一、在服务器上搭建Gitlab
本人阿里的服务器因配置有限,就直接使用Gitee作为代码仓库了
二、搭建Jenkins服务
集成Jenkins-1
1.安装JDK
Jenkins需要依赖JDK,所以先安装JDK1.8
yum install java-1.8.0-openjdk* -y
#默认安装目录为(后面配置环境变量会用到):/usr/lib/jvm
2.安装Jenkins
获取jenkins安装包
把安装包上传到服务器A,进行安装
rpm -ivh jenkins-2.190.3-1.1.noarch.rpm修改Jenkins配置
vi /etc/syscofig/jenkins #修改内容如下(修改访问Jenkins的端口): JENKINS_USER=“root” JENKINS_PORT=“3344”启动Jenkins
systemctl start jenkins打开浏览器访问
http://ip:3344
注意:本服务器把防火墙关闭了,如果开启防火墙,需要在防火墙添加端口获取并输入admin账户密码
cat /var/lib/jenkins/secrets/initialAdminPassword跳过插件安装(官方的安装比较慢,甚至失败,进去后配置阿里的加速地址)
添加一个管理员账户,并进入Jenkins后台
集成Jenkins-2
1.修改Jenkins插件下载地址
Jenkins国外官方插件地址下载速度非常慢,所以可以修改为国内插件地址: Jenkins->Manage Jenkins->Manage Plugins,点击Available
这样做是为了把Jenkins官方的插件列表下载到本地,接着修改地址文件,替换为国内插件地址
cd /var/lib/jenkins/updates
sed -i 's/http:\/\/updates.jenkinsci.org\/download/https:\/\/mirrors.tuna.tsinghua.edu.cn\/jenkins/g' default.json && sed -i 's/http:\/\/www.google.com/https:\/\/www.baidu.com/g' default.json
最后,Manage Plugins点击Advanced,把Update Site改为国内插件下载地址 https://mirrors.tuna.tsinghua.edu.cn/jenkins/updates/update-center.json
Sumbit后,在浏览器输入:http://192.168.66.101:8888/restart ,重启Jenkins。
2.下载中文汉化插件
Jenkins->Manage Jenkins->Manage Plugins,点击Available,搜索"Chinese"
3.安装Credentials Binding插件
要在Jenkins使用凭证管理功能,需要安装Credentials Binding插件
可以添加的凭证有5种:
- Username with password:用户名和密码
- SSH Username with private key: 使用SSH用户和密钥
- Secret file:需要保密的文本文件,使用时Jenkins会将文件复制到一个临时目录中,再将文件路径设置到一个变量中,等构建结束后,所复制的Secret file就会被删除。
- Secret text:需要保存的一个加密的文本串,如钉钉机器人或Github的api token
- Certificate:通过上传证书文件的方式
常用的凭证类型有:Username with password(用户密码)和SSH Username with private key(SSH密钥)
4.安装Git插件和Git工具
在Jenkins上的插件中安装Git插件
在服务器上也安装git
yum install git -y 安装 git --version 安装后查看版本创建凭证(用户密码类型)
Jenkins->凭证->系统->全局凭证->添加凭证
选择"Username with password",输入Gitlab的用户名和密码,点击"确定"。之后在项目中就可以用该凭证了创建凭证(SSH密钥类型)
在服务器A使用root用户生成公钥和私钥ssh-keygen -t rsa 在`/root/.ssh/`目录保存了公钥和私钥 把生成的公钥放在Gitlab中在Jenkins添加一个新的凭证,类型为"
SSH Username with private key",把刚才生成私钥文件内容复制过来
集成Jenkins-3
1.安装 mavan
在Jenkins集成服务器上,我们需要安装Maven来编译和打包项目。安装Maven
先上传Maven软件到服务器
tar -xzf apache-maven-3.6.2-bin.tar.gz #解压 mkdir -p /opt/maven # 创建目录 mv apache-maven-3.6.2/* /opt/maven # 移动文件 #**配置环境变量** vim /etc/profile export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk export MAVEN_HOME=/opt/maven export PATH=$PATH:$JAVA_HOME/bin:$MAVEN_HOME/bin source /etc/profile #配置生效 mvn -v #查找Maven版本
2.JK关联JDK和Maven
全局工具配置
Jenkins->Global Tool Configuration->JDK->新增JDK,配置如下:
指定JDK的JAVA_HOME即可
同理指定MAVEN的MAVEM_HOME
Jenkins->Global Tool Configuration->Maven->新增Maven,配置如下:
添加Jenkins全局变量
Manage Jenkins->Configure System->Global Properties ,添加三个全局变量JAVA_HOME、M2_HOME、PATH+EXTRA
修改Maven的settings.xml------(修改仓库存放的地址以及下载依赖的地址)
mkdir /root/repo # 创建本地仓库目录
vi /opt/maven/conf/settings.xml
# 本地仓库目录改为:/root/repo/
#添加阿里云私服地址:
<mirror>
<id>alimaven</id>
<name>aliyun maven</name>
<url>http://maven.aliyun.com/nexus/content/groups/public/</url>
<mirrorOf>central</mirrorOf>
</mirror>
3.安装Pipeline、Maven Integration插件
Manage Jenkins->Manage Plugins->可选插件–>安装Pipeline、Maven Integration
三、Harbor安装
Harbor镜像服务器,安装在服务B器上
1.安装Docker并启动Docker,参考网上的安装过程
2.安装docker-compose
