guardia-itsm/cicd/jenkins/Jenkinsfile.java-gradle

// GUARDiA ITSM — Java Gradle 표준 파이프라인

pipeline {
    agent any

    tools {
        gradle 'gradle8'
        jdk    'JDK17'
    }

    parameters {
        string(name: 'ITSM_SESSION_ID', defaultValue: '', description: 'GUARDiA 바이브 세션 ID')
        string(name: 'ITSM_SR_ID',      defaultValue: '', description: '연결된 SR ID')
        choice(name: 'DEPLOY_ENV',      choices: ['dev', 'stg', 'prd'], description: '배포 환경')
        string(name: 'TARGET_SERVER',   defaultValue: '', description: '배포 대상 서버명')
        booleanParam(name: 'SKIP_TEST', defaultValue: false, description: '테스트 건너뜀')
    }

    environment {
        APP_VERSION   = "${env.BRANCH_NAME ?: 'unknown'}-${env.BUILD_NUMBER}"
        SCRIPTS_ROOT  = "${WORKSPACE}/cicd/scripts/pipeline"
        NOTIFY_SCRIPT = "${WORKSPACE}/cicd/scripts/notify/itsm_callback.sh"
        GRADLE_OPTS   = "-Dorg.gradle.daemon=false -Dorg.gradle.parallel=true"
    }

    options {
        timeout(time: 90, unit: 'MINUTES')
        buildDiscarder(logRotator(numToKeepStr: '30', artifactNumToKeepStr: '10'))
        disableConcurrentBuilds()
        maskPasswords()
    }

    stages {
        stage('Checkout') {
            steps {
                checkout scm
            }
        }

        stage('Build') {
            steps {
                sh "bash ${NOTIFY_SCRIPT} BUILDING '빌드 시작'"
                sh """
                    ./gradlew clean build -x test \
                        -Pversion=${APP_VERSION} \
                        --no-daemon --parallel --stacktrace
                """
            }
            post {
                failure {
                    sh "bash ${NOTIFY_SCRIPT} FAILED '빌드 실패' || true"
                }
            }
        }

        stage('Test') {
            when {
                expression { return !params.SKIP_TEST }
            }
            parallel {
                stage('Unit Test') {
                    steps {
                        sh """
                            ./gradlew test \
                                -Pversion=${APP_VERSION} \
                                --no-daemon
                        """
                    }
                    post {
                        always {
                            junit testResults: '**/build/test-results/test/*.xml',
                                  allowEmptyResults: true
                            publishHTML(target: [
                                allowMissing: true,
                                alwaysLinkToLastBuild: true,
                                reportDir: 'build/reports/tests/test',
                                reportFiles: 'index.html',
                                reportName: 'Test Report'
                            ])
                        }
                    }
                }
                stage('SonarQube') {
                    when {
                        anyOf { branch 'release/*'; branch 'main' }
                    }
                    steps {
                        withSonarQubeEnv('sonarqube') {
                            sh """
                                ./gradlew sonar \
                                    -Dsonar.projectVersion=${APP_VERSION} \
                                    --no-daemon
                            """
                        }
                        timeout(time: 10, unit: 'MINUTES') {
                            waitForQualityGate abortPipeline: true
                        }
                    }
                }
            }
        }

        stage('Archive') {
            steps {
                archiveArtifacts(
                    artifacts: 'build/libs/*.jar,build/libs/*.war',
                    fingerprint: true,
                    allowEmptyArchive: false
                )
            }
        }

        stage('Production Approval') {
            when {
                anyOf { branch 'main'; branch 'hotfix/*' }
                expression { return params.DEPLOY_ENV == 'prd' }
            }
            steps {
                sh "bash ${NOTIFY_SCRIPT} PENDING_APPROVAL '운영 배포 승인 대기'"
                timeout(time: 30, unit: 'MINUTES') {
                    input message: "운영 배포를 승인하시겠습니까?", ok: "승인"
                }
            }
        }

        stage('Deploy') {
            steps {
                sh "bash ${NOTIFY_SCRIPT} DEPLOYING '배포 시작'"
                withCredentials([sshUserPrivateKey(
                    credentialsId: "ssh-${params.TARGET_SERVER}",
                    keyFileVariable: 'SSH_KEY',
                    usernameVariable: 'SSH_USER'
                )]) {
                    sh """
                        bash ${SCRIPTS_ROOT}/deploy.sh \
                            --server   "${params.TARGET_SERVER}" \
                            --env      "${params.DEPLOY_ENV}" \
                            --ssh-key  "${SSH_KEY}" \
                            --ssh-user "${SSH_USER}" \
                            --artifact "\$(ls build/libs/*.jar build/libs/*.war 2>/dev/null | grep -v plain | head -1)"
                    """
                }
            }
        }

        stage('WAS Restart') {
            steps {
                withCredentials([sshUserPrivateKey(
                    credentialsId: "ssh-${params.TARGET_SERVER}",
                    keyFileVariable: 'SSH_KEY',
                    usernameVariable: 'SSH_USER'
                )]) {
                    sh """
                        bash ${SCRIPTS_ROOT}/was_restart.sh \
                            --server   "${params.TARGET_SERVER}" \
                            --ssh-key  "${SSH_KEY}" \
                            --ssh-user "${SSH_USER}" \
                            --was-type "${env.WAS_TYPE ?: 'tomcat'}"
                    """
                }
            }
            post {
                failure {
                    sh "bash ${SCRIPTS_ROOT}/rollback.sh --server '${params.TARGET_SERVER}' --reason 'WAS 재기동 실패' || true"
                    sh "bash ${NOTIFY_SCRIPT} FAILED 'WAS 재기동 실패' || true"
                }
            }
        }

        stage('Health Check') {
            steps {
                retry(3) {
                    sh """
                        bash ${SCRIPTS_ROOT}/health_check.sh \
                            --url "${env.HEALTH_CHECK_URL ?: 'http://localhost:8080/health'}" \
                            --timeout 60
                    """
                }
            }
            post {
                failure {
                    sh "bash ${SCRIPTS_ROOT}/rollback.sh --server '${params.TARGET_SERVER}' --reason '헬스체크 실패' || true"
                    sh "bash ${NOTIFY_SCRIPT} ROLLED_BACK '헬스체크 실패 — 자동 롤백' || true"
                }
            }
        }

        stage('ITSM Callback') {
            steps {
                sh "bash ${NOTIFY_SCRIPT} COMPLETED '배포 완료 (빌드 #${env.BUILD_NUMBER})'"
            }
        }
    }

    post {
        always { cleanWs() }
        failure {
            sh "bash ${NOTIFY_SCRIPT} FAILED '파이프라인 실패: ${env.JOB_NAME} #${env.BUILD_NUMBER}' || true"
        }
    }
}