComment = "Build ${versionNumber} ${distRepo} package for ${dist}-${distVersion}."
        if (skipCi) {
            tagComment += ' [ci skip]'
        }

-        sh("git tag -a '${tag}' -m '${tagComment}'")
+        sh("git tag -f -a '${tag}' -m '${tagComment}'")

        // Push tag
        if (!skipPush) {
-            sh("git push --tags")
+            sh('git push --tags -f')
        } else {
            println("Skipping push. Set skipPush param to 'true' to enable remote repository update.")
        }
@ -108,20 +126,13 @@ def call(Map params = [:]) {
    return result
 }

-def incrementVersionNumber(String versionNumber) {
-    // Split versionNumber (typical pattern: <major>.<minor>.<patch>)
-    def versionNumberParts = versionNumber.split(/\./)
-
-    // Extract path number
-    def patchNumber = versionNumberParts.last()
-
-    // Split patch number (typical pattern: <patch>-<build>)
-    def patchNumberParts = patchNumber.split('-')
-
-    // If version number matches pattern <major>.<minor>.<patch>-<build>
-    if (patchNumberParts.size() > 1) {
-        return versionNumberParts[0..-2].join('.') + '.' + patchNumberParts[0..-2].join('-') + '-' + (patchNumberParts.last().toInteger() + 1)
-    } else { // Else version number matches pattern <major>.<minor>.<patch>
-        return versionNumberParts[0..-2].join('.') + '.' + (patchNumber.toInteger() + 1)
+@NonCPS
+String extractVersionRoot(String fullVersion) {
+    Matcher fullVersionMatcher = fullVersion =~ /^([0-9]+\.[0-9]+\.[0-9]+).*$/
+    
+    if (!fullVersionMatcher.matches()) {
+        return ""
    }
-}
+
+    return fullVersionMatcher.group(1)
+}
--- a/vars/debian.groovy
+++ b/vars/debian.groovy
@ -52,7 +52,7 @@ def listRepoPackages(Map params = [:]) {
  def type = params.type ? params.type : 'binary'
  def arch = params.arch ? params.arch : 'amd64'

-  def response = httpRequest(url: "${baseURL}/dists/${distrib}/${component}/${type}-${arch}/Packages")
+  def response = httpRequest(ignoreSslErrors: true, url: "${baseURL}/dists/${distrib}/${component}/${type}-${arch}/Packages")

  def packages = [:]
  def lines = response.content.split('\n')
--- a/vars/gitea.groovy
+++ b/vars/gitea.groovy
@ -1,4 +1,4 @@
-def commentPullRequest(String repo, String issueId, String comment, Integer commentIndex = 0) {
+def commentPullRequest(String repo, String issueId, String comment, Integer commentIndex = -1) {
  comment = comment.replaceAll('"', '\\"')
  withCredentials([
    string(credentialsId: 'GITEA_JENKINS_PERSONAL_TOKEN', variable: 'GITEA_TOKEN'),
@ -7,13 +7,17 @@ def commentPullRequest(String repo, String issueId, String comment, Integer comm
    sh """#!/bin/bash
    set -xeo pipefail

-    # Récupération si il existe du commentaire existant
-    previous_comment_id=\$(curl -v --fail \
-      -H "Authorization: token ${GITEA_TOKEN}" \
-      -H "Content-Type: application/json" \
-      https://forge.cadoles.com/api/v1/repos/${repo}/issues/${issueId}/comments \
-      | jq -c '[ .[] | select(.user.login=="jenkins") ] | .[${commentIndex}] | .id' \
-    )
+    previous_comment_id=null
+
+    if [ "${commentIndex}" != "-1" ]; then
+      # Récupération si il existe du commentaire existant
+      previous_comment_id=\$(curl -v --fail \
+        -H "Authorization: token ${GITEA_TOKEN}" \
+        -H "Content-Type: application/json" \
+        https://forge.cadoles.com/api/v1/repos/${repo}/issues/${issueId}/comments \
+        | jq -c '[ .[] | select(.user.login=="jenkins") ] | .[${commentIndex}] | .id' \
+      )
+    fi

    # Génération du payload pour l'API Gitea
    echo '{}' | jq -c --rawfile body .prComment '.body = \$body' > payload.json
@ -40,14 +44,15 @@ def commentPullRequest(String repo, String issueId, String comment, Integer comm
 }

 // Effectue une "release" sur Gitea pour le <ORG>/<PROJET> donné.
-def release(String credentialsId, String org, String project, Map options = [:]) {
-  def isDraft = options.get('isDraft', false)
-  def baseUrl = options.get('baseUrl', 'https://forge.cadoles.com')
-  def defaultVersion = sh(returnStdout: true, script: 'git describe --always').trim()
-  def releaseVersion = options.get('releaseVersion', defaultVersion)
-  def commitishTarget = options.get('commitishTarget', env.GIT_COMMIT)
+void release(String credentialsId, String org, String project, Map options = [:]) {
+  Boolean isDraft = options.get('isDraft', false)
+  String baseUrl = options.get('baseUrl', 'https://forge.cadoles.com')
+  String defaultVersion = sh(returnStdout: true, script: 'git describe --always').trim()
+  String releaseVersion = options.get('releaseVersion', defaultVersion)
+  String releaseName = options.get('releaseName', releaseVersion)
+  String commitishTarget = options.get('commitishTarget', env.GIT_COMMIT)

-  def defaultIsPrerelease = true
+  Boolean defaultIsPrerelease = true
  try {
    sh(script: "git describe --exact-match ${GIT_COMMIT}")
    defaultIsPrerelease = false
@ -55,16 +60,16 @@ def release(String credentialsId, String org, String project, Map options = [:])
    println "Could not find tag associated with commit '${GIT_COMMIT}' ! Using 'prerelease' as default."
  }

-  def isPrerelease = options.get('isPrerelease', defaultIsPrerelease)
-  def body = options.get('body', '')
-  def attachments = options.get('attachments', [])
+  Boolean isPrerelease = options.get('isPrerelease', defaultIsPrerelease)
+  String body = options.get('body', '')
+  List<String> attachments = options.get('attachments', [])

-  def scriptTempDir =  ".gitea-release-script-${System.currentTimeMillis()}"
+  String scriptTempDir =  ".gitea-release-script-${System.currentTimeMillis()}"
  sh("mkdir -p '${scriptTempDir}'")

-  def giteaReleaseScript = "${scriptTempDir}/gitea-release.sh"
+  String giteaReleaseScript = "${scriptTempDir}/gitea-release.sh"

-  def giteaReleaseScriptContent = libraryResource 'com/cadoles/gitea/gitea-release.sh'
+  String giteaReleaseScriptContent = libraryResource 'com/cadoles/gitea/gitea-release.sh'
  writeFile file: giteaReleaseScript, text:giteaReleaseScriptContent
  sh("chmod +x '${giteaReleaseScript}'")

