From 69ed146abd490264476d538a8c8445052551398c Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Wed, 15 Oct 2025 23:20:53 +0200 Subject: [PATCH 01/70] Update Google OAuth credentials in .env.sample Updated Google OAuth credentials in the sample environment file. --- .env.sample | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.env.sample b/.env.sample index 8ef4ff2..28a6b98 100644 --- a/.env.sample +++ b/.env.sample @@ -1,6 +1,6 @@ # Google OAuth credentials -GOOGLE_ID=your_google_id_here -GOOGLE_SECRET=your_google_secret_here +GOOGLE_ID= 843731093025-eol05fgfiajku69sg3b9opvuautbe07v.apps.googleusercontent.com +GOOGLE_SECRET=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 # MongoDB connection string MONGODB_URI=mongodb://localhost:27017 @@ -12,4 +12,4 @@ NEXTAUTH_SECRET="your_nextauth_secret_here" NEXTAUTH_URL=http://localhost:3000 # Google API Key -NEXT_PUBLIC_API_KEY=your_google_api_key_here \ No newline at end of file +NEXT_PUBLIC_API_KEY=your_google_api_key_here From 2df409b17a4261f03cad6d88fbc018407cfaee78 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Wed, 15 Oct 2025 23:32:03 +0200 Subject: [PATCH 02/70] Add .env.local file --- .env.sample => .env.local | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .env.sample => .env.local (100%) diff --git a/.env.sample b/.env.local similarity index 100% rename from .env.sample rename to .env.local From 8bf46093aa93924d69f837b28f3e0f73613a9b62 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Wed, 15 Oct 2025 23:50:25 +0200 Subject: [PATCH 03/70] Update .env.local --- .env.local | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.env.local b/.env.local index 28a6b98..3521f40 100644 --- a/.env.local +++ b/.env.local @@ -12,4 +12,4 @@ NEXTAUTH_SECRET="your_nextauth_secret_here" NEXTAUTH_URL=http://localhost:3000 # Google API Key -NEXT_PUBLIC_API_KEY=your_google_api_key_here +NEXT_PUBLIC_API_KEY=AIzaSyBlMxZ6O0LzVzylgZb42pEAWl23CRgPIEA From 4dc4267d849cdfb5a1abec5661d506c6b3944d87 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 16 Oct 2025 00:08:35 +0200 Subject: [PATCH 04/70] Update .env.local --- .env.local | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.env.local b/.env.local index 3521f40..87fc694 100644 --- a/.env.local +++ b/.env.local @@ -9,7 +9,7 @@ MONGODB_URI=mongodb://localhost:27017 NEXTAUTH_SECRET="your_nextauth_secret_here" # Base URL for the application -NEXTAUTH_URL=http://localhost:3000 +NEXTAUTH_URL=ZizdAIrNSIEFkiZCd5whOsoXi+nvoCBERB7z8xh+EWo= # Google API Key NEXT_PUBLIC_API_KEY=AIzaSyBlMxZ6O0LzVzylgZb42pEAWl23CRgPIEA From 59a5870a28f39bc2dda472a8760f7f4dbeb0a126 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 16 Oct 2025 00:22:01 +0200 Subject: [PATCH 05/70] Update secrets in kind/secrets.yml with real values --- kind/secrets.