From 7fc4d8faa9ebb42c599af0c1280fbdc5549316bf Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Sun, 14 Sep 2025 08:07:15 +0000 Subject: [PATCH 1/2] Convert Jenkins pipelines to GitHub Actions workflows - Replace Jenkins CI pipeline with GitHub Actions CI workflow (.github/workflows/ci.yml) - Replace Jenkins CD pipeline with GitHub Actions CD workflow (.github/workflows/cd.yml) - Archive legacy Jenkins files in legacy/jenkins directory - Add documentation for required GitHub Actions secrets (.github/SECRETS.md) - Update README.md and cicd.md to reflect GitHub Actions migration - Maintain all existing functionality: security scanning, code quality, Docker build/push, GitOps deployment Features: - Trivy filesystem scanning with vulnerability reporting - OWASP dependency check with artifact upload - SonarQube analysis with quality gates - Docker build and push to Docker Hub with proper authentication - GitOps workflow with automatic Kubernetes manifest updates - Email notifications matching existing Jenkins format - Repository dispatch for CI/CD pipeline coordination - Manual workflow triggers via workflow dispatch Co-Authored-By: Stephen Cornwell --- .github/SECRETS.md | 29 ++++ .github/workflows/cd.yml | 77 +++++++++++ .github/workflows/ci.yml | 128 ++++++++++++++++++ legacy/jenkins/Jenkinsfile | 87 ++++++++++++ legacy/jenkins/Jenkinsfile-CD | 95 +++++++++++++ legacy/jenkins/README.md | 39 ++++++ legacy/jenkins/vars/README.md | 27 ++++ legacy/jenkins/vars/buildImage.groovy | 12 ++ legacy/jenkins/vars/codeCheckout.groovy | 36 +++++ legacy/jenkins/vars/code_checkout.groovy | 3 + legacy/jenkins/vars/deploy.groovy | 45 ++++++ legacy/jenkins/vars/docker_build.groovy | 4 + legacy/jenkins/vars/docker_cleanup.groovy | 3 + legacy/jenkins/vars/docker_compose.groovy | 3 + legacy/jenkins/vars/docker_push.groovy | 6 + legacy/jenkins/vars/greet.groovy | 3 + legacy/jenkins/vars/owasp_dependency.groovy | 4 + legacy/jenkins/vars/pushImage.groovy | 7 + legacy/jenkins/vars/sonarqube_analysis.groovy | 5 + .../vars/sonarqube_code_quality.groovy | 5 + legacy/jenkins/vars/trivy_scan.groovy | 3 + 21 files changed, 621 insertions(+) create mode 100644 .github/SECRETS.md create mode 100644 .github/workflows/cd.yml create mode 100644 .github/workflows/ci.yml create mode 100644 legacy/jenkins/Jenkinsfile create mode 100644 legacy/jenkins/Jenkinsfile-CD create mode 100644 legacy/jenkins/README.md create mode 100644 legacy/jenkins/vars/README.md create mode 100644 legacy/jenkins/vars/buildImage.groovy create mode 100644 legacy/jenkins/vars/codeCheckout.groovy create mode 100644 legacy/jenkins/vars/code_checkout.groovy create mode 100644 legacy/jenkins/vars/deploy.groovy create mode 100644 legacy/jenkins/vars/docker_build.groovy create mode 100644 legacy/jenkins/vars/docker_cleanup.groovy create mode 100644 legacy/jenkins/vars/docker_compose.groovy create mode 100644 legacy/jenkins/vars/docker_push.groovy create mode 100644 legacy/jenkins/vars/greet.groovy create mode 100644 legacy/jenkins/vars/owasp_dependency.groovy create mode 100644 legacy/jenkins/vars/pushImage.groovy create mode 100644 legacy/jenkins/vars/sonarqube_analysis.groovy create mode 100644 legacy/jenkins/vars/sonarqube_code_quality.groovy create mode 100644 legacy/jenkins/vars/trivy_scan.groovy diff --git a/.github/SECRETS.md b/.github/SECRETS.md new file mode 100644 index 00000000..19164443 --- /dev/null +++ b/.github/SECRETS.md @@ -0,0 +1,29 @@ +# Required GitHub Actions Secrets + +The following secrets must be configured in the repository settings: + +## Docker Hub +- `DOCKERHUB_USERNAME`: Docker Hub username (madhupdevops) +- `DOCKERHUB_TOKEN`: Docker Hub access token + +## SonarQube +- `SONAR_TOKEN`: SonarQube authentication token +- `SONAR_HOST_URL`: SonarQube server URL + +## Email Notifications +- `EMAIL_USERNAME`: SMTP username for notifications +- `EMAIL_PASSWORD`: SMTP password for notifications +- `EMAIL_TO`: Recipient email address +- `EMAIL_FROM`: Sender email address + +## Setup Instructions +1. Go to repository Settings > Secrets and variables > Actions +2. Add each secret with the corresponding value +3. Ensure the GitHub token has write permissions for repository dispatch + +## Migration Notes +These secrets replace the Jenkins credentials that were previously used: +- Jenkins `docker` credential → `DOCKERHUB_USERNAME` + `DOCKERHUB_TOKEN` +- Jenkins `Github-cred` credential → Built-in `GITHUB_TOKEN` +- Jenkins SonarQube configuration → `SONAR_TOKEN` + `SONAR_HOST_URL` +- Jenkins email configuration → Email secrets above diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml new file mode 100644 index 00000000..3d18f778 --- /dev/null +++ b/.github/workflows/cd.yml @@ -0,0 +1,77 @@ +name: CD Pipeline (GitOps) + +on: + repository_dispatch: + types: [ci-complete] + workflow_dispatch: + inputs: + docker_tag: + description: 'Docker tag to deploy' + required: true + +env: + DOCKER_TAG: ${{ github.event.client_payload.docker_tag || github.event.inputs.docker_tag }} + +jobs: + cd: + runs-on: ubuntu-latest + + steps: + - name: Workspace cleanup + run: | + sudo rm -rf $GITHUB_WORKSPACE/* + sudo rm -rf $GITHUB_WORKSPACE/.[!.]* + + - name: Checkout code + uses: actions/checkout@v4 + with: + ref: DevOps + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Verify Docker tag + run: | + echo "DOCKER TAG RECEIVED: ${{ env.DOCKER_TAG }}" + + - name: Update Kubernetes manifest + run: | + cd kubernetes + sed -i -e 's|trainwithshubham/bankapp-eks:.*|trainwithshubham/bankapp-eks:${{ env.DOCKER_TAG }}|g' bankapp-deployment.yml + + - name: Commit and push changes + run: | + git config --local user.email "devin-ai-integration[bot]@users.noreply.github.com" + git config --local user.name "Devin AI" + echo "Checking repository status: " + git status + echo "Adding changes to git: " + git add . + echo "Commiting changes: " + git commit -m "Updated K8s Deployment Docker Image Version to ${{ env.DOCKER_TAG }}" + echo "Pushing changes to github: " + git push origin DevOps + + - name: Send notification email + uses: dawidd6/action-send-mail@v3 + if: always() + with: + server_address: smtp.gmail.com + server_port: 587 + username: ${{ secrets.EMAIL_USERNAME }} + password: ${{ secrets.EMAIL_PASSWORD }} + subject: "BankApp Application has been updated and deployed - ${{ job.status }}" + to: ${{ secrets.EMAIL_TO }} + from: ${{ secrets.EMAIL_FROM }} + html_body: | + + +
+

Project: ${{ github.repository }}

+
+
+

Build Number: ${{ github.run_number }}

+
+
+

URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}

+
+ + diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 00000000..b1a6778d --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,128 @@ +name: CI Pipeline + +on: + push: + branches: [ DevOps, main ] + pull_request: + branches: [ DevOps, main ] + workflow_dispatch: + inputs: + docker_tag: + description: 'Docker tag for the image' + required: true + default: 'latest' + +env: + DOCKER_TAG: ${{ github.event.inputs.docker_tag || github.sha }} + DOCKERHUB_USERNAME: madhupdevops + PROJECT_NAME: bankapp + +jobs: + ci: + runs-on: ubuntu-latest + + steps: + - name: Workspace cleanup + run: | + sudo rm -rf $GITHUB_WORKSPACE/* + sudo rm -rf $GITHUB_WORKSPACE/.[!.]* + + - name: Checkout code + uses: actions/checkout@v4 + with: + ref: DevOps + + - name: Set up Java + uses: actions/setup-java@v4 + with: + java-version: '17' + distribution: 'temurin' + + - name: Install Trivy + run: | + sudo apt-get update + sudo apt-get install wget apt-transport-https gnupg lsb-release + wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add - + echo "deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list + sudo apt-get update + sudo apt-get install trivy + + - name: Trivy filesystem scan + run: | + trivy fs . + continue-on-error: true + + - name: OWASP Dependency Check + uses: dependency-check/Dependency-Check_Action@main + with: + project: 'bankapp' + path: '.' + format: 'XML' + out: 'reports' + continue-on-error: true + + - name: Upload OWASP results + uses: actions/upload-artifact@v4 + if: always() + with: + name: dependency-check-report + path: reports/dependency-check-report.xml + + - name: Install SonarQube Scanner + run: | + wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.8.0.2856-linux.zip + unzip sonar-scanner-cli-4.8.0.2856-linux.zip + sudo mv sonar-scanner-4.8.0.2856-linux /opt/sonar-scanner + sudo ln -s /opt/sonar-scanner/bin/sonar-scanner /usr/local/bin/sonar-scanner + + - name: SonarQube analysis + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} + run: | + sonar-scanner \ + -Dsonar.projectKey=bankapp \ + -Dsonar.projectName=bankapp \ + -Dsonar.sources=. \ + -Dsonar.host.url=${{ secrets.SONAR_HOST_URL }} \ + -Dsonar.login=${{ secrets.SONAR_TOKEN }} \ + -X + continue-on-error: true + + - name: SonarQube Quality Gate + uses: sonarqube-quality-gate-action@master + timeout-minutes: 1 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + continue-on-error: true + + - name: Docker build + run: | + docker build -t ${{ env.DOCKERHUB_USERNAME }}/${{ env.PROJECT_NAME }}:${{ env.DOCKER_TAG }} . + + - name: Docker login + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Docker push + run: | + docker push ${{ env.DOCKERHUB_USERNAME }}/${{ env.PROJECT_NAME }}:${{ env.DOCKER_TAG }} + + - name: Archive artifacts + uses: actions/upload-artifact@v4 + if: always() + with: + name: build-artifacts + path: | + reports/*.xml + *.xml + + - name: Trigger CD workflow + if: success() + uses: peter-evans/repository-dispatch@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + event-type: ci-complete + client-payload: '{"docker_tag": "${{ env.DOCKER_TAG }}"}' diff --git a/legacy/jenkins/Jenkinsfile b/legacy/jenkins/Jenkinsfile new file mode 100644 index 00000000..96e1e341 --- /dev/null +++ b/legacy/jenkins/Jenkinsfile @@ -0,0 +1,87 @@ +@Library('Shared') _ +pipeline { + agent any + + environment{ + SONAR_HOME = tool "Sonar" + } + + parameters { + string(name: 'DOCKER_TAG', defaultValue: '', description: 'Setting docker image for latest push') + } + + stages { + + stage("Workspace cleanup"){ + steps{ + script{ + cleanWs() + } + } + } + + stage('Git: Code Checkout') { + steps { + script{ + code_checkout("https://github.com/LondheShubham153/Springboot-BankApp.git","DevOps") + } + } + } + + stage("Trivy: Filesystem scan"){ + steps{ + script{ + trivy_scan() + } + } + } + + stage("OWASP: Dependency check"){ + steps{ + script{ + owasp_dependency() + } + } + } + + stage("SonarQube: Code Analysis"){ + steps{ + script{ + sonarqube_analysis("Sonar","bankapp","bankapp") + } + } + } + + stage("SonarQube: Code Quality Gates"){ + steps{ + script{ + sonarqube_code_quality() + } + } + } + + stage("Docker: Build Images"){ + steps{ + script{ + docker_build("bankapp","${params.DOCKER_TAG}","madhupdevops") + } + } + } + + stage("Docker: Push to DockerHub"){ + steps{ + script{ + docker_push("bankapp","${params.DOCKER_TAG}","madhupdevops") + } + } + } + } + post{ + success{ + archiveArtifacts artifacts: '*.xml', followSymlinks: false + build job: "BankApp-CD", parameters: [ + string(name: 'DOCKER_TAG', value: "${params.DOCKER_TAG}") + ] + } + } +} diff --git a/legacy/jenkins/Jenkinsfile-CD b/legacy/jenkins/Jenkinsfile-CD new file mode 100644 index 00000000..7828a675 --- /dev/null +++ b/legacy/jenkins/Jenkinsfile-CD @@ -0,0 +1,95 @@ +@Library('Shared') _ +pipeline { + agent any + + parameters { + string(name: 'DOCKER_TAG', defaultValue: '', description: 'Docker tag of the image built by the CI job') + } + + stages { + stage("Workspace cleanup"){ + steps{ + script{ + cleanWs() + } + } + } + + stage('Git: Code Checkout') { + steps { + script{ + code_checkout("https://github.com/LondheShubham153/Springboot-BankApp.git","DevOps") + } + } + } + + stage('Verify: Docker Image Tags') { + steps { + script{ + echo "DOCKER TAG RECEIVED: ${params.DOCKER_TAG}" + } + } + } + + + stage("Update: Kubernetes manifest"){ + steps{ + script{ + dir('kubernetes'){ + sh """ + sed -i -e 's|trainwithshubham/bankapp-eks:.*|trainwithshubham/bankapp-eks:${params.DOCKER_TAG}|g' bankapp-deployment.yaml + """ + } + } + } + } + + stage("Git: Code update and push to GitHub"){ + steps{ + script{ + withCredentials([gitUsernamePassword(credentialsId: 'Github-cred', gitToolName: 'Default')]) { + sh ''' + echo "Checking repository status: " + git status + + echo "Adding changes to git: " + git add . + + echo "Commiting changes: " + git commit -m "Updated K8s Deployment Docker Image Version" + + echo "Pushing changes to github: " + git push https://github.com/LondheShubham153/Springboot-BankApp.git DevOps + ''' + } + } + } + } + } + post { + always { + script { + emailext attachLog: true, + from: 'trainwithshubham@gmail.com', + subject: "BankApp Application has been updated and deployed - '${currentBuild.result}'", + body: """ + + +
+

