-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathJenkinsfile
More file actions
98 lines (91 loc) · 3.68 KB
/
Jenkinsfile
File metadata and controls
98 lines (91 loc) · 3.68 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
pipeline {
agent any
environment {
DOCKERHUB_REPO = "techcoms/backend-springboot-maven-war"
NEXUS_VERSION = "nexus3"
NEXUS_PROTOCOL = "http"
NEXUS_URL = "13.235.62.16:8081"
NEXUS_REPOSITORY = "maven-snapshots"
NEXUS_CREDENTIAL_ID = "nexusrepo"
SONAR_URL = "http://your-sonarqube-ip:9000" // Update this
SONAR_TOKEN_ID = "sonarqube-token" // Credential ID in Jenkins
}
tools {
maven "maven-3.9.11"
}
stages {
stage("Git Checkout") {
steps {
git branch: 'Feature', credentialsId: 'github-creds',
url: 'https://github.com/techcoms/backend-springboot-maven-war.git'
}
}
stage("SonarQube Analysis") {
steps {
script {
withSonarQubeEnv('SonarQube') { // Match the name in Jenkins Global Tools
sh "mvn sonar:sonar -Dsonar.projectKey=backend-app -Dsonar.host.url=${SONAR_URL}"
}
}
}
}
stage("Trivy FS Scan") {
steps {
// Scans the source code for secrets and vulnerabilities before building
sh "trivy fs . > trivy-fs-report.txt"
}
}
stage("Build Artifact") {
steps {
sh "mvn clean package -DskipTests"
}
}
stage("Publish to Nexus") {
steps {
script {
def pom = readMavenPom file: "pom.xml"
def filesByGlob = findFiles(glob: "target/*.${pom.packaging}")
if(filesByGlob.length > 0) {
nexusArtifactUploader(
nexusVersion: NEXUS_VERSION, protocol: NEXUS_PROTOCOL, nexusUrl: NEXUS_URL,
groupId: pom.groupId, version: pom.version, repository: NEXUS_REPOSITORY,
credentialsId: NEXUS_CREDENTIAL_ID,
artifacts: [[artifactId: pom.artifactId, classifier: '', file: filesByGlob[0].path, type: pom.packaging]]
)
}
}
}
}
stage("Docker Build & Scan") {
steps {
sh "docker build -t ${DOCKERHUB_REPO}:${BUILD_NUMBER} ."
// Scans the image for vulnerabilities. exit-code 0 ensures it doesn't fail the build yet.
sh "trivy image --exit-code 0 --severity HIGH,CRITICAL ${DOCKERHUB_REPO}:${BUILD_NUMBER}"
}
}
stage("Push to DockerHub") {
steps {
withCredentials([usernamePassword(credentialsId: 'dockerhub-creds', passwordVariable: 'PASSWORD', usernameVariable: 'USERNAME')]) {
sh "echo $PASSWORD | docker login -u $USERNAME --password-stdin"
sh "docker push ${DOCKERHUB_REPO}:${BUILD_NUMBER}"
}
}
}
stage("Deploy to Kubernetes") {
steps {
// Ensure you have the 'kubernetes' plugin and 'kubeconfig' credentials
withKubeConfig([credentialsId: 'k8s-creds']) {
sh "kubectl set image deployment/backend-deployment backend-container=${DOCKERHUB_REPO}:${BUILD_NUMBER} --record"
sh "kubectl get pods"
}
}
}
}
post {
always {
mail to: "[email protected]",
subject: "Build ${currentBuild.fullDisplayName}: ${currentBuild.currentResult}",
body: "Project: ${env.JOB_NAME}\nBuild Number: ${env.BUILD_NUMBER}\nURL: ${env.BUILD_URL}"
}
}
}