Summary Table

Categories Total Count
PII 0
URL 0
DNS 0
EKL 0
IP 0
PORT 0
VsID 0
CF 0
AI 0
VPD 0
PL 0
Other 0

File Content

def initial_clone(){
withCredentials([usernamePassword(credentialsId: 'test-jenkins-api', passwordVariable: 'scm_pw', usernameVariable: 'scm_user')]) {
sh '''
git clone https://$scm_pw@github.ablevets.com/Delivery-Operations/jenkinsx_automation.git --branch feature/master/updateTo19.1.0
'''
}
def func_msg = "git clone successful"
return func_msg;
}


pipeline {

agent {
label "jenkins-maven"
}

options {
buildDiscarder(logRotator(numToKeepStr:'3'))
disableConcurrentBuilds()
}

environment {
external_clone = initial_clone()
ORG = 'ccad'
APP_NAME = 'seocapi'
CHARTMUSEUM_CREDS = credentials('jenkins-x-chartmuseum')
ECR_REPO = 'ccad'
SANITIZED_VERSION = sh(returnStdout: true, script: "grep APP_VERSION= app.env | cut -d \"=\" -f 2 ").trim()
SANITIZED_BRANCH_NAME = sh(returnStdout: true, script: "echo $BRANCH_NAME | sed 's/_/-/g' | sed 's@/@-@g' | sed 's/%2F/-/g' | sed 's/\\./-/g' | sed 's/sandbox/s/g' | sed 's/feature/f/g' | sed 's/improvement/i/g' | sed 's/uniformJenkinsfile/uj/g'").trim().toLowerCase()
SHORT_COMMIT_HASH = sh(returnStdout: true, script: "git log -n 1 --pretty=format:'%h'").trim()
JOB_NAME = sh(returnStdout: true, script: "echo $JOB_NAME | sed 's/_/-/g' | sed 's@/@-@g' | sed 's/%2F/-/g' | sed 's/\\./-/g' | sed 's/sandbox/s/g' | sed 's/feature/f/g' | sed 's/improvement/i/g' | sed 's/uniformJenkinsfile/uj/g'").trim().take(47).toLowerCase()
}

stages {
stage('CICD Initialize') {
environment {
INITIAL_PARSED_GIT_DATA_FILE_PATH = sh(returnStdout: true, script: "cat $WORKSPACE/jenkinsx_automation/pipeline_tools/cicd_initialize/cicd_initialize_env.groovy | grep INITIAL_PARSED_GIT_DATA_FILE | awk -F '=' '{ print \$2 }' | sed 's@\"@@g'").trim()
gitParseExternalMethod = load("$INITIAL_PARSED_GIT_DATA_FILE_PATH")
string_json_obj = gitParseExternalMethod.fetchGitData()
}
steps {
script {
load("jenkinsx_automation/pipeline_tools/cicd_initialize/cicd_initialize_env.groovy")
sh """
./$PATH_TO_CICD_INITIALIZE/$DRIVER_SCRIPT
"""
load("${PATH_TO_TENABLE_CONTAINER_ENV_FILE}")
load("${PATH_TO_TENABLE_WEB_ENV_FILE}")
load("${PATH_TO_BUILD_METRICS_ENV_FILE}")
load("${PATH_TO_FORTIFY_ENV_FILE}")
} //end script
} //end steps
} //end stage

