Changes for page Jenkins Shared Library

Summary

• Page properties (1 modified, 0 added, 0 removed)

Details

Page properties

Content

...	...	@@ -23,28 +23,33 @@
23	23
24	24	[[image:1762161531690-966.png||data-xwiki-image-style-border="true" height="247" width="1654"]]
25	25
26		-1. sdcPipeline prints some valuable information about this shared Jenkinslib. Allocates a node (Jenkins Agent) to start executing
27		-1. Checking out the source code from git.
28		-1. If a pom.xml is found your favorite JDK is selected, by default jdk11. Then a maven build is done.
29		-1. If there's no pom.xml but a package.json is found a nodejs build is done.
	26	+1. **sdcPipeline **prints some valuable information about this shared Jenkinslib. Allocates a node (Jenkins Agent) to start executing the pipeline.
	27	+1. **Checkout**: checking out the source code from git.
	28	+1. **JDK**: If a pom.xml is found, your favorite JDK or the current default is selected .
	29	+1. **Maven Build**: If a pom.xml is found, a maven build is done.
	30	+1. If there's no pom.xml, but a package.json is found a nodejs build is done.
30	30	1. If there is no pom.xml or package.json but a go.mod file, a go build is done.
31	31	1. Then the following stages are executed in parallel
32		-11. Analysis: For maven projects the Java source code is checked by checkstyle, pmd and spotbugs. Furthermore the job output will be checked for any warnings generated by maven, javac or javadoc. If Python modules (.py files) exist in the git repository they will be analyzed using pylint and flake8. If pylint or flake8 are not available on the Jenkins agent the steps will be skipped. Python files that are generated or downloaded into the workspace will not be checked. The results will be displayed on the classical Jenkins build page after the build. For Go projects, the Go test tool is used to run all tests and produce a coverage output file for SonarQube. Additionally, the gotestsum tool is used to produce a report which is picked up by Jenkins.</dd>
33		-11. Security: If it's not a feature or bugfix branch a dependency check is done which checks if e.g. libraries are used which have known vulnerabilities. The results will be displayed in Jenkins after the build.
34		-11. Docker: this will also work for projects which are neither maven or nodejs. A Dockerfile is enough to trigger this part of the pipeline.
35		-111. If a Dockerfile is found a docker image is built.
36		-111. The image is started as an isolated container on the Jenkins agent.
37		-111. Any loglines written to stdout or stderr by the container will be displayed.
38		-111. A smoke test is performed which is a simple query for a valid answer on the exposed port of the container.
39		-111. If the smoke test was successful and the build was not done for a pull request the docker image will be pushed to the docker registry.
40		-111. For easy identification of the image 3 image tags are defined:
	33	+11. **Analysis**: For maven projects the Java source code is checked by checkstyle, pmd and spotbugs. Furthermore the job output will be checked for any warnings generated by maven, javac or javadoc.
	34	+If Python modules (.py files) exist in the git repository they will be analyzed using pylint and flake8. If pylint or flake8 are not available on the Jenkins agent the steps will be skipped. Python files that are generated or downloaded into the workspace will not be checked. The results will be displayed on the classical Jenkins build page after the build. For Go projects, the Go test tool is used to run all tests and produce a coverage output file for SonarQube. Additionally, the gotestsum tool is used to produce a report which is picked up by Jenkins.
	35	+If SonarQube is configured fore this Jenkins instance, a **Sonar Scan** is performed on the agent and the result is pushed to SonarQube for further processing.
	36	+11. **Security**:
	37	+111. If it's not a feature or bugfix branch, a dependency check is done which checks if e.g. libraries are used which have known vulnerabilities. The results will be displayed in Jenkins after the build.