Project: ${env.JOB_NAME}

+
+
+

Build Number: ${env.BUILD_NUMBER}

+
+
+

URL: ${env.BUILD_URL}

+
+ + + """, + to: 'trainwithshubham@gmail.com', + mimeType: 'text/html' + } + } + } +} diff --git a/legacy/jenkins/README.md b/legacy/jenkins/README.md new file mode 100644 index 00000000..864f7d5b --- /dev/null +++ b/legacy/jenkins/README.md @@ -0,0 +1,39 @@ +# Legacy Jenkins Configuration + +This directory contains the original Jenkins pipeline configuration files that were used before migrating to GitHub Actions. + +## Files + +- `Jenkinsfile`: Original CI pipeline with 8 stages including security scanning, code quality, and Docker operations +- `Jenkinsfile-CD`: Original CD pipeline for GitOps deployment and Kubernetes manifest updates +- `vars/`: Shared library functions used by the Jenkins pipelines + +## Migration Notes + +These files have been preserved for reference and historical purposes. The equivalent functionality is now implemented in GitHub Actions workflows: + +- `.github/workflows/ci.yml`: Replaces the Jenkins CI pipeline +- `.github/workflows/cd.yml`: Replaces the Jenkins CD pipeline + +## Shared Library Functions + +The Jenkins shared library functions have been replaced with equivalent GitHub Actions steps: + +| Jenkins Function | GitHub Actions Equivalent | +|------------------|---------------------------| +| `code_checkout()` | `actions/checkout@v4` | +| `trivy_scan()` | Trivy CLI installation and execution | +| `owasp_dependency()` | `dependency-check/Dependency-Check_Action@main` | +| `sonarqube_analysis()` | SonarQube Scanner CLI | +| `sonarqube_code_quality()` | `sonarqube-quality-gate-action@master` | +| `docker_build()` | Docker CLI commands | +| `docker_push()` | `docker/login-action@v3` + Docker CLI | + +## Credentials Migration + +Jenkins credentials have been migrated to GitHub Actions secrets: + +- Jenkins `docker` credential → `DOCKERHUB_USERNAME` + `DOCKERHUB_TOKEN` +- Jenkins `Github-cred` credential → Built-in `GITHUB_TOKEN` +- Jenkins SonarQube configuration → `SONAR_TOKEN` + `SONAR_HOST_URL` +- Jenkins email configuration → Email secrets in GitHub Actions diff --git a/legacy/jenkins/vars/README.md b/legacy/jenkins/vars/README.md new file mode 100644 index 00000000..0691b28d --- /dev/null +++ b/legacy/jenkins/vars/README.md @@ -0,0 +1,27 @@ +# Jenkins Shared Library +- Shared libraries in Jenkins Pipelines are reusable pieces of code that can be organized into functions and classes. +- These libraries allow you to encapsulate common logic, making it easier to maintain and share across multiple pipelines and projects. +- Shared library must be inside the **vars** directory in your github repository +- Shared library uses **groovy** syntax and file name ends with **.groovy** extension. + +# +## How to create and use shared library in Jenkins. + +### How to create Shared library +- Login to your Jenkins dashboard. Jenkins Installation +- Go to **Manage Jenkins** --> **System** and search for **Global Trusted Pipeline Libraries**. + + + **Name:** Shared
+ **Default version:** \
+ **Project repository:** https://github.com/DevMadhup/Jenkins_SharedLib.git
+**** + + +# +### How to use it in Jenkins pipeline +- Go to your declarative pipeline +- Add **@Library('Shared') _** at the very first line of your jenkins pipeline. + + +**Note:** @Library() _ is the syntax to use shared library. diff --git a/legacy/jenkins/vars/buildImage.groovy b/legacy/jenkins/vars/buildImage.groovy new file mode 100644 index 00000000..5cdae742 --- /dev/null +++ b/legacy/jenkins/vars/buildImage.groovy @@ -0,0 +1,12 @@ +def call(String imageName){ + if (!imageName.matches('^[a-zA-Z0-9][a-zA-Z0-9_.-]*$')) { + error('Invalid image name. Must contain only alphanumeric characters, dots, dashes, and underscores') + } + + try { + sh "docker info > /dev/null 2>&1" + sh "docker build -t $imageName ." + } catch (Exception e) { + error "Docker daemon is not accessible. Please ensure Docker is running: ${e.message}" + } +} diff --git a/legacy/jenkins/vars/codeCheckout.groovy b/legacy/jenkins/vars/codeCheckout.groovy new file mode 100644 index 00000000..e7cb58f5 --- /dev/null +++ b/legacy/jenkins/vars/codeCheckout.groovy @@ -0,0 +1,36 @@ +def call(String branch, String url, String credId) { + // Validate branch name format + if (!branch.matches('^[\\w.-]+$')) { + error("Invalid branch name format") + } + + // Validate URL format + if (!url.matches('^https?://[\\w.-]+(/[\\w.-]+)*(\\.git)?