-
Notifications
You must be signed in to change notification settings - Fork 0
/
Jenkinsfile
executable file
·167 lines (148 loc) · 5.56 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
pipeline{
agent {
kubernetes {
inheritFrom 'maven-and-kubectl'
}
}
parameters{
booleanParam(name: 'imagePush', defaultValue: 'true', description: 'Push image to Harbor')
}
/**
*tools{
* maven 'maven-3.9.2'
*}
*/
/**
*在进行测试的时候,需要允许本都gitlab触发(管理员账账号: settig--Network--Outbound requests(Allow requests to the local network from webhooks and integrations))
*同时需要在gitlab 对应的项目之上设置webhook,来对接到jenkins的具体的job
*example : URL http://jenkins.wukui.com:8080/project/pipeline-job-01
*Secret token wukui123456
*若要实现addVoteOnMergeRequest: true 则需要生成一个gitlab api的访问令牌glpat-h1MXz5TarxPzoegM-Qx7,然后在jenkins上配置一个类型为secret text类型的凭据 \
* 然后在系统配置中进行相关设置
*/
triggers{ //具体配置参见插件官方文档
gitlab(
triggerOnPush: true,
triggerOnMergeRequest: true,
branchFilterType: 'All',
addVoteOnMergeRequest: true,
secretToken: 'wukui123456'
)
}
environment{
CodeRepo="http://gitlab.wukui.com/devops/spring-boot-helloWorld.git"
HarborServer='ks.harbor.com'
RegistryUrl="http://ks.harbor.com"
RegistryCredential='credential-to-harbor_push_image'
ProjectName='spring-boot-helloworld'
ImageUrl="${HarborServer}/kubernetes/${ProjectName}"
ImageTag="${BUILD_ID}"
}
stages{
stage('Source'){
steps{
git branch: 'main', credentialsId: 'gitlab-user-jerry-credential', url: "${CodeRepo}"
}
}
stage('Build'){
steps{
container('maven'){
sh 'mvn -B -DskipTests clean package'
}
}
}
stage('Test'){
steps{
container('maven'){
sh 'mvn test'
}
}
}
/**
*代码质量评估:
*安装sonarqube server,jenkins上安装SonarQube Scanner for Jenkins插件
*SonarQube Server配置用户,并生成一个token,然后在jenkins上添加认证到sonar的credential(secret text)
*jenkins的系统配置上添加sonar server的相关信息(SonarQube-Server)
*配置Jenkins的全局工具sonar-scanner(SonarQube-Scanner-4.8)
*配置sonar回调jenkins的webhook
*/
stage("SonarQube Analysis") {
steps {
container('maven'){
withSonarQubeEnv('SonarQube-Server') {
sh 'mvn sonar:sonar'
}
}
}
}
stage("Quality Gate") {
steps {
timeout(time: 30, unit: 'MINUTES') {
waitForQualityGate abortPipeline: true
}
}
}
stage('Build Docker Image'){
steps{
container('dind'){
script{
dockerImage = docker.build("${ImageUrl}:${ImageTag}")
}
}
}
}
stage('Push Docker Image'){
input{
message "Should we continue?"
ok "Yes, we should."
submitter "alice,bob"
parameters {
string(name: 'PERSON', defaultValue: 'Mr Jenkins', description: 'Who should I say hello to?')
}
}
when{
allOf{
expression { return params.imagePush}
}
}
steps{
container('dind'){
script{
docker.withRegistry( RegistryUrl, RegistryCredential ) {
dockerImage.push()
//dockerImage.push('latest')
}
}
}
}
}
stage('Update-manifests') {
steps {
container('jnlp') {
sh 'sed -i "s#__IMAGE__#${ImageUrl}:${ImageTag}#g" deploy/all-in-one.yaml'
}
}
}
stage('Deploy to prod-env') {
steps {
container('kubectl') {
withKubeConfig([credentialsId: 'k8s-wukui-cluster-admin', serverUrl: 'https://kubernetes.default.svc']) {
sh '''
kubectl create namespace hello-prod
kubectl apply -f deploy/all-in-one.yaml -n hello-prod
'''
}
}
}
}
}
/**
*配置构建发送服务: 需要到jenkins的系统配置中(Jenkins Location 添加系统发件人,及其扩展的相关信息)
*这里仅展示企业微信的配置
*/
post{
always{
qyWechatNotification failNotify: true, webhookUrl: 'https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=df0c4ebb-e0e2-4ed5-829b-0132da2e2e60'
}
}
}