stage('Image Build and Fortify') {
parallel{
stage("Fortify Scan"){
environment {
BRANCH_NAME = sh(returnStdout: true, script: "$WORKSPACE/$PATH_TO_BUILD_AUTO_CICD_INITIALIZE/$SANITIZE_BRANCH_NAME_SCRIPT").trim().toLowerCase()
PREVIEW_VERSION = "$SANITIZED_VERSION-$BRANCH_NAME-$BUILD_NUMBER"
PREVIEW_NAMESPACE = "$APP_NAME-$BRANCH_NAME".toLowerCase().take(49)
HELM_RELEASE = "$PREVIEW_NAMESPACE".toLowerCase()
}
steps {
container('fortify-19-1-0-con'){
sh """
$PATH_TO_FORTIFY/$FORTIFY_DRIVER
"""
}
}
}
stage("App Build and Image Build"){
environment {
BRANCH_NAME = sh(returnStdout: true, script: "$WORKSPACE/$PATH_TO_BUILD_AUTO_CICD_INITIALIZE/$SANITIZE_BRANCH_NAME_SCRIPT").trim().toLowerCase()
PREVIEW_VERSION = "$SANITIZED_VERSION-$BRANCH_NAME-$BUILD_NUMBER"
PREVIEW_NAMESPACE = "$APP_NAME-$BRANCH_NAME".toLowerCase().take(49)
HELM_RELEASE = "$PREVIEW_NAMESPACE".toLowerCase()
}
steps {
container('maven') {
withCredentials([usernamePassword(credentialsId: 'nexus3', passwordVariable: 'pw', usernameVariable: 'un')]) {
sh "curl -X GET -u $un:$pw https://demo.ablevets.com/nexus/repository/AbleVets/com/sharedservices/8u212-linux-x64/jdk-8u212-linux-x64.rpm -O"
}
sh "./build.sh"
sh "docker pull 553057676898.dkr.ecr.us-east-1.amazonaws.com/rhel7:latest"
sh "export VERSION=$PREVIEW_VERSION && skaffold build -f skaffold.yaml"
sh "jx step post build --image $DOCKER_REGISTRY/$ECR_REPO/$APP_NAME:$PREVIEW_VERSION"
sh "docker save $DOCKER_REGISTRY/$ECR_REPO/$APP_NAME:$PREVIEW_VERSION | gzip > out/${APP_NAME}+b${BUILD_NUMBER}#${SHORT_COMMIT_HASH}-image.tar.gz"
}
}
}
}
}
stage('Tenable Container Security Scans'){
environment {
BRANCH_NAME = sh(returnStdout: true, script: "$WORKSPACE/$PATH_TO_BUILD_AUTO_CICD_INITIALIZE/$SANITIZE_BRANCH_NAME_SCRIPT").trim().toLowerCase()
PREVIEW_VERSION = "$SANITIZED_VERSION-$BRANCH_NAME-$BUILD_NUMBER"
}
steps {
container('docker') {
echo "Login to tenable.io"
withCredentials([usernamePassword(credentialsId: 'TENABLE_CREDS', usernameVariable: 'ACCESS_KEY', passwordVariable: 'SECRET_KEY')]){
sh """
ls -la $PATH_TO_TENABLE_CONTAINER
$PATH_TO_TENABLE_CONTAINER/$TAGGING_SCRIPT_DRIVER
"""
}
}
container('python'){
withCredentials([usernamePassword(credentialsId: 'TENABLE_CREDS', usernameVariable: 'ACCESS_KEY', passwordVariable: 'SECRET_KEY')]){
sh """
$PATH_TO_TENABLE_CONTAINER/$REPORT_FETCH_DRIVER
"""
}
}
}
}
} //end stages
post {
always {
echo "POST ALWAYS STAGE"
}
// Jenkins API is inconsistent with build results, aborted builds are treated as failed. We can NOT rely on currentBuild.Result or currentBuild.currentResult
success {
script {
echo "POST SUCCESS STAGE"
sh """
echo "SUCCESS" > $FINAL_BUILD_RESULT_FILE
tar -zcvf $WORKSPACE/${APP_NAME}_Artifacts-${SANITIZED_BRANCH_NAME}-${SANITIZED_VERSION}+b${BUILD_NUMBER}-${SHORT_COMMIT_HASH}.tar.gz -C ${WORKSPACE} out
"""
container('maven') {
withCredentials([usernameColonPassword(credentialsId:'nexus3', variable:'USERPASS')]){
script {
sh """
set +x
pwd
ls -la ${WORKSPACE}
mvn deploy:deploy-file -DgroupId=com.mobile.ablevets -DartifactId=${APP_NAME} -Dversion=${SANITIZED_BRANCH_NAME}-${SANITIZED_VERSION}+b${BUILD_NUMBER}-${SHORT_COMMIT_HASH} -DgeneratePom=true -Dpackaging=Artifacts.tar.gz -DrepositoryId=AbleVets -Durl=http://${USERPASS}@40.114.79.189:8081/nexus/repository/AbleVets -Dfile=${APP_NAME}_Artifacts-${SANITIZED_BRANCH_NAME}-${SANITIZED_VERSION}+b${BUILD_NUMBER}-${SHORT_COMMIT_HASH}.tar.gz
"""
} //end script
} //end withCredentials
}
} // end script
} // end success
failure {
script {
echo "POST FAILURE STAGE"
sh """
echo "FAILURE" > $FINAL_BUILD_RESULT_FILE
"""
} //end script
} //end failure
aborted {
script {
echo "POST ABORTED STAGE"
sh """
echo "ABORTED" > $FINAL_BUILD_RESULT_FILE
"""
} //end script
} //end aborted
cleanup {
container('python') {
withCredentials([usernamePassword(credentialsId: 'test-jenkins-api', passwordVariable: 'readonly_pw', usernameVariable: 'readonly_user'), usernamePassword(credentialsId: 'smtp-user', passwordVariable: 'smtp_pw', usernameVariable: 'smtp_username')]) {
script {
load("${PATH_TO_BUILD_METRICS_ENV_FILE}")
sh """
$PATH_TO_BUILD_METRICS/$DRIVER_SCRIPT
"""
} //end script
} //end withCredentials
} //end container
script {
load("${PATH_TO_BUILD_METRICS_ENV_FILE}")
sh """
rm out/*image.tar.gz

"""
if (fileExists("$PATH_TO_BUILD_METRICS/$BUILD_METRICS_REPORT_LOG_FILE")) {
//dir (WORKSPACE){
emailext(
attachLog: true,
body: "BUILD URL: ${BUILD_URL}",
attachmentsPattern: "${BUILD_METRICS_REPORT_LOG_FILE_ATTACHMENT_STRING}",
compressLog: true,
subject: "Build Metrics Failure: ${JOB_NAME}-Build# ${BUILD_NUMBER}",
to: "${EMAIL_LIST}"
)
//}
} //end if
}//end script
archiveArtifacts artifacts: '**/out/**', allowEmptyArchive: true, fingerprint: true
cleanWs()
} //end cleanup
} //end post
} //end pipeline