python-argo-kops-project/Jenkinsfile at main · smartcodemotive/python-argo-kops-project · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
pipeline {
    agent any

    environment {
        DOCKER_IMAGE = "your-dockerhub-username/python-argo"
        DOCKER_TAG   = "latest"
        SONAR_SCANNER_HOME = tool 'SonarQubeScanner'
    }

    stages {

        stage('Checkout Code') {
            steps {
                git branch: 'main',
                    url: 'https://github.com/<your-username>/python-argo-kops-project.git'
            }
        }

        stage('SonarQube Code Scan') {
            steps {
                withSonarQubeEnv('sonarqube-server') {
                    sh """
                      ${SONAR_SCANNER_HOME}/bin/sonar-scanner
                    """
                }
            }
        }

        stage('Quality Gate') {
            steps {
                timeout(time: 2, unit: 'MINUTES') {
                    waitForQualityGate abortPipeline: true
                }
            }
        }

        stage('Build Docker Image') {
            steps {
                script {
                    dockerImage = docker.build("${DOCKER_IMAGE}:${DOCKER_TAG}", "./app")
                }
            }
        }

        stage('Trivy Image Scan') {
            steps {
                sh """
                  trivy image \
                  --severity HIGH,CRITICAL \
                  --exit-code 0 \
                  ${DOCKER_IMAGE}:${DOCKER_TAG}
                """
            }
        }

        stage('Docker Login') {
            steps {
                withCredentials([usernamePassword(
                    credentialsId: 'dockerhub-creds',
                    usernameVariable: 'DOCKER_USER',
                    passwordVariable: 'DOCKER_PASS'
                )]) {
                    sh """
                      echo $DOCKER_PASS | docker login -u $DOCKER_USER --password-stdin
                    """
                }
            }
        }

        stage('Push Docker Image') {
            steps {
                script {
                    dockerImage.push("${DOCKER_TAG}")
                }
            }
        }

        stage('Cleanup') {
            steps {
                sh "docker rmi ${DOCKER_IMAGE}:${DOCKER_TAG} || true"
            }
        }
    }

    post {
        success {
            echo "✅ Code quality, security scan, and image push completed. Argo CD will deploy automatically."
        }
        failure {
            echo "❌ Pipeline failed."
        }
    }
}