Creating a CI/CD Pipeline for Your Shared Libraries

Creating a CI/CD Pipeline for Your Shared Libraries Roderick R.
Randolph

© 2019 All Rights Reserved. 4 // Jenkinsfile stage('Build') {
node('docker') { sh "docker build -t <registry>/my-repo/my-app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my-repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my-app:${version}" } } } } * Source code shown is simulated for demo purposes only

node('docker') { sh "docker build -t <registry>/my-repo/my-new-app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my-repo/my-new-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my-new-app:${version}" } } } } * Source code shown is simulated for demo purposes only

node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } Project A Project B Project C * Source code shown is simulated for demo purposes only

node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg http_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg http_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } Project A Project B Project C * Source code shown is simulated for demo purposes only

node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } // Jenkinsfile stage('Build') { node('docker') { sh "docker build -t <registry>/my-repo/my- app:${version} --build-arg https_proxy=http://<proxy>:8080 ." def imageId = sh( script: "docker inspect <registry>/my- repo/my-app:${version} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) withCredentials([usernamePassword(...)]) { retry(3) { sh "docker push <registry>/my-repo/my- app:${version}" } } } } * Source code shown is simulated for demo purposes only

© 2019 All Rights Reserved. 16 ➜ ~ git init
shared-libraries Initialized empty Git repository in shared-libraries/.git/ ➜ ~ cd shared-libraries ➜ shared-libraries git:(master) mkdir vars ➜ shared-libraries git:(master) vi vars/dockerBuild.groovy Creating A Shared Libraries Repository

© 2019 All Rights Reserved. 17 // vars/dockerBuild.groovy def call(Map
params) { def registry = "<registry>" def image = params.image def proxy = params.withProxy ? '--build-arg https_proxy=http://<proxy>:8080' : '' node('docker') { sh "docker build -t ${registry}/${image} ${proxy} ." if (params.withScan) { def imageId = sh( script: "docker inspect ${registry}/${image} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) } if (params.pushToRegistry) { withCredentials([usernamePassword(credentialsId: params.credentialsId)]) { retry(3) { sh "docker push ${registry}/${image}" } } } } } * Source code shown is simulated for demo purposes only

© 2019 All Rights Reserved. 19 // Jenkinsfile library('shared-libraries') stage('Build')
{ dockerBuild( image: "my-repo/my-app:${version}", withProxy: true, withScan: true, credentialsId: "...", pushToRegistry: true, ) } * Source code shown is simulated for demo purposes only

{ dockerBuild( image: "my-namespace/my-app:${version}", withProxy: true, withScan: true, credentialsId: "...", pushToRegistry: true, ) } // Jenkinsfile library('shared-libraries') stage('Build') { dockerBuild( image: "my-namespace/my-app:${version}", withProxy: true, withScan: true, credentialsId: "...", pushToRegistry: true, ) } // Jenkinsfile library('shared-libraries') stage('Build') { dockerBuild( image: "my-namespace/my-app:${version}", withProxy: true, withScan: true, credentialsId: "...", pushToRegistry: true, ) } // Jenkinsfile library('shared-libraries') stage('Build') { dockerBuild( image: "my-namespace/my-app:${version}", withProxy: true, withScan: true, credentialsId: "...", pushToRegistry: true, ) } // Jenkinsfile library('shared-libraries') stage('Build') { dockerBuild( image: "my-namespace/my-app:${version}", withProxy: true, withScan: true, credentialsId: "...", pushToRegistry: true, ) } // Jenkinsfile library('shared-libraries') stage('Build') { dockerBuild( image: "my-namespace/my-app:${version}", withProxy: true, withScan: true, credentialsId: "...", pushToRegistry: true, ) } // Jenkinsfile library('shared-libraries') stage('Build') { dockerBuild( image: "my-namespace/my-app:${version}", withProxy: true, withScan: true, credentialsId: "...", pushToRegistry: true, ) } // Jenkinsfile library('shared-libraries') stage('Build') { dockerBuild( image: "my-namespace/my-app:${version}", withProxy: true, withScan: true, credentialsId: "...", pushToRegistry: true, ) } // Jenkinsfile library('shared-libraries') stage('Build') { dockerBuild( image: "my-namespace/my-app:${version}", withProxy: true, withScan: true, credentialsId: "...", pushToRegistry: true, ) } // Jenkinsfile library('shared-libraries') stage('Build') { dockerBuild( image: "my-namespace/my-app:${version}", withProxy: true, withScan: true, credentialsId: "...", pushToRegistry: true, ) } * Source code shown is simulated for demo purposes only

