This repository has been archived by the owner on Jul 15, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
JenkinsFile
157 lines (147 loc) · 6.68 KB
/
JenkinsFile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
#!/usr/bin/groovy
node {
def appName = "bf-swagger"
def root = pwd()
def mvn = tool 'M3'
def nodejs = tool 'NodeJS_6'
def zapHome = tool 'ZAProxy_v2_5_0'
def appVersion = '' // Fill during Setup stage
def fullAppName = '' // Fill during Setup stage
stage("Config") {
// clone the configuration repository and copy the current configuration
def configDir = "${root}/configuration"
def configFile = "${root}/config.json"
dir(configDir) {
git url: "${env.CONFIGURATION_URL}", credentialsId: "${env.CONFIGURATION_CREDS}"
sh "mv ${configDir}/${ENVIRONMENT}-config.json ${configFile}"
deleteDir()
}
// read the current configuration
def configJson = readJSON file: "${configFile}"
for (param in configJson.credparams + configJson.jobparams) {
env."${param.name}" = (param.type == "booleanParam") ? "${param.defaultvalue}".toBoolean() : "${param.defaultvalue}"
}
}
def printLogsFailsafe = {String logAppName ->
try {
echo "Printing recent logs for ${logAppName}"
sh "cf logs --recent ${logAppName}"
} catch (Exception e) {
echo "Printing logs failed: ${e}"
}
}
def deployPhase = { String pcfSpace, String pcfDomain, String deployAppName ->
if(!fileExists('.cf')) {
sh "mkdir -p .cf"
}
withEnv(['CF_HOME=.cf']) {
withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: "${env.PCF_CREDS}", usernameVariable: 'CFUSER', passwordVariable: 'CFPASS']]) {
sh "cf api ${env.PCF_API_ENDPOINT}"
sh "cf auth ${CFUSER} ${CFPASS}"
sh "cf target -o ${env.PCF_ORG} -s ${pcfSpace}"
sh "cf push ${deployAppName} -f manifest.jenkins.yml --hostname ${appName} -d ${pcfDomain} --no-start --no-route"
sh "cf set-env ${deployAppName} SPACE ${pcfSpace}"
sh "cf set-env ${deployAppName} DOMAIN ${pcfDomain}"
try {
sh "cf start ${deployAppName}"
} catch (Exception e) {
printLogsFailsafe deployAppName
sh "cf delete ${deployAppName} -f"
error("Error during application start. Deleting ${deployAppName} and failing the build.")
}
}
}
if(!env.SKIP_SCANS.toBoolean()) {
withCredentials([[$class: 'StringBinding', credentialsId: "${env.THREADFIX_API_KEY}", variable: 'THREADFIX_KEY']]) {
sh "mkdir -p ${root}/zap-out"
sh """${zapHome}/zap.sh -cmd \
-quickout ${root}/zap-out/zap.xml \
-quickurl https://${appName}.${pcfSpace} \
"""
sh "cat ${root}/zap-out/zap.xml"
sh "/bin/curl -v --insecure -H 'Accept: application/json' -X POST --form file=@${root}/zap-out/zap.xml ${env.THREADFIX_URL}/rest/latest/applications/${THREADFIX_ID}/upload?apiKey=${THREADFIX_KEY}"
}
}
withEnv(['CF_HOME=.cf']) {
withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: "${env.PCF_CREDS}", usernameVariable: 'CFUSER', passwordVariable: 'CFPASS']]) {
sh "cf api ${env.PCF_API_ENDPOINT}"
sh "cf auth ${CFUSER} ${CFPASS}"
sh "cf target -o ${env.PCF_ORG} -s ${pcfSpace}"
def legacyAppNames = sh(script: "cf routes | grep \"${appName}\" | awk '{print \$4}'", returnStdout: true)
sh "cf map-route ${deployAppName} ${pcfDomain} --hostname ${appName}"