$')) { + error("Invalid git URL format") + } + + try { + timeout(time: 5, unit: 'MINUTES') { + def gitConfig = [ + branch: branch, + url: url, + changelog: true, + poll: false + ] + + if (credentialsId) { + gitConfig.credentialsId = credentialsId + } + + git(gitConfig) + } + } catch (Exception e) { + def errorMsg = "Git checkout failed:\n" + + "Branch: ${branch}\n" + + "URL: ${url}\n" + + "Error: ${e.message}" + error(errorMsg) + } + + +} \ No newline at end of file diff --git a/legacy/jenkins/vars/code_checkout.groovy b/legacy/jenkins/vars/code_checkout.groovy new file mode 100644 index 00000000..5e97acac --- /dev/null +++ b/legacy/jenkins/vars/code_checkout.groovy @@ -0,0 +1,3 @@ +def call(String GitUrl, String GitBranch){ + git url: "${GitUrl}", branch: "${GitBranch}" +} diff --git a/legacy/jenkins/vars/deploy.groovy b/legacy/jenkins/vars/deploy.groovy new file mode 100644 index 00000000..7c176a47 --- /dev/null +++ b/legacy/jenkins/vars/deploy.groovy @@ -0,0 +1,45 @@ +def call() { + try { + // Validate environment + sh 'docker compose config -q' + + // Graceful shutdown + sh 'docker compose down --timeout 30' + + // Verify cleanup + sh ''' + if docker compose ps -q | grep -q .; then + echo "Failed to stop all containers" + exit 1 + fi + ''' + + // Start services + sh 'docker compose up -d' + +// Verify deployment + sh ''' + max_attempts=30 + attempt=1 + while [ $attempt -le $max_attempts ]; do + unhealthy_services=$(docker compose ps --format '{{.Name}}: {{.Status}}' | grep -v "(healthy)") + if [ -z "$unhealthy_services" ]; then + echo "All services are healthy" + exit 0 + else + echo "Unhealthy services detected:" + echo "$unhealthy_services" + fi + echo "Waiting for services to be healthy (attempt $attempt/$max_attempts)..." + sleep 10 + attempt=$((attempt + 1)) + done + echo "Health check timeout after $max_attempts attempts" + docker compose ps + exit 1 + ''' + } catch (Exception e) { + echo "Deployment failed: ${e.message}" + throw e + } +} diff --git a/legacy/jenkins/vars/docker_build.groovy b/legacy/jenkins/vars/docker_build.groovy new file mode 100644 index 00000000..3f0e2bfa --- /dev/null +++ b/legacy/jenkins/vars/docker_build.groovy @@ -0,0 +1,4 @@ +// Define function +def call(String ProjectName, String ImageTag, String DockerHubUser){ + sh "docker build -t ${DockerHubUser}/${ProjectName}:${ImageTag} ." +} diff --git a/legacy/jenkins/vars/docker_cleanup.groovy b/legacy/jenkins/vars/docker_cleanup.groovy new file mode 100644 index 00000000..9248582b --- /dev/null +++ b/legacy/jenkins/vars/docker_cleanup.groovy @@ -0,0 +1,3 @@ +def call(String Project, String ImageTag, String DockerHubUser){ + sh "docker rmi ${DockerHubUser}/${Project}:${ImageTag}" +} diff --git a/legacy/jenkins/vars/docker_compose.groovy b/legacy/jenkins/vars/docker_compose.groovy new file mode 100644 index 00000000..1deb5149 --- /dev/null +++ b/legacy/jenkins/vars/docker_compose.groovy @@ -0,0 +1,3 @@ +def call(){ + sh "docker-compose down && docker-compose up -d" +} diff --git a/legacy/jenkins/vars/docker_push.groovy b/legacy/jenkins/vars/docker_push.groovy new file mode 100644 index 00000000..67eda0f1 --- /dev/null +++ b/legacy/jenkins/vars/docker_push.groovy @@ -0,0 +1,6 @@ +def call(String Project, String ImageTag, String dockerhubuser){ + withCredentials([usernamePassword(credentialsId: 'docker', passwordVariable: 'dockerhubpass', usernameVariable: 'dockerhubuser')]) { + sh "docker login -u ${dockerhubuser} -p ${dockerhubpass}" + } + sh "docker push ${dockerhubuser}/${Project}:${ImageTag}" +} diff --git a/legacy/jenkins/vars/greet.groovy b/legacy/jenkins/vars/greet.groovy new file mode 100644 index 00000000..b646b396 --- /dev/null +++ b/legacy/jenkins/vars/greet.groovy @@ -0,0 +1,3 @@ +def call(String name){ + echo "hello ${name.replaceAll('[^a-zA-Z0-9\\s-]', '')}" +} diff --git a/legacy/jenkins/vars/owasp_dependency.groovy b/legacy/jenkins/vars/owasp_dependency.groovy new file mode 100644 index 00000000..d046a02f --- /dev/null +++ b/legacy/jenkins/vars/owasp_dependency.groovy @@ -0,0 +1,4 @@ +def call(){ + dependencyCheck additionalArguments: '--scan ./', odcInstallation: 'OWASP' + dependencyCheckPublisher pattern: '**/dependency-check-report.xml' +} diff --git a/legacy/jenkins/vars/pushImage.groovy b/legacy/jenkins/vars/pushImage.groovy new file mode 100644 index 00000000..7b0ab470 --- /dev/null +++ b/legacy/jenkins/vars/pushImage.groovy @@ -0,0 +1,7 @@ +def call(String imageName){ + withCredentials([usernamePassword(credentialsId: "dockerhub", passwordVariable: 'DOCKER_PASSWD', usernameVariable: 'DOCKER_USER')]) { + sh "docker tag ${imageName} ${DOCKER_USER}/springboot-application" + sh "docker login -u${DOCKER_USER} -p${DOCKER_PASSWD}" + sh "docker push ${DOCKER_USER}/${imageName}" + } +} diff --git a/legacy/jenkins/vars/sonarqube_analysis.groovy b/legacy/jenkins/vars/sonarqube_analysis.groovy new file mode 100644 index 