zio/guardia-itsm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6d152e5ff5
guardia-itsm/cicd/jenkins/Jenkinsfile.java-maven
DESKTOP-TKLFCPRython 6d152e5ff5 feat(cicd): Gitea 기반 CI/CD 파이프라인 통합 
[Jenkins - Gitea 연동]
- config/jenkins.yaml: gitea-credentials + gitea-api-token 자격증명 추가
- config/jenkins.yaml: GITEA_BASE_URL/ORG/REPO 전역 환경변수 추가
- Jenkinsfile.java-maven: Gitea SCM checkout 우선 (폴백: scm 기본값)
- jenkins_plugins.sh: generic-webhook-trigger + gitea 플러그인 추가
- jenkins_install.sh: 설치 후 Gitea 웹훅 자동 등록 호출

[Gitea 웹훅 자동화]
- scripts/notify/gitea_webhook.sh: Jenkins Generic Webhook Trigger 등록
  - push, pull_request, pull_request_review 이벤트 트리거
  - PR 빌드 전용 웹훅 별도 등록

[Gitea Actions CI (온프레미스 CI/CD)]
- .gitea/workflows/ci.yml:
  - Python Lint (flake8 E9/F4/F8 계열)
  - 모듈 임포트 테스트 (21개 모듈)
  - FastAPI 앱 로드 테스트
  - bash 구문 검사 (setup/*.sh + cicd/**/*.sh)
  - Docker Compose YAML 검증
  - PR 검증 요약 job

