Dev: Update Jenkinsfile — use core repo in registry, secure login/logout, cleanup in post

2025-11-30 16:01:58 +05:30
parent 266b9b59c2
commit eb85e581f3
1 changed files with 43 additions and 21 deletions
--- a/64
+++ b/64
@@ -1,14 +1,16 @@
 pipeline {
+    // Run on your specific Agent Droplet
    agent { label 'jenkins-agent' }

    environment {
-        REGISTRY_URL = 'registry.digitalocean.com/kongseng'
+        // 1. Your ACTUAL Registry Name (Verified)
+        REGISTRY_URL = 'registry.digitalocean.com/devsecops-lab'
        
-        // FIX: Use ONE shared repository name
-        REPO_NAME = 'devsecops-lab'
+        // 2. The ONE allowed repository for Free Tier
+        REPO_NAME = 'core'
        
-        // Create distinct tags for backend and frontend
-        // Result: registry.../devsecops-lab:backend-Dev-1
+        // 3. Unique Tags to distinguish apps inside the 'core' repo
+        // Example: core:backend-Dev-25
        BACKEND_TAG = "backend-${env.BRANCH_NAME}-${env.BUILD_NUMBER}"
        FRONTEND_TAG = "frontend-${env.BRANCH_NAME}-${env.BUILD_NUMBER}"
    }
@@ -22,8 +24,8 @@ pipeline {
        
        stage('Install Dependencies') {
            steps {
-                // Check if folders exist to avoid errors
-                sh 'ls -la' 
+                echo "Installing dependencies..."
+                // Ensure these folders exist in your repo!
                dir('backend') { sh 'npm install' }
                dir('frontend') { sh 'npm install' }
            }
@@ -33,7 +35,7 @@ pipeline {
            steps {
                script {
                    echo "Building Images..."
-                    // Build both images using the SAME Repo URL but DIFFERENT Tags
+                    // Build using the 'core' repo path but unique tags
                    sh "docker build -t ${REGISTRY_URL}/${REPO_NAME}:${BACKEND_TAG} ./backend"
                    sh "docker build -t ${REGISTRY_URL}/${REPO_NAME}:${FRONTEND_TAG} ./frontend"
                }
@@ -42,19 +44,23 @@ pipeline {

        stage('Push to Registry') {
            steps {
-                // Securely inject the token into the script
+                // Securely inject the DO Token
                withCredentials([string(credentialsId: 'do-registry-token', variable: 'DO_TOKEN')]) {
                    script {
                        echo "Logging into DigitalOcean Registry..."
                        
-                        // Explicit Login: Uses the token as both user and password (DO Standard)
-                        sh 'echo $DO_TOKEN | docker login registry.digitalocean.com -u $DO_TOKEN --password-stdin'
+                        // 1. NUKE existing config to prevent credential-helper conflicts
+                        sh 'rm -f ~/.docker/config.json'
+                        
+                        // 2. Force Raw Login (Token as Password)
+                        // -u anything works, --password-stdin takes the token
+                        sh 'echo $DO_TOKEN | docker login registry.digitalocean.com -u key_is_token --password-stdin'
                        
                        echo "Pushing images..."
                        sh "docker push ${REGISTRY_URL}/${REPO_NAME}:${BACKEND_TAG}"
                        sh "docker push ${REGISTRY_URL}/${REPO_NAME}:${FRONTEND_TAG}"
                        
-                        // Cleanup: Logout to keep the agent secure
+                        // 3. Logout for security
                        sh 'docker logout registry.digitalocean.com'
                    }
                }
@@ -64,17 +70,24 @@ pipeline {
        stage('Deploy') {
            steps {
                script {
+                    // Dynamic Port Assignment based on Branch
                    def appPort = "3000"
-                    // Unique container name for this branch
-                    def containerName = "app-${env.BRANCH_NAME}" 
+                    def containerName = "backend-${env.BRANCH_NAME}"
                    
-                    if (env.BRANCH_NAME == 'Dev') { appPort = "3001" } 
-                    else if (env.BRANCH_NAME == 'Release') { appPort = "3002" } 
-                    else if (env.BRANCH_NAME == 'main') { appPort = "3003" }
+                    if (env.BRANCH_NAME == 'Dev') {
+                        appPort = "3001"
+                        echo "Deploying to DEV (Port 3001)"
+                    } 
+                    else if (env.BRANCH_NAME == 'Release') {
+                        appPort = "3002"
+                        echo "Deploying to STAGING (Port 3002)"
+                    } 
+                    else if (env.BRANCH_NAME == 'main') {
+                        appPort = "3003"
+                        echo "Deploying to PRODUCTION (Port 3003)"
+                    }

-                    echo "Deploying Backend to Port ${appPort}..."
-
-                    // Clean up old container
+                    // 1. Cleanup Old Container
                    try {
                        sh "docker stop ${containerName} || true"
                        sh "docker rm ${containerName} || true"
@@ -82,7 +95,7 @@ pipeline {
                        echo "No container to stop"
                    }

-                    // Run the specific BACKEND tag
+                    // 2. Run New Container
                    sh """
                        docker run -d \
                        --name ${containerName} \
@@ -94,4 +107,13 @@ pipeline {
            }
        }
    }
+    
+    post {
+        always {
+            // Cleanup workspace to save disk space
+            deleteDir()
+            // Cleanup dangling images
+            sh 'docker system prune -f'
+        }
+    }
 }