stage('Deploy') { steps { script { // Define Ports for Dev environment def backendPort = "3001" def frontendPort = "3002" def backendContainer = "backend" def frontendContainer = "frontend" def network = "devsecops-net" def remote = "ssh -o StrictHostKeyChecking=no -i ~/.ssh/id_rsa_deploy ${DEPLOY_USER}@${DEPLOY_HOST}" withCredentials([string(credentialsId: 'do-registry-token', variable: 'DO_TOKEN')]) { // 1. Remote Login sh "${remote} 'echo ${DO_TOKEN} | docker login registry.digitalocean.com -u token --password-stdin'" // 2. Create network if not exists sh "${remote} 'docker network inspect ${network} >/dev/null 2>&1 || docker network create ${network}'" // 3. Pull images sh "${remote} 'docker pull ${REGISTRY_URL}/${REPO_NAME}:${BACKEND_TAG}'" sh "${remote} 'docker pull ${REGISTRY_URL}/${REPO_NAME}:${FRONTEND_TAG}'" // 4. Remove old containers sh "${remote} 'docker stop ${backendContainer} || true'" sh "${remote} 'docker rm ${backendContainer} || true'" sh "${remote} 'docker stop ${frontendContainer} || true'" sh "${remote} 'docker rm ${frontendContainer} || true'" // 5. Run backend sh "${remote} 'docker run -d --name ${backendContainer} --network ${network} --restart always -p ${backendPort}:3001 ${REGISTRY_URL}/${REPO_NAME}:${BACKEND_TAG}'" // 6. Run frontend sh "${remote} 'docker run -d --name ${frontendContainer} --network ${network} --restart always -p ${frontendPort}:80 ${REGISTRY_URL}/${REPO_NAME}:${FRONTEND_TAG}'" echo "SUCCESS: Backend at http://${DEPLOY_HOST}:${backendPort}, Frontend at http://${DEPLOY_HOST}:${frontendPort}" } } } } sh "docker build -t ${REGISTRY_URL}/${REPO_NAME}:${BACKEND_TAG} ./backend" sh "docker build -t ${REGISTRY_URL}/${REPO_NAME}:${FRONTEND_TAG} ./frontend" } } } stage('Push to Registry') { steps { // We MUST inject the token here, or the push will fail with "Unauthorized" withCredentials([string(credentialsId: 'do-registry-token', variable: 'DO_TOKEN')]) { script { echo "Logging into Registry..." // 1. Clean previous state sh 'rm -f ~/.docker/config.json' // 2. Login using Token as Password sh 'echo $DO_TOKEN | docker login registry.digitalocean.com -u token --password-stdin' echo "Pushing images..." sh "docker push ${REGISTRY_URL}/${REPO_NAME}:${BACKEND_TAG}" sh "docker push ${REGISTRY_URL}/${REPO_NAME}:${FRONTEND_TAG}" // 3. Logout sh 'docker logout registry.digitalocean.com' } } } } // --- REMOTE DEPLOYMENT (AGENT -> GITEA SERVER) --- stage('Deploy') { steps { script { // Define Ports based on Branch def appPort = "3000" if (env.BRANCH_NAME == 'Dev') { appPort = "3001" } else if (env.BRANCH_NAME == 'Release') { appPort = "3002" } else if (env.BRANCH_NAME == 'main') { appPort = "3003" } def containerName = "backend-${env.BRANCH_NAME}" // Define SSH Command using the specific deploy key we created def remote = "ssh -o StrictHostKeyChecking=no -i ~/.ssh/id_rsa_deploy ${DEPLOY_USER}@${DEPLOY_HOST}" echo "Deploying to ${DEPLOY_HOST} on Port ${appPort}..." // We need the token again to PULL the image on the remote server withCredentials([string(credentialsId: 'do-registry-token', variable: 'DO_TOKEN')]) { // 1. Remote Login sh "${remote} 'echo ${DO_TOKEN} | docker login registry.digitalocean.com -u token --password-stdin'" // 2. Remote Pull sh "${remote} 'docker pull ${REGISTRY_URL}/${REPO_NAME}:${BACKEND_TAG}'" // 3. Remote Restart (Stop -> Remove -> Run) sh "${remote} 'docker stop ${containerName} || true'" sh "${remote} 'docker rm ${containerName} || true'" sh """ ${remote} 'docker run -d \ --name ${containerName} \ --restart always \ -p ${appPort}:3000 \ ${REGISTRY_URL}/${REPO_NAME}:${BACKEND_TAG}' """ echo "SUCCESS: App is live at http://${DEPLOY_HOST}:${appPort}" } } } } } post { always { // Save disk space on the Agent sh 'docker system prune -f' } } }