93 lines
4.5 KiB
Plaintext
93 lines
4.5 KiB
Plaintext
// Declarative Pipeline for building Node.js application and running SonarQube analysis triggered by a push event.
|
|
pipeline {
|
|
// Defines the execution environment. Using 'agent any' to ensure an agent is available.
|
|
agent any
|
|
|
|
stages {
|
|
// Stage 2: Setup Node.js v20 and install pnpm
|
|
stage('Setup Environment') {
|
|
steps {
|
|
sh '''
|
|
ATTEMPTS=0
|
|
MAX_ATTEMPTS=5
|
|
|
|
# Function to robustly run apt commands with retries in case of lock conflict
|
|
install_with_retry() {
|
|
CMD=\$1
|
|
ATTEMPTS=0
|
|
while [ \$ATTEMPTS -lt \$MAX_ATTEMPTS ]; do
|
|
# Run update first, then the command
|
|
if sudo apt-get update && \$CMD; then
|
|
return 0 # Success
|
|
else
|
|
ATTEMPTS=\$((ATTEMPTS + 1))
|
|
if [ \$ATTEMPTS -lt \$MAX_ATTEMPTS ]; then
|
|
echo "Apt lock detected or command failed. Retrying in 5 seconds (Attempt \$ATTEMPTS of \$MAX_ATTEMPTS)..."
|
|
sleep 5
|
|
fi
|
|
fi
|
|
done
|
|
echo "Failed to execute apt command after \$MAX_ATTEMPTS attempts."
|
|
return 1 # Failure
|
|
}
|
|
|
|
# 1. Install curl (required for NodeSource script)
|
|
install_with_retry "sudo apt-get install -y curl" || exit 1
|
|
|
|
# 2. Install Node.js v20 (closest matching the specified version '20.17.0')
|
|
# This step uses curl (installed above) and needs its own apt-get execution.
|
|
curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
|
|
install_with_retry "sudo apt-get install -y nodejs" || exit 1
|
|
|
|
echo "Node.js version: \$(node -v)"
|
|
|
|
# 3. Install pnpm globally (version 8)
|
|
npm install -g pnpm@8
|
|
echo "pnpm version: \$(pnpm -v)"
|
|
'''
|
|
}
|
|
}
|
|
|
|
// Stage 3: Install dependencies and build the application
|
|
stage('Install and Build') {
|
|
steps {
|
|
sh 'pnpm install'
|
|
sh 'pnpm run build'
|
|
}
|
|
}
|
|
|
|
// Stage 4: Retrieve secrets from Vault and run SonarQube analysis
|
|
stage('SonarQube Analysis') {
|
|
steps {
|
|
script {
|
|
// 1. Get the short 8-character commit SHA for project versioning
|
|
def commitShaShort = sh(returnStdout: true, script: 'git rev-parse --short=8 HEAD').trim()
|
|
echo "Commit SHA (short) is: ${commitShaShort}"
|
|
|
|
// 2. Retrieve secrets from HashiCorp Vault using the dedicated plugin binding.
|
|
withCredentials([
|
|
// Requires the Jenkins HashiCorp Vault Plugin
|
|
[$class: 'VaultSecretCredentialsBinding',
|
|
vaultSecrets: [
|
|
// Map key 'SONAR_TOKEN' from Vault path 'postiz/data/ci/sonar' to Jenkins environment variable 'SONAR_TOKEN'
|
|
[$class: 'VaultSecret', secretPath: 'postiz/data/ci/sonar', secretKey: 'SONAR_TOKEN', envVar: 'SONAR_TOKEN'],
|
|
// Map key 'SONAR_HOST_URL' from Vault path 'postiz/data/ci/sonar', to Jenkins environment variable 'SONAR_HOST_URL']
|
|
[$class: 'VaultSecret', secretPath: 'postiz/data/ci/sonar', secretKey: 'SONAR_HOST_URL', envVar: 'SONAR_HOST_URL']
|
|
]]
|
|
]) {
|
|
// 3. Execute sonar-scanner CLI
|
|
sh """
|
|
echo "Starting SonarQube Analysis for project version: ${commitShaShort}"
|
|
sonar-scanner \\
|
|
-Dsonar.projectVersion=${commitShaShort} \\
|
|
-Dsonar.token=\${SONAR_TOKEN} \\
|
|
-Dsonar.host.url=\${SONAR_HOST_URL}
|
|
# Add other analysis properties here if needed (e.g., -Dsonar.projectKey=...)
|
|
"""
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|