sudo curl -L https://github.com/docker/compose/releases/download/1.21.2/dockercompose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
3.给docker-compose添加执行权限
sudo chmod +x /usr/local/bin/docker-compose
4.查看docker-compose是否安装成功
docker-compose -version
# 如果是centos8百度网上的安装教程,否则会失败
5.下载Harbor的压缩包 https://github.com/goharbor/harbor/releases
6.上传压缩包到linux,并解压
tar -xzf harbor-offline-installer-v1.9.2.tgz mkdir /opt/harbor
mv harbor/* /opt/harbor
cd /opt/harbor
7. 修改Harbor的配置
vi harbor.yml
修改hostname和port
hostname: 192.168.66.102
port: 85
8. 安装Harbor
# 进入Harbor文件夹下面分别执行
./prepare
./install.sh
9.启动Harbor
docker-compose up -d 启动
docker-compose stop 停止
docker-compose restart 重新启动
10.访问Harbor http://ip:85
默认账户密码:admin/Harbor12345
11.把Harbor地址加入到Docker信任列表(服务器A)
vi /etc/docker/daemon.json
{
"registry-mirrors": ["https://zydiol88.mirror.aliyuncs.com"],
"insecure-registries": ["192.168.66.102:85"]
}
需要重启Docker,同理,在部署的项目的服务器C中也要加入信任列表
四、创建流水线项目
1.创建任务,输入项目名称并选着流水线
2.配置Git
配置->高级项目选项->流水香->Git
3.配置构建参数
4.编写Jenkins脚本
// git凭证id(在jenkins的全局凭证配置中可获取)
def git_auth = 'a3e0fe22-1263-4e56-8648-0xxx6642e'
// git仓库地址
def git_url = 'git@gitlab.xxxx.com:ha/sense-platform/xxxx.git'
// 项目运行的端口
def port = 3005
// docker镜像对外暴露的端口
def containerport = 8080
//构建版本的名
def tag = 'latest'
//Harbor私服地址
def harbor_url = '10.240.xxx.xxx:1180'
//Harbor的项目名称
def harbor_project_name = 'sense'
//Harbor的凭证
def harbor_auth = '2008c9e0-2f8d-4f39-a9d7-980685xxxxxcab'
//定义镜像名称(构建成功的镜像名)
def imageName = "${project_name}:${tag}"
pipeline {
agent any
environment {
//根据自己的Jenkinssonarqube-scanner环境修改 (全局工具配置SonarQube Scanner)
scannerHome=tool 'SonarQubeScanner'
}
stages{
stage('Pull the source code') {
steps{
checkout([$class: 'GitSCM',
branches: [[name: "*/${branch}"]],
extensions: [],
userRemoteConfigs: [[
credentialsId: "${git_auth}",
url: "${git_url}"
]]
])
echo '拉取代码成功'
}
}
stage('Check the source code') {
steps{
//引入Jenkinssonarqube环境 (全局工具管理SonarQube servers)
withSonarQubeEnv('SonarQubeServer'){
sh """
${scannerHome}/bin/sonar-scanner
"""
}
echo '源码审查完毕'
}
}
stage('Quality Gate') {
steps {
script {
Integer waitSeconds = 10
Integer timeOutMinutes = 10
Integer maxRetry = (timeOutMinutes * 60) / waitSeconds as Integer
for (Integer i = 0; i < maxRetry; i++) {
try {
timeout(time: waitSeconds, unit: 'SECONDS') {
def qg = waitForQualityGate()
if (qg.status != 'OK') {
error "Sonar quality gate status: ${qg.status}"
} else {
i = maxRetry
}
}
} catch (Throwable e) {
if (i == maxRetry - 1) {
throw e
}
}
}
}
echo '成功获取扫描结果'
}
}
stage('Compile and build the image') {
steps{
// 多了个dockerfile:build,就是激活插件生成镜像
sh 'cd Code && mvn clean package dockerfile:build'
echo '编译,构建镜像成功'
}
}
stage('Label the image') {
steps{
//给镜像打标签
sh "docker tag ${imageName} ${harbor_url}/${harbor_project_name}/${imageName}"
}
}
stage('Upload the image to the warehouse') {
steps{
//登录Harbor,并上传镜像
withCredentials([usernamePassword(
credentialsId: "${harbor_auth}",
passwordVariable: 'password', // 就是这样的,不用替换,在jk中配置的
usernameVariable: 'username')])
{
//登录
sh "docker login -u ${username} -p ${password} ${harbor_url}"
//上传镜像
sh "docker push ${harbor_url}/${harbor_project_name}/${imageName}"
echo '镜像上传成功'
}
}
}
stage('Remove the mirror') {
