jeffemmett
/
postiz
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
postiz/Jenkins/Build.Jenkinsfile

116 lines
5.6 KiB
Plaintext
Raw Blame History

// Declarative Pipeline for building Node.js application and running SonarQube analysis triggered by a push event.
pipeline {
// Defines the execution environment. Using 'agent any' to ensure an agent is available.
agent any
stages {
// Stage 1: Checkout the code with full history (fetch-depth: 0)
stage('Source Checkout') {
steps {
// Since 'git' is confirmed to be installed on agent2 (per log 'git version 2.43.0'),
// we remove the apt-get installation command which was failing due to a lock.
// STEP: Perform the deep clone checkout using the existing Git executable.
// NOTE: Replace 'YOUR_GIT_CREDENTIALS_ID' with the actual Jenkins credential ID
// that has access to your repository.
checkout([
$class: 'GitSCM',
branches: [[name: 'HEAD']],
extensions: [
[$class: 'WipeWorkspace'],
[$class: 'CleanBeforeCheckout'],
[$class: 'CloneOption', depth: 0, noTags: false, reference: '', shallow: false]
],
userRemoteConfigs: [
[url: env.GIT_URL ?: ''] // Replace env.GIT_URL if needed
]
])
}
}
// Stage 2: Setup Node.js v20 and install pnpm
stage('Setup Environment') {
steps {
sh '''
ATTEMPTS=0
MAX_ATTEMPTS=5
# Function to robustly run apt commands with retries in case of lock conflict
install_with_retry() {
CMD=\$1
ATTEMPTS=0
while [ \$ATTEMPTS -lt \$MAX_ATTEMPTS ]; do
if sudo apt-get update && \$CMD; then
return 0 # Success
else
ATTEMPTS=\$((ATTEMPTS + 1))
if [ \$ATTEMPTS -lt \$MAX_ATTEMPTS ]; then
echo "Apt lock detected or command failed. Retrying in 5 seconds (Attempt \$ATTEMPTS of \$MAX_ATTEMPTS)..."
sleep 5
fi
fi
done
echo "Failed to execute apt command after \$MAX_ATTEMPTS attempts."
return 1 # Failure
}
# 1. Install curl (required for NodeSource script)
install_with_retry "sudo apt-get install -y curl" || exit 1
# 2. Install Node.js v20 (closest matching the specified version '20.17.0')
# This step uses curl (installed above) and needs its own apt-get execution.
curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
install_with_retry "sudo apt-get install -y nodejs" || exit 1
echo "Node.js version: \$(node -v)"
# 3. Install pnpm globally (version 8)
npm install -g pnpm@8
echo "pnpm version: \$(pnpm -v)"
'''
}
}
// Stage 3: Install dependencies and build the application
stage('Install and Build') {
steps {
sh 'pnpm install'
sh 'pnpm run build'
}
}
// Stage 4: Retrieve secrets from Vault and run SonarQube analysis
stage('SonarQube Analysis') {
steps {
script {
// 1. Get the short 8-character commit SHA for project versioning
def commitShaShort = sh(returnStdout: true, script: 'git rev-parse --short=8 HEAD').trim()
echo "Commit SHA (short) is: ${commitShaShort}"
// 2. Retrieve secrets from HashiCorp Vault using the dedicated plugin binding.
withCredentials([
// Requires the Jenkins HashiCorp Vault Plugin
[$class: 'VaultSecretCredentialsBinding',
vaultSecrets: [
// Map key 'SONAR_TOKEN' from Vault path 'postiz/data/ci/sonar' to Jenkins environment variable 'SONAR_TOKEN'
[$class: 'VaultSecret', secretPath: 'postiz/data/ci/sonar', secretKey: 'SONAR_TOKEN', envVar: 'SONAR_TOKEN'],
// Map key 'SONAR_HOST_URL' from Vault path 'postiz/data/ci/sonar', to Jenkins environment variable 'SONAR_HOST_URL']
[$class: 'VaultSecret', secretPath: 'postiz/data/ci/sonar', secretKey: 'SONAR_HOST_URL', envVar: 'SONAR_HOST_URL']
]]
]) {
// 3. Execute sonar-scanner CLI
sh """
echo "Starting SonarQube Analysis for project version: ${commitShaShort}"
sonar-scanner \\
-Dsonar.projectVersion=${commitShaShort} \\
-Dsonar.token=\${SONAR_TOKEN} \\
-Dsonar.host.url=\${SONAR_HOST_URL}
# Add other analysis properties here if needed (e.g., -Dsonar.projectKey=...)
"""
}
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink