DevSecOps/DevSecOps-Lab
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Dev: Update Jenkinsfile — use core repo in registry, secure login/logout, cleanup in post
All checks were successful
DevSecOps-Multibranch/pipeline/head This commit looks good
Details

Browse Source
This commit is contained in:
dev-1
2025-11-30 16:01:58 +05:30
parent 266b9b59c2
commit eb85e581f3
1 changed files with 43 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
Jenkinsfile vendored
View File

@@ -1,14 +1,16 @@
pipeline { pipeline {
// Run on your specific Agent Droplet
agent { label 'jenkins-agent' } agent { label 'jenkins-agent' }
environment { environment {
REGISTRY_URL = 'registry.digitalocean.com/kongseng' // 1. Your ACTUAL Registry Name (Verified)
REGISTRY_URL = 'registry.digitalocean.com/devsecops-lab'
// FIX: Use ONE shared repository name // 2. The ONE allowed repository for Free Tier
REPO_NAME = 'devsecops-lab' REPO_NAME = 'core'
// Create distinct tags for backend and frontend // 3. Unique Tags to distinguish apps inside the 'core' repo
// Result: registry.../devsecops-lab:backend-Dev-1 // Example: core:backend-Dev-25
BACKEND_TAG = "backend-${env.BRANCH_NAME}-${env.BUILD_NUMBER}" BACKEND_TAG = "backend-${env.BRANCH_NAME}-${env.BUILD_NUMBER}"
FRONTEND_TAG = "frontend-${env.BRANCH_NAME}-${env.BUILD_NUMBER}" FRONTEND_TAG = "frontend-${env.BRANCH_NAME}-${env.BUILD_NUMBER}"
} }
@@ -22,8 +24,8 @@ pipeline {
stage('Install Dependencies') { stage('Install Dependencies') {
steps { steps {
// Check if folders exist to avoid errors echo "Installing dependencies..."
sh 'ls -la' // Ensure these folders exist in your repo!
dir('backend') { sh 'npm install' } dir('backend') { sh 'npm install' }
dir('frontend') { sh 'npm install' } dir('frontend') { sh 'npm install' }
} }
@@ -33,7 +35,7 @@ pipeline {
steps { steps {
script { script {
echo "Building Images..." echo "Building Images..."
// Build both images using the SAME Repo URL but DIFFERENT Tags // Build using the 'core' repo path but unique tags
sh "docker build -t ${REGISTRY_URL}/${REPO_NAME}:${BACKEND_TAG} ./backend" sh "docker build -t ${REGISTRY_URL}/${REPO_NAME}:${BACKEND_TAG} ./backend"
sh "docker build -t ${REGISTRY_URL}/${REPO_NAME}:${FRONTEND_TAG} ./frontend" sh "docker build -t ${REGISTRY_URL}/${REPO_NAME}:${FRONTEND_TAG} ./frontend"
} }
@@ -42,19 +44,23 @@ pipeline {
stage('Push to Registry') { stage('Push to Registry') {
steps { steps {
// Securely inject the token into the script // Securely inject the DO Token
withCredentials([string(credentialsId: 'do-registry-token', variable: 'DO_TOKEN')]) { withCredentials([string(credentialsId: 'do-registry-token', variable: 'DO_TOKEN')]) {
script { script {
echo "Logging into DigitalOcean Registry..." echo "Logging into DigitalOcean Registry..."
// Explicit Login: Uses the token as both user and password (DO Standard) // 1. NUKE existing config to prevent credential-helper conflicts
sh 'echo $DO_TOKEN | docker login registry.digitalocean.com -u $DO_TOKEN --password-stdin' sh 'rm -f ~/.docker/config.json'
// 2. Force Raw Login (Token as Password)
// -u anything works, --password-stdin takes the token
sh 'echo $DO_TOKEN | docker login registry.digitalocean.com -u key_is_token --password-stdin'
echo "Pushing images..." echo "Pushing images..."
sh "docker push ${REGISTRY_URL}/${REPO_NAME}:${BACKEND_TAG}" sh "docker push ${REGISTRY_URL}/${REPO_NAME}:${BACKEND_TAG}"
sh "docker push ${REGISTRY_URL}/${REPO_NAME}:${FRONTEND_TAG}" sh "docker push ${REGISTRY_URL}/${REPO_NAME}:${FRONTEND_TAG}"
// Cleanup: Logout to keep the agent secure // 3. Logout for security
sh 'docker logout registry.digitalocean.com' sh 'docker logout registry.digitalocean.com'
} }
} }
@@ -64,17 +70,24 @@ pipeline {
stage('Deploy') { stage('Deploy') {
steps { steps {
script { script {
// Dynamic Port Assignment based on Branch
def appPort = "3000" def appPort = "3000"
// Unique container name for this branch def containerName = "backend-${env.BRANCH_NAME}"
def containerName = "app-${env.BRANCH_NAME}"
if (env.BRANCH_NAME == 'Dev') { appPort = "3001" } if (env.BRANCH_NAME == 'Dev') {
else if (env.BRANCH_NAME == 'Release') { appPort = "3002" } appPort = "3001"
else if (env.BRANCH_NAME == 'main') { appPort = "3003" } echo "Deploying to DEV (Port 3001)"
}
else if (env.BRANCH_NAME == 'Release') {
appPort = "3002"
echo "Deploying to STAGING (Port 3002)"
}
else if (env.BRANCH_NAME == 'main') {
appPort = "3003"
echo "Deploying to PRODUCTION (Port 3003)"
}
echo "Deploying Backend to Port ${appPort}..." // 1. Cleanup Old Container
// Clean up old container
try { try {
sh "docker stop ${containerName} || true" sh "docker stop ${containerName} || true"
sh "docker rm ${containerName} || true" sh "docker rm ${containerName} || true"
@@ -82,7 +95,7 @@ pipeline {
echo "No container to stop" echo "No container to stop"
} }
// Run the specific BACKEND tag // 2. Run New Container
sh """ sh """
docker run -d \ docker run -d \
--name ${containerName} \ --name ${containerName} \
@@ -94,4 +107,13 @@ pipeline {
} }
} }
} }
post {
always {
// Cleanup workspace to save disk space
deleteDir()
// Cleanup dangling images
sh 'docker system prune -f'
}
}
} }