jenkins-gitops-deploy-ec2 / Jenkinsfile
Jenkinsfile
Raw
pipeline {
    agent any
    options {
        buildDiscarder(logRotator(numToKeepStr: '5'))
    }
    tools {
        jdk 'jdk-17'
        maven 'maven'
    }
    environment {
        SERVER_IP=""
        DOCKERHUB_CREDENTIALS=credentials('dockerhub')
        IMAGE_REPO="agnes4im/demo-app"
        SCANNER_HOME=tool 'sonar-scanner'
    }
    def gv
    stages {
        stage('Load groovy script') {
            steps {
                script {
                    echo 'loading groovy script...'
                    gv = load "script.groovy"
                }
            }
        }
        stage("Provision server") {
            environment {
                TF_VAR_vpc_cidr_block = "10.0.0.0/16"
                TF_VAR_subnet_cidr_block = "10.0.10.0/24"
                TF_VAR_avail_zone = "us-east-1b"
                TF_VAR_env = "dev"
                TF_VAR_my_ip = ""
                TF_VAR_jenkins_ip = ""
            }
            steps {
                script {
                    echo 'Provisioning ...'
                    dir('terraform-dir') {
                        withAWS(credentials: 'aws-creds', region: 'us-east-1') {
                            sh 'terraform init'
                            sh 'terraform apply --auto-approve' 
                            EC2_IP = sh(
                                script: "terraform output instance_public_ip",
                                returnStdout: true
                            ).trim()  
                        }
                    }     
                }
            }
        }
        stage('Increment application version') {
            steps {
                script {
                    echo 'incrementing app version...'
                    dir('app/spring-petclinic') {
                        sh ''' mvn build-helper:parse-version versions:set \
                               -DnewVersion=\\\${parsedVersion.majorVersion}.\\\${parsedVersion.minorVersion}.\\\${parsedVersion.nextIncrementalVersion} \ 
                               versions:commit '''
                        def matcher = readfile('pom.xml') =~ '<version>(.+)</version>'
                        def version = matcher[0][1]
                        env.IMAGE_TAG = "$version-$BUILD_NUMBER"
                    }
                }
            }
        }
        stage('Compile source code...') {
            steps {
                script {
                    echo "compiling source code..."
                    dir('app/spring-petclinic') {
                        sh 'mvn clean compile'
                    }
                }
            }
        }
        stage('Run test...') {
            steps {
                script {
                    echo "running tests on source code..."
                    dir('app/spring-petclinic') {
                        sh 'mvn clean test'
                    }
                }
            }
        }
        stage('SonarQube Analysis') {
            steps {
                script {
                    echo "running analysis on source code..."
                    dir('app/spring-petclinic') {
                        withSonarQubeEnv('sonar-server') {
                            sh ''' $SCANNER_HOME/bin/solar-scanner -Dsonar.ProjectName=Petclinic \
                                -Dsonar.java.binaries=. \
                                -Dsonar.ProjectKey=Petclinic '''
                        }
                    }
                }
            }
        }
        stage('Build jar') {
            steps {
                script {
                    echo "building jar..."
                    dir('app') {
                        sh 'mvn clean package'
                    }
                }
            }
        }
        stage('OWASP Dependency Check') {
            steps {
                script {
                    echo "Running dependency check on jar file..."
                    dependencyCheck additionalArguments: '--scan app/target/' odcInstallation: 'owasp'
                        dependencyCheckPublisher pattern: '**/dependency-check-report.xml'
                }
            }
        }
        stage('Build docker image') {
            steps {
                echo 'building docker image'
                sh "docker build -t ${IMAGE_REPO}:${IMAGE_TAG} ."
            }
        }
        stage('Trivy scan of docker image') {
            steps {
                echo 'running Trivy scan on docker image ...'
                sh "trivy image ${IMAGE_REPO}:${IMAGE_TAG}"
            }
        }
        stage('Login to dockerhub') {
            steps {
                echo 'login to dockerhub ...'
                sh "echo $DOCKERHUB_CREDENTIALS_PSW | docker login -u $DOCKERHUB_CREDENTIALS_USR --password-stdin"
            }
        }
        stage('Push docker image') {
            steps {
                echo 'pushing docker image ...'
                sh "docker push ${IMAGE_REPO}:${IMAGE_TAG}"
            }
        }
        stage('Deploy docker image') {
            steps {
                script {
                    echo 'deploying image to remote server...'
                    def dockerCmd = "docker run -p 8080:8080 -d ${IMAGE_REPO}:${IMAGE_TAG}"
                    def server = "ubuntu@${EC2_IP}"    // OR "ubuntu@{SERVER_IP} if in a different pipeline"
                    sshagent(['server-key']) {
                        sh "ssh -o StrictHostKeyChecking=no ${server} ${dockerCmd}"
                    }
                }
            }
        }
        stage('Update Git') {
            steps {
                script {
                    echo "commiting changes to github..."
                    withCredentials([usernamePassword(credentialsId: 'github-creds', passwordVariable: 'PASS', usernameVariable: 'USER')]) {
                        sh 'git config --global user.emal "jenkins@examle.com"'
                        sh 'git config --global user.name "jenkins"'
                        sh "git remote set-url origin https://${USER}:${PASS}@github.com/Agnes4Him/jenkins-gitops-demo.git"
                        sh 'git add .'
                        sh 'git commit -m "Implementing version bump"'
                        sh 'git push origin HEAD:main'  // This would be 'git push origin HEAD:name_of_build_branch' in GitOps
                    }
                }
            }
        }
    }
    post {
        always {
            sh 'docker logout'
        }
        changed {
            // Send email notification on build failure
            script {
                if (currentBuild.currentResult == 'FAILURE') { 
                    emailext subject: '$DEFAULT_SUBJECT',
                        body: '$DEFAULT_CONTENT',
                        recipientProviders: [
                            [$class: 'CulpritsRecipientProvider'],
                            [$class: 'DevelopersRecipientProvider'],
                            [$class: 'RequesterRecipientProvider'] 
                        ], 
                        replyTo: '$DEFAULT_REPLYTO',
                        to: '$DEFAULT_RECIPIENTS'
                }
            }
        }
    }
}