@ -81,6 +86,7 @@ def release(String credentialsId, String org, String project, Map options = [:])
      export GITEA_RELEASE_ORG="${org}"
      export GITEA_RELEASE_BASE_URL="${baseUrl}"
      export GITEA_RELEASE_VERSION="${releaseVersion}"
+      export GITEA_RELEASE_NAME="${releaseName}"
      export GITEA_RELEASE_COMMITISH_TARGET="${commitishTarget}"
      export GITEA_RELEASE_IS_DRAFT="${isDraft}"
      export GITEA_RELEASE_IS_PRERELEASE="${isPrerelease}"
@ -95,4 +101,56 @@ def release(String credentialsId, String org, String project, Map options = [:])
      deleteDir()
    }
  }
+
+  rocketSend(
+    avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png',
+    message: """
+    Nouvelle version publiée pour le projet `${org}/${project}`: [${releaseName}](${baseUrl}/${org}/${project}/releases/tag/${releaseVersion})
+
+    [Visualiser le job](${env.RUN_DISPLAY_URL})
+
+    @${utils.getBuildUser()}
+    """.stripIndent(),
+    rawMessage: true
+  )
+}
+
+// Télécharge les fichiers associés à une "version" publiée sur un projet Gitea
+void download(String credentialsId, String org, String project, Map options = [:]) {
+  String baseUrl = options.get('baseUrl', 'https://forge.cadoles.com')
+  String releaseName = options.get('releaseName', 'latest')
+  String outputDir = options.get('outputDir', 'gitea-dl')
+
+  String scriptTempDir =  ".gitea-download-script-${System.currentTimeMillis()}"
+  sh("mkdir -p '${scriptTempDir}'")
+
+  String giteaDownloadScript = "${scriptTempDir}/gitea-download.sh"
+
+  String giteaDownloadScriptContent = libraryResource 'com/cadoles/gitea/gitea-download.sh'
+  writeFile file: giteaDownloadScript, text:giteaDownloadScriptContent
+  sh("chmod +x '${giteaDownloadScript}'")
+
+  try {
+    withCredentials([
+      usernamePassword(
+        credentialsId: credentialsId,
+        usernameVariable: 'GITEA_DOWNLOAD_USERNAME',
+        passwordVariable: 'GITEA_DOWNLOAD_PASSWORD'
+      )
+    ]) {
+      sh """
+      export GITEA_DOWNLOAD_PROJECT="${project}"
+      export GITEA_DOWNLOAD_ORG="${org}"
+      export GITEA_DOWNLOAD_BASE_URL="${baseUrl}"
+      export GITEA_DOWNLOAD_RELEASE_NAME="${releaseName}"
+      export GITEA_DOWNLOAD_TARGET_DIRECTORY="${outputDir}"
+
+      ${giteaDownloadScript}
+      """
+    }
+  } finally {
+    dir(scriptTempDir) {
+      deleteDir()
+    }
+  }
 }
--- a/vars/gomplate.groovy
+++ b/vars/gomplate.groovy
@ -0,0 +1,46 @@
+void call(String sourceTemplate, String destFile, Map env = [:], Map options = [:]) {
+    String gomplateBin = getOrInstallGomplate(options)
+
+    sh """
+    ${exportEnvMap(env)}
+    ${gomplateBin} -f '${sourceTemplate}' > '${destFile}'
+    """
+}
+
+String exportEnvMap(Map env) {
+    String exports = ''
+
+    env.each { item ->
+        exports = """
+        ${exports}
+        export ${item.key}="${item.value}"
+        """
+    }
+
+    return exports
+}
+
+String getOrInstallGomplate(Map options = [:]) {
+    String installDir = options.get('installDir', '/usr/local/bin')
+    String version = options.get('version', '3.10.0')
+    Boolean forceDownload = options.get('forceDownload', false)
+    String downloadUrl = options.get('downloadUrl', "https://github.com/hairyhenderson/gomplate/releases/download/v${version}/gomplate_linux-amd64")
+
+    String gomplateBin = ''
+
+    lock("${env.NODE_NAME}:gomplate-install") {
+        gomplateBin = sh(returnStdout: true, script: 'which gomplate || exit 0').trim()
+
+        if (gomplateBin == '' || forceDownload) {
+            sh("""
+            mkdir -p '${installDir}'
+            curl -o '${installDir}/gomplate' -sSL '${downloadUrl}'
+            chmod +x '${installDir}/gomplate'
+            """)
+
+            gomplateBin = "${installDir}/gomplate"
+        }
+    }
+
+    return gomplateBin
+}
--- a/vars/hook.groovy
+++ b/vars/hook.groovy
@ -1,15 +1,19 @@
 def call(String name) {
-    def rootDir = pwd()
-    def filepath = "${rootDir}/.jenkins/${name}.groovy"
+    def filepath = "${env.WORKSPACE}/.jenkins/${name}.groovy"
    def exists = fileExists(filepath)
    if (!exists) {
        println("No hook '${filepath}' script. Skipping.")
        return
    }
    def hook = load(filepath)
-    if(hook.metaClass.respondsTo(hook, 'exec')) {
+
+    if (hook == null) {
+        error("Hook '${filepath}' seems to be null. Did you forget to add 'return this' at the end of the script ?")
+    }
+
+    if (hook.metaClass.respondsTo(hook, 'exec')) {
        hook.exec()
    } else {
        error("Hook script '${filepath}' exists but does not expose an exec() function.")
    }
-}
+}
--- a/vars/kubecontainer.groovy
+++ b/vars/kubecontainer.groovy
@ -0,0 +1,195 @@
+/**
+* Construit, valide et publie (optionnellement) une image Docker sur le registre Cadoles (par défaut)
+*
+* Options disponibles:
+*
+* - dockerfile - String - Chemin vers le fichier Dockerfile à utiliser pour construire l'image, par défaut "./Dockerfile"
+* - contextDir - String - Répertoire servant de "contexte" pour la construction de l'image, par défault "./"
+* - imageName - String - Nom de l'image à construire, par défaut ""
+* - imageTag - String - Tag apposé sur l'image après construction, par défaut résultat de la commande `git describe --always`
+* - gitCredentialsId - String - Identifiant des "credentials" Jenkins utilisés pour cloner le dépôt Git, par défaut "forge-jenkins"
+* - dockerRepository - String - Nom d'hôte du registre Docker sur lequel publier l'image, par défaut "reg.cadoles.com"
+* - dockerRepositoryCredentialsId - String - Identifiant des "credentials" Jenkins utilisés pour déployer l'image sur le registre Docker, par défault "reg.cadoles.com-jenkins"
+* - dryRun - Boolean - Désactiver/activer la publication de l'image sur le registre Docker, par défaut "true"
+* - skipVerifications - Boolean - Désactiver/activer les étapes de vérifications de qualité/sécurité de l'image Docker, par défaut "false"
+*/
+String buildAndPublishImage(Map options = [:]) {
+    String dockerfile = options.get('dockerfile', './Dockerfile')
+    String contextDir = options.get('contextDir', '.')
+    String imageName = options.get('imageName', '')
+    String gitRef = sh(returnStdout: true, script: 'git describe --always').trim()
+    String imageTag = options.get('imageTag', gitRef)
+    String gitCredentialsId = options.get('gitCredentialsId', 'forge-jenkins')
+    String dockerRepository = options.get('dockerRepository', 'reg.cadoles.com')
+    String dockerRepositoryCredentialsId = options.get('dockerRepositoryCredentialsId', 'reg.cadoles.com-jenkins')
+    Boolean dryRun = options.get('dryRun', true)
+    Boolean skipVerifications = options.get('skipVerification', false)
+    String currentBranch = env.BRANCH_NAME.replaceAll("[^a-zA-Z]+","_")
+
+    String projectRepository = env.JOB_NAME
+    if (env.BRANCH_NAME ==~ /^PR-.*$/) {
+        projectRepository = env.JOB_NAME - "/${env.JOB_BASE_NAME}"
+    }
+    projectRepository = options.get('projectRepository', projectRepository)
+
+    withCredentials([
+        usernamePassword([
+            credentialsId: dockerRepositoryCredentialsId,
+            usernameVariable: 'HUB_USERNAME',
+            passwordVariable: 'HUB_PASSWORD'
+        ]),
+    ]) {
+        stage('Validate Dockerfile with Hadolint') {
+            utils.when(!skipVerifications) {
+                runHadolintCheck(dockerfile, projectRepository)
+            }
+        }
+
+        stage("Build image '${imageName}:${imageTag}'") {
+            git.withHTTPCredentials(gitCredentialsId) {
+                sh """
+                CURRENT_BRANCH=${currentBranch} make 
+                """
+            }
+        }