https://www.cloudbees.com/blog/ensuring-corporate-standards-pipelines-custom-marker-files

def libVersion = getLibraryVersion() echo "Using shared library version: ${libVersion}" library("jenkins-pipeline-library@${libVersion}") def pipeline = readTrusted 'Jenkinsfile' evaluate pipeline * Source code shown is simulated for demo purposes only the bootstrap script

© 2019 All Rights Reserved. 29 def libVersion = getLibraryVersion()
echo "Using shared library version: ${libVersion}" library("jenkins-pipeline-library@${libVersion}") def pipeline = readTrusted 'Jenkinsfile' evaluate pipeline Shared Jenkins Pipeline Library * Source code shown is simulated for demo purposes only

echo "Using shared library version: ${libVersion}" library("jenkins-pipeline-library@${libVersion}") def pipeline = readTrusted 'Jenkinsfile' evaluate pipeline Shared Jenkins Pipeline Library * Source code shown is simulated for demo purposes only this is the developer's Jenkinsfile

© 2019 All Rights Reserved. 33 TO PIN, OR NOT
TO PIN, that is the question

© 2019 All Rights Reserved. 34 Benefits of Latest... •
Bugs and other major issues are resolved quicker • New features and capabilities are available for immediate use • Reduces the painful software upgrade "headaches"

Daily Releases

© 2019 All Rights Reserved. 36 Shared Library Guiding Principles
Keep changes small & digestible Always maintain backwards compatibility Design clean API interfaces

{ dockerBuild( image: "my-repo/my-app:${version}", pushToRegistry: true, ) } * Source code shown is simulated for demo purposes only

{ dockerBuild( image: "my-repo/my-app:${version}", pushToRegistry: true, withArtifactoryRegistry: true, ) } * Source code shown is simulated for demo purposes only

© 2019 All Rights Reserved. 39 Shared Library Branching Strategy
master v0.1.0 Merge the PR Run the Jenkins pipeline Create release Address PR feedback Open a Pull Request Run the Jenkins pipeline Add some commits

© 2019 All Rights Reserved. 40 Build Test Release Rollback
Checkpoint End Start The CI/CD Pipeline

© 2019 All Rights Reserved. 41 The CI/CD Pipeline Build
Test Release Rollback Checkpoint End Start

© 2019 All Rights Reserved. 42 The CI/CD Pipeline -
Build // build.gradle plugins { id 'groovy' id 'jacoco' id 'codenarc' } sourceSets { main { groovy { srcDirs = ['src'] } resources { srcDirs = ['resources'] } } } dependencies { testCompile(group: 'com.lesfurets', name: 'jenkins-pipeline-unit', version: '1.0') testCompile(group: 'junit', name: 'junit', version: '4.12') testCompile(group: 'org.assertj', name: 'assertj-core', version: '3.13.2') } * Source code shown is simulated for demo purposes only

Build // Jenkinsfile stage('Build') { steps { sh './gradlew assemble' } } * Source code shown is simulated for demo purposes only

© 2019 All Rights Reserved. 45 // vars/dockerBuild.groovy def call(Map
params) { def registry = "<registry>" def image = params.image def proxy = params.withProxy ? '--build-arg https_proxy=http://<proxy>:8080' : '' node('docker') { sh "docker build -t ${registry}/${image} ${proxy} ." if (params.withScan) { def imageId = sh( script: "docker inspect ${registry}/${image} -f '{{.ID}}'", returnStdout: true, ) scanImageForVulns(imageId: imageId) } if (params.pushToRegistry) { withCredentials([usernamePassword(credentialsId: params.credentialsId)]) { retry(3) { sh "docker push ${registry}/${image}" } } } } } * Source code shown is simulated for demo purposes only

Test https://github.com/jenkinsci/JenkinsPipelineUnit

© 2019 All Rights Reserved. 47 // src/test/jenkinsfiles/dockerBuild/Jenkinsfile #!groovy stage('Build')
{ dockerBuild( image: 'my-namespace/my-app:0.1.0', pushToRegistry: true, ) } The CI/CD Pipeline - Test * Source code shown is simulated for demo purposes only this is a mocked Jenkinsfile

© 2019 All Rights Reserved. 48 // src/test/jenkinsfiles/dockerBuild/Jenkinsfile #!groovy stage('Build')
{ dockerBuild( image: 'my-namespace/my-app:0.1.0', pushToRegistry: true, ) } The CI/CD Pipeline - Test * Source code shown is simulated for demo purposes only

© 2019 All Rights Reserved. 49 // src/test/groovy/DockerBuildTest.groovy import static
com.lesfurets.jenkins.unit.MethodCall.callArgsToString import static org.assertj.core.api.Assertions.assertThat import com.lesfurets.jenkins.unit.BasePipelineTest import org.junit.Test public class DockerBuildTest extends BasePipelineTest { // ... @Test void shouldPushToRegistry() { loadScript('dockerBuild/Jenkinsfile') printCallStack() assertThat(helper.callStack.findAll { call -> call.methodName == 'sh' }.any { call -> callArgsToString(call).contains('docker push <registry>/my-repo/my-app:0.1.0') }).isTrue() assertJobStatusSuccess() } } * Source code shown is simulated for demo purposes only

com.lesfurets.jenkins.unit.MethodCall.callArgsToString import static org.assertj.core.api.Assertions.assertThat import com.lesfurets.jenkins.unit.BasePipelineTest import org.junit.Test public class DockerBuildTest extends BasePipelineTest { // ... @Test void shouldPushToRegistry() { loadScript('dockerBuild/Jenkinsfile') printCallStack() assertThat(helper.callStack.findAll { call -> call.methodName == 'sh' }.any { call -> callArgsToString(call).contains('docker push <registry>/my-repo/my-app:0.1.0') }).isTrue() assertJobStatusSuccess() } } * Source code shown is simulated for demo purposes only loads our mocked Jenkinsfile

com.lesfurets.jenkins.unit.MethodCall.callArgsToString import static org.assertj.core.api.Assertions.assertThat import com.lesfurets.jenkins.unit.BasePipelineTest import org.junit.Test public class DockerBuildTest extends BasePipelineTest { // ... @Test void shouldPushToRegistry() { loadScript('dockerBuild/Jenkinsfile') printCallStack() assertThat(helper.callStack.findAll { call -> call.methodName == 'sh' }.any { call -> callArgsToString(call).contains('docker push <registry>/my-repo/my-app:0.1.0') }).isTrue() assertJobStatusSuccess() } } * Source code shown is simulated for demo purposes only prints the call stack to make troubleshooting easier

com.lesfurets.jenkins.unit.MethodCall.callArgsToString import static org.assertj.core.api.Assertions.assertThat import com.lesfurets.jenkins.unit.BasePipelineTest import org.junit.Test public class DockerBuildTest extends BasePipelineTest { // ... @Test void shouldPushToRegistry() { loadScript('dockerBuild/Jenkinsfile') printCallStack() assertThat(helper.callStack.findAll { call -> call.methodName == 'sh' }.any { call -> callArgsToString(call).contains('docker push <registry>/my-repo/my-app:0.1.0') }).isTrue() assertJobStatusSuccess() } } * Source code shown is simulated for demo purposes only confirms the docker push command would be invoked correctly

com.lesfurets.jenkins.unit.MethodCall.callArgsToString import static org.assertj.core.api.Assertions.assertThat import com.lesfurets.jenkins.unit.BasePipelineTest import org.junit.Test public class DockerBuildTest extends BasePipelineTest { // ... @Test void shouldPushToRegistry() { loadScript('dockerBuild/Jenkinsfile') printCallStack() assertThat(helper.callStack.findAll { call -> call.methodName == 'sh' }.any { call -> callArgsToString(call).contains('docker push <registry>/my-repo/my-app:0.1.0') }).isTrue() assertJobStatusSuccess() } } * Source code shown is simulated for demo purposes only confirms the job completed without an error