00000000..6385f214 --- /dev/null +++ b/legacy/jenkins/vars/sonarqube_analysis.groovy @@ -0,0 +1,5 @@ +def call(String SonarQubeAPI, String Projectname, String ProjectKey){ + withSonarQubeEnv("${SonarQubeAPI}"){ + sh "$SONAR_HOME/bin/sonar-scanner -Dsonar.projectName=${Projectname} -Dsonar.projectKey=${ProjectKey} -X" + } +} diff --git a/legacy/jenkins/vars/sonarqube_code_quality.groovy b/legacy/jenkins/vars/sonarqube_code_quality.groovy new file mode 100644 index 00000000..a0e22443 --- /dev/null +++ b/legacy/jenkins/vars/sonarqube_code_quality.groovy @@ -0,0 +1,5 @@ +def call(){ + timeout(time: 1, unit: "MINUTES"){ + waitForQualityGate abortPipeline: false + } +} diff --git a/legacy/jenkins/vars/trivy_scan.groovy b/legacy/jenkins/vars/trivy_scan.groovy new file mode 100644 index 00000000..960d859b --- /dev/null +++ b/legacy/jenkins/vars/trivy_scan.groovy @@ -0,0 +1,3 @@ +def call(){ + sh "trivy fs ." +} From e8eb977460c9e20bd7e6aa0ce6167d2e4c3b1b6b Mon Sep 17 00:00:00 2001 From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Sun, 14 Sep 2025 08:07:54 +0000 Subject: [PATCH 2/2] Complete Jenkins to GitHub Actions migration - Remove original Jenkins files (Jenkinsfile, GitOps/Jenkinsfile, vars/) - Update README.md with GitHub Actions migration documentation - Update cicd.md with GitHub Actions workflow information - All Jenkins functionality now replaced with GitHub Actions workflows Migration complete: - CI workflow: .github/workflows/ci.yml - CD workflow: .github/workflows/cd.yml - Secrets documentation: .github/SECRETS.md - Legacy files preserved: legacy/jenkins/ Co-Authored-By: Stephen Cornwell --- GitOps/Jenkinsfile | 95 ---------------- Jenkinsfile | 87 --------------- README.md | 76 ++++++++----- cicd.md | 171 ++++++++++++----------------- vars/README.md | 27 ----- vars/buildImage.groovy | 12 -- vars/codeCheckout.groovy | 36 ------ vars/code_checkout.groovy | 3 - vars/deploy.groovy | 45 -------- vars/docker_build.groovy | 4 - vars/docker_cleanup.groovy | 3 - vars/docker_compose.groovy | 3 - vars/docker_push.groovy | 6 - vars/greet.groovy | 3 - vars/owasp_dependency.groovy | 4 - vars/pushImage.groovy | 7 -- vars/sonarqube_analysis.groovy | 5 - vars/sonarqube_code_quality.groovy | 5 - vars/trivy_scan.groovy | 3 - 19 files changed, 119 insertions(+), 476 deletions(-) delete mode 100644 GitOps/Jenkinsfile delete mode 100644 Jenkinsfile delete mode 100644 vars/README.md delete mode 100644 vars/buildImage.groovy delete mode 100644 vars/codeCheckout.groovy delete mode 100644 vars/code_checkout.groovy delete mode 100644 vars/deploy.groovy delete mode 100644 vars/docker_build.groovy delete mode 100644 vars/docker_cleanup.groovy delete mode 100644 vars/docker_compose.groovy delete mode 100644 vars/docker_push.groovy delete mode 100644 vars/greet.groovy delete mode 100644 vars/owasp_dependency.groovy delete mode 100644 vars/pushImage.groovy delete mode 100644 vars/sonarqube_analysis.groovy delete mode 100644 vars/sonarqube_code_quality.groovy delete mode 100644 vars/trivy_scan.groovy diff --git a/GitOps/Jenkinsfile b/GitOps/Jenkinsfile deleted file mode 100644 index 7828a675..00000000 --- a/GitOps/Jenkinsfile +++ /dev/null @@ -1,95 +0,0 @@ -@Library('Shared') _ -pipeline { - agent any - - parameters { - string(name: 'DOCKER_TAG', defaultValue: '', description: 'Docker tag of the image built by the CI job') - } - - stages { - stage("Workspace cleanup"){ - steps{ - script{ - cleanWs() - } - } - } - - stage('Git: Code Checkout') { - steps { - script{ - code_checkout("https://github.com/LondheShubham153/Springboot-BankApp.git","DevOps") - } - } - } - - stage('Verify: Docker Image Tags') { - steps { - script{ - echo "DOCKER TAG RECEIVED: ${params.DOCKER_TAG}" - } - } - } - - - stage("Update: Kubernetes manifest"){ - steps{ - script{ - dir('kubernetes'){ - sh """ - sed -i -e 's|trainwithshubham/bankapp-eks:.*|trainwithshubham/bankapp-eks:${params.DOCKER_TAG}|g' bankapp-deployment.yaml - """ - } - } - } - } - - stage("Git: Code update and push to GitHub"){ - steps{ - script{ - withCredentials([gitUsernamePassword(credentialsId: 'Github-cred', gitToolName: 'Default')]) { - sh ''' - echo "Checking repository status: " - git status - - echo "Adding changes to git: " - git add . - - echo "Commiting changes: " - git commit -m "Updated K8s Deployment Docker Image Version" - - echo "Pushing changes to github: " - git push https://github.com/LondheShubham153/Springboot-BankApp.git DevOps - ''' - } - } - } - } - } - post { - always { - script { - emailext attachLog: true, - from: 'trainwithshubham@gmail.com', - subject: "BankApp Application has been updated and deployed - '${currentBuild.result}'", - body: """ - - -
-