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/kind/secrets.yml b/kind/secrets.yml index c3aa90d..e7e4443 100644 --- a/kind/secrets.yml +++ b/kind/secrets.yml @@ -5,8 +5,8 @@ metadata: namespace: gemini-namespace type: Opaque data: - GOOGLE_ID: # Enter your Google ID here in base64 encoded format - GOOGLE_SECRET: # Enter your Google secret here in base64 encoded format - NEXTAUTH_SECRET: # Enter your NextAuth secret here in base64 encoded format - NEXT_PUBLIC_API_KEY: # Enter your API key here in base64 encoded format - MONGODB_URI: # Enter your MongoDB URI here in base64 encoded format \ No newline at end of file + GOOGLE_ID: 843731093025-eol05fgfiajku69sg3b9opvuautbe07v.apps.googleusercontent.com # Enter your Google ID here in base64 encoded format + GOOGLE_SECRET: R09DU1BYLThiNEI4TDhTZDY0UEE0LVhHNWFhQlNqZVZjVTk= # Enter your Google secret here in base64 encoded format + NEXTAUTH_SECRET: Wml6ZEFJck5TSUVGa2laQ2Q1d2hPc29YaStudm9DQkVSQjd6OHhoK0VXbz0K # Enter your NextAuth secret here in base64 encoded format + NEXT_PUBLIC_API_KEY: QUl6YVN5QmxNeFo2TzBMelZ6eWxnWmI0MnBFQVdsMjNDUmdQSUVB # Enter your API key here in base64 encoded format + MONGODB_URI: # Enter your MongoDB URI here in base64 encoded format From fd392abd4ab9fd3aae9ed17abafbea53c542bd31 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 16 Oct 2025 00:24:21 +0200 Subject: [PATCH 06/70] Update Google OAuth and NextAuth credentials --- .env.local | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.env.local b/.env.local index 87fc694..02c4b2a 100644 --- a/.env.local +++ b/.env.local @@ -1,15 +1,15 @@ # Google OAuth credentials -GOOGLE_ID= 843731093025-eol05fgfiajku69sg3b9opvuautbe07v.apps.googleusercontent.com -GOOGLE_SECRET=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 - +GOOGLE_ID=843731093025-eol05fgfiajku69sg3b9opvuautbe07v.apps.googleusercontent.com +GOOGLE_SECRET=R09DU1BYLThiNEI4TDhTZDY0UEE0LVhHNWFhQlNqZVZjVTk= + # MongoDB connection string MONGODB_URI=mongodb://localhost:27017 - + # NextAuth secret -NEXTAUTH_SECRET="your_nextauth_secret_here" - +NEXTAUTH_SECRET=Wml6ZEFJck5TSUVGa2laQ2Q1d2hPc29YaStudm9DQkVSQjd6OHhoK0VXbz0K + # Base URL for the application -NEXTAUTH_URL=ZizdAIrNSIEFkiZCd5whOsoXi+nvoCBERB7z8xh+EWo= - +NEXTAUTH_URL=http://localhost:3000 + # Google API Key -NEXT_PUBLIC_API_KEY=AIzaSyBlMxZ6O0LzVzylgZb42pEAWl23CRgPIEA +NEXT_PUBLIC_API_KEY=QUl6YVN5QmxNeFo2TzBMelZ6eWxnWmI0MnBFQVdsMjNDUmdQSUVB From 178443fe6da31b6fdab76b00dc8ffce65b59b48a Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 16 Oct 2025 00:35:00 +0200 Subject: [PATCH 07/70] Update .env.local with new credentials and URIs Updated Google OAuth credentials, MongoDB URI, and NextAuth secrets in the local environment configuration. --- .env.local | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.env.local b/.env.local index 02c4b2a..e509a92 100644 --- a/.env.local +++ b/.env.local @@ -1,15 +1,15 @@ # Google OAuth credentials GOOGLE_ID=843731093025-eol05fgfiajku69sg3b9opvuautbe07v.apps.googleusercontent.com -GOOGLE_SECRET=R09DU1BYLThiNEI4TDhTZDY0UEE0LVhHNWFhQlNqZVZjVTk= +GOOGLE_SECRET=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 # MongoDB connection string -MONGODB_URI=mongodb://localhost:27017 +MONGODB_URI=mongodb+srv://alipeco90_db_user:D7Xr4ExRbiavbE6K@cluster0.bnl24cv.mongodb.net/ # NextAuth secret -NEXTAUTH_SECRET=Wml6ZEFJck5TSUVGa2laQ2Q1d2hPc29YaStudm9DQkVSQjd6OHhoK0VXbz0K +NEXTAUTH_SECRET=Wml6ZEFJck5TSUVGa2laQ2Q1d2hPc29YaStudm9DQkVSQjd6OHhoK0VXbz0K # NOTE: Use the PLAIN TEXT DECODED value here! # Base URL for the application NEXTAUTH_URL=http://localhost:3000 # Google API Key -NEXT_PUBLIC_API_KEY=QUl6YVN5QmxNeFo2TzBMelZ6eWxnWmI0MnBFQVdsMjNDUmdQSUVB +NEXT_PUBLIC_API_KEY=QUl6YVN5QmxNeFo2TzBMelZ6eWxnWmI0MnBFQVdsMjNDUmdQSUVB # NOTE: Use the PLAIN TEXT DECODED value here! From 56ca9628977862242d539cd91fe4c5b233c160dc Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 16 Oct 2025 00:35:53 +0200 Subject: [PATCH 08/70] Update secrets.yml --- kind/secrets.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kind/secrets.yml b/kind/secrets.yml index e7e4443..68398ac 100644 --- a/kind/secrets.yml +++ b/kind/secrets.yml @@ -9,4 +9,4 @@ data: GOOGLE_SECRET: R09DU1BYLThiNEI4TDhTZDY0UEE0LVhHNWFhQlNqZVZjVTk= # Enter your Google secret here in base64 encoded format NEXTAUTH_SECRET: Wml6ZEFJck5TSUVGa2laQ2Q1d2hPc29YaStudm9DQkVSQjd6OHhoK0VXbz0K # Enter your NextAuth secret here in base64 encoded format NEXT_PUBLIC_API_KEY: QUl6YVN5QmxNeFo2TzBMelZ6eWxnWmI0MnBFQVdsMjNDUmdQSUVB # Enter your API key here in base64 encoded format - MONGODB_URI: # Enter your MongoDB URI here in base64 encoded format + MONGODB_URI: mongodb+srv://alipeco90_db_user:D7Xr4ExRbiavbE6K@cluster0.bnl24cv.mongodb.net/ # Enter your MongoDB URI here in base64 encoded format From 2f30780a39c7c16d187d99685919f824b3f4752a Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 16 Oct 2025 02:05:46 +0200 Subject: [PATCH 09/70] Update secrets.yml --- kind/secrets.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kind/secrets.yml b/kind/secrets.yml index 68398ac..089864a 100644 --- a/kind/secrets.yml +++ b/kind/secrets.yml @@ -5,7 +5,7 @@ metadata: namespace: gemini-namespace type: Opaque data: - GOOGLE_ID: 843731093025-eol05fgfiajku69sg3b9opvuautbe07v.apps.googleusercontent.com # Enter your Google ID here in base64 encoded format + GOOGLE_ID: ODQzNzMxMDkzMDI1LWVvbDA1ZmdmaWFqa3U2OXNnM2I5b3B2dWF1dGJlMDd2LmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29t # Enter your Google ID here in base64 encoded format GOOGLE_SECRET: R09DU1BYLThiNEI4TDhTZDY0UEE0LVhHNWFhQlNqZVZjVTk= # Enter your Google secret here in base64 encoded format NEXTAUTH_SECRET: Wml6ZEFJck5TSUVGa2laQ2Q1d2hPc29YaStudm9DQkVSQjd6OHhoK0VXbz0K # Enter your NextAuth secret here in base64 encoded format NEXT_PUBLIC_API_KEY: QUl6YVN5QmxNeFo2TzBMelZ6eWxnWmI0MnBFQVdsMjNDUmdQSUVB # Enter your API key here in base64 encoded format From baae0711319c1e5d25023611868ee71bebac402e Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 16 Oct 2025 02:15:04 +0200 Subject: [PATCH 10/70] Change NEXTAUTH_URL to new server address Updated the NEXTAUTH_URL to point to the new server address. --- .env.local | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.env.local b/.env.local index e509a92..76bfff7 100644 --- a/.env.local +++ b/.env.local @@ -9,7 +9,7 @@ MONGODB_URI=mongodb+srv://alipeco90_db_user:D7Xr4ExRbiavbE6K@cluster0.bnl24cv.mo NEXTAUTH_SECRET=Wml6ZEFJck5TSUVGa2laQ2Q1d2hPc29YaStudm9DQkVSQjd6OHhoK0VXbz0K # NOTE: Use the PLAIN TEXT DECODED value here! # Base URL for the application -NEXTAUTH_URL=http://localhost:3000 +NEXTAUTH_URL=https://72.61.159.174.nip.io # Google API Key NEXT_PUBLIC_API_KEY=QUl6YVN5QmxNeFo2TzBMelZ6eWxnWmI0MnBFQVdsMjNDUmdQSUVB # NOTE: Use the PLAIN TEXT DECODED value here! From c690658fa62716437b8f18e0c5c0b30f3e748dc3 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 16 Oct 2025 02:15:51 +0200 Subject: [PATCH 11/70] Update NEXTAUTH_URL in configmap.yml --- kind/configmap.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kind/configmap.yml b/kind/configmap.yml index 9bb4d78..9822901 100644 --- a/kind/configmap.yml +++ b/kind/configmap.yml @@ -4,4 +4,4 @@ metadata: name: gemini-config namespace: gemini-namespace data: - NEXTAUTH_URL: # Enter your NextAuth URL here(Domain name/URL) \ No newline at end of file + NEXTAUTH_URL: https://72.61.159.174.nip.io # Enter your NextAuth URL here(Domain name/URL) From 8a273b677fcfad808da85359304d54a984417334 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 16 Oct 2025 02:16:37 +0200 Subject: [PATCH 12/70] Add GOOGLE_ID to gemini-config ConfigMap --- kind/configmap.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/kind/configmap.yml b/kind/configmap.yml index 9822901..2c5bfe7 100644 --- a/kind/configmap.yml +++ b/kind/configmap.yml @@ -4,4 +4,5 @@ metadata: name: gemini-config namespace: gemini-namespace data: + GOOGLE_ID: 843731093025-eol05fgfiajku69sg3b9opvuautbe07v.apps.googleusercontent.com NEXTAUTH_URL: https://72.61.159.174.nip.io # Enter your NextAuth URL here(Domain name/URL) From a39626602c2139a7ad03becec72eb880c61705fa Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 16 Oct 2025 02:17:48 +0200 Subject: [PATCH 13/70] Add MONGODB_URI to gemini-config ConfigMap --- kind/configmap.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kind/configmap.yml b/kind/configmap.yml index 2c5bfe7..f477f72 100644 --- a/kind/configmap.yml +++ b/kind/configmap.yml @@ -5,4 +5,6 @@ metadata: namespace: gemini-namespace data: GOOGLE_ID: 843731093025-eol05fgfiajku69sg3b9opvuautbe07v.apps.googleusercontent.com + MONGODB_URI: mongodb+srv://alipeco90_db_user:D7Xr4ExRbiavbE6K@cluster0.bnl24cv.mongodb.net/ + NEXTAUTH_URL: https://72.61.159.174.nip.io # Enter your NextAuth URL here(Domain name/URL) From b62e8d75b84e9565c0588b221bd93fea5759c57a Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 16 Oct 2025 02:19:13 +0200 Subject: [PATCH 14/70] Add MONGODB_INITDB_ROOT_USERNAME to configmap --- kind/configmap.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kind/configmap.yml b/kind/configmap.yml index f477f72..94018ba 100644 --- a/kind/configmap.yml +++ b/kind/configmap.yml @@ -6,5 +6,5 @@ metadata: data: GOOGLE_ID: 843731093025-eol05fgfiajku69sg3b9opvuautbe07v.apps.googleusercontent.com MONGODB_URI: mongodb+srv://alipeco90_db_user:D7Xr4ExRbiavbE6K@cluster0.bnl24cv.mongodb.net/ - NEXTAUTH_URL: https://72.61.159.174.nip.io # Enter your NextAuth URL here(Domain name/URL) + MONGODB_INITDB_ROOT_USERNAME: admin From 308bcd6483afa6a54c3ab103eb46d80cdd02ba78 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 16 Oct 2025 22:45:19 +0200 Subject: [PATCH 15/70] Update secrets with new base64 encoded values1 --- kind/secrets.