steps{
//删除本地镜像
sh "docker rmi -f ${imageName}"
// 刪除打标签的镜像
sh "docker rmi -f ${harbor_url}/${harbor_project_name}/${imageName}"
}
}
stage("Remote deployment"){
steps{
//=====以下为远程调用进行项目部署========
sshPublisher(
publishers: [
sshPublisherDesc(
configName: '10.240.131.123',
transfers: [
sshTransfer(
cleanRemote: false,
excludes: '',
// 参数说明 harbor仓库的url、harbor服务暴露的端口、项目名、容器标签、主机端口、容器端口、占位参
execCommand: "/opt/jenkins_shell/deploy.sh $harbor_url $harbor_project_name $project_name $tag $port $containerport placeholderparameter",
execTimeout: 360000,
flatten: false,
makeEmptyDirs: false,
noDefaultExcludes: false,
patternSeparator: '[, ]+',
remoteDirectory: '',
remoteDirectorySDF: false,
removePrefix: '',
sourceFiles: ''
)],
usePromotionTimestamp: false,
useWorkspaceInPromotion: false,
verbose: false
)])
}
}
}
post {
always {
emailext(
subject: '构建通知:${PROJECT_NAME} - Build # ${BUILD_NUMBER} -${BUILD_STATUS}!',
body: '${FILE,path="./Code/Email.html"}',
to: 'Timli@apjcorp.com'
)
}
}
}
5. 选择脚本的位置所在
6.编写Dockerfiles文件
FROM openjdk:8-jdk-alpine
ARG JAR_FILE
COPY ${JAR_FILE} app.jar
EXPOSE 8080
ENTRYPOINT ["java","-jar","/app.jar"]
7.编写第四部中配置的deploy.sh
#! /bin/sh
#接收外部参数
harbor_url=$1
harbor_project_name=$2
project_name=$3
tag=$4
port=$5
imageName=$harbor_url/$harbor_project_name/$project_name:$tag
echo "$imageName"
#查询容器是否存在,存在则删除
containerId=`docker ps -a | grep -w ${project_name}:${tag} | awk '{print $1}'`
if [ "$containerId" != "" ] ; then
#停掉容器
docker stop $containerId
#删除容器
docker rm $containerId
echo "成功删除容器"
fi
#查询镜像是否存在,存在则删除
imageId=`docker images | grep -w $project_name | awk '{print $3}'`
if [ "$imageId" != "" ] ; then
#删除镜像
docker rmi -f $imageId
echo "成功删除镜像"
fi
# 登录Harbor
docker login -u eric -p Eric123456 $harbor_url
# 下载镜像
docker pull $imageName
# 启动容器
docker run -di -p $port:$port $imageName
echo "容器启动成功"
注意:需要给该文件执行权限
chmod +x deploy.sh
8.配置构建触发器
因为我用的是Giee,所以额外安装了Gitee Plugin插件
随后将上图的url和Gitee WebHook 密码配置到码云的**webHook**中即可
9. 配置服务器B跟服务器C免密连接
上面所述的远程调用(jk调用部署服务器)是需要公钥私钥的
1)从服务器A拷贝公钥到远程服务器C(部署服务器)
2)系统配置->添加远程服务器
以上整个流程没毛病,但是连不上250服务器就很让人困惑了, 最后在jenkins官网的issue上看到解决方案
先说明问题原因,因为新版本的生成秘钥方式插件暂时还不支持,所以就用老方式来生成秘钥吧:
修改Jenkinsfile构建脚本生成远程调用模板代码
# 删除之前的秘钥, 同时在两台服务器执行该命令
rm -rf /root/.ssh/*
# 重新生成秘钥对 一路狂按enter即可
ssh-keygen -t rsa -b 4096 -m PEM
# 重复
ssh-copy-id 192.168.88.250
10.大体流程配置结束
五、创建流水线项目(前端)
1.正常创建好任务(流水线)
2. 直接写脚本
3. 在项目中编写Jenkins文件
// git凭证id(在jenkins的全局凭证配置中可获取)
def git_auth = 'a3e0fe22-1263-4e56-8648-0e7xxxxx2e'
// git 地址
def git_url = 'git@gitlab.apjcorp.com:ha/sense-platform/xxxxxdx.git'
//Harbor私服地址
def harbor_url = '10.240.xxxxx1.xxx:1180'
//前端项目名称
def project_name = 'sense-frontend'
//构建版本的名称
def tag = 'latest'
//Harbor的项目名称
def harbor_project_name = 'sense'
//Harbor的凭证
def harbor_auth = '2008c9e0-2f8d-4f39-a9d7-980xxxxxxb'
//定义镜像名称
def imageName = "${project_name}:${tag}"
// 项目运行的端口
def port = 80
// docker镜像对外暴露的端口
def containerport = 80
pipeline {
agent any
environment {
//根据自己的Jenkinssonarqube-scanner环境修改 (全局工具配置SonarQube Scanner)
scannerHome=tool 'SonarQubeScanner'
}
stages{
stage('Pull the code'){
steps{
checkout([
$class: 'GitSCM',
branches: [ [ name: '*/${branch}' ]],
doGenerateSubmoduleConfigurations: false,