[브랜치 전략 적용]
  push: main, develop, feature/**
  pull_request: main, develop

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-29 19:37:07 +09:00

257 lines
9.5 KiB
Plaintext
Raw Blame History

// GUARDiA ITSM — Java Maven 표준 파이프라인
// 사용법: Jenkins → New Item → Pipeline → SCM → 이 파일 지정
pipeline {
agent any
tools {
maven 'maven3'
jdk 'JDK17'
}
parameters {
string(name: 'ITSM_SESSION_ID', defaultValue: '', description: 'GUARDiA 바이브 세션 ID')
string(name: 'ITSM_SR_ID', defaultValue: '', description: '연결된 SR ID')
choice(name: 'DEPLOY_ENV', choices: ['dev', 'stg', 'prd'], description: '배포 환경')
string(name: 'TARGET_SERVER', defaultValue: '', description: '배포 대상 서버명')
booleanParam(name: 'SKIP_TEST', defaultValue: false, description: '테스트 건너뜀')
}
environment {
APP_VERSION = "${env.BRANCH_NAME ?: 'unknown'}-${env.BUILD_NUMBER}"
SCRIPTS_ROOT = "${WORKSPACE}/cicd/scripts/pipeline"
NOTIFY_SCRIPT = "${WORKSPACE}/cicd/scripts/notify/itsm_callback.sh"
ITSM_URL = "${env.ITSM_URL ?: 'http://itsm.agency.go.kr:8000'}"
}
options {
timeout(time: 90, unit: 'MINUTES')
buildDiscarder(logRotator(numToKeepStr: '30', artifactNumToKeepStr: '10'))
disableConcurrentBuilds()
maskPasswords()
}
stages {
stage('Checkout') {
steps {
// Gitea(온프레미스) → GitHub 순서로 SCM 폴백
script {
def giteaUrl = "${env.GITEA_BASE_URL ?: 'http://localhost:3000'}/${env.GITEA_ORG ?: 'guardia'}/${env.GIT_REPO_NAME ?: 'GUARDiA'}.git"
try {
checkout([
$class: 'GitSCM',
branches: [[name: "*/${env.BRANCH_NAME ?: 'main'}"]],
userRemoteConfigs: [[
url: giteaUrl,
credentialsId: 'gitea-credentials'
]],
extensions: [[$class: 'CloneOption', depth: 1, noTags: false, shallow: true]]
])
echo "✅ Gitea checkout: ${env.GIT_COMMIT?.take(8) ?: 'N/A'}"
} catch (Exception e) {
echo "⚠️ Gitea checkout 실패 — SCM 기본값 사용: ${e.message}"
checkout scm
}
}
}
}
stage('Build') {
steps {
withCredentials([string(credentialsId: 'itsm-api-token', variable: 'ITSM_TOKEN')]) {
sh "bash ${NOTIFY_SCRIPT} BUILDING '빌드 시작'"
}
sh """
mvn clean package -DskipTests=true \
-Dapp.version=${APP_VERSION} \
--batch-mode --no-transfer-progress
"""
echo "✅ 빌드 완료"
}
post {
failure {
sh "bash ${NOTIFY_SCRIPT} FAILED '빌드 실패 (Stage: Build)' || true"
}
}
}
stage('Test') {
when {
expression { return !params.SKIP_TEST }
}
parallel {
stage('Unit Test') {
steps {
sh """
mvn test \
--batch-mode --no-transfer-progress \
-Dapp.version=${APP_VERSION}
"""
}
post {
always {
junit testResults: '**/target/surefire-reports/*.xml',
allowEmptyResults: true
}
}
}
stage('SonarQube') {
when {
anyOf {
branch 'release/*'
branch 'main'
}
}
steps {
withSonarQubeEnv('sonarqube') {
sh """
mvn sonar:sonar \
-Dsonar.projectVersion=${APP_VERSION} \
--batch-mode --no-transfer-progress
"""
}
timeout(time: 10, unit: 'MINUTES') {
waitForQualityGate abortPipeline: true
}
}
}
}
post {
failure {
sh "bash ${NOTIFY_SCRIPT} FAILED '테스트 실패 (Stage: Test)' || true"
}
}
}
stage('Archive') {
steps {
archiveArtifacts(
artifacts: 'target/*.jar,target/*.war',
fingerprint: true,
allowEmptyArchive: false
)
echo "✅ 아티팩트 저장 완료"
}
}
stage('Production Approval') {
when {
anyOf {
branch 'main'
branch 'hotfix/*'
}
expression { return params.DEPLOY_ENV == 'prd' }
}
steps {
withCredentials([string(credentialsId: 'itsm-api-token', variable: 'ITSM_TOKEN')]) {
sh "bash ${NOTIFY_SCRIPT} PENDING_APPROVAL '운영 배포 승인 대기 중'"
}
timeout(time: 30, unit: 'MINUTES') {
input message: "운영(prd) 배포를 승인하시겠습니까?",
ok: "배포 승인",
submitterParameter: "APPROVER"
}
}
}
stage('Deploy') {
steps {
withCredentials([string(credentialsId: 'itsm-api-token', variable: 'ITSM_TOKEN')]) {
sh "bash ${NOTIFY_SCRIPT} DEPLOYING '배포 시작'"
}
withCredentials([sshUserPrivateKey(
credentialsId: "ssh-${params.TARGET_SERVER}",
keyFileVariable: 'SSH_KEY',
usernameVariable: 'SSH_USER'
)]) {
sh """
bash ${SCRIPTS_ROOT}/deploy.sh \
--server "${params.TARGET_SERVER}" \
--env "${params.DEPLOY_ENV}" \
--ssh-key "${SSH_KEY}" \
--ssh-user "${SSH_USER}" \
--artifact "\$(ls target/*.jar target/*.war 2>/dev/null | head -1)"
"""
}
}
post {
failure {
sh "bash ${NOTIFY_SCRIPT} FAILED '배포 실패 (Stage: Deploy)' || true"
}
}
}
stage('WAS Restart') {
steps {
withCredentials([sshUserPrivateKey(
credentialsId: "ssh-${params.TARGET_SERVER}",
keyFileVariable: 'SSH_KEY',
usernameVariable: 'SSH_USER'
)]) {
sh """
bash ${SCRIPTS_ROOT}/was_restart.sh \
--server "${params.TARGET_SERVER}" \
--ssh-key "${SSH_KEY}" \
--ssh-user "${SSH_USER}" \
--was-type "${env.WAS_TYPE ?: 'tomcat'}"
"""
}
}
post {
failure {
sh """
bash ${SCRIPTS_ROOT}/rollback.sh \
--server "${params.TARGET_SERVER}" \
--reason "WAS 재기동 실패" || true
"""
sh "bash ${NOTIFY_SCRIPT} FAILED 'WAS 재기동 실패 — 롤백 시도' || true"
}
}
}
stage('Health Check') {
steps {
retry(3) {
sh """
bash ${SCRIPTS_ROOT}/health_check.sh \
--url "${env.HEALTH_CHECK_URL ?: 'http://localhost:8080/health'}" \
--timeout 60 \
--retries 3
"""
}
}
post {
failure {
sh """
bash ${SCRIPTS_ROOT}/rollback.sh \
--server "${params.TARGET_SERVER}" \
--reason "헬스체크 실패" || true
"""
sh "bash ${NOTIFY_SCRIPT} ROLLED_BACK '헬스체크 실패 — 자동 롤백 완료' || true"
}
}
}
stage('ITSM Callback') {
steps {
sh """
bash ${NOTIFY_SCRIPT} COMPLETED \
"배포 완료 (빌드 #${env.BUILD_NUMBER}, ${params.DEPLOY_ENV})"
"""
}
}
}
post {
always {
cleanWs(cleanWhenAborted: true, cleanWhenFailure: true, cleanWhenSuccess: true)
}
success {
echo "🎉 파이프라인 성공: ${env.JOB_NAME} #${env.BUILD_NUMBER}"
}
failure {
sh "bash ${NOTIFY_SCRIPT} FAILED '파이프라인 실패: ${env.JOB_NAME} #${env.BUILD_NUMBER}' || true"
}
}
}
Reference in New Issue View Git Blame Copy Permalink