Refactor Jenkins pipeline to streamline Node.js setup and enhance SonarQube analysis stage
This commit is contained in:
Enno Gelhaus
parent
b2f5fb17d4
commit
c124aa648b
|
|
@ -4,44 +4,28 @@ pipeline {
|
||||||
agent any
|
agent any
|
||||||
|
|
||||||
stages {
|
stages {
|
||||||
|
// Stage 1: Checkout the code (Relies on the initial SCM checkout done by Jenkins)
|
||||||
|
stage('Source Checkout') {
|
||||||
|
steps {
|
||||||
|
echo "Workspace already populated by the initial SCM checkout. Proceeding."
|
||||||
|
// No explicit checkout needed, as the initial checkout is successful.
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Stage 2: Setup Node.js v20 and install pnpm
|
// Stage 2: Setup Node.js v20 and install pnpm
|
||||||
stage('Setup Environment') {
|
stage('Setup Environment') {
|
||||||
steps {
|
steps {
|
||||||
|
// Simplified environment setup based on previous successful execution.
|
||||||
sh '''
|
sh '''
|
||||||
ATTEMPTS=0
|
# 1. Install Node.js v20 (closest matching the specified version '20.17.0')
|
||||||
MAX_ATTEMPTS=5
|
# We assume 'curl' is available and installation proceeds without lock conflicts now.
|
||||||
|
echo "Setting up Node.js v20..."
|
||||||
# Function to robustly run apt commands with retries in case of lock conflict
|
|
||||||
install_with_retry() {
|
|
||||||
CMD=\$1
|
|
||||||
ATTEMPTS=0
|
|
||||||
while [ \$ATTEMPTS -lt \$MAX_ATTEMPTS ]; do
|
|
||||||
# Run update first, then the command
|
|
||||||
if sudo apt-get update && \$CMD; then
|
|
||||||
return 0 # Success
|
|
||||||
else
|
|
||||||
ATTEMPTS=\$((ATTEMPTS + 1))
|
|
||||||
if [ \$ATTEMPTS -lt \$MAX_ATTEMPTS ]; then
|
|
||||||
echo "Apt lock detected or command failed. Retrying in 5 seconds (Attempt \$ATTEMPTS of \$MAX_ATTEMPTS)..."
|
|
||||||
sleep 5
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
echo "Failed to execute apt command after \$MAX_ATTEMPTS attempts."
|
|
||||||
return 1 # Failure
|
|
||||||
}
|
|
||||||
|
|
||||||
# 1. Install curl (required for NodeSource script)
|
|
||||||
install_with_retry "sudo apt-get install -y curl" || exit 1
|
|
||||||
|
|
||||||
# 2. Install Node.js v20 (closest matching the specified version '20.17.0')
|
|
||||||
# This step uses curl (installed above) and needs its own apt-get execution.
|
|
||||||
curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
|
curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
|
||||||
install_with_retry "sudo apt-get install -y nodejs" || exit 1
|
sudo apt-get install -y nodejs
|
||||||
|
|
||||||
echo "Node.js version: \$(node -v)"
|
echo "Node.js version: \$(node -v)"
|
||||||
|
|
||||||
# 3. Install pnpm globally (version 8)
|
# 2. Install pnpm globally (version 8)
|
||||||
npm install -g pnpm@8
|
npm install -g pnpm@8
|
||||||
echo "pnpm version: \$(pnpm -v)"
|
echo "pnpm version: \$(pnpm -v)"
|
||||||
'''
|
'''
|
||||||
|
|
@ -56,7 +40,7 @@ pipeline {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Stage 4: Retrieve secrets from Vault and run SonarQube analysis
|
// Stage 4: Run SonarQube analysis using the Jenkins plugin's environment.
|
||||||
stage('SonarQube Analysis') {
|
stage('SonarQube Analysis') {
|
||||||
steps {
|
steps {
|
||||||
script {
|
script {
|
||||||
|
|
@ -64,25 +48,19 @@ pipeline {
|
||||||
def commitShaShort = sh(returnStdout: true, script: 'git rev-parse --short=8 HEAD').trim()
|
def commitShaShort = sh(returnStdout: true, script: 'git rev-parse --short=8 HEAD').trim()
|
||||||
echo "Commit SHA (short) is: ${commitShaShort}"
|
echo "Commit SHA (short) is: ${commitShaShort}"
|
||||||
|
|
||||||
// 2. Retrieve secrets from HashiCorp Vault using the dedicated plugin binding.
|
// 2. Use withSonarQubeEnv to set up the environment and PATH for sonar-scanner.
|
||||||
withCredentials([
|
// IMPORTANT: Replace 'YourSonarServerName' with the name you configured
|
||||||
// Requires the Jenkins HashiCorp Vault Plugin
|
// for your SonarQube server instance in Jenkins (Manage Jenkins -> Configure System).
|
||||||
[$class: 'VaultSecretCredentialsBinding',
|
withSonarQubeEnv(installationName: 'YourSonarServerName') {
|
||||||
vaultSecrets: [
|
|
||||||
// Map key 'SONAR_TOKEN' from Vault path 'postiz/data/ci/sonar' to Jenkins environment variable 'SONAR_TOKEN'
|
|
||||||
[$class: 'VaultSecret', secretPath: 'postiz/data/ci/sonar', secretKey: 'SONAR_TOKEN', envVar: 'SONAR_TOKEN'],
|
|
||||||
// Map key 'SONAR_HOST_URL' from Vault path 'postiz/data/ci/sonar', to Jenkins environment variable 'SONAR_HOST_URL']
|
|
||||||
[$class: 'VaultSecret', secretPath: 'postiz/data/ci/sonar', secretKey: 'SONAR_HOST_URL', envVar: 'SONAR_HOST_URL']
|
|
||||||
]]
|
|
||||||
]) {
|
|
||||||
// 3. Execute sonar-scanner CLI
|
// 3. Execute sonar-scanner CLI
|
||||||
sh """
|
sh """
|
||||||
echo "Starting SonarQube Analysis for project version: ${commitShaShort}"
|
echo "Starting SonarQube Analysis for project version: ${commitShaShort}"
|
||||||
sonar-scanner \\
|
sonar-scanner \\
|
||||||
-Dsonar.projectVersion=${commitShaShort} \\
|
-Dsonar.projectVersion=${commitShaShort} \\
|
||||||
-Dsonar.token=\${SONAR_TOKEN} \\
|
-Dsonar.sources=. \\
|
||||||
-Dsonar.host.url=\${SONAR_HOST_URL}
|
-Dsonar.host.url=\${SONAR_HOST_URL} \\
|
||||||
# Add other analysis properties here if needed (e.g., -Dsonar.projectKey=...)
|
-Dsonar.token=\${SONAR_TOKEN}
|
||||||
|
# Add -Dsonar.projectKey=YourKeyHere if not defined in sonar-project.properties
|
||||||
"""
|
"""
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue