Enterprise Jenkinsfile: SonarQube + OWASP + Harbor + K8s

Table of Contents

Pipeline Stages

  1. Checkout
  2. Build (Maven)
  3. SonarQube analysis + quality gate
  4. OWASP Dependency Check
  5. Docker build + push to Harbor
  6. Deploy to dev (auto) / prod (with approval)

Jenkinsfile

pipeline {
  agent any
  environment {
    HARBOR  = '192.168.108.200'
    IMAGE   = "${HARBOR}/myproject/myapp"
  }
  stages {
    stage('Build')       { steps { sh 'mvn clean package -DskipTests' } }
    stage('SonarQube')   {
      steps {
        withSonarQubeEnv('SonarQube') { sh 'mvn sonar:sonar' }
      }
    }
    stage('Quality Gate') {
      steps { timeout(time:5,unit:'MINUTES') { waitForQualityGate abortPipeline:true } }
    }
    stage('OWASP') {
      steps {
        dependencyCheck additionalArguments:'--format HTML --format XML', odcInstallation:'OWASP-DC'
      }
    }
    stage('Docker Push') {
      steps {
        sh "docker build -t ${IMAGE}:${BUILD_NUMBER} ."
        withCredentials([usernamePassword(credentialsId:'harbor-creds',
          usernameVariable:'U', passwordVariable:'P')]) {
          sh "docker login ${HARBOR} -u $U -p $P && docker push ${IMAGE}:${BUILD_NUMBER}"
        }
      }
    }
    stage('Deploy Dev')  { when { branch 'develop' }
      steps { sh "kubectl set image deploy/myapp myapp=${IMAGE}:${BUILD_NUMBER} -n dev" }
    }
    stage('Approve Prod') { when { branch 'main' }
      steps { input 'Deploy to Production?' }
    }
    stage('Deploy Prod') { when { branch 'main' }
      steps { sh "kubectl set image deploy/myapp myapp=${IMAGE}:${BUILD_NUMBER} -n prod" }
    }
  }
}