© 2019 All Rights Reserved. 54 ➜ shared-libraries git:(master) ./gradlew
test DockerBuildTest > shouldPushToRegistry STANDARD_OUT Loading shared library shared-libraries with version master Jenkinsfile.run() Jenkinsfile.stage(Build, groovy.lang.Closure) Jenkinsfile.dockerBuild({credentialsId=..., image=my-namespace/my-app:0.1.0, pushToRegistry=true, withProxy=true, withScan=true}) dockerBuild.node(docker, groovy.lang.Closure) dockerBuild.sh(docker build -t <registry>/my-repo/my-app:0.1.0 --build-arg https_proxy=http://<proxy>:8080 .) dockerBuild.sh({returnStdout=true, script=docker inspect <registry>/my-repo/my-app:0.1.0 -f '{{.ID}}'}) dockerBuild.usernamePassword({credentialsId=...}) dockerBuild.withCredentials([null], groovy.lang.Closure) dockerBuild.retry(3, groovy.lang.Closure) dockerBuild.sh(docker push <registry>/my-repo/my-app:0.1.0) Gradle Test Executor 47 finished executing tests. > Task :test Generating HTML test report… Finished generating test html results (0.002 secs) BUILD SUCCESSFUL in 4s 4 actionable tasks: 4 executed Stopped 1 worker daemon(s). * Source code shown is simulated for demo purposes only

Test // Jenkinsfile stage('Build') { steps { sh './gradlew assemble' } } stage('Test') { steps { sh './gradlew test' } } * Source code shown is simulated for demo purposes only

Test // Jenkinsfile library("shared-libraries@${env.BRANCH_NAME}") stage('Test') { steps { gradleBuild(tasks: 'test') ... } } * Source code shown is simulated for demo purposes only

© 2019 All Rights Reserved. 59 // Jenkinsfile library("shared-libraries@${env.BRANCH_NAME}") stage('Test')
{ steps { gradleBuild(tasks: 'test') ... } } The CI/CD Pipeline - Test * Source code shown is simulated for demo purposes only gradleBuild() is a custom library function!

{ steps { gradleBuild(tasks: 'test') evaluate(readTrusted('test/dockerBuild/Jenkinsfile')) } } The CI/CD Pipeline - Test * Source code shown is simulated for demo purposes only executes a Jenkinsfile with library methods against the library itself!

Release

Release ➜ curl -s https://<ghe>/api/v3/repos/<org>/<repo>/releases/latest | jq '.tag_name' "v0.3.95" * Source code shown is simulated for demo purposes only

Release * Source code shown is simulated for demo purposes only def libVersion = getLibraryVersion() echo "Using shared library version: ${libVersion}" library("jenkins-pipeline-library@${libVersion}") def pipeline = readTrusted 'Jenkinsfile' evaluate pipeline the bootstrap script

Release def getLibraryVersion() { def response = httpRequest( url: 'https://<ghe>/api/v3/repos/<org>/<repo>/releases/latest', httpMode: 'GET', contentType: 'APPLICATION_JSON', validResponseCodes: '200', ) return readJSON(text: response.content).tag_name } * Source code shown is simulated for demo purposes only

© 2019 All Rights Reserved. 68 def libVersion = "v0.3.95"
echo "Using shared library version: ${libVersion}" library("jenkins-pipeline-library@${libVersion}") def pipeline = readTrusted 'Jenkinsfile' evaluate pipeline The CI/CD Pipeline - Release * Source code shown is simulated for demo purposes only the bootstrap script

Release master v0.1.0 latest

Release master v0.1.0 v0.1.1 latest

Release v0.1.0 v0.1.1 latest master

Release v0.1.0 v0.1.1 v0.1.2 latest master

Release v0.1.0 v0.1.1 v0.1.2 v0.1.3 latest master

Release v0.1.0 v0.1.1 v0.1.2 v0.1.3 v0.1.4 latest master

Release Canary release is a technique to reduce the risk of introducing a new software version in production by slowly rolling out the change to a small subset of users before rolling it out to the entire infrastructure and making it available to everybody. https://martinfowler.com/bliki/CanaryRelease.html “ “

Release Users Jenkins Instances 30% 70%

Release Users Jenkins Instances latest stable

Release v0.1.0 latest stable master

Release v0.1.0 v0.1.1 latest stable master

Release v0.1.0 v0.1.1 latest - 30% stable master

Release v0.1.0 v0.1.1 latest - 30% stable - 70% master

Release v0.1.0 v0.1.1 v0.1.2 latest - 30% stable - 70% master

Release v0.1.0 v0.1.1 v0.1.2 v0.1.3 latest - 30% stable - 70% master

Release v0.1.0 v0.1.1 v0.1.2 v0.1.3 v0.1.4 latest - 30% stable - 70% master

Release v0.1.0 v0.1.1 latest - 30% stable - 70% v0.1.2 v0.1.3 v0.1.4 master

Release def getLibraryVersion() { if (env.JENKINS_URL =~ /<canaryjenkins1>|<canaryjenkins2>/) { def response = httpRequest( url: 'https://<ghe>/api/v3/repos/<org>/<repo>/releases/latest', httpMode: 'GET', contentType: 'APPLICATION_JSON', validResponseCodes: '200', ) return readJSON(text: response.content).tag_name } return 'stable' } * Source code shown is simulated for demo purposes only

Rollback Checkpoint // Jenkinsfile stage('Rollback Checkpoint') { steps { timeout(time: 4, unit: 'HOURS') { input(message: "Rollback v${version}?", ok: 'Yes') } ... } } * Source code shown is simulated for demo purposes only

Rollback Checkpoint

Rollback Checkpoint def sendDatadogMetrics(def metrics) { try { httpRequest( url: 'https://app.datadoghq.com/api/v1/series, httpMode: 'POST', contentType: 'APPLICATION_JSON', requestBody: "{[\"series\": ${metrics}]}", validResponseCodes: '200,201,202,204', ) } catch (e) { null } } [ "job_name:${env.JOB_NAME}", "job_status:${currentBuild.currentResult}", "library_version:${libVersion}", "failure_exception_class:${error.getClass().getName()}", ] Tags * Source code shown is simulated for demo purposes only

Rollback Checkpoint v0.3.95 released hudson.AbortException

Rollback Checkpoint

Rollback Checkpoint v0.1.0 v0.1.1 latest - 30% stable - 70% master

Rollback Checkpoint v0.1.0 v0.1.1 latest - 30% stable - 70% 4 hours master

Rollback Checkpoint v0.1.0 v0.1.1 v0.1.2 latest - 30% stable - 70% master

Rollback Checkpoint v0.1.0 v0.1.1 v0.1.2 latest - 30% stable - 70% 4 hours master

Rollback Checkpoint

Rollback Checkpoint v0.1.0 v0.1.1 v0.1.2 latest - 30% stable - 70% v0.1.3 master

Rollback Checkpoint v0.1.0 v0.1.1 v0.1.2 latest - 30% stable - 70% v0.1.3 4 hours master

Rollback Checkpoint v0.1.0 v0.1.1 v0.1.2 latest - 30% stable - 70% v0.1.3 v0.1.4 master

Thank You!

Creating a CI/CD Pipeline for Your Shared Libraries

Creating a CI/CD Pipeline for Your Shared Libraries

More Decks by Roderick Randolph

Other Decks in Technology

Featured

Transcript