-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathJenkinsfile
141 lines (126 loc) · 5.66 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
// Jenkins Pipeline script for building, testing, and deploying a Java application.
// This script assumes the use of Docker, SonarQube, OWASP Dependency Check, Maven, and Kubernetes.
pipeline {
agent any
tools {
// Specify the required tools and their versions
maven 'maven3'
jdk 'jdk17'
}
environment {
// Define environment variables
SCANNER_HOME = tool 'sonar-scanner'
ECR_REPO_URL = '<ECR_REPO_URL>' // Replace with the actual ECR repository URL
ECR_APP_NAME = '<ECR_APP_NAME>' // Replace with the name of your ECR application
IMAGE_REPO = "$ECR_REPO_URL/$ECR_APP_NAME"
IMAGE_NAME = "${env.BUILD_NUMBER}"
APP_NAME = '<APP_NAME>' // Replace with the name of your application
}
stages {
stage('Git Checkout') {
steps {
echo 'Checking github...'
// Checkout the code from the Git repository
checkout([$class: 'GitSCM', branches: [[name: 'main']], userRemoteConfigs: [[url: '<GIT_REPO_URL>']]])
}
}
stage('Compile Source Code') {
steps {
echo 'Compiling Source code...'
// Compile the source code
sh 'mvn compile'
}
}
stage('Unit Test') {
steps {
echo 'Testing the code...'
// Run unit tests (skipping tests for now)
sh 'mvn test -DskipTests=true'
}
}
stage('SonarQube Analysis') {
steps {
echo 'SonarQube Analysis started...'
script {
// Run SonarQube analysis
withSonarQubeEnv('<SONAR_ENVIRONMENT>') { // Replace with the name of your SonarQube environment
sh ''' $SCANNER_HOME/bin/sonar-scanner -Dsonar.projectKey=<PROJECT_KEY> \
-Dsonar.projectName=<PROJECT_NAME> -Dsonar.java.binaries=.
'''
}
}
}
}
stage('OWASP Dependency Check') {
steps {
script {
echo 'Owasp dependency check initiating...'
// Run OWASP Dependency Check
def scanResult = dependencyCheck additionalArguments: '--scan ./', nvdCredentialsId: '<NVD_CREDENTIALS_ID>', odcInstallation: 'DC' // Replace with the ID of the NVD credentials used for OWASP Dependency Check
// Mark the build as successful even if there are findings
currentBuild.result = scanResult ? 'SUCCESS' : 'UNSTABLE'
// Archive the Dependency Check report for later review
archiveArtifacts artifacts: '**/dependency-check-report.xml', allowEmptyArchive: true
}
}
}
stage('Build Source Code') {
steps {
echo 'Building Source code...'
// Build the source code (skipping tests)
sh 'mvn package -DskipTests=true'
}
}
stage('Artifact storing in Nexus') {
steps {
echo 'Publishing Artifact to Nexus Artifact repository...'
// Deploy the artifact to Nexus using Maven
withMaven(globalMavenSettingsConfig: '<GLOBAL_MAVEN_SETTINGS>', jdk: 'jdk17', maven: 'maven3', mavenSettingsConfig: '', traceability: true) { // Replace with the configuration name for global Maven settings
sh 'mvn deploy -DskipTests=true'
}
}
}
stage('Build Container image & push to ECR') {
steps {
script {
echo 'building the docker image...'
// Build and push the Docker image to ECR
withCredentials([usernamePassword(credentialsId: '<AWS_CREDENTIALS_ID>', passwordVariable: 'PASS', usernameVariable: 'USER')]) { // Replace with the ID of the AWS credentials used for ECR login
sh "docker build -t ${IMAGE_REPO}:${IMAGE_NAME} ."
sh "echo $PASS | docker login -u AWS --password-stdin ${ECR_REPO_URL}"
sh "docker push ${IMAGE_REPO}:${IMAGE_NAME}"
}
}
}
}
stage('Trivy Image Scan') {
steps {
echo 'Scanning Docker Image using Trivy...'
// Scan the Docker image using Trivy
sh "trivy image ${IMAGE_REPO}:${IMAGE_NAME} > trivy-report.txt"
}
}
stage('Deploy to Kubernetes') {
steps {
// Deploy the application to Kubernetes
sh 'envsubst < kubernetes/deployment.yaml | kubectl delete -f -'
sh 'envsubst < kubernetes/service.yaml | kubectl delete -f -'
}
}
stage('commit version update') {
steps {
script {
// Commit and push changes to the Git repository
withCredentials([string(credentialsId: '<GITHUB_TOKEN_ID>', variable: 'GITHUB_TOKEN')]) { // Replace with the ID of the GitHub token credentials
sh 'git config user.email "[email protected]"'
sh 'git config user.name "Jenkins"'
sh "git remote set-url origin https://${GITHUB_TOKEN}@<GIT_REPO_URL>" // Replace with the URL of your Git repository
sh 'git add .'
sh 'git commit -m "ci: version bump"'
sh 'git push origin HEAD:main'
}
}
}
}
}
}