DevSecOps/DevSecOps-Lab
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
DevSecOps-Lab/JENKINS_SETUP.md

308 lines
8.3 KiB
Markdown
Raw Permalink Blame History

# Jenkins Setup Instructions
## Prerequisites
### 1. Jenkins Installation
- Jenkins server with Docker support
- Required plugins:
- Pipeline Plugin
- Docker Pipeline Plugin
- NodeJS Plugin
- Git Plugin
- Blue Ocean (optional, for better UI)
- Coverage Plugin
- Test Results Analyzer
### 2. Prerequisites on Jenkins Agent
The pipeline now uses a simplified approach that doesn't require specific tool configurations in Jenkins Global Tools. Instead, ensure these tools are available on your Jenkins agent:
#### Required Tools
```bash
# Node.js 18+ (Required)
node --version # Should show v18.x.x or higher
npm --version # Should be available with Node.js
# Docker (Optional - for containerization stages)
docker --version
# Git (Usually pre-installed)
git --version
# Curl (Usually pre-installed)
curl --version
```
#### Installation Commands for Jenkins Agent
```bash
# Install Node.js 18 (Ubuntu/Debian)
curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -
sudo apt-get install -y nodejs
# Install Docker (Ubuntu/Debian)
sudo apt-get update
sudo apt-get install -y docker.io
sudo usermod -aG docker jenkins
sudo systemctl restart jenkins
# Install Trivy for security scanning (Optional)
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
```
### 3. Alternative: Using Jenkins Global Tools (Advanced)
If you prefer to use Jenkins Global Tools Configuration:
#### Node.js Tool Configuration
- Go to **Manage Jenkins > Global Tool Configuration**
- **Name**: `nodejs` (keep it simple)
- **Version**: NodeJS 18.x.x
- **Install automatically**: ✅
Then update the Jenkinsfile to include:
```groovy
tools {
nodejs 'nodejs'
}
```
### 3. Required Software on Jenkins Agent
```bash
# Install Trivy for security scanning
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
# Install Docker Compose
curl -L "https://github.com/docker/compose/releases/download/v2.20.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
```
## Pipeline Features
### ✅ Current Implementation
1. **Multi-stage Pipeline**: Organized stages for better visibility
2. **Parallel Execution**: Dependencies and tests run in parallel
3. **Environment Detection**: Different actions for different branches
4. **Docker Integration**: Build and scan container images
5. **Security Scanning**: Trivy integration for vulnerability scanning
6. **Artifact Management**: Archive build artifacts and reports
7. **Integration Testing**: Health checks and API testing
8. **Branch-based Deployment**: Different environments for different branches
### 🔄 Pipeline Stages
#### 1. **Checkout**
- Clone repository
- Get Git commit information
#### 2. **Environment Info**
- Display tool versions
- Build information
#### 3. **Install Dependencies** (Parallel)
- Backend: `npm ci`
- Frontend: `npm ci`
#### 4. **Code Quality & Security** (Parallel)
- Linting for both frontend and backend
- Security audit with `npm audit`
#### 5. **Test** (Parallel)
- Backend unit tests
- Frontend tests with coverage
#### 6. **Build** (Parallel)
- Build backend (if build script exists)
- Build frontend React application
#### 7. **Docker Build** (Conditional)
- Build Docker images for both services
- Only on main/development/release branches
#### 8. **Docker Security Scan** (Conditional)
- Scan images with Trivy
- Generate security reports
#### 9. **Integration Tests** (Conditional)
- Start services with docker-compose
- Run health checks and API tests
#### 10. **Deployment** (Branch-specific)
- **Development**: Auto-deploy to dev environment
- **Release**: Deploy to staging
- **Main**: Manual approval for production
## Branch Strategy
### 🌿 Development Branch
- Automatic deployment to development environment
- Full testing pipeline
- Security scanning
### 🚀 Release Branch
- Deploy to staging environment
- Full security validation
- Performance testing ready
### 📦 Main Branch
- Production deployment with manual approval
- Complete security validation
- Artifact archival
## Security Features
### 🔒 Implemented Security Checks
1. **Dependency Scanning**: `npm audit` for known vulnerabilities
2. **Container Scanning**: Trivy for Docker image vulnerabilities
3. **Code Quality**: Linting for code standards
4. **Security Reports**: JSON reports archived as artifacts
### 🛡️ Future Security Enhancements
- SAST (Static Application Security Testing)
- DAST (Dynamic Application Security Testing)
- Infrastructure as Code scanning
- Secret scanning
- License compliance checking
## Environment Variables
### Required Environment Variables
```bash
# Docker Registry (update in Jenkinsfile)
REGISTRY=your-docker-registry.com
# Notification settings
SLACK_WEBHOOK=your-slack-webhook
EMAIL_RECIPIENTS=team@company.com
```
## Usage
### 1. Create Pipeline Job
1. Go to Jenkins Dashboard
2. Click "New Item"
3. Choose "Pipeline"
4. Configure SCM to point to your repository
5. Set script path to `Jenkinsfile`
### 2. Configure Webhooks
Add webhook in GitHub repository settings:
- URL: `http://your-jenkins-server/github-webhook/`
- Events: Push, Pull Request
### 3. First Run
- The pipeline will auto-detect the branch
- Development branch triggers full pipeline with dev deployment
- Main branch requires manual approval for production
## Monitoring & Notifications
### 📊 Build Artifacts
- Test results and coverage reports
- Security scan reports
- Built frontend application
- Docker image information
### 📧 Notifications
- Success/failure notifications
- Security alert notifications
- Deployment confirmations
## Troubleshooting
### Common Issues
#### 1. **Tool not found errors**
```
Tool type "nodejs" does not have an install of "NodeJS-18" configured
```
**Solution**:
- Current Jenkinsfile doesn't require tool configuration
- Ensure Node.js is installed on Jenkins agent: `node --version`
- If needed, install with: `curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash - && sudo apt-get install -y nodejs`
#### 2. **Node.js not available**
```
Node.js is not available. Please install Node.js 18+ on the Jenkins agent.
```
**Solution**: Install Node.js on the Jenkins agent machine:
```bash
# Ubuntu/Debian
curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -
sudo apt-get install -y nodejs
# CentOS/RHEL
curl -fsSL https://rpm.nodesource.com/setup_18.x | sudo bash -
sudo yum install -y nodejs
```
#### 2. **Missing FilePath context in post actions**
```
Required context class hudson.FilePath is missing
```
**Solution**: Already fixed in current Jenkinsfile with proper script blocks
#### 3. **Docker permission denied**
```
docker: Got permission denied while trying to connect to the Docker daemon socket
```
**Solution**: Add Jenkins user to docker group:
```bash
sudo usermod -aG docker jenkins
sudo systemctl restart jenkins
```
#### 4. **Trivy not found**
```
trivy: command not found
```
**Solution**: Install Trivy on Jenkins agent:
```bash
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin
```
#### 5. **Port conflicts during integration tests**
```
curl: (7) Failed to connect to localhost port 3001
```
**Solution**: Ensure ports 3000, 3001, 80 are available on Jenkins agent
### Debug Commands
```bash
# Check Jenkins agent tools
which node npm docker trivy
# Verify Docker access
docker ps
# Test repository access
git clone https://github.com/K0ngS3ng/DevSecOpsApp.git
# Check tool configurations in Jenkins
curl -u admin:password http://jenkins-url/manage/configureTools/
```
### Pipeline Configuration Examples
#### Minimal Configuration (No Docker)
If Docker is not available, the pipeline will gracefully skip Docker-related stages:
```groovy
// Pipeline will automatically skip Docker stages if tools are not available
// Error handling is built-in for all Docker operations
```
#### Custom Tool Names
If you have different tool names configured:
```groovy
tools {
nodejs 'Node18' // Your custom NodeJS name
dockerTool 'MyDocker' // Your custom Docker name
}
```
## Next Steps
1. Configure actual deployment environments
2. Add more comprehensive tests
3. Integrate with monitoring tools
4. Set up notification channels
5. Add performance testing stages
Reference in New Issue View Git Blame Copy Permalink