zioinfo-mail/itsm/cicd/jenkins/Jenkinsfile.nodejs

// GUARDiA ITSM — Node.js 표준 파이프라인

pipeline {
    agent any

    tools {
        nodejs 'nodejs20'
    }

    parameters {
        string(name: 'ITSM_SESSION_ID', defaultValue: '', description: 'GUARDiA 바이브 세션 ID')
        string(name: 'ITSM_SR_ID',      defaultValue: '', description: '연결된 SR ID')
        choice(name: 'DEPLOY_ENV',      choices: ['dev', 'stg', 'prd'], description: '배포 환경')
        string(name: 'TARGET_SERVER',   defaultValue: '', description: '배포 대상 서버명')
        booleanParam(name: 'SKIP_TEST', defaultValue: false, description: '테스트 건너뜀')
    }

    environment {
        APP_VERSION   = "${env.BRANCH_NAME ?: 'unknown'}-${env.BUILD_NUMBER}"
        SCRIPTS_ROOT  = "${WORKSPACE}/cicd/scripts/pipeline"
        NOTIFY_SCRIPT = "${WORKSPACE}/cicd/scripts/notify/itsm_callback.sh"
        NODE_ENV      = "${params.DEPLOY_ENV == 'prd' ? 'production' : 'development'}"
        CI            = "true"
    }

    options {
        timeout(time: 60, unit: 'MINUTES')
        buildDiscarder(logRotator(numToKeepStr: '30'))
        disableConcurrentBuilds()
    }

    stages {
        stage('Checkout') {
            steps {
                checkout scm
            }
        }

        stage('Install') {
            steps {
                sh """
                    node --version
                    npm --version
                    # package-lock.json이 있으면 ci, 없으면 install
                    [ -f package-lock.json ] && npm ci || npm install --prefer-offline
                """
            }
        }

        stage('Build') {
            steps {
                sh "bash ${NOTIFY_SCRIPT} BUILDING '빌드 시작'"
                sh "npm run build"
            }
            post {
                failure {
                    sh "bash ${NOTIFY_SCRIPT} FAILED '빌드 실패' || true"
                }
            }
        }

        stage('Test') {
            when {
                expression { return !params.SKIP_TEST }
            }
            steps {
                sh "npm test -- --coverage --watchAll=false"
            }
            post {
                always {
                    junit testResults: 'coverage/junit.xml', allowEmptyResults: true
                }
                failure {
                    sh "bash ${NOTIFY_SCRIPT} FAILED '테스트 실패' || true"
                }
            }
        }

        stage('Archive') {
            steps {
                sh "tar czf app-${APP_VERSION}.tar.gz dist/ || tar czf app-${APP_VERSION}.tar.gz build/"
                archiveArtifacts(
                    artifacts: "app-${APP_VERSION}.tar.gz",
                    fingerprint: true
                )
            }
        }

        stage('Production Approval') {
            when {
                anyOf { branch 'main'; branch 'hotfix/*' }
                expression { return params.DEPLOY_ENV == 'prd' }
            }
            steps {
                sh "bash ${NOTIFY_SCRIPT} PENDING_APPROVAL '운영 배포 승인 대기'"
                timeout(time: 30, unit: 'MINUTES') {
                    input message: "운영 배포를 승인하시겠습니까?", ok: "승인"
                }
            }
        }

        stage('Deploy') {
            steps {
                sh "bash ${NOTIFY_SCRIPT} DEPLOYING '배포 시작'"
                withCredentials([sshUserPrivateKey(
                    credentialsId: "ssh-${params.TARGET_SERVER}",
                    keyFileVariable: 'SSH_KEY',
                    usernameVariable: 'SSH_USER'
                )]) {
                    sh """
                        bash ${SCRIPTS_ROOT}/deploy.sh \
                            --server   "${params.TARGET_SERVER}" \
                            --env      "${params.DEPLOY_ENV}" \
                            --ssh-key  "${SSH_KEY}" \
                            --ssh-user "${SSH_USER}" \
                            --artifact "app-${APP_VERSION}.tar.gz"
                    """
                }
            }
        }

        stage('WAS Restart') {
            steps {
                withCredentials([sshUserPrivateKey(
                    credentialsId: "ssh-${params.TARGET_SERVER}",
                    keyFileVariable: 'SSH_KEY',
                    usernameVariable: 'SSH_USER'
                )]) {
                    sh """
                        bash ${SCRIPTS_ROOT}/was_restart.sh \
                            --server   "${params.TARGET_SERVER}" \
                            --ssh-key  "${SSH_KEY}" \
                            --ssh-user "${SSH_USER}" \
                            --was-type "nodejs"
                    """
                }
            }
        }

        stage('Health Check') {
            steps {
                retry(3) {
                    sh """
                        bash ${SCRIPTS_ROOT}/health_check.sh \
                            --url "${env.HEALTH_CHECK_URL ?: 'http://localhost:3000/health'}" \
                            --timeout 60
                    """
                }
            }
            post {
                failure {
                    sh "bash ${SCRIPTS_ROOT}/rollback.sh --server '${params.TARGET_SERVER}' --reason '헬스체크 실패' || true"
                    sh "bash ${NOTIFY_SCRIPT} ROLLED_BACK '헬스체크 실패 — 자동 롤백' || true"
                }
            }
        }

        stage('ITSM Callback') {
            steps {
                sh "bash ${NOTIFY_SCRIPT} COMPLETED '배포 완료 (빌드 #${env.BUILD_NUMBER})'"
            }
        }
    }

    post {
        always { cleanWs() }
        failure {
            sh "bash ${NOTIFY_SCRIPT} FAILED '파이프라인 실패' || true"
        }
    }
}