	38	+111. If Dependency Track is enabled for the current project, an SBOM file is created and archived in the build. In addition it's pushed to Dependency Track. Jenkins will wait for DepTrack to process the SBOM and display information about found potential vulnerabilities in the build.
	39	+11. **Docker**: this will also work for projects which are neither maven, nodejs or go. A Dockerfile is enough to trigger this part of the pipeline.
	40	+111. **Build Container Image**: If a Dockerfile is found a docker image is built.
	41	+111. **Test Container Image**: The image is started as an isolated container on the Jenkins agent. Any loglines written to stdout or stderr by the container will be displayed.A smoke test is performed which is a simple query for a valid answer on the exposed port of the container.
	42	+111. **Push Container Image**: If the smoke test was successful and the build was not done for a pull request the docker image will be pushed to the docker registry.
	43	+For easy identification of the image 3 image tags are defined:
41	41	1111. BRANCH_NAME-BUILD_NUMBER (e.g. 'production-1014')
42	42	1111. BRANCH_NAME-GIT_HASH (e.g. 'develop-8a7c4f2')
43	43	1111. BRANCH_NAME-latest (e.g. 'feature-PKEY-42-latest')
44	44	1111. (If BRANCH_NAME is defaultBranch the prefix 'BRANCH_NAME-' will not be included.)
45		-111. When a chart/Chart.yaml is found and  it's not a pull request a Helm Chart will be created and pushed to the Helm Chart repository.
46		-1. Yamllint will check all YAML files in the workspace for errors and warnings. This is done at this place since the Create Helm Chart stage modifies or creates YAML files which should be also checked before the pipeline proceeds.
47		-1. When depolyHelmChart is set to true the Helm chart will be deployed to the Kubernestes cluster and namespace of your choice. Not done in the example diagram.
	48	+111. **Create Helm Chart**: When a chart/Chart.yaml is found and it's not a pull-request, a Helm Chart will be created and pushed to the Helm Chart repository.
	49	+1. **Yamllint **will check all YAML files in the workspace for errors and warnings. This is done at this place since the Create Helm Chart stage modifies or creates YAML files which should be also checked before the pipeline proceeds.
	50	+1. **Deploy application**: when depolyHelmChart is set to true the Helm chart will be deployed to the Kubernestes cluster and namespace of your choice. Not done in the example diagram.
	51	+1. **Trivy Results**: if a container image was pushed to Harbor as the container registry, the results of the Trivy security scan are fetched from Harbor
	52	+1. **Sonar Results**: finally the pipeline waits for the result of the Sonar Quality Gate to decide on the success of the build.
48	48
49	49	== {{id name="pipeline_customization"/}}Pipeline Customization ==
50	50
...	...	@@ -136,7 +136,7 @@
136	136	)))|go build run. Should be overridden for your project.
137	137	|= |goTestCommand|'gotestsum ~-~-format pkgname ~-~-junitfile report.xml ~-~- -failfast -race -coverprofile=coverage.out -tags=test ./...'|Runs gotestsum tool which in turn calls 'go test' for all packages in the project. Should be overridden for your project. The gotestsum tool is available out-of-the-box and produces a report file which is picked up by Jenkins automatically.
138	138	|=(% rowspan="10" %)(((
139		-Docker build
	144	+Container build
140	140	)))|(((
141	141	dockerBuildPath
142	142	)))|(((
...	...	@@ -210,7 +210,7 @@
210	210	Id of the Jenkins Credentials which have to be used to authenticate to the //pullDockerRegistry//.
211	211	)))
212	212	|=(% rowspan="7" %)(((
213		-Docker container test
	218	+Container test
214	214	)))|(((
215	215	skipSmokeTest
216	216	)))|(((
...	...	@@ -261,7 +261,7 @@
261	261	Total time in seconds after which the container is expected to be up and running even if it's still writing loglines to stdout. After this time has passed the container will be queried for an answer.
262	262	)))
263	263	|=(% rowspan="2" %)(((
264		-Docker push
	269	+Image push
265	265	)))|(((
266	266	pushDockerRegistry
267	267	)))|(((
...	...	@@ -277,7 +277,7 @@
277	277	Id of the Jenkins Credentials which have to be used to authenticate to the //pullDockerRegistry//.
278	278	)))
279	279	|=(% rowspan="6" %)(((
280		-Helm chart
	285	+Helm Chart
281	281	)))|(((
282	282	helmChartPath
283	283	)))|(((