+
+        stage('Validate image with Trivy') {
+            utils.when(!skipVerifications) {
+                sh """
+                CURRENT_BRANCH=${currentBranch} make scan
+                """
+            }
+        }
+
+        stage("Publish image '${imageName}:${imageTag}'") {
+            utils.when(!dryRun) {
+                retry(2) {
+                    sh """
+                	CURRENT_BRANCH=${currentBranch} make release
+                    """
+                }
+            }
+        }
+    }
+}
+
+void runHadolintCheck(String dockerfile, String projectRepository) {
+    String reportFile = ".hadolint-report-${currentBuild.startTimeInMillis}.txt"
+
+    try {
+        validateDockerfileWithHadolint(dockerfile, ['reportFile': reportFile])
+    } catch (err) {
+        unstable("Dockerfile '${dockerfile}' failed linting !")
+    } finally {
+        String lintReport = ''
+
+        if (fileExists(reportFile)) {
+            lintReport = """${lintReport}
+            |
+            |```
+            |${readFile(reportFile)}
+            |```"""
+        } else {
+            lintReport = """${lintReport}
+            |
+            |_Vérification échouée mais aucun rapport trouvé !?_ :thinking:"""
+        }
+
+        String defaultReport = '_Rien à signaler !_ :thumbsup:'
+        String report = """## Validation du Dockerfile `${dockerfile}`
+        |
+        |${lintReport ?: defaultReport}
+        """.stripMargin()
+
+        print report
+
+        if (env.CHANGE_ID) {
+            gitea.commentPullRequest(projectRepository, env.CHANGE_ID, report)
+        }
+    }
+}
+
+String validateDockerfileWithHadolint(String dockerfile, Map options = [:]) {
+    String hadolintBin = getOrInstallHadolint(options)
+    String hadolintArgs = options.get('hadolintArgs', '--no-color')
+    String reportFile = options.get('reportFile', ".hadolint-report-${currentBuild.startTimeInMillis}.txt")
+
+    sh("""#!/bin/bash
+    set -eo pipefail
+    '${hadolintBin}' '${dockerfile}' ${hadolintArgs} | tee '${reportFile}'
+    """)
+
+    return reportFile
+}
+
+void runTrivyCheck(String imageName, String projectRepository, Map options = [:]) {
+    String currentBranch = env.BRANCH_NAME.replaceAll("[^a-zA-Z]+","_")
+    stage("Scan with trivy '${imageName}:${imageTag}'") {
+	utils.when(!dryRun) {
+           retry(2) {
+              sh """
+              	CURRENT_BRANCH=${currentBranch} make scan
+              """
+           }
+        }
+    }
+}
+
+String validateImageWithTrivy(String imageName, Map options = [:]) {
+    String trivyBin = getOrInstallTrivy(options)
+    String trivyArgs = options.get('trivyArgs', '--exit-code 1')
+    String cacheDirectory = options.get('cacheDirectory', '.trivy/.cache')
+    String cacheDefaultBranch = options.get('cacheDefaultBranch', 'develop')
+    Integer cacheMaxSize = options.get('cacheMaxSize', 250)
+    String reportFile = options.get('reportFile', ".trivy-report-${currentBuild.startTimeInMillis}.txt")
+
+    
+
+    cache(maxCacheSize: cacheMaxSize, defaultBranch: cacheDefaultBranch, caches: [
+        [$class: 'ArbitraryFileCache', path: cacheDirectory, compressionMethod: 'TARGZ']
+    ]) {
+        sh("'${trivyBin}' --cache-dir '${cacheDirectory}' image -o '${reportFile}' ${trivyArgs} '${imageName}'")
+    }
+
+    return reportFile
+}
+
+String getOrInstallHadolint(Map options = [:]) {
+    String installDir = options.get('installDir', '/usr/local/bin')
+    String version = options.get('version', '2.10.0')
+    String forceDownload = options.get('forceDownload', false)
+    String downloadUrl = options.get('downloadUrl', "https://github.com/hadolint/hadolint/releases/download/v${version}/hadolint-Linux-x86_64")
+
+    String hadolintBin = sh(returnStdout: true, script: 'which hadolint || exit 0').trim()
+    if (hadolintBin == '' || forceDownload) {
+        sh("""
+        mkdir -p '${installDir}'
+        curl -o '${installDir}/hadolint' -sSL '${downloadUrl}'
+        chmod +x '${installDir}/hadolint'
+        """)
+
+        hadolintBin = "${installDir}/hadolint"
+    }
+
+    return hadolintBin
+}
+
+String getOrInstallTrivy(Map options = [:]) {
+    String installDir = options.get('installDir', '/usr/local/bin')
+    String version = options.get('version', '0.27.1')
+    String forceDownload = options.get('forceDownload', false)
+    String installScriptDownloadUrl = options.get('downloadUrl', 'https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh')
+
+    String trivyBin = sh(returnStdout: true, script: 'which trivy || exit 0').trim()
+    if (trivyBin == '' || forceDownload) {
+        sh("""
+        mkdir -p '${installDir}'
+        curl -sfL '${installScriptDownloadUrl}'  | sh -s -- -b '${installDir}' v${version}
+        chmod +x '${installDir}/trivy'
+        """)
+
+        trivyBin = "${installDir}/trivy"
+    }
+
+    return trivyBin
+}
--- a/vars/nfpm.groovy
+++ b/vars/nfpm.groovy
@ -0,0 +1,37 @@
+/**
+ * Générer des paquets Debian, RPM, Alpine (ipk) via nfpm
+ * Voir See https://nfpm.goreleaser.com/
+ *
+ * Options:
+ * - installDir - Répertoire d'installation du binaire nfpm, par défaut /usr/local/bin
+ * - version - Version de nfpm à installer, par défaut 2.15.1
+ * - forceDownload - Forcer l'installation de nfpm, par défaut false
+ * - config - Fichier de configuration nfpm à utiliser, par défaut nfpm.yaml
+ * - target - Répertoire cible pour nfpm, par défaut ./dist
+ * - packager - Limiter l'exécution de nfpm à un packager spécifique, par défaut "deb" (i.e. pas de limitation)
+ */
+void call(Map options = [:]) {
+    String installDir = options.get('installDir', '/usr/local/bin')
+    String version = options.get('version', '2.20.0')
+    Boolean forceDownload = options.get('forceDownload', false)
+    String downloadUrl = options.get('downloadUrl', "https://github.com/goreleaser/nfpm/releases/download/v${version}/nfpm_${version}_Linux_x86_64.tar.gz")
+    String config = options.get('config', 'nfpm.yaml')
+    String target = options.get('target', env.WORKSPACE + '/dist')
+    String packager = options.get('packager', 'deb')
+
+    String nfpmBin = sh(returnStdout: true, script: 'which nfpm || exit 0').trim()
+    if (nfpmBin == '' || forceDownload) {
+        sh("""
+        mkdir -p '${installDir}'
+        curl -L '${downloadUrl}' > /tmp/nfpm.tar.gz
+        tar -C /usr/local/bin -xzf /tmp/nfpm.tar.gz
+        """)
+
+        nfpmBin = "${installDir}/nfpm"
+    }
+
+    sh("""
+    mkdir -p '${target}'
+    ${nfpmBin} package --config '${config}' ${packager ? '--packager ' + packager : ''} --target '${target}'
+    """)
+}
--- a/vars/pa11y.groovy
+++ b/vars/pa11y.groovy
@ -1,11 +1,13 @@
 def audit(String url, Map params = [:]) {
    def reporter = params.reporter ? params.reporter : 'html'
-    def username = params.username ? params.username : '';
-    def password = params.password ? params.password : '';
-    def standard = params.standard ? params.standard : 'WCAG2AA';
-    def includeWarnings = params.includeWarnings ? params.includeWarnings : false;
-    def includeNotices = params.includeNotices ? params.includeNotices : false;
-    
+    def username = params.username ? params.username : ''
+    def password = params.password ? params.password : ''
+    def standard = params.standard ? params.standard : 'WCAG2AA'
+    def includeWarnings = params.includeWarnings ? params.includeWarnings : false
+    def includeNotices = params.includeNotices ? params.includeNotices : false
+    def cookie = params.cookie ? params.cookie : ''
+    def ignoredRules = params.ignoredRules ? params.ignoredRules : ''
+
    def pa11yImage = buildDockerImage()

    def dockerArgs = """
@ -16,6 +18,8 @@ def audit(String url, Map params = [:]) {
    -e PA11Y_STANDARD='${standard}'
    -e PA11Y_INCLUDE_WARNINGS='${includeWarnings}'
    -e PA11Y_INCLUDE_NOTICES='${includeNotices}'
+    -e PA11Y_COOKIE='${cookie}'
+    -e PA11Y_IGNORE='${ignoredRules}'
    """

    pa11yImage.inside(dockerArgs) {
@ -29,24 +33,22 @@ def audit(String url, Map params = [:]) {
    }
 }

-
-
 def buildDockerImage() {
-    dir ('.pa11y') {
+    dir('.pa11y') {
        def resourceFiles = [
            'com/cadoles/pa11y/Dockerfile',
            'com/cadoles/pa11y/patty.json.tmpl',
            'com/cadoles/pa11y/run-audit.sh'
-        ];
+        ]

        for (res in resourceFiles) {
            def fileContent = libraryResource res
-            def fileName = res.substring(res.lastIndexOf("/")+1)
+            def fileName = res.substring(res.lastIndexOf('/') + 1)
            writeFile file:fileName, text:fileContent
        }
-        
+
        def safeJobName = URLDecoder.decode(env.JOB_NAME).toLowerCase().replace('/', '-').replace(' ', '-')
        def imageTag = "${safeJobName}-${env.BUILD_ID}"
-        return docker.build("pa11y:${imageTag}", ".")
+        return docker.build("pa11y:${imageTag}", '.')
    }
-}
+}
--- a/vars/podman.groovy
+++ b/vars/podman.groovy
@ -0,0 +1,40 @@
+String buildCadolesPodPackage(String imageName, String imageTag, Map options = [:]) {
+  String destDir = options.get('destDir', env.WORKSPACE + '/dist')
+  Map nfpmOptions = options.get('nfpmOptions', [:])
+
+  nfpmOptions['target'] = destDir
+
+  Map env = options.get('env', [:])
+  env['IMAGE_NAME'] = imageName
+  env['IMAGE_TAG'] = imageTag
+
+  return withPodmanPackagingTempDir {
+    gomplate('post-install.sh.gotmpl', 'post-install.sh', env)
+    gomplate('pod.service.gotmpl', 'pod.service', env)
+    gomplate('pod.conf.gotmpl', 'pod.conf', env)
+    gomplate('nfpm.yaml.gotmpl', 'nfpm.yaml', env)
+    nfpm(nfpmOptions)
+  }
+}
+
+void withPodmanPackagingTempDir(Closure fn) {
+  File tempDir = File.createTempDir()
+
+  tempDir.deleteOnExit()
+  tempDir.mkdirs()
+
+  dir(tempDir.getAbsolutePath()) {
+    List<String> resources = [
+      'com/cadoles/podman/nfpm.yaml.gotmpl',
+      'com/cadoles/podman/pod.conf.gotmpl',
+      'com/cadoles/podman/pod.service.gotmpl',
+      'com/cadoles/podman/post-install.sh.gotmpl',
+    ]
+    for (res in resources) {
+      String fileContent = libraryResource res
+      String fileName = res.substring(res.lastIndexOf('/') + 1)
+      writeFile file:fileName, text:fileContent
+    }
+    fn()
+  }
+}
--- a/vars/sonarqube.groovy
+++ b/vars/sonarqube.groovy
@ -4,9 +4,9 @@ def call() {
        agent {
            label 'docker'
        }
-        
+
        environment {
-            projectDir = "${env.project_name}_${env.BUILD_ID}" 
+            projectDir = "${env.project_name}_${env.BUILD_ID}"
        }

        stages {
@ -19,21 +19,21 @@ def call() {
                steps {
                    script {
                        stage("Clone repository") {
-                            checkout scm: 
+                            checkout scm:
                                [
-                                    $class: 'GitSCM', 
-                                    userRemoteConfigs: [[url: env.repository_url, credentialsId: 'jenkins-forge-ssh']], 
+                                    $class: 'GitSCM',
+                                    userRemoteConfigs: [[url: env.repository_url, credentialsId: 'jenkins-ssh-mse']],
                                    branches: [[name: env.ref]],
                                    extensions: [
                                        [$class: 'RelativeTargetDirectory', relativeTargetDir: env.projectDir ],
                                        [$class: 'CloneOption', noTags: false, shallow: false, depth: 0, reference: ''],
                                        [$class: 'WipeWorkspace' ]
                                    ]
-                                ], 
-                                changelog: false, 
+                                ],
+                                changelog: false,
                                poll: false
                        }
-                    
+
                        stage("Scan project") {
                            dir(env.projectDir) {
                                withCredentials([
@ -57,14 +57,14 @@ def call() {
                                //     avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png',
                                //     message: """
                                //     Le projet ${env.project_name} a été scanné par SonarQube.
-                                    
+
                                //     - [Voir les résultats](${env.SONARQUBE_URL}/dashboard?id=${env.sonarqubeProjectKey})
                                //     - [Visualiser le job](${env.RUN_DISPLAY_URL})
-                                    
+
                                //     @${env.sender_login}
                                //     """.stripIndent(),
                                //     rawMessage: true,
-                                // )                          
+                                // )
                            }
                        }
                    }
@ -77,4 +77,4 @@ def call() {
            }
        }
    }
-}
+}
--- a/vars/standardMakePipeline.groovy
+++ b/vars/standardMakePipeline.groovy
@ -0,0 +1,258 @@
+import org.jenkinsci.plugins.pipeline.modeldefinition.Utils
+
+void call(Map options = [:]) {
+    Map hooks = options.get('hooks', [
+        'pre': null,
+
+        'pre-test': null,
+        'post-test': null,
+
+        'pre-build': null,
+        'post-build': null,
+
+        'pre-release': null,
+        'post-release': null,
+
+        'post-success': null,
+        'post-always': null,
+        'post-failure': null,
+    ])
+    String testTask = options.get('testTask', 'test')
+    String buildTask = options.get('buildTask', 'build')
+    String releaseTask = options.get('releaseTask', 'release')
+    String jobHistory = options.get('jobHistory', '5')
+
+    String baseDockerfile = options.get('baseDockerfile', '')
+    String baseImage = options.get('baseImage', 'reg.cadoles.com/proxy_cache/library/ubuntu:22.04')
+    String dockerfileExtension = options.get('dockerfileExtension', '')
+    List credentials = options.get('credentials', [])
+
+    List<String> releaseBranches = options.get('releaseBranches', ['develop', 'testing', 'stable', 'staging', 'master'])
+
+    node {
+        properties([
+            buildDiscarder(logRotator(daysToKeepStr: jobHistory, numToKeepStr: jobHistory)),
+        ])
+
+        environment {
+            // Set MKT_PROJECT_VERSION_BRANCH_NAME to Jenkins current branch name by default
+            // See https://forge.cadoles.com/Cadoles/mktools project
+            MKT_PROJECT_VERSION_BRANCH_NAME = env.BRANCH_NAME
+        }
+
+        stage('Cancel older jobs') {
+            int buildNumber = env.BUILD_NUMBER as int
+            if (buildNumber > 1) {
+                milestone(buildNumber - 1)
+            }
+
+            milestone(buildNumber)
+        }
+
+        stage('Checkout project') {
+            checkout(scm)
+        }
+
+        try {
+            def containerImage = buildContainerImage(baseImage, baseDockerfile, dockerfileExtension)
+            containerImage.inside('-v /var/run/docker.sock:/var/run/docker.sock --network host') {
+                String repo = env.JOB_NAME
+                if (env.BRANCH_NAME ==~ /^PR-.*$/) {
+                    repo = env.JOB_NAME - "/${env.JOB_BASE_NAME}"
+                }
+
+                List<String> environment = prepareEnvironment()
+
+                withEnv(environment) {
+                    withCredentials(credentials) {
+                        runHook(hooks, 'pre')
+
+                        stage('Build project') {
+                            runHook(hooks, 'pre-build')
+                            runTask('buildTask', buildTask)
+                            runHook(hooks, 'post-build')
+                        }
+
+                        stage('Run tests') {
+                            runHook(hooks, 'pre-test')
+
+                            catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') {
+                                def ( status, output ) = runAndCaptureTask('testTask', testTask)
+
+                                if (!!output.trim() && env.CHANGE_ID) {
+                                    String gitCommit = sh(script: 'git rev-parse --short HEAD', returnStdout: true)
+                                    String report = """
+                                    |#  Test report for ${gitCommit}
+                                    |
+                                    |<details ${output.count('\n') <= 10 ? 'open' : ''}>
+                                    |
+                                    |<summary>Output</summary>
+                                    |
+                                    |```
+                                    |${output}
+                                    |```
+                                    |
+                                    |</details>
+                                    |""".trim().stripMargin()
+
+                                    gitea.commentPullRequest(repo, env.CHANGE_ID, report)
+                                }
+
+                                if (status != 0) {
+                                    throw new Exception("Task `${testTask}` failed !")
+                                }
+                            }
+
+                            runHook(hooks, 'post-test')
+                        }
+
+                        stage('Release project') {
+                            if (releaseBranches.contains(env.BRANCH_NAME)) {
+                                try {
+                                    runHook(hooks, 'pre-release')
+                                    runTask('releaseTask', releaseTask)
+                                    runHook(hooks, 'post-release')
+                                } catch (Exception ex) {
+                                    rocketSend(
+                                        message: """
+                                        |:warning: Une erreur est survenue lors de la publication de [${repo}](https://forge.cadoles.com/${repo - env.JOB_BASE_NAME}):
+                                        |
+                                        | - **Commit:** [${env.GIT_COMMIT}](https://forge.cadoles.com/${repo - env.JOB_BASE_NAME}/commit/${env.GIT_COMMIT})
+                                        | - **Tags:** `${env.PROJECT_VERSION_TAG}` / `${env.PROJECT_VERSION_SHORT_TAG}`
+                                        |
+                                        | **Erreur**
+                                        |```
+                                        |${ex}
+                                        |```
+                                        |
+                                        |[Visualiser le job](${env.RUN_DISPLAY_URL})
+                                        |
+                                        |@${utils.getBuildUser()}
+                                        """.stripMargin(),
+                                        rawMessage: true
+                                    )
+
+                                    throw ex
+                                }
+
+                                rocketSend(
+                                    message: """
+                                    |:white_check_mark: Nouvelle publication terminée pour [${repo}](https://forge.cadoles.com/${repo - env.JOB_BASE_NAME}):
+                                    |
+                                    | - **Commit:** [${env.GIT_COMMIT}](https://forge.cadoles.com/${repo - env.JOB_BASE_NAME}/commit/${env.GIT_COMMIT})
+                                    | - **Tags:** `${env.PROJECT_VERSION_TAG}` / `${env.PROJECT_VERSION_SHORT_TAG}`
+                                    |
+                                    |[Visualiser le job](${env.RUN_DISPLAY_URL})
+                                    |
+                                    |@${utils.getBuildUser()}
+                                    """.stripMargin(),
+                                    rawMessage: true
+                                )
+                            } else {
+                                println("Current branch '${env.BRANCH_NAME}' not in releases branches (${releaseBranches}). Skipping.")
+                                Utils.markStageSkippedForConditional('Release project')
+                            }
+                        }
+                    }
+                }
+            }
+        } catch (Exception ex) {
+            runHook(hooks, 'post-failure', [ex])
+            throw ex
+        } finally {
+            runHook(hooks, 'post-always')
+            cleanWs()
+        }
+
+        runHook(hooks, 'post-success')
+    }
+}
+
+void buildContainerImage(String baseImage, String baseDockerfile, String dockerfileExtension) {
+    String imageName = 'cadoles-standard-make-ci'
+    dir(".${imageName}") {
+        String dockerfile = ''
+
+        if (baseDockerfile) {
+            dockerfile = baseDockerfile
+        } else {
+            dockerfile = libraryResource 'com/cadoles/standard-make/Dockerfile'
+            dockerfile = "FROM ${baseImage}\n" + dockerfile
+        }
+
+        dockerfile = """
+        ${dockerfile}
+        ${dockerfileExtension}
+        """
+
+        writeFile file:'Dockerfile', text: dockerfile
+
+        String addLetsEncryptCA = libraryResource 'com/cadoles/common/add-letsencrypt-ca.sh'
+        writeFile file:'add-letsencrypt-ca.sh', text:addLetsEncryptCA
+
+        String safeJobName = URLDecoder.decode(env.JOB_NAME).toLowerCase().replace('/', '-').replace(' ', '-')
+        String imageTag = "${safeJobName}-${env.BUILD_ID}"
+
+        return docker.build("${imageName}:${imageTag}", '.')
+    }
+}
+
+void runHook(Map hooks, String name, List args = []) {
+    if (!hooks[name]) {
+        println("No hook '${name}' defined. Skipping.")
+        return
+    }
+
+    if (hooks[name] instanceof Closure) {
+        hooks[name](*args)
+    } else {
+        error("Hook '${name}' seems to be defined but is not a closure !")
+    }
+}
+
+void runTask(String name, task) {
+    if (!task) {
+        println("No task '${name}' defined. Skipping.")
+        return [ -1, '' ]
+    }
+
+    sh(script: """#!/bin/bash
+    make ${task}
+    """)
+}
+
+List runAndCaptureTask(String name, task) {
+    if (!task) {
+        println("No task '${name}' defined. Skipping.")
+        return [ -1, '' ]
+    }
+
+    String outputFile = ".${name}-output"
+    int status = sh(script: """#!/bin/bash
+    set -eo pipefail
+    make ${task} 2>&1 | tee '${outputFile}'
+    """, returnStatus: true)
+
+    String output = readFile(outputFile)
+
+    sh(script: "rm -f '${outputFile}'")
+
+    return [status, output]
+}
+
+List<String> prepareEnvironment() {
+    List<String> env = []
+
+    def ( longTag, shortTag ) = utils.getProjectVersionTags()
+
+    env += ["PROJECT_VERSION_TAG=${longTag}"]
+    env += ["PROJECT_VERSION_SHORT_TAG=${shortTag}"]
+
+    String gitCommit = sh(script:'git rev-parse --short HEAD', returnStdout: true).trim()
+    env += ["GIT_COMMIT=${gitCommit}"]
+
+    Boolean isPR = utils.isPR()
+    env += ["IS_PR=${isPR ? 'true' : 'false'}"]
+
+    return env
+}
--- a/vars/symfonyAppPipeline.groovy
+++ b/vars/symfonyAppPipeline.groovy
@ -1,45 +1,58 @@
 import org.jenkinsci.plugins.pipeline.modeldefinition.Utils

-def call(String baseImage = "ubuntu:22.04") {
+def call(String baseImage = 'ubuntu:22.04', Map options = [:]) {
+  Map hooks = options.get('hooks', [:])
+  String jobHistory = options.get('jobHistory', '10')
+
  node {
-    stage("Checkout project") {
+    properties([
+      buildDiscarder(logRotator(daysToKeepStr: jobHistory, numToKeepStr: jobHistory)),
+    ])
+    stage('Cancel older jobs') {
+      def buildNumber = env.BUILD_NUMBER as int
+      if (buildNumber > 1) milestone(buildNumber - 1)
+      milestone(buildNumber)
+    }
+    stage('Checkout project') {
      checkout(scm)
    }
-
+    stage('Run pre hooks') {
+      runHook(hooks, 'preSymfonyAppPipeline')
+    }
    stage('Run in Symfony image') {
-      def symfonyImage = buildDockerImage(baseImage)
+      def symfonyImage = buildDockerImage(baseImage, hooks)
      symfonyImage.inside() {
        def repo = env.JOB_NAME
        if (env.BRANCH_NAME ==~ /^PR-.*$/) {
          repo = env.JOB_NAME - "/${env.JOB_BASE_NAME}"
        }

-        stage("Install composer dependencies") {
+        stage('Install composer dependencies') {
          sh '''
-          composer install
+          symfony composer install
          '''
        }

        parallel([
          'php-security-check': {
-            stage("Check PHP security issues") {
+            stage('Check PHP security issues') {
              catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') {
-                def auditReport = sh(script: "local-php-security-checker --format=markdown || true", returnStdout: true)
-                if (auditReport.trim() != "") {
+                def auditReport = sh(script: 'local-php-security-checker --format=markdown || true', returnStdout: true)
+                if (auditReport.trim() != '') {
                  if (env.CHANGE_ID) {
-                    gitea.commentPullRequest(repo, env.CHANGE_ID, auditReport, 0)
+                    gitea.commentPullRequest(repo, env.CHANGE_ID, auditReport)
                  } else {
                    print auditReport
                  }
                }
-                if (!auditReport.contains("No packages have known vulnerabilities.")) {
-                  throw new Exception("Dependencies check failed !")
+                if (!auditReport.contains('No packages have known vulnerabilities.')) {
+                  throw new Exception('Dependencies check failed !')
                }
-              }             
+              }
            }
          },
          'php-cs-fixer': {
-            stage("Run PHP-CS-Fixer on modified code") {
+            stage('Run PHP-CS-Fixer on modified code') {
              catchError(buildResult: 'FAILURE', stageResult: 'FAILURE') {
                if ( !fileExists('.php-cs-fixer.dist.php') ) {
                  def phpCsFixerConfig = libraryResource 'com/cadoles/symfony/.php-cs-fixer.dist.php'
@ -49,11 +62,11 @@ def call(String baseImage = "ubuntu:22.04") {
                sh '''
                  CHANGED_FILES=$(git diff --name-only --diff-filter=ACMRTUXB "HEAD~..HEAD" | fgrep ".php" | tr "\n" " ")
                  if ! echo "${CHANGED_FILES}" | grep -qE "^(\\.php-cs-fixer(\\.dist)\\.php?|composer\\.lock)$"; then EXTRA_ARGS=$(printf -- '--path-mode=intersection -- %s' "${CHANGED_FILES}"); else EXTRA_ARGS=''; fi
-                  php-cs-fixer fix --config=.php-cs-fixer.dist.php -v --dry-run --using-cache=no --format junit  ${EXTRA_ARGS} > php-cs-fixer.xml || true
+                  symfony php $(which php-cs-fixer) fix --config=.php-cs-fixer.dist.php -v --dry-run --using-cache=no --format junit  ${EXTRA_ARGS} > php-cs-fixer.xml || true
                '''
-                def report = sh(script: "junit2md php-cs-fixer.xml", returnStdout: true)
+                def report = sh(script: 'junit2md php-cs-fixer.xml', returnStdout: true)
                if (env.CHANGE_ID) {
-                  gitea.commentPullRequest(repo, env.CHANGE_ID, report, 1)
+                  gitea.commentPullRequest(repo, env.CHANGE_ID, report)
                } else {
                  print report
                }
@ -61,20 +74,20 @@ def call(String baseImage = "ubuntu:22.04") {
            }
          },
          'phpstan': {
-            stage("Run phpstan") {
+            stage('Run phpstan') {
              catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') {
                if ( !fileExists('phpstan.neon') ) {
                  def phpStanConfig = libraryResource 'com/cadoles/symfony/phpstan.neon'
                  writeFile file:'phpstan.neon', text:phpStanConfig
                }
                sh '''
-                  phpstan analyze -l 1 --error-format=table src > phpstan.txt || true
+                  symfony php $(which phpstan) analyze -l 1 --error-format=table src > phpstan.txt || true
                '''
-                def report = sh(script: "cat phpstan.txt", returnStdout: true)
-                report = "## Rapport PHPStan\n\n```\n" + report
-                report = report + "\n```\n"
+                def report = sh(script: 'cat phpstan.txt', returnStdout: true)
+                report = '## Rapport PHPStan\n\n```\n' + report
+                report = report + '\n```\n'
                if (env.CHANGE_ID) {
-                  gitea.commentPullRequest(repo, env.CHANGE_ID, report, 2)
+                  gitea.commentPullRequest(repo, env.CHANGE_ID, report)
                } else {
                  print report
                }
@ -84,32 +97,38 @@ def call(String baseImage = "ubuntu:22.04") {
        ])
      }
    }
+    stage('Run post hooks') {
+      runHook(hooks, 'postSymfonyAppPipeline')
+    }
  }
 }

-def buildDockerImage(String baseImage) {
-  def imageName = "cadoles-symfony-ci"
-  dir (".${imageName}") {
+void buildDockerImage(String baseImage, Map hooks) {
+  def imageName = 'cadoles-symfony-ci'
+  dir(".${imageName}") {
    def dockerfile = libraryResource 'com/cadoles/symfony/Dockerfile'
    writeFile file:'Dockerfile', text: "FROM ${baseImage}\n\n" + dockerfile

    def addLetsEncryptCA = libraryResource 'com/cadoles/common/add-letsencrypt-ca.sh'
    writeFile file:'add-letsencrypt-ca.sh', text:addLetsEncryptCA
-    
+
+    runHook(hooks, 'buildSymfonyImage')
+
    def safeJobName = URLDecoder.decode(env.JOB_NAME).toLowerCase().replace('/', '-').replace(' ', '-')
    def imageTag = "${safeJobName}-${env.BUILD_ID}"
-    return docker.build("${imageName}:${imageTag}", ".")
+    return docker.build("${imageName}:${imageTag}", '.')
  }
 }

-def when(boolean condition, body) {
-    def config = [:]
-    body.resolveStrategy = Closure.OWNER_FIRST
-    body.delegate = config
+void runHook(Map hooks, String name) {
+  if (!hooks[name]) {
+    println("No hook '${name}' defined. Skipping.")
+    return
+  }

-    if (condition) {
-        body()
-    } else {
-        Utils.markStageSkippedForConditional(STAGE_NAME)
-    }
-}
+  if (hooks[name] instanceof Closure) {
+    hooks[name]()
+  } else {
+    error("Hook '${name}' seems to be defined but is not a closure !")
+  }
+}
--- a/vars/utils.groovy
+++ b/vars/utils.groovy
@ -0,0 +1,117 @@
+import org.jenkinsci.plugins.pipeline.modeldefinition.Utils
+import org.jenkinsci.plugins.pipeline.modeldefinition.when.impl.ChangeSetConditional
+
+void when(Boolean condition, body) {
+    Map config = [:]
+    body.resolveStrategy = Closure.OWNER_FIRST
+    body.delegate = config
+
+    if (condition) {
+        body()
+    } else {
+        Utils.markStageSkippedForConditional(STAGE_NAME)
+    }
+}
+
+@NonCPS
+String getBuildUser() {
+    def build = currentBuild.rawBuild
+    String buildUser = ''
+
+    // On essaie de récupérer l'utilisateur à l'origine de l'exécution du job
+    try {
+        def cause = build.getCause(hudson.model.Cause.UserIdCause.class)
+        buildUser = cause.getUserName()
+    } catch (Exception ex) {
+    // On ignore l'erreur
+    }
+
+    if (buildUser == '') {
+        // Si on a pas réussi à retrouver l'utilisateur, on récupère celui du commit courant
+        try {
+            def committerUsername = sh(script: 'git --no-pager show -s --format=\'%ae\' | cut -d\'@\' -f1', returnStdout: true).trim()
+            buildUser = committerUsername
+        } catch (Exception ex) {
+        // On ignore l'erreur
+        }
+    }
+
+    if (buildUser == '') {
+        // Par défaut, on considère que jenkins est à l'origine du job
+        buildUser = 'jenkins'
+    }
+
+    return buildUser
+}
+
+String getProjectVersionDefaultChannel() {
+    switch (env.BRANCH_NAME) {
+        case 'develop':
+            return 'develop'
+        
+        case 'testing':
+        case 'staging':
+            return 'testing'
+
+        case 'stable':
+        case 'master':
+            return 'stable'
+        
+        default:
+            return env.BRANCH_NAME.toLowerCase().replaceAll('(_|-| )+', '')
+    }
+}
+
+String getProjectVersionShortChannel(String channel) {
+    switch (channel) {
+        case 'develop':
+            return 'dev'
+        
+        case 'testing':
+        case 'staging':
+            return 'tst'
+        
+        case 'stable':
+        case 'master':
+            return 'stb'
+        
+        default:
+            return channel.toLowerCase().replaceAll('(a|e|i|o|u|y_|-| )+', '').take(3)
+    }
+}
+
+List<String> getProjectVersionTags(String overrideChannel = '') {
+    String channel = overrideChannel ? overrideChannel : getProjectVersionDefaultChannel()
+    String shortChannel = getProjectVersionShortChannel(channel)
+
+    String currrentCommitDate = sh(script: 'git show -s --format=%ct', returnStdout: true).trim()
+    String dateVersion = sh(script: "TZ=Europe/Paris date -d '@${currrentCommitDate}' +%Y.%-m.%-d", returnStdout: true).trim()
+    String timestamp = sh(script: "TZ=Europe/Paris date -d '@${currrentCommitDate}' +%-H%M", returnStdout: true).trim()
+    String shortCommit = sh(script: 'git rev-parse --short HEAD', returnStdout: true).trim()
+
+    String longTag = "${dateVersion}-${channel}.${timestamp}.${shortCommit}"
+    String shortTag = "${dateVersion}-${shortChannel}.${timestamp}"
+
+    return [ longTag, shortTag ]
+}
+
+Boolean isPR() {
+    return env.BRANCH_NAME ==~ /^PR-.*$/
+}
+
+
+def hasChanges(String pattern) {
+    def changeLogSets = currentBuild.changeSets
+    def conditional = new ChangeSetConditional(pattern)
+
+    for (set in changeLogSets) {
+        def entries = set.items
+        for (entry in entries) {
+            if (conditional.changeSetMatches(entry, pattern, true)) {
+                return true;
+            }
+        }
+    }
+
+    return false;
+}
Author	SHA1	Message	Date
wpetit	4c15ad01c5	feat(debian): ignore ssl errors when checking packages	2024-09-19 13:41:34 +02:00
wpetit	e2960e37c2	feat(tamarin): use https to clone repository	2024-09-19 11:19:01 +02:00
wpetit	fa94488da7	feat(lets-encrypt): add r10/r11 intermediates certs	2024-08-20 11:16:39 +02:00
wpetit	daa6987159	feat: add gitea-package.sh script	2024-05-13 09:16:20 +02:00
wpetit	90587b05a9	feat(standard-make): use details for large test outputs	2024-04-11 14:27:17 +02:00
wpetit	170f143b00	feat: add utils.hasChanges() utility method	2023-11-29 12:20:39 +01:00
wpetit	fca4ac23d6	feat(container): use .trivyignore file when validation image with trivy	2023-11-17 14:01:45 +01:00
wpetit	0ac529eac7	feat(standard-make): set MKT_PROJECT_VERSION_BRANCH_NAME value by default	2023-11-16 14:00:32 +01:00
wpetit	b98e8ad73b	fix(standard-make): fix typo in commit link	2023-11-16 12:36:49 +01:00
wpetit	f6d9255c5c	feat(container): add floating latest tag when publishing images	2023-11-16 11:27:10 +01:00
wpetit	758f37e8e4	feat(standard-make-pipeline): use host network for test environment	2023-11-15 16:53:20 +01:00
wpetit	2849a3d8d0	feat(container): publish image with multiple tags	2023-11-15 12:54:35 +01:00
wpetit	2c182df6a6	feat(gitea-download): allow anonymous download	2023-10-19 13:14:38 +02:00
wpetit	3bf8e64888	fix(version): return command output	2023-08-24 08:42:27 -06:00
wpetit	7da0dd95b1	feat(utils): use commit timestamp to generate project version tags	2023-08-24 07:51:05 -06:00
wpetit	efbdad226c	feat(standard-make): add staging and master to default release branches	2023-08-23 15:16:33 -06:00
wpetit	1d956d60b1	doc: fix typo	2023-08-18 11:02:13 -06:00
wpetit	cdaff5d8db	Merge pull request 'Création d'un pipeline "standard" basé sur les tâches Make' (#6 ) from standard-make-pipeline into master Reviewed-on: #6	2023-08-18 18:55:54 +02:00
wpetit	4d0070040a	feat(standard-make): create standard make-based pipeline	2023-08-18 10:48:58 -06:00
Philippe Caseiro	120d5d5fb5	fix(kube): using make scan instead of trivy check	2023-06-21 09:34:12 +02:00
Philippe Caseiro	92bec0f127	fix(kube): use make scan for trivy scan	2023-06-19 16:59:05 +02:00
Philippe Caseiro	d252924f22	fix(kube): replace special caracters in branch name again	2023-06-19 16:44:24 +02:00
Philippe Caseiro	bad27aa934	fix(kube): replace special caracters in branch name	2023-06-19 16:37:59 +02:00
Philippe Caseiro	418891082a	fix(kube): using current branch name in tags	2023-06-19 16:33:09 +02:00
Philippe Caseiro	bdaef91251	feat(kube): adding new groovy script for kube projects	2023-06-19 16:22:43 +02:00
wpetit	83867e3a98	feat(gitea-download): accept self-signed certificates	2023-05-16 13:06:11 +02:00
wpetit	6ebceae3b9	feat(gitea,release): use multisort to bypass gitea created_at bug	2023-05-10 15:47:48 +02:00
Matthieu Lamalle	abe8dd5f1b	update sshkey for sonarqube	2023-05-03 15:58:38 +02:00
Laurent Gourvenec	7afabcedde	feat(debian packaging): update pipeline	2023-04-27 14:45:28 +02:00
Matthieu Lamalle	1d35892e87	podman correction	2023-04-18 16:09:00 +02:00
wpetit	21c7fb0e61	feat(gitea,download): allow attachments filtering with regex	2023-03-29 14:35:00 +02:00
wpetit	199b0bf5d1	feat(gitea,release): auto cleanup prereleases	2023-03-29 13:05:48 +02:00
wpetit	3f1b8bcda1	feat(gitea,release): add retry flag and remove verbose one	2023-03-06 14:13:34 +01:00
wpetit	6c5c580156	Merge pull request 'Fixe erreur script sous manjaro' (#5 ) from issue-4 into master Reviewed-on: #5	2023-03-01 10:12:33 +01:00
Benjamin Gaudé	2fbe2ab0b0	Gestion des chemins de destination via un tableau	2023-03-01 10:10:55 +01:00
Benjamin Gaudé	85cb43b272	Fixe erreur script sous manjaro	2023-02-28 15:04:41 +01:00
wpetit	13dc4cbd13	Utilisation du proxy cache Cadoles	2023-02-15 16:28:57 +01:00
wpetit	50310eee17	gitea: publication d'une notification sur le canal jenkins lors d'une release	2022-12-01 12:38:14 -06:00
wpetit	c5fb279a11	pa11y: ajout variable PA11Y_IGNORE	2022-11-21 16:45:38 -06:00
wpetit	2c514cf61b	pa11y: extraction des variables par défaut liées au MSE	2022-11-21 12:19:14 -06:00
Rudy Masson	67b6e21093	maj pa11y: ajout des variables d'environnement groovy	2022-11-18 16:17:22 +01:00
Rudy Masson	7ac1644563	maj pa11y: ajout de cookie poour choix de langue	2022-11-18 15:18:23 +01:00
Rudy Masson	11014fd443	alpine 3.16, reporter par défaut	2022-11-17 10:54:17 +01:00
Rudy Masson	4abd2c5fef	modification Dockerfile pa11y, update pa11y@6.2.3	2022-11-17 09:14:46 +01:00
Rudy Masson	6d48542bfc	test cli native	2022-11-16 13:31:05 +01:00
Rudy Masson	92fea37170	test reporter html	2022-11-16 13:07:23 +01:00
wpetit	1d8b6495b2	feat(cpkg): remove 'b' marker in tag generation	2022-10-26 07:48:36 -05:00
wpetit	9b58ab6971	feat(letsencrypt): RedHat compatible script	2022-10-25 12:37:38 -05:00
wpetit	190b01fa6d	feat(gitea): add download() method	2022-10-22 00:49:11 +02:00
wpetit	522deb3c6a	feat(gitea): use ipv4 to contact api	2022-10-21 23:29:04 +02:00
wpetit	13c89a3cde	Merge branch 'podman'	2022-10-20 23:23:39 +02:00
wpetit	77de05e856	feat: add cleanup-worker script	2022-10-20 21:22:17 +02:00
wpetit	d093542dc2	feat(podman): add method to generate podman based docker image package	2022-10-20 16:19:09 +02:00
wpetit	1ddb5691ca	fix(cpkg): reuse latest version number	2022-10-17 23:48:47 +02:00
wpetit	77a7c46d3f	doc(container): add buildAndPublishImage parameters documentation	2022-10-17 16:35:03 +02:00
wpetit	67f18d806d	feat(container): publish on cadoles registry by default	2022-10-17 16:04:23 +02:00
wpetit	14220ae4e3	fix: publish on custom registry	2022-10-12 16:53:23 +02:00
wpetit	8e1b257144	feat(container): add image build validation steps	2022-10-10 17:34:12 +02:00
wpetit	e670fb8bf6	feat: add container + nfpm utilities	2022-10-04 15:32:26 +02:00
wpetit	57194c84eb	gitea.release(): allow release name customization	2022-09-30 17:27:42 +02:00
wpetit	14bf4665f1	symfonyAppPipeline: use 'symfony php' command ton run tools	2022-09-27 14:45:41 +02:00
wpetit	37445a815e	cpkg: handles cpkg tags	2022-09-27 11:02:57 +02:00
wpetit	9c79307ef9	hook: check for null object before introspection	2022-09-21 11:33:58 +02:00
wpetit	b28d9f9e69	hook: use workspace as root directory	2022-09-21 11:26:40 +02:00
wpetit	a6b8706753	symfonyAppPipeline: fix hook stages	2022-09-20 16:28:03 +02:00
wpetit	ff382b25ba	symfonyAppPipeline: add build-symfony-image hook	2022-09-20 16:26:44 +02:00
wpetit	12bed86b97	symfonyAppPipeline: add actionable pre/post hooks	2022-09-20 16:24:05 +02:00
wpetit	3272427766	mse-rgaa: utilisation de credentials pour l'authentification basic auth	2022-09-14 09:14:34 +02:00
wpetit	cff97b7e02	cpkg: ajout numéro de build en suffixe du numéro de version	2022-09-12 18:37:32 +02:00
wpetit	bc8b1ec7d3	cpkg: force tag	2022-09-12 18:28:09 +02:00
wpetit	1d1a679d62	Passage du payload via un fichier temporaire pour la création de publication Gitea	2022-09-08 17:03:54 +02:00
wpetit	c77c020be0	Utilisation de --rawfile pour l'injection du corps de texte de la release	2022-09-08 16:30:27 +02:00
wpetit	356dc6d16c	Suppression automatique d'une release gitea pré-existante	2022-09-08 15:27:33 +02:00
wpetit	bcf34404a2	Génération automatique de version avec incrément piloté par git	2022-09-08 11:32:50 +02:00
wpetit	45ff14ce10	Ajout d'une méthode gitea.release()	2022-09-05 14:39:45 +02:00
Matthieu Lamalle	97352aad87	correction commande apt	2022-09-02 12:03:15 +02:00
Benjamin Gaudé	502c2c7ed9	retrait remontee junit publishing checks	2022-07-19 08:55:11 +02:00