pipeline { agent any tools { jdk 'jdk17' maven 'maven3' } environment { SCANNER_HOME= tool 'sonar-scanner' } stages { stage('Git') { steps { git branch: 'main', url: 'https://github.com/stardistributors/shopping-cart.git' } } stage('compile') { steps { sh 'mvn compile' } } stage('OWASP Dependency Check') { steps { dependencyCheck additionalArguments: '--scan ./', odcInstallation: 'DC' dependencyCheckPublisher pattern: '**/dependency-check-report.xml' } } stage('SonarQube Analysis') { steps { withSonarQubeEnv('sonar') { sh ''' $SCANNER_HOME/bin/sonar-scanner -Dsonar.projectName=shopping-cart -Dsonar.projectKey=shopping-cart -Dsonar.java.binaries=target/classes ''' } } } stage('Build Application & Push Artifact to nexus') { steps { withMaven(globalMavenSettingsConfig: '', jdk: 'jdk17', maven: 'maven3', mavenSettingsConfig: 'maven-settings-default', traceability: true) { sh 'mvn deploy -DskipTests=true' } } } stage ('Docker Build & Tag'){ steps { script { withDockerRegistry(credentialsId: 'docker-cred', toolName: 'docker') { sh "docker build -t aziz27uk/shopping-cart:latest -f docker/Dockerfile ." } } } } stage ('Trivy Image Scan') { steps { sh "trivy image --format table -o trivy-report.html aziz27uk/shopping-cart:latest" } } stage ('Docker Push'){ steps { script { withDockerRegistry(credentialsId: 'docker-cred', toolName: 'docker') { sh "docker push aziz27uk/shopping-cart:latest " } } } } stage ('k8-deploy'){ steps { withKubeConfig(caCertificate: '', clusterName: 'kubernetes', contextName: '', credentialsId: 'k8-auth', namespace: 'webapps', restrictKubeConfigAccess: false, serverUrl: 'https://192.168.171.50:6443') { sh "kubectl apply -f deploymentservice.yml --validate=false" sh "kubectl get svc -n webapps" } } } } }