Real-Time Pipeline Stages for CICD
Bittu Sharma
Stage 1: Install Required Tools
Description:
Ensure that all necessary tools and dependencies are installed on the CI/CD server.
Steps:
Install Java Development Kit (JDK)
Install Node.js
Install Apache Maven
Install other required tools as per project specifications.
Stage 2: Install Project Dependencies
Description:
Install project-specific dependencies using package managers like npm (for Node.js projects) or Maven (for Java projects).
Steps:
Install Node.js dependencies using npm install.
Install Java dependencies using Maven.
Stage 3: Execute Test Cases
Description:
Run automated test cases to ensure code functionality and integrity.
Steps:
Execute unit tests.
Execute integration tests.
Execute end-to-end tests if applicable.
Stage 4: Perform File System Scan (Trivy)
Description:
Scan project files for vulnerabilities and security issues using Trivy.
Steps:
Run Trivy scan on project files.
Generate report highlighting vulnerabilities found.
Stage 5: Perform SonarQube Analysis
Description:
Perform static code analysis and assess code quality using SonarQube.
Steps:
Run SonarQube analysis on project codebase.
Generate report with code quality metrics and code coverage.
Stage 6: Perform Quality Gate Check
Description:
Evaluate code quality against predefined quality gates to ensure adherence to quality standards.
Steps:
Check SonarQube analysis results against quality gate criteria.
Proceed if code meets quality gate requirements; otherwise, halt pipeline and alert stakeholders.
Stage 7: Build Application Artifact
Description:
Compile source code and package application into an executable artifact.
Steps:
Compile Java source code using Maven.
Bundle Node.js applications into distributable packages.
Generate JAR files or WAR files for Java applications.
Stage 8: Publish Artifact to Nexus
Description:
Upload the built artifact to a repository manager like Nexus for version control and distribution.
Steps:
Authenticate with Nexus repository.
Publish artifact to designated repository.
Stage 9: Build Docker Image
Description:
Package the application artifact into a Docker image for containerized deployment.
Steps:
Create Dockerfile specifying image configuration. 2.
Build Docker image using Docker build command.
Stage 10: Scan Docker Image (Trivy)
Description:
Scan Docker image for vulnerabilities and security issues using Trivy.
Steps:
Pull Docker image locally.
Run Trivy scan on Docker image.
Generate report highlighting vulnerabilities found.
Stage 11: Push Docker Image to Docker Hub Repo
Description:
Push the built Docker image to a Docker Hub repository for centralized storage and distribution.
Steps:
Authenticate with Docker Hub.
Push Docker image to designated repository.
Stage 12: Update Image in Manifests Files
Description:
Update Kubernetes manifests files to reference the newly built Docker image.
Steps:
Update deployment YAML files with the latest image tag.
Commit changes to version control.
Stage 13: Deploy Application to Kubernetes Cluster
Description:
Deploy the application to a Kubernetes cluster for container orchestration.
Steps:
Authenticate with Kubernetes cluster.
Apply updated manifests files to deploy new version of the application
Stage 14: Verify Deployment
Description:
Verify successful deployment of the application to the Kubernetes cluster.
Steps:
Check deployment status in Kubernetes dashboard or CLI.
Perform smoke tests to ensure application functionality.
Stage 15: OWASP ZAP Analysis
Description:
Conduct security testing using OWASP ZAP to identify and mitigate potential security vulnerabilities.
Steps:
Configure OWASP ZAP to scan the deployed application.
2. Analyze scan results for security vulnerabilities.
Stage 16: Send Mail Notifications
Description:
Notify stakeholders about pipeline status and results via email.
Steps:
Configure email server settings.
Send email notifications with pipeline status and relevant reports.
