Skip to content

Instantly share code, notes, and snippets.

@Sainikhil-ICM

Sainikhil-ICM/gist:44684a2248245982dcb05998d714f9b5

Created February 6, 2025 13:01
Show Gist options
  • Save Sainikhil-ICM/44684a2248245982dcb05998d714f9b5 to your computer and use it in GitHub Desktop.
Save Sainikhil-ICM/44684a2248245982dcb05998d714f9b5 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
pipeline {
agent any
tools {
nodejs 'nodejs'
}
options {
timeout(time: 1, unit: 'HOURS')
buildDiscarder(logRotator(numToKeepStr: '5'))
disableConcurrentBuilds()
}
environment {
AWS_DEFAULT_REGION = 'ap-south-1'
AWS_ACCOUNT_ID = '557690592390'
ECR_REGISTRY = "${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com"
IMAGE_NAME = 'api-icm-services'
REPOSITORY_URI = "${ECR_REGISTRY}/${IMAGE_NAME}"
GIT_REPO_URL = 'https://github.com/Sainikhil-ICM/api.icm.services'
GIT_BRANCH = 'test'
GIT_CREDENTIALS_ID = 'Git-Hub-Nikhil'
K8S_MANIFEST_REPO = 'https://github.com/api.icm.services/k8s.git'
K8S_MANIFEST_BRANCH = 'test'
}
stages {
stage('Initialize') {
steps {
cleanWs()
script {
checkoutCode()
}
}
}
stage('Cleanup Docker Images') {
steps {
script {
sh """docker rmi \$(docker images -q) -f || true"""
}
}
}
stage('Environment Setup') {
steps {
script {
loadEnvironmentFile()
}
}
}
stage('Build, Push & Security Scan') {
matrix {
axes {
axis {
name 'APP_NAME'
values 'analytics', 'uploads', 'customers', 'payments', 'products'
}
}
stages {
stage('Build and Push Docker Image') {
steps {
script {
env.IMAGE_TAG = "${APP_NAME}-${BUILD_NUMBER}"
buildDockerImage(APP_NAME)
pushToECR(APP_NAME)
}
}
}
stage('Security Scan') {
steps {
script {
runTrivyScan(APP_NAME)
}
}
}
stage('Update Kubernetes Manifests') {
steps {
script {
updateK8sManifests(APP_NAME)
}
}
}
}
}
}
}
post {
always {
script {
cleanupAndArchive()
}
}
failure {
script {
echo 'Pipeline failed. Check logs for details.'
}
}
}
}
// Helper functions
def checkoutCode() {
checkout([
$class: 'GitSCM',
branches: [[name: env.GIT_BRANCH]],
userRemoteConfigs: [[
url: env.GIT_REPO_URL,
credentialsId: env.GIT_CREDENTIALS_ID
]],
extensions: [
[$class: 'CleanBeforeCheckout'],
[$class: 'CleanCheckout']
]
])
}
def loadEnvironmentFile() {
withCredentials([file(credentialsId: 'env_uploads', variable: 'mySecretEnvFile')]) {
sh 'cp $mySecretEnvFile .env'
}
}
def buildDockerImage(String appName) {
dir("apps/${appName}") {
sh """
docker build -t ${env.IMAGE_NAME}-${appName}:latest .
"""
}
}
def pushToECR(String appName) {
withCredentials([[$class: 'AmazonWebServicesCredentialsBinding', credentialsId: 'aws-cred']]) {
sh """
aws ecr get-login-password --region ${env.AWS_DEFAULT_REGION} | \
docker login --username AWS --password-stdin ${env.REPOSITORY_URI}
docker tag ${env.IMAGE_NAME}-${appName}:latest ${env.REPOSITORY_URI}:${appName}-${env.IMAGE_TAG}
docker push ${env.REPOSITORY_URI}:${appName}-${env.IMAGE_TAG}
"""
}
}
def updateK8sManifests(String appName) {
withCredentials([usernamePassword(credentialsId: env.GIT_CREDENTIALS_ID, usernameVariable: 'GIT_USERNAME', passwordVariable: 'GIT_PASSWORD')]) {
sh """
rm -rf k8s-manifests
git clone -b ${env.K8S_MANIFEST_BRANCH} https://${GIT_USERNAME}:${GIT_PASSWORD}@github.com/api.icm.services/k8s.git k8s-manifests
cd k8s-manifests
git config user.email 'guru.pothuraju@incredmoney.com'
git config user.name 'Sainikhil-ICM'
sed -i 's|tag: .*|tag: "${env.IMAGE_TAG}"|g' k8s/${appName}/values.yaml
git add k8s/${appName}/values.yaml
if git diff --cached --quiet; then
echo "No changes detected in the manifests."
else
git commit -m "Update image tag for ${appName} to ${env.IMAGE_TAG}"
git push origin ${env.K8S_MANIFEST_BRANCH}
fi
"""
}
}
def runTrivyScan(String appName) {
retry(3) {
sh """
trivy image ${env.REPOSITORY_URI}:${appName}-${env.IMAGE_TAG} > trivy_${appName}_ecr_scan_report.txt
"""
}
}
def cleanupAndArchive() {
archiveArtifacts artifacts: '**/trivy_*_ecr_scan_report.txt', allowEmptyArchive: true
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment