pipeline {
  agent any
   tools {
    jdk 'jdk17'
    nodejs 'nodejs'
  }
  environment {
    SONARQUBE_HOME=tool 'sonar-scanner'
  }
  stages {
    stage ('Stage 1:clean workspace'){
      steps {
        cleanWs()
      }
    }
    stage ('Stage 2:Git Clone') {
      steps {
        git branch:'main', url:'https://github.com/AbdulAziz-uk/amazon-prime-video-kubernetes.git'
      }
    } 
    stage ('Stage 3:Sonar Analysis'){
      steps {
        withSonarQubeEnv('sonarqube-server'){
          sh ''' $SONARQUBE_HOME/bin/sonar-scanner -Dsonar.projectName=amazon-prime \
            -Dsonar.projectKey=amazon-prime '''
        }
      }
    }
    stage ('Stage 4:quality gate'){
      steps {
        script {
          waitForQualityGate abortPipeline:false, credentialsId:'sonar-token'
        }
      }
    }
    stage ('Stage 5:Install Dependencies'){
      steps {
        sh "npm install"
      }
    }
    stage ('Stage 6:OWASP FS Scan'){
      steps {
        dependencyCheck additionalArguments:'--scan ./ --disableYarnAudit --disableNodeAudit --nvdApiKey 36883b57-9d9d-4677-b466-f7012f883687', odcInstallation:'DC'
        dependencyCheckPublisher pattern:'**/dependency-check-report.xml'
      }
    }
    stage ('Stage 7:Trivy FS Scan'){
      steps {
        sh "trivy fs . > trivyfs.txt"
      }
    }
    stage ('Stage 8:Docker Build & Push'){
      steps {
        script {
          withDockerRegistry(credentialsId:'docker', toolName:'docker'){
            sh "docker build -t amazon-prime ." 
            sh "docker tag amazon-prime aziz27uk/amazon-prime:latest"
            sh "docker push aziz27uk/amazon-prime:latest"
          }
        }
      }
    }
    stage ('Stage 9:Trivy Image Scan'){
      steps {
        sh "trivy image aziz27uk/amazon-prime:latest > trivyimage.txt"
      }
    }
    stage ('Stage 10:Deploy to Container'){
      steps {
        sh 'docker run -d --name amazon-prime -p 3000:3000 aziz27uk/amazon-prime:latest'
      }
    }
  }
    post {
    always {
        script {
            def buildStatus = currentBuild.currentResult
            def buildUser = currentBuild.getBuildCauses('hudson.model.Cause$UserIdCause')[0]?.userId ?:'Github User'
            emailext (
                subject:"Pipeline ${buildStatus}:${env.JOB_NAME} #${env.BUILD_NUMBER}",
                body:"""
                    <p>This is a Jenkins amazon-prime CICD pipeline status.</p>
                    <p>Project:${env.JOB_NAME}</p>
                    <p>Build Number:${env.BUILD_NUMBER}</p>
                    <p>Build Status:${buildStatus}</p>
                    <p>Started by:${buildUser}</p>
                    <p>Build URL:<a href="${env.BUILD_URL}">${env.BUILD_URL}</a></p>
                """,
                to:'aziz.azure2024@gmail.com',
                from:'aziz.azure2024@gmail.com',
                replyTo:'aziz.azure2024@gmail.com',
                mimeType:'text/html',
                attachmentsPattern:'trivyfs.txt,trivyimage.txt'
                     )
             }
          }
        }
}