-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdevops-camp-db-jenkinsfile
89 lines (89 loc) · 4.01 KB
/
devops-camp-db-jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
pipeline {
agent {
label 'jenkins-agent'
}
//TODO: add environment variables
environment {
PIPELINE_HASH = sh(script: 'git rev-parse --short HEAD', returnStdout: true).trim()
HARBOR_REGISTRY = 'harbor.dev.afsmtddso.com'
HARBOR_PROJECT = 'jcooper-harbor-project'
DB_IMAGE_NAME = 'db'
}
stages {
//TODO: add stages to pipeline
stage('Application repository') {
steps {
echo "Cloning application repository"
sh 'git clone https://github.com/xlBuckExpresslx/afs-labs-student.git'
dir('afs-labs-student') {
script {
env.COMMIT_HASH = sh(script: 'git log --format=format:%h -1 --follow database/database.sql', returnStdout: true).trim()
}
}
withCredentials([usernamePassword(credentialsId: 'jcooper-harbor-auth', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
script {
env.BUILD_DB = sh(script: 'python check_harbor_db.py -h $COMMIT_HASH -i $DB_IMAGE_NAME -r $HARBOR_REGISTRY -p $HARBOR_PROJECT -c ${USERNAME}:${PASSWORD}', returnStdout: true).trim()
}
}
}
}
stage('DB changes: true') {
when {
environment name: 'BUILD_DB', value: 'true'
}
stages {
stage('Database docker build') {
steps {
echo "Building database image"
//TODO: build docker image & push to Harbor
withCredentials([usernameColonPassword(credentialsId: 'jcooper-harbor-auth', variable: 'HARBOR-AUTH')]) {
script {
sh 'docker build -t $DB_IMAGE_NAME-$COMMIT_HASH -f ./db/Dockerfile ./afs-labs-student'
docker.withRegistry('https://$HARBOR_REGISTRY', 'jcooper-harbor-auth') {
sh 'docker tag $DB_IMAGE_NAME-$COMMIT_HASH $HARBOR_REGISTRY/$HARBOR_PROJECT/$DB_IMAGE_NAME:$COMMIT_HASH-$PIPELINE_HASH'
sh 'docker push $HARBOR_REGISTRY/$HARBOR_PROJECT/$DB_IMAGE_NAME:$COMMIT_HASH-$PIPELINE_HASH'
}
}
}
}
post {
//TODO: clean local docker images
always {
echo "Clean local $DB_IMAGE_NAME image"
script {
try {
sh 'docker rmi $DB_IMAGE_NAME-$COMMIT_HASH:latest'
sh 'docker rmi $HARBOR_REGISTRY/$HARBOR_PROJECT/$DB_IMAGE_NAME:$COMMIT_HASH-$PIPELINE_HASH'
} catch (err) {
echo err.getMessage()
}
}
}
}
}
//Scan the Docker images
stage('Security scanning') {
steps {
withCredentials([usernamePassword(credentialsId: 'jcooper-harbor-auth', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
echo "Scanning $DB_IMAGE_NAME image"
sh 'python harbor_scanner.py -i $DB_IMAGE_NAME -r $HARBOR_REGISTRY -p $HARBOR_PROJECT -c ${USERNAME}:${PASSWORD}'
}
}
}
}
}
stage('Deploy') {
steps {
echo "Deployment stage"
//TODO: deploy database
sh 'kubectl -n jcooper set image deployment/db-deployment db-deployment=$HARBOR_REGISTRY/$HARBOR_PROJECT/$DB_IMAGE_NAME:$COMMIT_HASH-$PIPELINE_HASH'
}
}
}
post {
cleanup {
echo "Clean workspace"
sh 'rm -rf .git ./*'
}
}
}