-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathJenkinsfile
109 lines (107 loc) · 4.27 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
pipeline {
environment {
registry = "nishanthkp/python-flask-app"
registryCredential = "nishanthdockerhubcreds"
dockerImage = ''
}
agent any
stages {
stage('Cloning the Code') {
steps {
echo 'Cloning the Code from Git'
git branch:'main', url: 'https://github.com/nishanthkumarpathi/python-flask-app.git'
}
}
stage('Testing') {
parallel {
stage('SCA using Bandit') {
steps {
echo 'Scanning the Source Code using Bandit'
sh 'docker run --user $(id -u):$(id -g) -v $(pwd):/src --rm secfigo/bandit bandit -r /src -f json -o /src/bandit-output.json | exit 0'
}
}
stage('Git Secret using TruffleHog') {
steps {
echo 'Scan the git repo using Trufflehog'
sh 'docker run --user $(id -u):$(id -g) --rm -v "$(pwd):/proj" dxa4481/trufflehog file:///proj --json | tee trufflehog-output.json'
}
}
stage('Flake8') {
steps {
echo 'Flake8 Scaning'
//docker run -ti --rm -v $(pwd):/apps alpine/flake8:3.5.0
//sh 'python3 -m flake8 . --format=json --output-file flake8-output.json --exit-zero'
//sh 'docker run -ti --rm -v $(pwd):/apps alpine/flake8:3.5.0 /apps --exit-zero | tee flake8-output.txt'
}
}
stage('Dockerlint') {
steps {
echo 'Dockerlint Scaning'
sh 'docker run --user $(id -u):$(id -g) -it --rm -v "$PWD/Dockerfile":/Dockerfile:ro redcoolbeans/dockerlint | tee dockerlint-output.json'
}
}
stage('Hadolint') {
steps {
echo 'Hadolint Scaning'
sh 'docker run --user $(id -u):$(id -g) -it --rm -v "$PWD/Dockerfile":/Dockerfile:ro hadolint/hadolint hadolint Dockerfile | tee hadolint-output.json'
}
}
}
}
stage('Build Docker Image') {
steps {
script {
dockerImage = docker.build registry + ":$BUILD_NUMBER"
}
}
}
stage('Push Docker Image') {
steps {
script {
docker.withRegistry('',registryCredential) {
dockerImage.push()
}
}
}
}
stage('Delete Docker Image from Local Computer') {
steps {
echo 'Deleting the Docker Image'
sh "docker rmi $registry:$BUILD_NUMBER"
}
}
stage('Deploy to Kubernetes Dev Environment') {
steps {
echo 'Deploy the App using Kubectl'
//sh "sed -i 's/BUILDNUMBER/$BUILD_NUMBER/g' python-flask-deployment.yml"
sh "sed -i 's/DEPLOYMENTENVIRONMENT/development/g' python-flask-deployment.yml"
sh "sed -i 's/TAG/$BUILD_NUMBER/g' python-flask-deployment.yml"
sh "kubectl apply -f python-flask-deployment.yml"
}
}
stage('Promote to Production') {
steps {
echo "Promote to production"
}
input {
message "Do you want to Promote the Build to Production"
ok "Ok"
submitter "[email protected]"
submitterParameter "whoIsSubmitter"
}
}
stage('Deploy to Kubernetes Production Environment') {
steps {
echo 'Deploy the App using Kubectl'
sh "sed -i 's/development/production/g' python-flask-deployment.yml"
sh "sed -i 's/TAG/$BUILD_NUMBER/g' python-flask-deployment.yml"
sh "kubectl apply -f python-flask-deployment.yml"
}
}
}
post {
always {
archiveArtifacts artifacts: 'bandit-output.json',onlyIfSuccessful: true
}
}
}