extensions: [ ],
submoduleCfg: [ ],
userRemoteConfigs: [
[
credentialsId: "${git_auth}",
url: "${git_url}"
]
]
])
}
}
stage('Check the source code') {
steps{
nodejs('NodeJS 14.17.0') {
//引入Jenkinssonarqube环境 (全局工具管理SonarQube servers)
withSonarQubeEnv('SonarQubeServer'){
sh """
${scannerHome}/bin/sonar-scanner
"""
}
}
echo '源码检查完毕'
}
}
stage('Quality Gate') {
steps {
script {
Integer waitSeconds = 10
Integer timeOutMinutes = 10
Integer maxRetry = (timeOutMinutes * 60) / waitSeconds as Integer
for (Integer i = 0; i < maxRetry; i++) {
try {
timeout(time: waitSeconds, unit: 'SECONDS') {
def qg = waitForQualityGate()
if (qg.status != 'OK') {
error "Sonar quality gate status: ${qg.status}"
} else {
i = maxRetry
}
}
} catch (Throwable e) {
if (i == maxRetry - 1) {
throw e
}
}
}
}
echo '成功获取扫描结果'
}
}
stage('Download dependencies and compile'){
steps{
nodejs('NodeJS 14.17.0') {
sh '''
cd Code
npm install --registry=https://registry.npm.taobao.org
npm run build
'''
}
}
}
stage('Build the mirror'){
steps{
sh "docker build -t ${project_name} ./Code "
}
}
stage('Label the image') {
steps{
//给镜像打标签
sh "docker tag ${imageName} ${harbor_url}/${harbor_project_name}/${imageName}"
}
}
stage('Upload the image to the warehouse') {
steps{
//登录Harbor,并上传镜像
withCredentials([usernamePassword(
credentialsId: "${harbor_auth}",
passwordVariable: 'password',
usernameVariable: 'username')])
{
//登录
sh "docker login -u ${username} -p ${password} ${harbor_url}"
//上传镜像
sh "docker push ${harbor_url}/${harbor_project_name}/${imageName}"
echo '镜像上传成功'
}
}
}
stage('Remove the mirror') {
steps{
//删除本地镜像
sh "docker rmi -f ${imageName}"
// 刪除打标签的镜像
sh "docker rmi -f ${harbor_url}/${harbor_project_name}/${imageName}"
}
}
stage('Remote deployment'){
steps{
//=====以下为远程调用进行项目部署========
sshPublisher(
publishers: [
sshPublisherDesc(
configName: '10.240.131.123',
transfers: [
sshTransfer(
cleanRemote: false,
excludes: '',
// 参数说明 harbor仓库的url、harbor服务暴露的端口、项目名、容器标签、主机端口、容器端口
execCommand: "/opt/jenkins_shell/sense-frontend-deploy.sh $harbor_url $harbor_project_name $project_name $tag $port $containerport",
execTimeout: 360000,
flatten: false,
makeEmptyDirs: false,
noDefaultExcludes: false,
patternSeparator: '[, ]+',
remoteDirectory: '',
remoteDirectorySDF: false,
removePrefix: '',
sourceFiles: ''
)],
usePromotionTimestamp: false,
useWorkspaceInPromotion: false,
verbose: false
)])
}
}
}
}
4.项目中编写Dockerfile文件
# 设置基础镜像,如果本地没有该镜像,会从Docker.io服务器pull镜像
FROM nginx
ADD ./dist /usr/share/nginx/html/
COPY nginx.conf /etc/nginx/conf.d/
EXPOSE 9000
# CMD /usr/share/nginx/sense/env.sh
RUN echo 'build ok'
# CMD ["/bin/bash", "-c", "envsubst < /etc/nginx/conf.d/nginx.conf > /etc/nginx/conf.d/default.conf && exec nginx -g 'daemon off;'"]
5.步骤4中的ddeployfront.sh
#! /bin/sh
#接收外部参数
harbor_url=$1
harbor_project_name=$2
project_name=$3
tag=$4
port=$5
imageName=$harbor_url/$harbor_project_name/$project_name:$tag
echo "$imageName"
#查询容器是否存在,存在则删除
containerId=`docker ps -a | grep -w ${project_name}:${tag} | awk '{print $1}'`
if [ "$containerId" != "" ] ; then
#停掉容器
docker stop $containerId
#删除容器
docker rm $containerId
echo "成功删除容器"
fi
#查询镜像是否存在,存在则删除
