pipeline { options { disableConcurrentBuilds() } tools { maven 'maven3.8.6' } agent { kubernetes { inheritFrom 'standard-agent' } } stages { stage("Initialize Pipeline") { steps { container ('runner') { script { common.setEnvVars() slackNotif.initSlackMessage() slackNotif.initStageMessage() def props = readProperties file: 'JenkinsParams' env.REGISTRY_URL = props['REGISTRY_URL'] env.REGISTRY_NAME = props['REGISTRY_NAME'] env.SLACK_CHANNEL = props['SLACK_CHANNEL'] env.EKS_CLUSTER_DEV = props['EKS_CLUSTER_DEV'] env.EKS_CLUSTER_PP = props['EKS_CLUSTER_PP'] env.EKS_CLUSTER_PROD = props['EKS_CLUSTER_PROD'] env.SCAN_JAVA_BINARIES = props['SCAN_JAVA_BINARIES'] env.SCAN_JAVA_LIBRARIES = props['SCAN_JAVA_LIBRARIES'] def ver_file = readMavenPom file: 'pom.xml' env.VERSION = ver_file.version env.DOCKERFILE_PATH='./Dockerfile' if ( env.BRANCH_NAME && env.BRANCH_NAME ==~ /(development|release)/) { env.TAG_NAME = env.BRANCH_NAME } if ( env.CHANGE_TARGET && env.CHANGE_TARGET == 'release') { env.TAG_NAME = env.CHANGE_TARGET } //Enviar Notificacion a Slack slackNotif.updateStageMessage() } } } } stage('Build app') { when { anyOf { expression { env.BRANCH_NAME != null && env.BRANCH_NAME ==~ /(feature|bugfix|development).*/ } expression { env.CHANGE_TARGET != null && CHANGE_TARGET ==~ /(development|release)/ } } } steps { container ('runner') { script { withAWS(credentials:'aws-credential-registry', region: 'us-east-1') { env.CODEARTIFACT_AUTH_TOKEN = sh ( script: 'aws codeartifact get-authorization-token --domain br --domain-owner 063003577365 --query authorizationToken --output text', returnStdout: true).trim() configFileProvider([configFile(fileId: 'BR-CodeArtifact-Maven', targetLocation: 'settings.xml')]) { sh 'apt-get update' sh 'apt-get install -y openjdk-18-jdk' sh 'mkdir app' sh 'cp -R src app/src' sh 'cp pom.xml app' //sh 'mvn clean install -U -DskipTests -f pom.xml' sh 'mvn -f app/pom.xml clean package -DskipTests -Pdev' } } } } } // steps { // container ('runner') { // script { // slackNotif.initStageMessage() // // stash name: "source_code" // sh 'apt-get install openjdk-17-jdk' // sh 'mkdir app' // sh 'cp -R src app/src' // sh 'cp pom.xml app' // // sh 'cp .mvn /home/app' // sh 'mvn -f app/pom.xml clean package -DskipTests' // slackNotif.updateStageMessage() // } // } // } } stage('Test') { when { anyOf { expression { env.BRANCH_NAME != null && env.BRANCH_NAME ==~ /(feature|bugfix|development).*/ } expression { env.CHANGE_TARGET != null && CHANGE_TARGET ==~ /(development|release)/ } } } steps { echo 'Ejecucion de pruebas desabilitado ...' // sh 'mvn test' } } stage('Escaneos de Seguridad') { when { expression { env.BRANCH_NAME != null && env.BRANCH_NAME ==~ /(development)/ } } steps { script { slackNotif.initStageMessage() // Init Stage Slack Message securityScan() //Security Scans slackNotif.updateStageMessage() //Update Stage Notificacion } } } stage('Build Docker Image') { when { anyOf { expression { env.BRANCH_NAME != null && env.BRANCH_NAME ==~ /(development|devops)/ } expression { env.CHANGE_TARGET != null && CHANGE_TARGET ==~ /(release)/ } } } steps { container ('runner') { script { slackNotif.initStageMessage() // Init Stage Slack Message //Create docker Image docker.withRegistry( "https://${env.REGISTRY_URL}", 'ecr:us-east-1:aws-credential-registry') { sh "DOCKER_BUILDKIT=1 docker build --network=host -t ${env.REGISTRY_URL}/${env.REGISTRY_NAME}:build_${env.GIT_REPO_NAME}_B${env.BUILD_NUMBER}_C${env.SHORT_COMMIT} ." } // Scanning Docker Image with Qualys sh "sudo chmod a+rw /var/run/docker.sock" env.IMAGE_ID = sh returnStdout: true, script: "docker images ${env.REGISTRY_URL}/${env.REGISTRY_NAME}:build_${env.GIT_REPO_NAME}_B${env.BUILD_NUMBER}_C${env.SHORT_COMMIT} -q" echo "Escanenado imagen con id: ${env.IMAGE_ID}" getImageVulnsFromQualys imageIds: "${env.IMAGE_ID}", useGlobalConfig: true // Pushing to ECR Repository docker.withRegistry( "https://${env.REGISTRY_URL}", 'ecr:us-east-1:aws-credential-registry') { sh "docker tag ${env.REGISTRY_URL}/${env.REGISTRY_NAME}:build_${env.GIT_REPO_NAME}_B${env.BUILD_NUMBER}_C${env.SHORT_COMMIT} ${env.REGISTRY_URL}/${env.REGISTRY_NAME}:build_${env.GIT_REPO_NAME}_${env.TAG_NAME}_${env.VERSION}" sh "docker push ${env.REGISTRY_URL}/${env.REGISTRY_NAME}:build_${env.GIT_REPO_NAME}_${env.TAG_NAME}_${env.VERSION}" } slackNotif.updateStageMessage() //Update Stage Notificacion } } } } stage('DEPLOY'){ when { expression { env.BRANCH_NAME ==~ /(development|release|master)/ }} parallel{ stage('Deploy to Development') { when { expression { env.BRANCH_NAME ==~ /(development)/ }} steps{ container ('runner') { script{ slackNotif.initStageMessage() // Init Stage Slack Message sh "docker tag ${env.REGISTRY_URL}/${env.REGISTRY_NAME}:build_${env.GIT_REPO_NAME}_B${env.BUILD_NUMBER}_C${env.SHORT_COMMIT} ${env.REGISTRY_URL}/${env.REGISTRY_NAME}:${env.GIT_REPO_NAME}_dev_B${env.BUILD_NUMBER}_C${env.SHORT_COMMIT}" docker.withRegistry( "https://${env.REGISTRY_URL}", 'ecr:us-east-1:aws-credential-registry') { sh "docker push ${env.REGISTRY_URL}/${env.REGISTRY_NAME}:${env.GIT_REPO_NAME}_dev_B${env.BUILD_NUMBER}_C${env.SHORT_COMMIT}" } slackNotif.updateStageMessage() //Update Stage Notificacion } } } } stage('Deploy to PP') { when { expression { env.BRANCH_NAME ==~ /(release)/ }} steps{ container ('runner') { script { slackNotif.initStageMessage() // Init Stage Slack Message echo "Deploying version... ${env.GIT_REPO_NAME}_${env.TAG_NAME}_${env.VERSION}" sh 'git config --local credential.helper "!p() { echo username=\\$GIT_USERNAME; echo password=\\$GIT_PASSWORD; }; p"' sh "git tag ${env.VERSION}" withCredentials([usernamePassword(credentialsId: 'bitbucket', usernameVariable: 'GIT_USERNAME', passwordVariable: 'GIT_PASSWORD')]) { sh "git push origin : ${env.VERSION}" } docker.withRegistry( "https://${env.REGISTRY_URL}", 'ecr:us-east-1:aws-credential-registry') { sh "docker pull ${env.REGISTRY_URL}/${env.REGISTRY_NAME}:build_${env.GIT_REPO_NAME}_${env.TAG_NAME}_${env.VERSION}" sh "docker tag ${env.REGISTRY_URL}/${env.REGISTRY_NAME}:build_${env.GIT_REPO_NAME}_${env.TAG_NAME}_${env.VERSION} ${env.REGISTRY_URL}/${env.REGISTRY_NAME}:${env.GIT_REPO_NAME}_${env.TAG_NAME}_${env.VERSION}" sh "docker push ${env.REGISTRY_URL}/${env.REGISTRY_NAME}:${env.GIT_REPO_NAME}_${env.TAG_NAME}_${env.VERSION}" } slackNotif.updateStageMessage() //Update Stage Notificacion } } } } stage('Deploy to Production') { when { expression { env.BRANCH_NAME ==~ /(master)/ }} steps{ container ('runner') { script{ slackNotif.initStageMessage() // Init Stage Slack Message echo "Deploying version... ${env.GIT_REPO_NAME}_v${env.VERSION}" docker.withRegistry( "https://${env.REGISTRY_URL}", 'ecr:us-east-1:aws-credential-registry') { sh "docker pull ${env.REGISTRY_URL}/${env.REGISTRY_NAME}:build_${env.GIT_REPO_NAME}_release_${env.VERSION}" sh "docker tag ${env.REGISTRY_URL}/${env.REGISTRY_NAME}:build_${env.GIT_REPO_NAME}_release_${env.VERSION} ${env.REGISTRY_URL}/${env.REGISTRY_NAME}:${env.GIT_REPO_NAME}_v${env.VERSION}" sh "docker push ${env.REGISTRY_URL}/${env.REGISTRY_NAME}:${env.GIT_REPO_NAME}_v${env.VERSION}" } slackNotif.updateStageMessage() //Update Stage Notificacion } } } } } } } post { always { script { slackNotif.sendFinalStatus() audit() cleanWs() } } } }