Project: ${env.JOB_NAME}

-
-
-

Build Number: ${env.BUILD_NUMBER}

-
-
-

URL: ${env.BUILD_URL}

-
- - - """, - to: 'trainwithshubham@gmail.com', - mimeType: 'text/html' - } - } - } -} diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index 96e1e341..00000000 --- a/Jenkinsfile +++ /dev/null @@ -1,87 +0,0 @@ -@Library('Shared') _ -pipeline { - agent any - - environment{ - SONAR_HOME = tool "Sonar" - } - - parameters { - string(name: 'DOCKER_TAG', defaultValue: '', description: 'Setting docker image for latest push') - } - - stages { - - stage("Workspace cleanup"){ - steps{ - script{ - cleanWs() - } - } - } - - stage('Git: Code Checkout') { - steps { - script{ - code_checkout("https://github.com/LondheShubham153/Springboot-BankApp.git","DevOps") - } - } - } - - stage("Trivy: Filesystem scan"){ - steps{ - script{ - trivy_scan() - } - } - } - - stage("OWASP: Dependency check"){ - steps{ - script{ - owasp_dependency() - } - } - } - - stage("SonarQube: Code Analysis"){ - steps{ - script{ - sonarqube_analysis("Sonar","bankapp","bankapp") - } - } - } - - stage("SonarQube: Code Quality Gates"){ - steps{ - script{ - sonarqube_code_quality() - } - } - } - - stage("Docker: Build Images"){ - steps{ - script{ - docker_build("bankapp","${params.DOCKER_TAG}","madhupdevops") - } - } - } - - stage("Docker: Push to DockerHub"){ - steps{ - script{ - docker_push("bankapp","${params.DOCKER_TAG}","madhupdevops") - } - } - } - } - post{ - success{ - archiveArtifacts artifacts: '*.xml', followSymlinks: false - build job: "BankApp-CD", parameters: [ - string(name: 'DOCKER_TAG', value: "${params.DOCKER_TAG}") - ] - } - } -} diff --git a/README.md b/README.md index 2f49958e..fcef28b5 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,43 @@ ## End-to-End Bank Application Deployment using DevSecOps on AWS EKS -- This is a multi-tier bank an application written in Java (Springboot). +- This is a multi-tier bank application written in Java (Springboot). + +## Migration from Jenkins to GitHub Actions + +This repository has been migrated from Jenkins-based CI/CD to GitHub Actions workflows. The legacy Jenkins configuration files are preserved in the `legacy/jenkins/` directory for reference. + +### GitHub Actions Workflows + +The CI/CD pipeline now consists of two main GitHub Actions workflows: + +#### CI Pipeline (`.github/workflows/ci.yml`) +1. **Code Checkout**: Retrieves source code from GitHub +2. **Java Setup**: Configures Java 17 environment +3. **Security Scanning**: + - Trivy filesystem scan for vulnerabilities + - OWASP dependency check for known security issues +4. **Code Quality**: SonarQube analysis with quality gates +5. **Container Operations**: Docker image build and push to registry +6. **Trigger CD**: Initiates the GitOps deployment workflow + +#### CD Pipeline (`.github/workflows/cd.yml`) +1. **Manifest Updates**: Updates Kubernetes deployment manifests with new image tags +2. **GitOps Commit**: Commits and pushes changes to trigger ArgoCD synchronization +3. **Notifications**: Sends email notifications about deployment status + +### Required Secrets + +See `.github/SECRETS.md` for the complete list of required repository secrets for Docker Hub, SonarQube, and email notifications. + +### Setup Instructions + +1. **Configure GitHub Actions Secrets**: + - Follow the instructions in `.github/SECRETS.md` + - Add all required secrets to repository settings + +2. **Pipeline Execution**: + - Push changes to the `DevOps` branch to trigger CI pipeline + - Use workflow dispatch to manually trigger builds with custom Docker tags + - CD pipeline automatically triggers after successful CI builds ![Login diagram](images/login.png) ![Transactions diagram](images/transactions.png) @@ -86,33 +124,15 @@ sudo su ``` > [!Note] > Make sure the ssh-public-key "eks-nodegroup-key is available in your aws account" -- Install Jenkins -```bash -sudo apt update -y -sudo apt install fontconfig openjdk-17-jre -y - -sudo wget -O /usr/share/keyrings/jenkins-keyring.asc \ - https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key - -echo "deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc]" \ - https://pkg.jenkins.io/debian-stable binary/ | sudo tee \ - /etc/apt/sources.list.d/jenkins.list > /dev/null - -sudo apt-get update -y -sudo apt-get install jenkins -y -``` - -- After installing Jenkins, change the default port of jenkins from 8080 to 8081. Because our bankapp application will be running on 8080. - - Open /usr/lib/systemd/system/jenkins.service file and change JENKINS_PORT environment variable -![image](https://github.com/user-attachments/assets/6320ae49-82d4-4ae3-9811-bd6f06778483) - - Reload daemon - ```bash - sudo systemctl daemon-reload - ``` - - Restart Jenkins - ```bash - sudo systemctl restart jenkins - ``` +- GitHub Actions Setup (Replaces Jenkins) + - No server installation required - GitHub Actions runs in the cloud + - Configure repository secrets as documented in `.github/SECRETS.md` + - Workflows automatically trigger on push to DevOps branch + - Manual triggers available via workflow dispatch + +- Legacy Jenkins Installation (For Reference) + - Original Jenkins setup preserved in `legacy/jenkins/` directory + - Jenkins configuration replaced by GitHub Actions workflows # - Install docker diff --git a/cicd.md b/cicd.md index 140e1696..4b99fca3 100644 --- a/cicd.md +++ b/cicd.md @@ -1,108 +1,79 @@ -#### CICD Workflow -- Cloning the Project code from GitHub. -- Build docker image and push it to docker hub. -- Pull image from docker hub and deploy application using docker compose . +#### CICD Workflow (GitHub Actions) +- Cloning the Project code from GitHub using actions/checkout@v4 +- Security scanning with Trivy and OWASP dependency check +- Code quality analysis with SonarQube +- Build docker image and push it to docker hub +- GitOps deployment by updating Kubernetes manifests +- Email notifications for deployment status ![Login diagram](images/flow.png) -#### Creating CICD pipeline - 1. #### Install Jenkins and access on port 8080 - ```bash - http://:8080 - # Development environment only - http://:8080 +## Migration from Jenkins to GitHub Actions + +This repository has been migrated from Jenkins-based CI/CD to GitHub Actions workflows. The legacy Jenkins configuration files are preserved in the `legacy/jenkins/` directory for reference. + +### Jenkins to GitHub Actions Mapping + +| Jenkins Function | GitHub Actions Equivalent | +|------------------|---------------------------| +| `code_checkout()` | `actions/checkout@v4` | +| `trivy_scan()` | Trivy CLI installation and execution | +| `owasp_dependency()` | `dependency-check/Dependency-Check_Action@main` | +| `sonarqube_analysis()` | SonarQube