imageId=`docker images | grep -w $project_name | awk '{print $3}'`
if [ "$imageId" != "" ] ; then
#删除镜像
docker rmi -f $imageId
echo "成功删除镜像"
fi
# 登录Harbor
docker login -u eric -p Eric123456 $harbor_url
# 下载镜像
docker pull $imageName
# 启动容器
docker run -di -p $port:80 $imageName
echo "容器启动成功"
6. sonar-project.properties
sonar.scm.disabled=true
sonar.projectName=web-dp-service
sonar.projectKey=web-dp-service
sonar.projectVersion=1.0.0
sonar.sources=src/main/java
sonar.java.binaries=target/classes
sonar.language=java
sonar.java.source=1.8
sonar.java.target=1.8
sonar.sourceEncoding=UTF-8
7. 其他场景的jenkins
后端
String git_auth = 'ae220c94-222033a392b'
String git_url = 'http://xxxxxx.git'
String tag = 'latest'
String branch
String oc_url
String oc_url2
String oc_auth
String imageName
String imageName2
String docker_url
String docker_url2
pipeline {
agent {
node {
label "master"
}
}
stages{
stage('Set environment variable') {
steps{
script{
if(environment == 'DEV'){
branch = 'dev'
oc_auth = 'XXXXXXXXXXXXX'
oc_url = 'https://XXXXXXXXXXXXXXXX'
docker_url = 'docker-regXXXXXXXXXXXXXXXXXXXXXX'
imageName = "${docker_url}/sense-dev/${project_name}:${tag}"
}else if(environment == 'ST'){
branch = 'test'
oc_auth = 'XXXXXXXXXXXXX'
oc_url = 'https://XXXXXXXXXXXXXXXX'
docker_url = 'docker-regXXXXXXXXXXXXXXXXXXXXXX'
imageName = "${docker_url}/sense-dev-2/${project_name}:${tag}"
}else if(environment == 'SIT'){
branch = 'test'
oc_auth = '5b188653-e9fe-42b3-a122-2087401f0f9b'
oc_url = 'https://XXXXXXXXXXXXXXXXXXXXX'
oc_url2 = 'https://XXXXXXXXXXXXXXXXXXX'
docker_url = 'docker-registXXXXXXXXXXXXXXXXXXX'
docker_url2 = 'docker-registry-XXXXXXXXXXXXXXXXXXX'
imageName = "${docker_url}/XXXXXXXXXXXXXXXXXXX-prd-2/${project_name}:${tag}"
imageName2 = "${docker_url2}/XXXXXXXXXXXXXXXXXXX-prd-2/${project_name}:${tag}"
}
}
}
}
stage('Pull the source code') {
steps{
echo "branch-----/${branch},environment-----${environment}"
checkout([$class: 'GitSCM',
branches: [[name: "*/${branch}"]],
extensions: [],
userRemoteConfigs: [[
credentialsId: "${git_auth}",
url: "${git_url}"
]]
])
echo 'Pull code successful'
}
}
stage('Check the source code') {
environment {
scannerHome=tool 'SonarQubeScanner4.6.2'
}
steps{
script{
node('salve_1'){
sh 'cd /XXXXXXX/XXXXXXXXXXXX && mvn clean package && chmod 777 -R target/'
}
}
withSonarQubeEnv('SonarQubeServer'){
sh """
cd Code
${scannerHome}/bin/sonar-scanner
"""
}
echo 'Source code checked completed'
}
}
stage('Quality Gate') {
steps {
script {
Integer waitSeconds = 10
Integer timeOutMinutes = 10
Integer maxRetry = (timeOutMinutes * 60) / waitSeconds as Integer
for (Integer i = 0; i < maxRetry; i++) {
try {
timeout(time: waitSeconds, unit: 'SECONDS') {
def qg = waitForQualityGate()
if (qg.status != 'OK') {
error "Sonar quality gate status: ${qg.status}"
} else {
i = maxRetry
}
}
} catch (Throwable e) {
if (i == maxRetry - 1) {
throw e
}
}
}
}
echo 'The scan result is obtained successfully'
}
}
stage('Remove the mirror') {
when{
expression{
return (environment == 'DEV' || environment == 'ST')
}
}
steps{
script{
node('salve_1'){
catchError(buildResult: 'SUCCESS', message: 'Failed to remove the mirror') {
sh "docker rmi -f ${imageName}"
}
}
}
}
}
