-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathJenkinsfile
204 lines (187 loc) · 6.57 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
// Define variables
def scmVars
// Start Pipeline
pipeline {
// Configure Jenkins Slave
agent {
// Use Kubernetes as dynamic Jenkins Slave
kubernetes {
// Kubernetes Manifest File to spin up Pod to do build
yaml """
apiVersion: v1
kind: Pod
spec:
containers:
- name: helm
image: lachlanevenson/k8s-helm:v3.0.2
command:
- cat
tty: true
- name: docker
image: docker:19.03.5-dind
command:
- dockerd
- --host=unix:///var/run/docker.sock
- --host=tcp://0.0.0.0:2375
- --storage-driver=overlay2
tty: true
securityContext:
privileged: true
- name: skan
image: alcide/skan:v0.9.0-debug
command:
- cat
tty: true
- name: java-node
image: timbru31/java-node:11-alpine-jre-14
command:
- cat
tty: true
volumeMounts:
- mountPath: /home/jenkins/dependency-check-data
name: dependency-check-data
volumes:
- name: dependency-check-data
hostPath:
path: /tmp/dependency-check-data
"""
} // End kubernetes
} // End agent
environment {
ENV_NAME = "${BRANCH_NAME == "master" ? "uat" : "${BRANCH_NAME}"}"
SCANNER_HOME = tool 'sonarqube-scanner'
PROJECT_KEY = "gun-bookinfo-ratings"
PROJECT_NAME = "gun-bookinfo-ratings"
}
// Start Pipeline
stages {
// ***** Stage Clone *****
stage('Clone ratings source code') {
// Steps to run build
steps {
// Run in Jenkins Slave container
container('jnlp') {
// Use script to run
script {
// Git clone repo and checkout branch as we put in parameter
scmVars = git branch: "${BRANCH_NAME}",
credentialsId: 'gun-deploy-key',
url: 'git@github.com:gun082544/bookinfo-ratings.git'
} // End script
} // End container
} // End steps
} // End stage
stage('sKan') {
steps {
container('helm') {
script {
// Generate k8s-manifest-deploy.yaml for scanning
sh "helm template -f k8s/helm-values/values-bookinfo-${ENV_NAME}-ratings.yaml \
--set extraEnv.COMMIT_ID=${scmVars.GIT_COMMIT} \
--namespace gun-bookinfo-${ENV_NAME} gin-ratings-${ENV_NAME} k8s/helm \
> k8s-manifest-deploy.yaml"
}
}
container('skan') {
script {
// Scanning with sKan
sh "/skan manifest -f k8s-manifest-deploy.yaml"
// Keep report as artifacts
archiveArtifacts artifacts: 'skan-result.html'
sh "rm k8s-manifest-deploy.yaml"
}
}
}
}
// ***** Stage Sonarqube *****
stage('Sonarqube Scanner') {
steps {
container('java-node'){
script {
// Authentiocation with https://sonarqube.hellodolphin.in.th
withSonarQubeEnv('sonarqube-scanner') {
// Run Sonar Scanner
sh '''${SCANNER_HOME}/bin/sonar-scanner \
-D sonar.projectKey=${PROJECT_KEY} \
-D sonar.projectName=${PROJECT_NAME} \
-D sonar.projectVersion=${BRANCH_NAME}-${BUILD_NUMBER} \
-D sonar.sources=./src
'''
}//End withSonarQubeEnv
// Run Quality Gate
timeout(time: 1, unit: 'MINUTES') {
def qg = waitForQualityGate()
if (qg.status != 'OK') {
error "Pipeline aborted due to quality gate failure: ${qg.status}"
}
} // End Timeout
} // End script
} // End container
} // End steps
} // End stage
// ***** Stage OWASP *****
stage('OWASP Dependency Check') {
steps {
container('java-node') {
script {
// Install application dependency
sh '''cd src/ && npm install --package-lock && cd ../'''
// Start OWASP Dependency Check
dependencyCheck(
additionalArguments: "--data /home/jenkins/dependency-check-data --out dependency-check-report.xml",
odcInstallation: "dependency-check"
)
// Publish report to Jenkins
dependencyCheckPublisher(
pattern: 'dependency-check-report.xml'
)
// Remove applocation dependency
sh'''rm -rf src/node_modules src/package-lock.json'''
} // End script
} // End container
} // End steps
} // End stage
// ***** Stage Build *****
stage('Build ratings Docker Image and push') {
steps {
container('docker') {
script {
// Do docker login authentication
docker.withRegistry('https://ghcr.io', 'gun-ghcr') {
// Do docker build and docker push
docker.build('ghcr.io/gun082544/bookinfo-ratings:${ENV_NAME}').push()
} // End docker.withRegistry
} // End script
} // End container
} // End steps
} // End stage
// ***** Stage Anchore *****
stage('Anchore Engine') {
steps {
container('jnlp') {
script {
// dend Docker Image to Anchore Analyzer
writeFile file: 'anchore_images' , text: "ghcr.io/gun082544/bookinfo-ratings:${ENV_NAME}"
anchore name: 'anchore_images' , bailOnFail: false
} // End script
} // End container
} // End steps
} // End stage
stage('Deploy ratings with Helm Chart') {
steps {
// Run on Helm container
container('helm') {
script {
// Use kubeconfig from Jenkins Credential
withKubeConfig([credentialsId: 'gke-k8s-kubeconfig']) {
// Run Helm upgrade
sh "helm upgrade -i -f k8s/helm-values/values-bookinfo-${ENV_NAME}-ratings.yaml --wait \
--set extraEnv.COMMIT_ID=${scmVars.GIT_COMMIT} \
--namespace gun-bookinfo-${ENV_NAME} gun-ratings-${ENV_NAME} k8s/helm"
} // End withKubeConfig
} // End script
} // End container
} // End steps
} // End stage
} // End stages
} // End pipeline