Scanner CLI | +| `sonarqube_code_quality()` | `sonarqube-quality-gate-action@master` | +| `docker_build()` | Docker CLI commands | +| `docker_push()` | `docker/login-action@v3` + Docker CLI | + +#### Creating CICD pipeline (GitHub Actions) + + 1. #### Configure GitHub Actions (Replaces Jenkins) + - No server installation required + - Configure repository secrets in GitHub repository settings + - Access workflows at: `https://github.com/COG-GTM/Springboot-BankApp/actions` + - Workflows automatically trigger on code changes + +2. #### GitHub Actions Configuration. + - **Runners**: GitHub-hosted runners (ubuntu-latest) provide isolated execution environment + - **Security**: Built-in Docker support with secure credential management + - **Secrets Management**: + - Configure repository secrets in Settings > Secrets and variables > Actions + - Required secrets documented in `.github/SECRETS.md` + - Includes Docker Hub, SonarQube, and email notification credentials + - **Workflow Triggers**: + - Automatic triggers on push/PR to DevOps/main branches + - Manual triggers via workflow dispatch + - Repository dispatch for CI/CD pipeline coordination + +3. #### GitHub Actions Workflows and Triggers + + - **CI Workflow** (`.github/workflows/ci.yml`): + - Triggers on push/PR to DevOps/main branches + - Manual trigger via workflow dispatch with custom Docker tags + - Includes all security scanning, code quality, and Docker operations - # Production environment (recommended) - # Access through reverse proxy with HTTPS - https:///jenkins - ``` - Login and install Suggested Plugins. - -2. #### Jenkins Configuration. - - SetUp Agent - - Agents are used for distribute the builds in parallel execution - ![Agent](images/agent.png) - - - Install Docker and docker-compose:V2 on worker node and add the user who is executing the Jenkins job into the docker group. because we are going to deploy application in worker node itself. - - **Note** Security Considerations for Docker Setup. When configuring Docker for Jenkins: - - - Avoid adding the Jenkins user to the Docker group, as it grants root-level access. - - Use Rootless Docker to run Docker daemons and containers without root privileges. [Official Guide](https://docs.docker.com/engine/security/rootless/). - - Configure sudo for Docker commands: - - Grant specific permissions in the sudoers file. - - Use sudo in your pipeline scripts to execute Docker commands. - - Implement access control mechanisms using Docker authorization plugins or socket proxies. - + - **CD Workflow** (`.github/workflows/cd.yml`): + - Triggers via repository dispatch from CI workflow + - Manual trigger for specific Docker tag deployments + - Updates Kubernetes manifests and sends notifications - - - Configure Shared Library - - Configure the task effectively in centralized manner. - - Configure shared library for your Jenkins Server Navigate through Dashboard > Manage Jenkins > System, and add Global Trusted Pipeline Libraries. (Modern SCM) - - ![Shared-library](images/shared_library.png) - - - - Configure Crendentials. - - Credentials that are requied during job execution. - - e.g. DockerHub credentials for push and pull images. + - **Automatic Triggers**: + - No webhook configuration needed - GitHub Actions triggers automatically + - Built-in integration with GitHub repository events + - Secure and immediate execution without polling delays - ![Shared-library](images/credentials.png) - -3. #### Create a Pipeline, Execute Job and Configure Webhook - - - Configure Pipeline. - - Configure job to get pipeline from SCM. - ![pipeline](images/pipeline.png) - - Build Job and Check - - Build the Job - - Configure WebHook and poll SCM. - - Webhook Configuration - - 1. **Install GitHub Plugin** - - Go to `Manage Jenkins > Manage Plugins > Available`. - - Search for **GitHub Integration Plugin**, install, and restart Jenkins if needed. - - 2. **Configure Jenkins Job** - - In job configuration, enable **GitHub hook trigger for GITScm polling** under **Build Triggers**. - - 3. **Set Up Webhook in GitHub** - - Go to `Repository > Settings > Webhooks > Add webhook`. - - Configure: - - **Payload URL**: `http://:8080/github-webhook/` - - **Content type**: `application/json` - - **Events**: Select **push** or others as needed. - - (Optional) Add a secret token for security. - - 4. **Test Webhook** - - Push changes to the repo and verify the job is triggered. - - Check webhook status under **Recent Deliveries** in GitHub. - - - SCM Polling Configuration - - 1. **Enable SCM Polling** - - In job configuration, select **Poll SCM** under **Build Triggers**. - - Add a cron expression in **Schedule**: - - Every 5 minutes: `H/5 * * * *` - - Every 15 minutes: `H/15 * * * *` - - 2. **Test Polling** - - Push changes to the repo and wait for the next polling interval. - - Verify in **Polling Log** under the Jenkins job dashboard. - - - - Key Notes - - - **Webhooks vs Polling**: - - Webhooks are immediate and resource-efficient. - - Polling introduces delays and higher resource usage. - - - **Security**: - - Use SSL/TLS for GitHub-Jenkins communication. - - Ensure Jenkins is accessible via the firewall. - - - **Jenkins Pipeline**: - - Ensure `Jenkinsfile` is correctly configured to check out the repo and branch. + - **Manual Execution**: + ```bash + # Trigger CI workflow manually + gh workflow run ci.yml --ref DevOps -f docker_tag=manual-v1.0 + + # Trigger CD workflow manually + gh workflow run cd.yml --ref DevOps -f docker_tag=manual-v1.0 + ``` + + - **Monitoring**: + - View workflow runs at: `https://github.com/COG-GTM/Springboot-BankApp/actions` + - Real-time logs and status updates + - Email notifications for deployment status @@ -115,4 +86,4 @@ -#### Nginx and HTTPS [guide](nginx.md) \ No newline at end of file +#### Nginx and HTTPS [guide](nginx.md) diff --git a/vars/README.md b/vars/README.md deleted file mode 100644 index 0691b28d..00000000 --- a/vars/README.md +++ /dev/null @@ -1,27 +0,0 @@ -# Jenkins Shared Library -- Shared libraries in Jenkins Pipelines are reusable pieces of code that can be organized into functions and classes. -- These libraries allow you to encapsulate common logic, making it easier to maintain and share across multiple pipelines and projects. -- Shared library must be inside the **vars** directory in your github repository -- Shared library uses **groovy** syntax and file name ends with **.groovy** extension. - -# -## How to create and use shared library in Jenkins. - -### How to create Shared library -- Login to your Jenkins dashboard. Jenkins Installation -- Go to **Manage Jenkins** --> **System** and search for **Global Trusted Pipeline Libraries**. - - - **Name:** Shared
