From ecb4417f2fc2a5ec9d6a4f5792e7f935bb068a63 Mon Sep 17 00:00:00 2001 From: giteaadmin Date: Sun, 30 Nov 2025 12:30:43 +0000 Subject: [PATCH] Updated jenkinsFile --- Jenkinsfile | 105 ++++++++++++++++++++++++++-------------------------- 1 file changed, 53 insertions(+), 52 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 57a6922..739d4df 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,31 +1,33 @@ pipeline { - // Run on your specific Agent Droplet + // 1. Run heavy lifting (Build/Push) on the Agent agent { label 'jenkins-agent' } environment { - // 1. Your ACTUAL Registry Name (Verified) + // CRITICAL FIX: Use the Registry Name we verified via 'doctl' REGISTRY_URL = 'registry.digitalocean.com/devsecops-lab' - // 2. The ONE allowed repository for Free Tier + // CRITICAL FIX: Use 'core' to stay within 1-repo limit REPO_NAME = 'core' - // 3. Unique Tags to distinguish apps inside the 'core' repo - // Example: core:backend-Dev-25 + // Dynamic Tags BACKEND_TAG = "backend-${env.BRANCH_NAME}-${env.BUILD_NUMBER}" FRONTEND_TAG = "frontend-${env.BRANCH_NAME}-${env.BUILD_NUMBER}" + + // Deployment Target (The Gitea Server) + DEPLOY_HOST = 'gitea.kongseng.in' + DEPLOY_USER = 'root' } stages { stage('Checkout') { - steps { - checkout scm - } + steps { checkout scm } } stage('Install Dependencies') { steps { - echo "Installing dependencies..." - // Ensure these folders exist in your repo! + echo "Installing dependencies for ${env.BRANCH_NAME}..." + // Ensure folders exist to avoid errors + sh 'ls -la' dir('backend') { sh 'npm install' } dir('frontend') { sh 'npm install' } } @@ -35,7 +37,6 @@ pipeline { steps { script { echo "Building Images..." - // Build using the 'core' repo path but unique tags sh "docker build -t ${REGISTRY_URL}/${REPO_NAME}:${BACKEND_TAG} ./backend" sh "docker build -t ${REGISTRY_URL}/${REPO_NAME}:${FRONTEND_TAG} ./frontend" } @@ -44,65 +45,67 @@ pipeline { stage('Push to Registry') { steps { - // Securely inject the DO Token + // We MUST inject the token here, or the push will fail with "Unauthorized" withCredentials([string(credentialsId: 'do-registry-token', variable: 'DO_TOKEN')]) { script { - echo "Logging into DigitalOcean Registry..." - - // 1. NUKE existing config to prevent credential-helper conflicts + echo "Logging into Registry..." + // 1. Clean previous state sh 'rm -f ~/.docker/config.json' - // 2. Force Raw Login (Token as Password) - // -u anything works, --password-stdin takes the token - sh 'echo $DO_TOKEN | docker login registry.digitalocean.com -u key_is_token --password-stdin' + // 2. Login using Token as Password + sh 'echo $DO_TOKEN | docker login registry.digitalocean.com -u token --password-stdin' echo "Pushing images..." sh "docker push ${REGISTRY_URL}/${REPO_NAME}:${BACKEND_TAG}" sh "docker push ${REGISTRY_URL}/${REPO_NAME}:${FRONTEND_TAG}" - // 3. Logout for security + // 3. Logout sh 'docker logout registry.digitalocean.com' } } } } + // --- REMOTE DEPLOYMENT (AGENT -> GITEA SERVER) --- stage('Deploy') { steps { script { - // Dynamic Port Assignment based on Branch + // Define Ports based on Branch def appPort = "3000" + if (env.BRANCH_NAME == 'Dev') { appPort = "3001" } + else if (env.BRANCH_NAME == 'Release') { appPort = "3002" } + else if (env.BRANCH_NAME == 'main') { appPort = "3003" } + def containerName = "backend-${env.BRANCH_NAME}" - - if (env.BRANCH_NAME == 'Dev') { - appPort = "3001" - echo "Deploying to DEV (Port 3001)" - } - else if (env.BRANCH_NAME == 'Release') { - appPort = "3002" - echo "Deploying to STAGING (Port 3002)" - } - else if (env.BRANCH_NAME == 'main') { - appPort = "3003" - echo "Deploying to PRODUCTION (Port 3003)" - } - // 1. Cleanup Old Container - try { - sh "docker stop ${containerName} || true" - sh "docker rm ${containerName} || true" - } catch (Exception e) { - echo "No container to stop" - } + // Define SSH Command using the specific deploy key we created + def remote = "ssh -o StrictHostKeyChecking=no -i ~/.ssh/id_rsa_deploy ${DEPLOY_USER}@${DEPLOY_HOST}" - // 2. Run New Container - sh """ - docker run -d \ - --name ${containerName} \ - --restart always \ - -p ${appPort}:3000 \ - ${REGISTRY_URL}/${REPO_NAME}:${BACKEND_TAG} - """ + echo "Deploying to ${DEPLOY_HOST} on Port ${appPort}..." + + // We need the token again to PULL the image on the remote server + withCredentials([string(credentialsId: 'do-registry-token', variable: 'DO_TOKEN')]) { + + // 1. Remote Login + sh "${remote} 'echo ${DO_TOKEN} | docker login registry.digitalocean.com -u token --password-stdin'" + + // 2. Remote Pull + sh "${remote} 'docker pull ${REGISTRY_URL}/${REPO_NAME}:${BACKEND_TAG}'" + + // 3. Remote Restart (Stop -> Remove -> Run) + sh "${remote} 'docker stop ${containerName} || true'" + sh "${remote} 'docker rm ${containerName} || true'" + + sh """ + ${remote} 'docker run -d \ + --name ${containerName} \ + --restart always \ + -p ${appPort}:3000 \ + ${REGISTRY_URL}/${REPO_NAME}:${BACKEND_TAG}' + """ + + echo "SUCCESS: App is live at http://${DEPLOY_HOST}:${appPort}" + } } } } @@ -110,10 +113,8 @@ pipeline { post { always { - // Cleanup workspace to save disk space - deleteDir() - // Cleanup dangling images + // Save disk space on the Agent sh 'docker system prune -f' } } -} +} \ No newline at end of file