stage('Compile and build the image') {
steps{
script{
node('salve_1'){
sh "cd /XXXXXXXXXXX/XXXXXXXX&& docker build -t ${imageName} ."
}
}
echo 'Build the image successful'
}
}
stage('Compression image') {
when{
expression{
return (environment == 'SIT')
}
}
steps{
script{
node('salve_1'){
sh "cd /XXXXXXXX/XXXXXXXXXXXs && docker save -o ${project_name}.tar ${imageName}"
}
echo 'Build the image successful'
}
}
}
stage('Upload the image to OPenshift') {
when{
expression{
return (environment == 'DEV' || environment == 'ST')
}
}
steps{
script{
node('salve_1A'){
withCredentials([usernamePassword(
credentialsId: "${oc_auth}",
passwordVariable: 'password',
usernameVariable: 'username')])
{
sh 'cd /XXXXXXXX/XXXXXXXXXXXs && ./oc login -u ${username} -p """${password}""" ${oc_url}'
sh "cd /XXXXXXXX/XXXXXXXXXXXs && docker login -u `./oc whoami` -p `./oc whoami -t` ${docker_url}"
sh "docker push ${imageName}"
}
}
}
}
}
stage('Copy zip to pro salve') {
when{
expression{
return (environment == 'SIT')
}
}
steps{
script{
node('slave_pro_window'){
withCredentials([usernamePassword(
credentialsId: "09fb338eed9",
passwordVariable: 'password',
usernameVariable: 'username')])
{
bat "pscp -l ${username} -pw ${password} senadm@10.100.500.00:/XXXXXXXX/XXXXXXXXXXXs/${project_name}.tar C:/xxx/xx"
}
}
node('salve_1A'){
catchError(buildResult: 'SUCCESS', message: 'Failed to remove the mirror') {
sh "docker rmi -f ${imageName}"
sh "docker rmi -f ${imageName2}"
}
}
}
}
}
stage('Remove the mirror and decompression package at pro salve') {
when{
expression{
return (environment == 'SIT')
}
}
steps{
script{
node('slave_pro_window'){
catchError(buildResult: 'SUCCESS', message: 'Failed to remove the mirror') {
bat "docker rmi -f ${imageName}"
bat "docker rmi -f ${imageName2}"
}
bat "cd C:/xxxx/xxxxxx && docker load -i ${project_name}.tar"
}
}
}
}
stage('Upload the image to Openshift at pro salve') {
when{
expression{
return (environment == 'SIT')
}
}
steps{
script{
node('slave_pro_window'){
withCredentials([usernamePassword(
credentialsId: "${oc_auth}",
passwordVariable: 'password',
usernameVariable: 'username')])
{
def stdout
String tokenx1
bat "cd C:/xxx && oc login -u ${username} -p ${password} ${oc_url}"
stdout = bat returnStdout: true ,script: "cd C:/xxx && oc whoami -t"
tokenx1 = stdout.readLines()[2]
bat "docker login -u xxxx -p ${token61} ${docker_url}"
bat "docker push ${imageName}"
bat "cd C:/xxx && oc logout"
bat "docker logout ${docker_url}"
def stdout2
String tokenx2
bat "cd C:/xxx && oc login -u ${username} -p ${password} ${oc_url2}"
stdout2 = bat returnStdout: true ,script: "cd C:/xxx && oc whoami -t"
tokenx2 = stdout2.readLines()[2]
bat "docker login -u xxxxx -p ${token71} ${docker_url2}"
bat "docker tag ${imageName} ${imageName2}"
bat "docker push ${imageName2}"
}
}
}
}
}
stage('Fortify scan code') {
steps{
script{
node('slave_window'){
checkout([$class: 'GitSCM',
branches: [[name: "*/${branch}"]],
extensions: [],
userRemoteConfigs: [[
credentialsId: "${git_auth}",
url: "${git_url}"
]]
])
catchError(buildResult: 'SUCCESS', message: 'Failed to scan') {
bat '''
cd C:/xxxxx/src
Fortifysrc.bat
'''
}
echo 'Fortify scan completed'
}
}
}
}
// post {
// always {