- **Default version:** \
- **Project repository:** https://github.com/DevMadhup/Jenkins_SharedLib.git
-**** - - -# -### How to use it in Jenkins pipeline -- Go to your declarative pipeline -- Add **@Library('Shared') _** at the very first line of your jenkins pipeline. - - -**Note:** @Library() _ is the syntax to use shared library. diff --git a/vars/buildImage.groovy b/vars/buildImage.groovy deleted file mode 100644 index 5cdae742..00000000 --- a/vars/buildImage.groovy +++ /dev/null @@ -1,12 +0,0 @@ -def call(String imageName){ - if (!imageName.matches('^[a-zA-Z0-9][a-zA-Z0-9_.-]*$')) { - error('Invalid image name. Must contain only alphanumeric characters, dots, dashes, and underscores') - } - - try { - sh "docker info > /dev/null 2>&1" - sh "docker build -t $imageName ." - } catch (Exception e) { - error "Docker daemon is not accessible. Please ensure Docker is running: ${e.message}" - } -} diff --git a/vars/codeCheckout.groovy b/vars/codeCheckout.groovy deleted file mode 100644 index e7cb58f5..00000000 --- a/vars/codeCheckout.groovy +++ /dev/null @@ -1,36 +0,0 @@ -def call(String branch, String url, String credId) { - // Validate branch name format - if (!branch.matches('^[\\w.-]+$')) { - error("Invalid branch name format") - } - - // Validate URL format - if (!url.matches('^https?://[\\w.-]+(/[\\w.-]+)*(\\.git)?$')) { - error("Invalid git URL format") - } - - try { - timeout(time: 5, unit: 'MINUTES') { - def gitConfig = [ - branch: branch, - url: url, - changelog: true, - poll: false - ] - - if (credentialsId) { - gitConfig.credentialsId = credentialsId - } - - git(gitConfig) - } - } catch (Exception e) { - def errorMsg = "Git checkout failed:\n" + - "Branch: ${branch}\n" + - "URL: ${url}\n" + - "Error: ${e.message}" - error(errorMsg) - } - - -} \ No newline at end of file diff --git a/vars/code_checkout.groovy b/vars/code_checkout.groovy deleted file mode 100644 index 5e97acac..00000000 --- a/vars/code_checkout.groovy +++ /dev/null @@ -1,3 +0,0 @@ -def call(String GitUrl, String GitBranch){ - git url: "${GitUrl}", branch: "${GitBranch}" -} diff --git a/vars/deploy.groovy b/vars/deploy.groovy deleted file mode 100644 index 7c176a47..00000000 --- a/vars/deploy.groovy +++ /dev/null @@ -1,45 +0,0 @@ -def call() { - try { - // Validate environment - sh 'docker compose config -q' - - // Graceful shutdown - sh 'docker compose down --timeout 30' - - // Verify cleanup - sh ''' - if docker compose ps -q | grep -q .; then - echo "Failed to stop all containers" - exit 1 - fi - ''' - - // Start services - sh 'docker compose up -d' - -// Verify deployment - sh ''' - max_attempts=30 - attempt=1 - while [ $attempt -le $max_attempts ]; do - unhealthy_services=$(docker compose ps --format '{{.Name}}: {{.Status}}' | grep -v "(healthy)") - if [ -z "$unhealthy_services" ]; then - echo "All services are healthy" - exit 0 - else - echo "Unhealthy services detected:" - echo "$unhealthy_services" - fi - echo "Waiting for services to be healthy (attempt $attempt/$max_attempts)..." - sleep 10 - attempt=$((attempt + 1)) - done - echo "Health check timeout after $max_attempts attempts" - docker compose ps - exit 1 - ''' - } catch (Exception e) { - echo "Deployment failed: ${e.message}" - throw e - } -} diff --git a/vars/docker_build.groovy b/vars/docker_build.groovy deleted file mode 100644 index 3f0e2bfa..00000000 --- a/vars/docker_build.groovy +++ /dev/null @@ -1,4 +0,0 @@ -// Define function -def call(String ProjectName, String ImageTag, String DockerHubUser){ - sh "docker build -t ${DockerHubUser}/${ProjectName}:${ImageTag} ." -} diff --git a/vars/docker_cleanup.groovy b/vars/docker_cleanup.groovy deleted file mode 100644 index 9248582b..00000000 --- a/vars/docker_cleanup.groovy +++ /dev/null @@ -1,3 +0,0 @@ -def call(String Project, String ImageTag, String DockerHubUser){ - sh "docker rmi ${DockerHubUser}/${Project}:${ImageTag}" -} diff --git a/vars/docker_compose.groovy b/vars/docker_compose.groovy deleted file mode 100644 index 1deb5149..00000000 --- a/vars/docker_compose.groovy +++ /dev/null @@ -1,3 +0,0 @@ -def call(){ - sh "docker-compose down && docker-compose up -d" -} diff --git a/vars/docker_push.groovy b/vars/docker_push.groovy deleted file mode 100644 index 67eda0f1..00000000 --- a/vars/docker_push.groovy +++ /dev/null @@ -1,6 +0,0 @@ -def call(String Project, String ImageTag, String dockerhubuser){ - withCredentials([usernamePassword(credentialsId: 'docker', passwordVariable: 'dockerhubpass', usernameVariable: 'dockerhubuser')]) { - sh "docker login -u ${dockerhubuser} -p ${dockerhubpass}" - } - sh "docker push ${dockerhubuser}/${Project}:${ImageTag}" -} diff --git a/vars/greet.groovy b/vars/greet.groovy deleted file mode 100644 index b646b396..00000000 --- a/vars/greet.groovy +++ /dev/null @@ -1,3 +0,0 @@ -def call(String name){ - echo "hello ${name.replaceAll('[^a-zA-Z0-9\\s-]', '')}" -} diff --git a/vars/owasp_dependency.groovy b/vars/owasp_dependency.groovy deleted file mode 100644 index d046a02f..00000000 --- a/vars/owasp_dependency.groovy +++ /dev/null @@ -1,4 +0,0 @@ -def call(){ - dependencyCheck additionalArguments: '--scan ./', odcInstallation: 'OWASP' - dependencyCheckPublisher pattern: '**/dependency-check-report.xml' -} diff --git a/vars/pushImage.groovy b/vars/pushImage.groovy deleted file mode 100644 index 7b0ab470..00000000 --- a/vars/pushImage.groovy +++ /dev/null @@ -1,7 +0,0 @@ -def call(String imageName){ - withCredentials([usernamePassword(credentialsId: "dockerhub", passwordVariable: 'DOCKER_PASSWD', usernameVariable: 'DOCKER_USER')]) { - sh "docker tag ${imageName} ${DOCKER_USER}/springboot-application" - sh "docker login -u${DOCKER_USER} -p${DOCKER_PASSWD}" - sh "docker push ${DOCKER_USER}/${imageName}" - } -} diff --git a/vars/sonarqube_analysis.groovy b/vars/sonarqube_analysis.groovy deleted file mode 100644 index 6385f214..00000000 --- a/vars/sonarqube_analysis.groovy +++ /dev/null @@ -1,5 +0,0 @@ -def call(String SonarQubeAPI, String Projectname, String ProjectKey){ - withSonarQubeEnv("${SonarQubeAPI}"){ - sh "$SONAR_HOME/bin/sonar-scanner -Dsonar.projectName=${Projectname} -Dsonar.projectKey=${ProjectKey} -X" - } -} diff --git a/vars/sonarqube_code_quality.groovy b/vars/sonarqube_code_quality.groovy deleted file mode 100644 index a0e22443..00000000 --- a/vars/sonarqube_code_quality.groovy +++ /dev/null @@ -1,5 +0,0 @@ -def call(){ - timeout(time: 1, unit: "MINUTES"){ - waitForQualityGate abortPipeline: false - } -} diff --git a/vars/trivy_scan.groovy b/vars/trivy_scan.groovy deleted file mode 100644 index 960d859b..00000000 --- a/vars/trivy_scan.groovy +++ /dev/null @@ -1,3 +0,0 @@ -def call(){ - sh "trivy fs ." -}