forked from ronhadad22/ImageProcessingService
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathREADME
More file actions
215 lines (180 loc) · 7.49 KB
/
README
File metadata and controls
215 lines (180 loc) · 7.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
#This Jenkins pipeline automates the process of building, testing, and deploying the Polybot application.
#It uses Docker for containerization, integrates with Snyk for security scanning, and pushes images to both
#Docker Hub and a Nexus repository.
#Pipeline Stages
#Build Docker Image: Builds the Docker image for the Polybot application.
#Push Docker Image: Tags and pushes the Docker image to Docker Hub.
#Deploy to Dev: Deploys the Polybot application to the development environment using Docker Compose.
#Test: Runs linting and other tests inside the Docker container.
#Verify Docker Image: Verifies the Docker image by listing its details.
#Snyk Scan: Performs a security scan on the Docker image using Snyk.
#Unit Test: Runs unit tests on the Polybot application.
#Push to Nexus: Pushes the Docker image to a Nexus repository.
#Run External Script: Clones a repository and runs a Python script (my.py) from it.
#Setup Instructions:
#Jenkins installed and configured.
#Docker installed on the Jenkins agent.
#Credentials for Docker Hub and Nexus stored in Jenkins.
#Snyk account and API token stored in Jenkins.
#Global Libraries: Configure the osher-s-shared-lib shared library in Jenkins.
#Parameters:
#Use the IMAGE_TAG parameter to specify the Docker image
#Triggering the Pipeline:
#The pipeline can be triggered manually or set to run automatically on code push to git.
#git repo:https://github.com/eldiabloj/ImageProcessingService.git
#git repo:https://github.com/eldiabloj/osher-s-shared-lib.git
```groovy
pipeline {
agent {
docker {
image "eldiabloj/dockerfile_agent:latest"
args "--user root -v /var/run/docker.sock:/var/run/docker.sock"
}
}
environment {
IMG_NAME = "polybot:${BUILD_NUMBER}"
DOCKER_REGISTRY = "eldiabloj/polybot"
SNYK_TOKEN = credentials("SNYK_TOKEN")
}
parameters {
string(name: 'IMAGE_TAG', defaultValue: '', description: 'eldiabloj/polybot:latest')
}
stages {
stage('Build Docker Image') {
steps {
withCredentials([usernamePassword(credentialsId: 'docker-jenkinse', usernameVariable: 'USERNAME', passwordVariable: 'USERPASS')]) {
script {
try {
dir('app') {
sh "docker login -u ${USERNAME} -p ${USERPASS}"
sh "docker build -t ${IMG_NAME} ."
}
} catch (Exception e) {
echo "Docker build failed: ${e.message}"
error "Build failed: ${e.message}"
}
}
}
}
}
stage('Push Docker Image') {
steps {
script {
sh "docker tag ${IMG_NAME} ${DOCKER_REGISTRY}:${BUILD_NUMBER}"
sh "docker push ${DOCKER_REGISTRY}:${BUILD_NUMBER}"
}
}
}
stage('Deploy polybot to dev') {
steps {
script {
//There should be environment variables here, but because there is no cluster or VM to send them it is only an echo command
echo 'docker-compose -f docker-compose.yaml -f docker-compose.prod.yaml up -d'
echo 'docker-compose -f docker-compose.yaml up -d'
}
}
}
stage('Test') {
steps {
script {
docker.image("${DOCKER_REGISTRY}:${BUILD_NUMBER}").inside("-w /app") {
sh '''
python3 -m venv venv
. venv/bin/activate
pip install -r app/requirements.txt
pylint --disable=C0301,C0114,E1101,C0116,C0103,W0718,E0401,W0613,R1722,W0612,R0912,C0304,C0115,R1705,E1136 app/polybot/*.py
deactivate
'''
}
}
}
}
stage('Verify Docker Image') {
steps {
script {
sh "docker images ${IMG_NAME}"
}
}
}
stage('Snyk Scan') {
steps {
script {
withCredentials([
string(credentialsId: 'SNYK_TOKEN', variable: 'SNYK_TOKEN')
]) {
sh "snyk auth ${SNYK_TOKEN}"
echo "snyk container test ${IMG_NAME} --policy-path=.snyk"
}
}
}
}
stage('Unit Test') {
steps {
script {
echo "Starting Unit Tests"
docker.image("${DOCKER_REGISTRY}:${BUILD_NUMBER}").inside {
sh '''
echo "Current directory:"
pwd
python3 -m venv venv
. venv/bin/activate
pip install --upgrade pip
pip install -r app/requirements.txt
pip install pytest-xdist pytest-timeout
# Run pytest with verbosity and timeout for each test
python3 -m pytest -n 4 --timeout=60 --junitxml results.xml app/test/*.py
deactivate
'''
}
echo "Unit Tests completed"
}
}
}
stage('Push to Nexus') {
steps {
withCredentials([usernamePassword(credentialsId: 'nexus-jenkins', usernameVariable: 'NEXUS_USERNAME', passwordVariable: 'NEXUS_PASSWORD')]) {
script {
sh "docker login -u ${NEXUS_USERNAME} -p ${NEXUS_PASSWORD} http://localhost:8001/repository/polybot/"
sh "docker tag ${IMG_NAME} localhost:8001/repository/polybot/${IMG_NAME}"
sh "docker push localhost:8001/repository/polybot/${IMG_NAME}"
}
}
}
}
stage('Run from another repository/functions') {
steps {
script {
sh '''
# Clone the repository containing my.py
git clone https://github.com/eldiabloj/osher-s-shared-lib.git
# Change directory to the cloned repository
cd osher-s-shared-lib
# Run the my.py script
python3 my.py
'''
}
}
}
}
post {
always {
script {
def DOCKER_REGISTRY = env.DOCKER_REGISTRY
def containerId = sh(script: "docker ps -q -f ancestor=${DOCKER_REGISTRY}:${BUILD_NUMBER}", returnStdout: true).trim()
sh """
for id in \$(docker ps -a -q -f ancestor=${DOCKER_REGISTRY}:${BUILD_NUMBER}); do
if [ "\$id" != "${containerId}" ]; then
docker rm -f \$id || true
fi
done
"""
}
script {
sh """
docker images --format '{{.Repository}}:{{.Tag}} {{.ID}}' | grep '${DOCKER_REGISTRY}' | grep -v ':latest' | grep -v ':${BUILD_NUMBER}' | awk '{print \$2}' | xargs --no-run-if-empty docker rmi -f || true
"""
}
cleanWs()
}
}
}