// Remove Legacy applications
for (Object legacyApp : legacyAppNames.trim().tokenize(',')) {
def legacyAppName = legacyApp.toString().trim()
if (legacyAppName != deployAppName) {
sh "cf unmap-route ${legacyAppName} ${pcfDomain} --hostname ${appName}"
sh "cf delete -f ${legacyAppName}"
}
}
}
}
}
stage('Setup') {
deleteDir()
if(env.USE_GIT_CREDS.toBoolean()) {
git url: "${env.GIT_URL}", branch: "${env.GIT_BRANCH}", credentialsId: "${env.GITLAB_CREDS}"
} else {
git url: "${env.GIT_URL}", branch: "${env.GIT_BRANCH}"
}
appVersion = sh(script: """git describe --long --tags --always | sed 's/\\./-/'g""", returnStdout: true)
appVersion = appVersion.trim()
fullAppName = "${appName}-${appVersion}"
}
stage('Archive') {
// Build
sh "tar cvvfz ${appName}.tar.gz -C ${root} static manifest.jenkins.yml Staticfile"
// Check if exists already
def getDependencyStatus = sh(script: """mvn -X --settings ~/.m2/settings.xml dependency:get \
-Dmaven.repo.local="${root}/.m2/repository" \
-DrepositoryId=nexus \
-DartifactId=${appName} \
-Dversion=${appVersion} \
-DgroupId="org.venice.beachfront" \
-Dpackaging=tar.gz \
-DremoteRepositories="nexus::default::${env.ARTIFACT_STORAGE_DEPLOY_URL}" \
""", returnStatus: true)
echo "dependency status = ${getDependencyStatus}"
if (getDependencyStatus == 0) {
echo "Artifact version ${appVersion} exists in Nexus, nothing to do"
} else {
sh """mvn -X --settings ~/.m2/settings.xml deploy:deploy-file -Dfile=${root}/${appName}.tar.gz \
-DrepositoryId=nexus \
-Durl="${env.ARTIFACT_STORAGE_DEPLOY_URL}" \
-DgroupId="org.venice.beachfront" \
-DgeneratePom=false \
-Dpackaging=tar.gz \
-Dmaven.repo.local="${root}/.m2/repository" \
-DartifactId=${appName} \
-Dversion=${appVersion}
"""
}
}
if(!env.SKIP_SCANS.toBoolean()) {
stage('Scans') {
withCredentials([[$class: "StringBinding", credentialsId: "${env.THREADFIX_API_KEY}", variable: "THREADFIX_KEY"]]) {
// Dependency Checker
def depHome = tool 'owasp_dependency_check'
withEnv(["PATH+=${depHome}/bin"]) {
sh 'dependency-check.sh --project "bf-swagger" --scan "." --format "XML" --enableExperimental --disableBundleAudit'
sh "/bin/curl -v --insecure -H 'Accept: application/json' -X POST --form [email protected] ${env.THREADFIX_URL}/rest/latest/applications/${env.THREADFIX_ID}/upload?apiKey=${THREADFIX_KEY}"
}
// Fortify
sh "/opt/hp_fortify_sca/bin/sourceanalyzer -b ${env.BUILD_NUMBER} '**/*.js' -exclude 'test/*.js' -exclude package.json -exclude 'lib/*.js' -exclude 'lib/*.js'"
sh "/opt/hp_fortify_sca/bin/sourceanalyzer -b ${env.BUILD_NUMBER} -scan -Xmx8G -f fortifyResults-${env.BUILD_NUMBER}.fpr"
sh "/bin/curl -v --insecure -H 'Accept: application/json' -X POST --form file=@fortifyResults-${env.BUILD_NUMBER}.fpr ${env.THREADFIX_URL}/rest/latest/applications/${env.THREADFIX_ID}/upload?apiKey=${THREADFIX_KEY}"
}
}
}
stage ('Phase One Deploy') {
deployPhase(env.PHASE_ONE_PCF_SPACE, env.PHASE_ONE_PCF_DOMAIN, fullAppName)
}
if(env.DEPLOY_PHASE_TWO.toBoolean()) {
stage ('Phase Two Deploy') {
deployPhase(env.PHASE_TWO_PCF_SPACE, env.PHASE_TWO_PCF_DOMAIN, fullAppName)
}
}
}