-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathJenkinsfile
137 lines (126 loc) · 4.74 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
pipeline {
agent none
environment {
CLOUDSDK_CORE_PROJECT='cellular-syntax-231507'
}
options {
gitLabConnection('GitLab DevOps')
gitlabCommitStatus(name: 'Jenkins')
gitlabBuilds(builds: ['checkout from GitLab', 'check code quality', 'quality gate', 'build', 'create docker image and push to registry', 'deploy to cloud run'])
}
stages {
stage('checkout from GitLab') {
agent any
steps {
gitlabCommitStatus(name: 'checkout from GitLab') {
withCredentials([usernamePassword(credentialsId: 'gitlab-access', usernameVariable: 'GITLAB_USER', passwordVariable: 'GITLAB_PASSWORD')]) {
git url: 'https://git.ffhs.ch/matthias.heimberg/devops.git', branch: 'develop', credentialsId: 'gitlab-access'
}
}
}
}
stage('check code quality') {
agent any
steps {
gitlabCommitStatus(name: 'check code quality') {
withSonarQubeEnv('SonarQube') {
sh 'chmod +x ./gradlew'
sh './gradlew sonarqube -D"sonar.projectKey=DevOps"'
}
}
}
}
stage('quality gate') {
agent any
steps {
gitlabCommitStatus(name: 'quality gate') {
waitForQualityGate abortPipeline: true
}
}
}
stage('build') {
agent any
steps {
gitlabCommitStatus(name: 'build') {
sh './gradlew build'
}
}
}
stage('create docker image and push to registry') {
agent any
steps {
gitlabCommitStatus(name: 'create docker image and push to registry') {
withCredentials([file(credentialsId: 'gcloud', variable: 'GCLOUD')]) {
sh '''
gcloud auth activate-service-account --key-file="$GCLOUD"
./gradlew jib
'''
}
}
}
}
// deploy to google cloud run on port 7000
stage('deploy to cloud run') {
agent any
steps {
gitlabCommitStatus(name: 'deploy to cloud run') {
withCredentials([file(credentialsId: 'gcloudcompute', variable: 'GCLOUDCOMPUTE')]) {
sh '''
gcloud auth activate-service-account --key-file="$GCLOUDCOMPUTE"
gcloud run deploy devops --image gcr.io/cellular-syntax-231507/devops --platform managed --region europe-west4 --allow-unauthenticated --port 7000 --service-account [email protected]
'''
}
}
}
}
// test with jmeter inside docker container (jenkins container binds to docker socket on host)
/* stage('test with jmeter') {
agent {
docker {
image 'justb4/jmeter:5.1.1'
args '-v /var/jenkins_home/jmeter-data:/home/user/jmeter --entrypoint=\'/bin/sh\''
}
}
steps {
gitlabCommitStatus(name: 'test with jmeter') {
sh '''
export TIMESTAMP=$(date +%Y%m%d_%H%M%S)
jmeter -n -t /home/user/jmeter/check_api.jmx -l /home/user/jmeter/result_${TIMESTAMP}.jtl -j /home/user/jmeter/jmeter_${TIMESTAMP}.log
'''
}
}
} */
// vulnerability scan with OWASP ZAP
stage('vulnerability scan with OWASP ZAP') {
agent {
docker {
image 'owasp/zap2docker-stable'
args ''
}
}
steps {
gitlabCommitStatus(name: 'vulnerability scan with OWASP ZAP') {
sh '''
zap-baseline.py -t https://devops-d4bqj7s2iq-ez.a.run.app -l FAIL
'''
}
}
}
}
post {
success {
// archive the artifacts
archiveArtifacts artifacts: '**/build/libs/*.jar', fingerprint: true
}
always {
node(null) {
emailext (
subject: 'Jenkins build: $BUILD_STATUS',
body: '$BUILD_URL',
from: 'jenkins',
to: '[email protected]'
)
}
}
}
}