pipeline {
agent any
options {
buildDiscarder(logRotator(numToKeepStr: '5'))
}
tools {
jdk 'jdk-17'
maven 'maven'
}
environment {
SERVER_IP=""
DOCKERHUB_CREDENTIALS=credentials('dockerhub')
IMAGE_REPO="agnes4im/demo-app"
SCANNER_HOME=tool 'sonar-scanner'
}
def gv
stages {
stage('Load groovy script') {
steps {
script {
echo 'loading groovy script...'
gv = load "script.groovy"
}
}
}
stage("Provision server") {
environment {
TF_VAR_vpc_cidr_block = "10.0.0.0/16"
TF_VAR_subnet_cidr_block = "10.0.10.0/24"
TF_VAR_avail_zone = "us-east-1b"
TF_VAR_env = "dev"
TF_VAR_my_ip = ""
TF_VAR_jenkins_ip = ""
}
steps {
script {
echo 'Provisioning ...'
dir('terraform-dir') {
withAWS(credentials: 'aws-creds', region: 'us-east-1') {
sh 'terraform init'
sh 'terraform apply --auto-approve'
EC2_IP = sh(
script: "terraform output instance_public_ip",
returnStdout: true
).trim()
}
}
}
}
}
stage('Increment application version') {
steps {
script {
echo 'incrementing app version...'
dir('app/spring-petclinic') {
sh ''' mvn build-helper:parse-version versions:set \
-DnewVersion=\\\${parsedVersion.majorVersion}.\\\${parsedVersion.minorVersion}.\\\${parsedVersion.nextIncrementalVersion} \
versions:commit '''
def matcher = readfile('pom.xml') =~ '<version>(.+)</version>'
def version = matcher[0][1]
env.IMAGE_TAG = "$version-$BUILD_NUMBER"
}
}
}
}
stage('Compile source code...') {
steps {
script {
echo "compiling source code..."
dir('app/spring-petclinic') {
sh 'mvn clean compile'
}
}
}
}
stage('Run test...') {
steps {
script {
echo "running tests on source code..."
dir('app/spring-petclinic') {
sh 'mvn clean test'
}
}
}
}
stage('SonarQube Analysis') {
steps {
script {
echo "running analysis on source code..."
dir('app/spring-petclinic') {
withSonarQubeEnv('sonar-server') {
sh ''' $SCANNER_HOME/bin/solar-scanner -Dsonar.ProjectName=Petclinic \
-Dsonar.java.binaries=. \
-Dsonar.ProjectKey=Petclinic '''
}
}
}
}
}
stage('Build jar') {
steps {
script {
echo "building jar..."
dir('app') {
sh 'mvn clean package'
}
}
}
}
stage('OWASP Dependency Check') {
steps {
script {
echo "Running dependency check on jar file..."
dependencyCheck additionalArguments: '--scan app/target/' odcInstallation: 'owasp'
dependencyCheckPublisher pattern: '**/dependency-check-report.xml'
}
}
}
stage('Build docker image') {
steps {
echo 'building docker image'
sh "docker build -t ${IMAGE_REPO}:${IMAGE_TAG} ."
}
}
stage('Trivy scan of docker image') {
steps {
echo 'running Trivy scan on docker image ...'
sh "trivy image ${IMAGE_REPO}:${IMAGE_TAG}"
}
}
stage('Login to dockerhub') {
steps {
echo 'login to dockerhub ...'
sh "echo $DOCKERHUB_CREDENTIALS_PSW | docker login -u $DOCKERHUB_CREDENTIALS_USR --password-stdin"
}
}
stage('Push docker image') {
steps {
echo 'pushing docker image ...'
sh "docker push ${IMAGE_REPO}:${IMAGE_TAG}"
}
}
stage('Deploy docker image') {
steps {
script {
echo 'deploying image to remote server...'
def dockerCmd = "docker run -p 8080:8080 -d ${IMAGE_REPO}:${IMAGE_TAG}"
def server = "ubuntu@${EC2_IP}" // OR "ubuntu@{SERVER_IP} if in a different pipeline"
sshagent(['server-key']) {
sh "ssh -o StrictHostKeyChecking=no ${server} ${dockerCmd}"
}
}
}
}
stage('Update Git') {
steps {
script {
echo "commiting changes to github..."
withCredentials([usernamePassword(credentialsId: 'github-creds', passwordVariable: 'PASS', usernameVariable: 'USER')]) {
sh 'git config --global user.emal "jenkins@examle.com"'
sh 'git config --global user.name "jenkins"'
sh "git remote set-url origin https://${USER}:${PASS}@github.com/Agnes4Him/jenkins-gitops-demo.git"
sh 'git add .'
sh 'git commit -m "Implementing version bump"'
sh 'git push origin HEAD:main' // This would be 'git push origin HEAD:name_of_build_branch' in GitOps
}
}
}
}
}
post {
always {
sh 'docker logout'
}
changed {
// Send email notification on build failure
script {
if (currentBuild.currentResult == 'FAILURE') {
emailext subject: '$DEFAULT_SUBJECT',
body: '$DEFAULT_CONTENT',
recipientProviders: [
[$class: 'CulpritsRecipientProvider'],
[$class: 'DevelopersRecipientProvider'],
[$class: 'RequesterRecipientProvider']
],
replyTo: '$DEFAULT_REPLYTO',
to: '$DEFAULT_RECIPIENTS'
}
}
}
}
}