Each stage in the pipeline plays a crucial role in ensuring the reliability, security, and quality of the deployed application. Integrating these stages into a seamless CI/CD pipeline facilitates efficient and automated software delivery.
pipeline {
agent any
environment {
// Tool Paths
JAVA_HOME = "/path/to/java/home"
MAVEN_HOME = "/path/to/maven/home"
NODE_HOME = "/path/to/node/home"
// Credentials & URLs
DOCKER_HUB_CREDENTIALS = 'docker-hub-credentials'
NEXUS_REPO_URL = 'https://nexus.example.com/repository/maven-releases/'
KUBECONFIG = "/path/to/kubeconfig"
}
stages {
// Setup Stage
stage('Environment Setup') {
steps {
script {
// Install required tools
def tools = [
'nodejs npm',
'default-jdk',
'maven',
'trivy',
'sonarqube',
'docker.io'
]
tools.each { tool ->
sh "sudo apt-get install -y ${tool}"
}
// Setup Node.js
sh 'curl -sL https://deb.nodesource.com/setup_14.x | sudo -E bash -'
sh 'sudo apt-get install -y nodejs'
}
}
}
// Build & Test Stage
stage('Build and Test') {
stages {
stage('Install Dependencies') {
parallel {
stage('Node Dependencies') {
steps {
sh 'npm install'
}
}
stage('Maven Dependencies') {
steps {
sh 'mvn install'
}
}
}
}
stage('Run Tests') {
parallel {
stage('Node Tests') {
steps {
sh 'npm test'
}
}
stage('Maven Tests') {
steps {
sh 'mvn test'
}
}
}
}
}
}
// Security & Quality Stage
stage('Security and Quality') {
stages {
stage('Security Scans') {
parallel {
stage('Trivy FS Scan') {
steps {
sh 'trivy filesystem scan'
}
}
stage('SonarQube Analysis') {
steps {
sh 'sonar-scanner'
}
}
}
}
stage('Quality Gate') {
steps {
// Quality gate check implementation
echo 'Performing quality gate check'
}
}
}
}
// Artifact Stage
stage('Artifact Management') {
stages {
stage('Build Artifact') {
steps {
sh 'mvn package'
}
}
stage('Publish to Nexus') {
steps {
sh "mvn deploy -Drepository.url=${NEXUS_REPO_URL}"
}
}
}
}
// Docker Stage
stage('Docker Management') {
stages {
stage('Build and Scan Image') {
steps {
script {
// Build Docker image
sh 'docker build -t myapp .'
// Scan image
sh 'trivy image scan myapp'
}
}
}
stage('Push to Registry') {
steps {
withCredentials([usernamePassword(
credentialsId: DOCKER_HUB_CREDENTIALS,
passwordVariable: 'DOCKER_PASSWORD',
usernameVariable: 'DOCKER_USERNAME'
)]) {
sh """
docker login -u ${DOCKER_USERNAME} -p ${DOCKER_PASSWORD}
docker push myapp
"""
}
}
}
}
}
// Deployment Stage
stage('Deployment') {
stages {
stage('Update K8s Manifests') {
steps {
echo 'Updating Kubernetes manifest files'
}
}
stage('Deploy to K8s') {
steps {
sh 'kubectl apply -f manifests/'
}
}
stage('Verify Deployment') {
steps {
echo 'Verifying deployment status'
}
}
}
}
// Post-Deployment Stage
stage('Post Deployment') {
parallel {
stage('Security Analysis') {
steps {
echo 'Running OWASP ZAP analysis'
}
}
stage('Notifications') {
steps {
echo 'Sending deployment notifications'
}
}
}
}
}
}
Subscribe to my newsletter
Read articles from Bittu Sharma directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Bittu Sharma
Bittu Sharma
Hi, This is Bittu Sharma a DevOps & MLOps Engineer, passionate about emerging technologies. I am excited to apply my knowledge and skills to help the organization deliver the best quality software products. β’ π¦πΌπ³π π¦πΈπΆπΉπΉπ ππ²π'π ππΌπ»π»π²π°π I would love the opportunity to connect and contribute. Feel free to DM me on LinkedIn itself or reach out to me at bittush9534@gmail.com. I look forward to connecting and networking with people in this exciting Tech World.