diff --git a/Jenkinsfile b/Jenkinsfile index 40bdee7..586247b 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,5 +1,9 @@ -node { - tools {"org.jenkinsci.plugins.terraform.TerraformInstallation" "terraform-0.11.10"} +pipeline { + agent any + + tools { + "org.jenkinsci.plugins.terraform.TerraformInstallation" "terraform-0.11.10" + } environment { TF_HOME = tool('terraform-0.11.10') @@ -9,93 +13,141 @@ node { SECRET_KEY = credentials('jenkins-aws-secret-access-key') } - echo "workspace directory is ${workspace}" + stages{ + stage('checkout') { + steps { + checkout scm + echo "workspace directory is ${workspace}" + } + } - stage('checkout') { - checkout scm - } + stage('terraform destroy') { + steps { + dir('./terraform/prod'){ + sh "terraform --version" + sh "echo 'Destroying old Infrastructure'" + sh "terraform destroy --auto-approve" + } + } + } - stage('check java') { - sh "java -version" - } + stage('check java') { + steps { + sh "java -version" + } + } - script { - version = sh ( - script: "./gradlew properties -q | grep \"^version:\" | awk '{print \$2}'", - returnStdout: true - ).trim() - sh "echo Building project in version: $version" - } + stage('get project version') { + steps { + script { + version = sh ( + script: "./gradlew properties -q | grep \"^version:\" | awk '{print \$2}'", + returnStdout: true + ).trim() + sh "echo Building project in version: $version" + } + } + } + + stage('clean') { + steps { + sh "chmod +x gradlew" + sh "./gradlew clean --no-daemon" + } + } - stage('clean') { - sh "chmod +x gradlew" - sh "./gradlew clean --no-daemon" - } + stage('build') { + steps { + sh "./gradlew npm_install -Pprod -PnodeInstall --no-daemon" + } + } - stage('build') { - sh "./gradlew npm_install -Pprod -PnodeInstall --no-daemon" - } + stage('quality analysis') { + steps { + withSonarQubeEnv('sonarqube') { + sh "./gradlew sonarqube --no-daemon -PnodeInstall -Pprod" + } + } + } + stage('backend tests') { + steps { + script { + try { + sh "./gradlew test integrationTest -Pprod -PnodeInstall --no-daemon" + } catch(err) { + throw err + } finally { + junit '**/build/**/TEST-*.xml' } + } + } + } + - stage('backend tests') { - try { - sh "./gradlew test integrationTest -Pprod -PnodeInstall --no-daemon" - } catch(err) { - throw err - } finally { - junit '**/build/**/TEST-*.xml' } } + stage('frontend tests') { + steps { + script { + try { + sh "./gradlew npm_run_test -Pprod -PnodeInstall --no-daemon" + } catch(err) { + throw err + } finally { + junit '**/build/test-results/TESTS-*.xml' } + } + } + } - stage('frontend tests') { - try { - sh "./gradlew npm_run_test -Pprod -PnodeInstall --no-daemon" - } catch(err) { - throw err - } finally { - junit '**/build/test-results/TESTS-*.xml' - } - } - - stage('packaging') { - sh "./gradlew bootJar -x test -Pprod -PnodeInstall --no-daemon" - archiveArtifacts artifacts: '**/build/libs/*.jar', fingerprint: true - } + stage('packaging') { + steps { + sh "./gradlew bootJar -x test -Pprod -PnodeInstall --no-daemon" + archiveArtifacts artifacts: '**/build/libs/*.jar', fingerprint: true + } + } - stage ('Publish') { - nexusPublisher nexusInstanceId: 'stsnexus', nexusRepositoryId: 'maven-releases', packages: [[$class: 'MavenPackage', mavenAssetList: [[classifier: '', extension: '', filePath: "${workspace}/build/libs/devopsdemo-${version}.jar"]], mavenCoordinate: [artifactId: 'devops-demo', groupId: 'com.simpletechnologysolutions', packaging: 'jar', version: "${version}" ]]] - } + stage ('Publish') { + steps { + nexusPublisher nexusInstanceId: 'stsnexus', nexusRepositoryId: 'maven-releases', packages: [[$class: 'MavenPackage', mavenAssetList: [[classifier: '', extension: '', filePath: "${workspace}/build/libs/devopsdemo-${version}.jar"]], mavenCoordinate: [artifactId: 'devops-demo', groupId: 'com.simpletechnologysolutions', packaging: 'jar', version: "${version}" ]]] + } + } - stage('terraform init') { - dir('./terraform/prod'){ - sh "echo 'Initializing Terraform'" - sh "terraform init -input=false" - } - } - - stage('terraform plan'){ - dir('./terraform/prod'){ - sh "echo 'Planning Terraform Build'" - sh "terraform plan -var 'access_key=$ACCESS_KEY' -var 'secret_key=$SECRET_KEY'" + stage('terraform init') { + steps { + dir('./terraform/prod'){ + sh "terraform --version" + sh "echo 'Initializing Terraform'" + sh "terraform init -input=false" + } + } } - } - stage('terraform apply'){ - steps { - script{ - def apply = false - try { - input message: 'Can you please confirm the apply', ok: 'Ready to Apply the Config' - apply = true - } catch (err) { - apply = false - currentBuild.result = 'UNSTABLE' - } - if(apply){ - dir('./terraform/prod'){ - sh "echo 'Applying Terraform'" - sh 'terraform apply --auto-approve' - } + stage('terraform plan'){ + steps { + dir('./terraform/prod'){ + sh "echo 'Planning Terraform Build'" + sh "terraform plan" } } } - } -} \ No newline at end of file + + stage('terraform apply'){ + steps { + script{ + def apply = false + try { + input message: 'Can you please confirm the apply', ok: 'Ready to Apply the Config' + apply = true + } catch (err) { + apply = false + currentBuild.result = 'UNSTABLE' + } + if(apply){ + dir('./terraform/prod'){ + sh "echo 'Applying Terraform'" + sh 'terraform apply --auto-approve' + } + } + } + } + } + } +} diff --git a/Jenkinsfile.destroy b/Jenkinsfile.destroy new file mode 100644 index 0000000..0cc4237 --- /dev/null +++ b/Jenkinsfile.destroy @@ -0,0 +1,57 @@ + +//This pipeline should be run to destroy terraform resources +pipeline { + agent any + + tools { + "org.jenkinsci.plugins.terraform.TerraformInstallation" "terraform-0.11.10" + } + + environment { + TF_HOME = tool('terraform-0.11.10') + TF_IN_AUTOMATION = "true" + PATH = "$TF_HOME:$PATH" + ACCESS_KEY = credentials('jenkins-aws-secret-key-id') + SECRET_KEY = credentials('jenkins-aws-secret-access-key') + } + + stages{ + stage('checkout') { + steps { + checkout scm + echo "workspace directory is ${workspace}" + } + } + + stage('terraform init') { + steps { + dir('./terraform/prod'){ + sh "terraform --version" + sh "echo 'Initializing Terraform'" + sh "terraform init -input=false" + } + } + } + + stage('terraform destroy'){ + steps { + script{ + def apply = false + try { + input message: 'Can you please confirm the destroy', ok: 'Ready to Destroy the Infrastructure' + apply = true + } catch (err) { + apply = false + currentBuild.result = 'UNSTABLE' + } + if(apply){ + dir('./terraform/prod'){ + sh "echo 'Applying Terraform'" + sh 'terraform destroy --auto-approve' + } + } + } + } + } + } +} diff --git a/Jenkinsfile.integration b/Jenkinsfile.integration index 8cfcad5..985891b 100644 --- a/Jenkinsfile.integration +++ b/Jenkinsfile.integration @@ -1,71 +1,153 @@ -node { +pipeline { + agent any - echo "workspace directory is ${workspace}" - - stage('checkout') { - checkout scm + tools { + "org.jenkinsci.plugins.terraform.TerraformInstallation" "terraform-0.11.10" } - stage('check java') { - sh "java -version" + environment { + TF_HOME = tool('terraform-0.11.10') + TF_IN_AUTOMATION = "true" + PATH = "$TF_HOME:$PATH" + ACCESS_KEY = credentials('jenkins-aws-secret-key-id') + SECRET_KEY = credentials('jenkins-aws-secret-access-key') } - script { - version = sh ( - script: "./gradlew properties -q | grep \"^version:\" | awk '{print \$2}'", - returnStdout: true - ).trim() - sh "echo Building project in version: $version" - } + stages{ + stage('checkout') { + steps { + checkout scm + echo "workspace directory is ${workspace}" + } + } + stage('terraform destroy') { + steps { + dir('./terraform/prod'){ + sh "terraform --version" + sh "echo 'Destroying old Infrastructure'" + sh "terraform destroy --auto-approve" + } + } + } + + stage('check java') { + steps { + sh "java -version" + } + } - stage('clean') { - sh "chmod +x gradlew" - sh "./gradlew clean --no-daemon" - } + stage('get project version') { + steps { + script { + version = sh ( + script: "./gradlew properties -q | grep \"^version:\" | awk '{print \$2}'", + returnStdout: true + ).trim() + sh "echo Building project in version: $version" + } + } + } + + stage('clean') { + steps { + sh "chmod +x gradlew" + sh "./gradlew clean --no-daemon" + } + } - stage('build') { - sh "./gradlew npm_install -Pprod -PnodeInstall --no-daemon" - } - stage('quality analysis') { - withSonarQubeEnv('sonarqube') { - sh "./gradlew sonarqube --no-daemon -PnodeInstall -Pprod" - } - } + stage('build') { + steps { + sh "./gradlew npm_install -Pprod -PnodeInstall --no-daemon" + } + } - stage('backend tests') { - try { - sh "./gradlew test integrationTest -Pprod -PnodeInstall --no-daemon" - } catch(err) { - throw err - } finally { - junit '**/build/**/TEST-*.xml' } } + stage('quality analysis') { + steps { + withSonarQubeEnv('sonarqube') { + sh "./gradlew sonarqube --no-daemon -PnodeInstall -Pprod" + } + } + } - stage('frontend tests') { - try { - sh "./gradlew npm_run_test -Pprod -PnodeInstall --no-daemon" - } catch(err) { - throw err - } finally { + stage('backend tests') { + steps { + script { + try { + sh "./gradlew test integrationTest -Pprod -PnodeInstall --no-daemon" + } catch(err) { + throw err + } finally { + junit '**/build/**/TEST-*.xml' } + } + } + } + + stage('frontend tests') { + steps { + script { + try { + sh "./gradlew npm_run_test -Pprod -PnodeInstall --no-daemon" + } catch(err) { + throw err + } finally { + junit '**/build/test-results/TESTS-*.xml' } + } + } + } - junit '**/build/test-results/TESTS-*.xml' + stage('packaging') { + steps { + sh "./gradlew bootJar -x test -Pprod -PnodeInstall --no-daemon" + archiveArtifacts artifacts: '**/build/libs/*.jar', fingerprint: true + } + } + + stage ('Publish') { + steps { + nexusPublisher nexusInstanceId: 'stsnexus', nexusRepositoryId: 'maven-releases', packages: [[$class: 'MavenPackage', mavenAssetList: [[classifier: '', extension: '', filePath: "${workspace}/build/libs/devopsdemo-${version}.jar"]], mavenCoordinate: [artifactId: 'devops-demo', groupId: 'com.simpletechnologysolutions', packaging: 'jar', version: "${version}" ]]] + } + } + + stage('terraform init') { + steps { + dir('./terraform/prod'){ + sh "terraform --version" + sh "echo 'Initializing Terraform'" + sh "terraform init -input=false" + } + } } - } -/** - stage('User Approval') { - // input message: 'User input required', ok: 'Release!', parameters: [choice(name: 'RELEASE_APPROVED', choices: 'Yes\nNo', description: 'Proceed with Deployment?')] - input message: 'User input required', ok: 'Proceed With Deployment?' - echo "env: ${env.RELEASE_APPROVED}" - echo "params: ${params.RELEASE_APPROVED}" - } -*/ - stage('packaging') { - sh "./gradlew bootJar -x test -Pprod -PnodeInstall --no-daemon" - archiveArtifacts artifacts: '**/build/libs/*.jar', fingerprint: true - } - stage ('Publish') { - nexusPublisher nexusInstanceId: 'stsnexus', nexusRepositoryId: 'maven-releases', packages: [[$class: 'MavenPackage', mavenAssetList: [[classifier: '', extension: '', filePath: "${workspace}/build/libs/devopsdemo-${version}.jar"]], mavenCoordinate: [artifactId: 'devops-demo', groupId: 'com.simpletechnologysolutions', packaging: 'jar', version: "${version}" ]]] - } + stage('terraform plan'){ + steps { + dir('./terraform/prod'){ + sh "echo 'Planning Terraform Build'" + sh "terraform plan" + } + } + } + + stage('terraform apply'){ + steps { + script{ + def apply = false + try { + input message: 'Can you please confirm the apply', ok: 'Ready to Apply the Config' + apply = true + } catch (err) { + apply = false + currentBuild.result = 'UNSTABLE' + } + if(apply){ + dir('./terraform/prod'){ + sh "echo 'Applying Terraform'" + sh 'terraform apply --auto-approve' + } + } + } + } + } + } } diff --git a/README.md b/README.md index 01785e4..1f7ab79 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,5 @@ # devopsdemo -#Test This application was generated using JHipster 6.0.1, you can find documentation and help at [https://www.jhipster.tech/documentation-archive/v6.0.1](https://www.jhipster.tech/documentation-archive/v6.0.1). diff --git a/terraform/modules/ec2/main.tf b/terraform/modules/ec2/main.tf index 1d8d24b..0ed4930 100644 --- a/terraform/modules/ec2/main.tf +++ b/terraform/modules/ec2/main.tf @@ -1,6 +1,7 @@ provider "aws" { profile = "${var.profile}" region = "${var.region}" + version = "2.14" } data "template_file" "init" { @@ -27,7 +28,11 @@ data "template_file" "init" { /bin/echo -e "validation_key \"/etc/chef/simpletechnologysolutions-validator.pem\"" >> /etc/chef/client.rb /bin/echo -e "chef_license \"accept\"" >> /etc/chef/client.rb - sudo chef-client + /bin/echo 'log_location STDOUT' >> /etc/chef/file.json + /bin/echo -e "{\\\"run_list\\\": [ \\\"role[release]\\\" ]}" + + sudo chef-client -j /etc/chef/file.json --environment _default + EOF } @@ -55,7 +60,9 @@ resource "aws_instance" "server" { vpc_security_group_ids = ["${var.security_groups}"] subnet_id = "${var.subnet_id}" - # iam_instance_profile = "${var.role}" + associate_public_ip_address = true + + iam_instance_profile = "${var.role}" lifecycle { # prevent rebuild if a newer ami is released diff --git a/terraform/modules/ec2/variables.tf b/terraform/modules/ec2/variables.tf index b3b8c08..72ca835 100644 --- a/terraform/modules/ec2/variables.tf +++ b/terraform/modules/ec2/variables.tf @@ -12,14 +12,14 @@ variable "key" { } variable "security_groups" { - type = "list" + } variable "subnet_id" { } -# variable "role" { - -# } +variable "role" { + default = "s3_access_for_ec2" +} variable "OSDiskSize" { default = "8" diff --git a/terraform/modules/security_group/main.tf b/terraform/modules/security_group/main.tf index be675c9..af90d44 100644 --- a/terraform/modules/security_group/main.tf +++ b/terraform/modules/security_group/main.tf @@ -8,30 +8,56 @@ resource "aws_security_group" "security_group" { vpc_id = "${var.vpc_id}" ingress { - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_blocks = "${var.http_cidr}" + # TLS (change to whatever ports you need) + from_port = 443 + to_port = 443 + + protocol = "tcp" + # Please restrict your ingress to only necessary IPs and ports. + # Opening to 0.0.0.0/0 can lead to security vulnerabilities. + cidr_blocks = ["0.0.0.0/0"] } + ingress { - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_blocks = "${var.http_cidr}" + # TLS (change to whatever ports you need) + from_port = 80 + to_port = 80 + + protocol = "tcp" + # Please restrict your ingress to only necessary IPs and ports. + # Opening to 0.0.0.0/0 can lead to security vulnerabilities. + cidr_blocks = ["0.0.0.0/0"] } + ingress { - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_blocks = "${var.ssh_cidr}" + # TLS (change to whatever ports you need) + from_port = 8080 + to_port = 8080 + + protocol = "tcp" + # Please restrict your ingress to only necessary IPs and ports. + # Opening to 0.0.0.0/0 can lead to security vulnerabilities. + cidr_blocks = ["0.0.0.0/0"] } + ingress { + # TLS (change to whatever ports you need) + from_port = 22 + to_port = 22 + + protocol = "tcp" + # Please restrict your ingress to only necessary IPs and ports. + # Opening to 0.0.0.0/0 can lead to security vulnerabilities. + cidr_blocks = ["0.0.0.0/0"] + } + egress { - from_port = 0 - to_port = 0 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] } + tags = { Name = "${var.sg_name}" } diff --git a/terraform/modules/security_group/variables.tf b/terraform/modules/security_group/variables.tf index b7350c2..7f2d4b8 100644 --- a/terraform/modules/security_group/variables.tf +++ b/terraform/modules/security_group/variables.tf @@ -13,9 +13,4 @@ variable "sg_description" { variable "vpc_id" { } -variable "http_cidr" { - type = "list" -} -variable "ssh_cidr" { - type = "list" -} + diff --git a/terraform/prod/main.tf b/terraform/prod/main.tf index e9dd380..5beb410 100644 --- a/terraform/prod/main.tf +++ b/terraform/prod/main.tf @@ -16,17 +16,16 @@ module "security_group" { vpc_id = "vpc-0e3945d5888632944" - http_cidr = ["0.0.0.0/0"] - ssh_cidr = ["0.0.0.0/0"] + } module "ec2_server" { source = "../modules/ec2" profile = "sts" - instance_type = "t3.medium" + instance_type = "t2.micro" - security_groups = ["${module.security_group.id}"] - subnet_id = "subnet-0a1f8963d08b10d8f" + security_groups = "${module.security_group.id}" + subnet_id = "subnet-02ccc03ce0ce2a594" name = "dev_server"