// emailext(
// subject: 'Info:${PROJECT_NAME} - Build # ${BUILD_NUMBER} -${BUILD_STATUS}!',
// body: '${FILE,path="./xxxx/Email.html"}',
// to: 'hardenhe@apjcorp.com'
// )
// }
}
}
8. 其他场景的jenkins
前端
String git_auth = 'ae220cxxxxxxx3a392b'
String git_url = 'http://xxxxxx.git'
String tag = 'latest'
String branch
String oc_url
String oc_url2
String oc_auth
String imageName
String imageName2
String docker_url
String docker_url2
pipeline {
agent {
node {
label "master"
}
}
environment {
scannerHome=tool 'SonarQubeScanner4.6.2'
}
stages{
stage('Set environment variable') {
stage('Set environment variable') {
steps{
script{
if(environment == 'DEV'){
branch = 'dev'
oc_auth = 'XXXXXXXXXXXXX'
oc_url = 'https://XXXXXXXXXXXXXXXX'
docker_url = 'docker-regXXXXXXXXXXXXXXXXXXXXXX'
imageName = "${docker_url}/sense-dev/${project_name}:${tag}"
}else if(environment == 'ST'){
branch = 'test'
oc_auth = 'XXXXXXXXXXXXX'
oc_url = 'https://XXXXXXXXXXXXXXXX'
docker_url = 'docker-regXXXXXXXXXXXXXXXXXXXXXX'
imageName = "${docker_url}/sense-dev-2/${project_name}:${tag}"
}else if(environment == 'SIT'){
branch = 'test'
oc_auth = '5b188653-e9fe-42b3-a122-2087401f0f9b'
oc_url = 'https://XXXXXXXXXXXXXXXXXXXXX'
oc_url2 = 'https://XXXXXXXXXXXXXXXXXXX'
docker_url = 'docker-registXXXXXXXXXXXXXXXXXXX'
docker_url2 = 'docker-registry-XXXXXXXXXXXXXXXXXXX'
imageName = "${docker_url}/XXXXXXXXXXXXXXXXXXX-prd-2/${project_name}:${tag}"
imageName2 = "${docker_url2}/XXXXXXXXXXXXXXXXXXX-prd-2/${project_name}:${tag}"
}
}
}
}
stage('Pull the code'){
steps{
echo "branch-----/${branch},environment-----${environment}"
checkout([
$class: 'GitSCM',
branches: [ [ name: "*/${branch}" ]],
doGenerateSubmoduleConfigurations: false,
extensions: [ ],
submoduleCfg: [ ],
userRemoteConfigs: [
[
credentialsId: "${git_auth}",
url: "${git_url}"
]
]
])
}
}
stage('Check the source code') {
steps{
nodejs('NodeJS 14.18.1') {
withSonarQubeEnv('SonarQubeServer'){
sh """
cd Code
${scannerHome}/bin/sonar-scanner
"""
}
}
echo 'Source code checked completed'
}
}
stage('Quality Gate') {
steps {
script {
Integer waitSeconds = 10
Integer timeOutMinutes = 10
Integer maxRetry = (timeOutMinutes * 60) / waitSeconds as Integer
for (Integer i = 0; i < maxRetry; i++) {
try {
timeout(time: waitSeconds, unit: 'SECONDS') {
def qg = waitForQualityGate()
if (qg.status != 'OK') {
error "Sonar quality gate status: ${qg.status}"
} else {
i = maxRetry
}
}
} catch (Throwable e) {
if (i == maxRetry - 1) {
throw e
}
}
}
}
echo 'The scan result is obtained successfully'
}
}
stage('Download dependencies'){
steps{
script{
node('salve_1'){
catchError(buildResult: 'SUCCESS', message: 'Failed to download dependencies') {
sh "cd /xxxx && npm install"
}
}
}
}
}
stage('Build the project'){
steps{
script{
node('salve_1'){
sh "cd /xxxxxxx && npm run build"
}
}
}
}
stage('Remove the mirror') {
when{
expression{
return (environment == 'DEV' || environment == 'ST')
}
}
steps{
script{
node('salve_1'){
catchError(buildResult: 'SUCCESS', message: 'Failed to remove the mirror') {
sh "docker rmi -f ${imageName}"
}
}
}
}
}
stage('Build the mirror'){
steps{
script{
node('salve_1'){
sh "cd /xxxxxxxx&& docker build -t ${imageName} ."
}
}
}
}
stage('Compression image') {
steps{
script{
if(environment == 'SIT')
node('salve_1A'){
sh "cd /xxxxxxxxx && docker save -o ${project_name}.tar ${imageName}"
}
}
echo 'Build the image successful'
}
}
stage('Upload the image to Openshift') {
when{
expression{
return (environment == 'DEV' || environment == 'ST')
}
}
steps{
script{
node('salve_1A'){
withCredentials([usernamePassword(
credentialsId: "${oc_auth}",
passwordVariable: 'password',
usernameVariable: 'username')])
{
sh 'cd /xxxxxxx && ./oc login -u ${username} -p """${password}""" ${oc_url}'
sh "cd /xxxxxxxx && docker login -u `./oc whoami` -p `./oc whoami -t` ${docker_url}"
sh "docker push ${imageName}"
}
}
}
}
}
stage('Copy zip to pro salve') {
when{
expression{
return (environment == 'SIT')
}
}
steps{
script{
node('slave_pro_window'){
withCredentials([usernamePassword(
credentialsId: "09fb338eed9",
passwordVariable: 'password',
usernameVariable: 'username')])
{
bat "pscp -l ${username} -pw ${password} senadm@10.100.500.00:/XXXXXXXX/XXXXXXXXXXXs/${project_name}.tar C:/xxx/xx"
}
}
node('salve_1A'){
catchError(buildResult: 'SUCCESS', message: 'Failed to remove the mirror') {
sh "docker rmi -f ${imageName}"
sh "docker rmi -f ${imageName2}"
}
}
}
}
}
stage('Remove the mirror and decompression package at pro salve') {
when{
expression{
return (environment == 'SIT')
}
}
steps{
script{
node('slave_pro_window'){
catchError(buildResult: 'SUCCESS', message: 'Failed to remove the mirror') {
bat "docker rmi -f ${imageName}"
bat "docker rmi -f ${imageName2}"
}
bat "cd C:/xxxx/xxxxxx && docker load -i ${project_name}.tar"
}
}
}
}
stage('Upload the image to Openshift at pro salve') {
when{
expression{
return (environment == 'SIT')
}
}
steps{
script{
node('slave_pro_window'){
withCredentials([usernamePassword(
credentialsId: "${oc_auth}",
passwordVariable: 'password',
usernameVariable: 'username')])
{
def stdout
String tokenx1
bat "cd C:/xxx && oc login -u ${username} -p ${password} ${oc_url}"
stdout = bat returnStdout: true ,script: "cd C:/xxx && oc whoami -t"
tokenx1 = stdout.readLines()[2]
bat "docker login -u xxxx -p ${token61} ${docker_url}"
bat "docker push ${imageName}"
bat "cd C:/xxx && oc logout"
bat "docker logout ${docker_url}"
def stdout2
String tokenx2
bat "cd C:/xxx && oc login -u ${username} -p ${password} ${oc_url2}"
stdout2 = bat returnStdout: true ,script: "cd C:/xxx && oc whoami -t"
tokenx2 = stdout2.readLines()[2]
bat "docker login -u xxxxx -p ${token71} ${docker_url2}"
bat "docker tag ${imageName} ${imageName2}"
bat "docker push ${imageName2}"
}
}
}
}
}
stage('Fortify scan code') {
steps{
script{
node('slave_window'){
checkout([$class: 'GitSCM',
branches: [[name: "*/${branch}"]],
extensions: [],
userRemoteConfigs: [[
credentialsId: "${git_auth}",
url: "${git_url}"
]]
])
catchError(buildResult: 'SUCCESS', message: 'Failed to scan') {
bat '''
cd C:/xxxxx/src
Fortifysrc.bat
'''
}
echo 'Fortify scan completed'
}
}
}
}
}
}
9.大体流程配置结束
版权声明:本文为qq_43817164原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。