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/kind/secrets.yml b/kind/secrets.yml index 089864a..9cfb9d9 100644 --- a/kind/secrets.yml +++ b/kind/secrets.yml @@ -5,8 +5,8 @@ metadata: namespace: gemini-namespace type: Opaque data: - GOOGLE_ID: ODQzNzMxMDkzMDI1LWVvbDA1ZmdmaWFqa3U2OXNnM2I5b3B2dWF1dGJlMDd2LmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29t # Enter your Google ID here in base64 encoded format - GOOGLE_SECRET: R09DU1BYLThiNEI4TDhTZDY0UEE0LVhHNWFhQlNqZVZjVTk= # Enter your Google secret here in base64 encoded format - NEXTAUTH_SECRET: Wml6ZEFJck5TSUVGa2laQ2Q1d2hPc29YaStudm9DQkVSQjd6OHhoK0VXbz0K # Enter your NextAuth secret here in base64 encoded format - NEXT_PUBLIC_API_KEY: QUl6YVN5QmxNeFo2TzBMelZ6eWxnWmI0MnBFQVdsMjNDUmdQSUVB # Enter your API key here in base64 encoded format + GOOGLE_ID: ODQzNzMxMDkzMDI1LTBpb29lczJrNjNpcjY4Y24wYnZ2cWxiMmgyMjBmOXFjLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29t # Enter your Google ID here in base64 encoded format + GOOGLE_SECRET: R09DU1BYLVE2elYxemV5NkdjV2xsQzhYNEhCYXFkdG5Wazc= # Enter your Google secret here in base64 encoded format + NEXTAUTH_SECRET: cXQ5Y1YzN0cyV0dkMWZadEdqTlduaDQyWFNDMDg3SHlNR2xCMzQ5ZGhmWT0= # Enter your NextAuth secret here in base64 encoded format + NEXT_PUBLIC_API_KEY: QUl6YVN5QjFlME1TWjRTQ19tNDNqVWlzRGZ0MnA3bFBjcWVtM3Y4 # Enter your API key here in base64 encoded format MONGODB_URI: mongodb+srv://alipeco90_db_user:D7Xr4ExRbiavbE6K@cluster0.bnl24cv.mongodb.net/ # Enter your MongoDB URI here in base64 encoded format From 7f842b1d29ada9a26c7d9ac5bc05a07d541cb504 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 16 Oct 2025 22:49:46 +0200 Subject: [PATCH 16/70] Update secrets.yml --- kind/secrets.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kind/secrets.yml b/kind/secrets.yml index 9cfb9d9..02ee63b 100644 --- a/kind/secrets.yml +++ b/kind/secrets.yml @@ -7,6 +7,6 @@ type: Opaque data: GOOGLE_ID: ODQzNzMxMDkzMDI1LTBpb29lczJrNjNpcjY4Y24wYnZ2cWxiMmgyMjBmOXFjLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29t # Enter your Google ID here in base64 encoded format GOOGLE_SECRET: R09DU1BYLVE2elYxemV5NkdjV2xsQzhYNEhCYXFkdG5Wazc= # Enter your Google secret here in base64 encoded format - NEXTAUTH_SECRET: cXQ5Y1YzN0cyV0dkMWZadEdqTlduaDQyWFNDMDg3SHlNR2xCMzQ5ZGhmWT0= # Enter your NextAuth secret here in base64 encoded format + NEXTAUTH_SECRET: Cst9orAxQM5h6BDwUnZiSEH4aw9juSMosDJ3x8LmdvQ= # Enter your NextAuth secret here in base64 encoded format NEXT_PUBLIC_API_KEY: QUl6YVN5QjFlME1TWjRTQ19tNDNqVWlzRGZ0MnA3bFBjcWVtM3Y4 # Enter your API key here in base64 encoded format MONGODB_URI: mongodb+srv://alipeco90_db_user:D7Xr4ExRbiavbE6K@cluster0.bnl24cv.mongodb.net/ # Enter your MongoDB URI here in base64 encoded format From 7e7d1efcd5cddf19daf17e4b55722e76854ee647 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 16 Oct 2025 23:08:39 +0200 Subject: [PATCH 17/70] Update GOOGLE_ID in configmap.yml --- kind/configmap.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kind/configmap.yml b/kind/configmap.yml index 94018ba..aebb304 100644 --- a/kind/configmap.yml +++ b/kind/configmap.yml @@ -4,7 +4,8 @@ metadata: name: gemini-config namespace: gemini-namespace data: - GOOGLE_ID: 843731093025-eol05fgfiajku69sg3b9opvuautbe07v.apps.googleusercontent.com + GOOGLE_ID: ODQzNzMxMDkzMDI1LTBpb29lczJrNjNpcjY4Y24wYnZ2cWxiMmgyMjBmOXFjLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29t MONGODB_URI: mongodb+srv://alipeco90_db_user:D7Xr4ExRbiavbE6K@cluster0.bnl24cv.mongodb.net/ NEXTAUTH_URL: https://72.61.159.174.nip.io # Enter your NextAuth URL here(Domain name/URL) MONGODB_INITDB_ROOT_USERNAME: admin + From cd9b399f5d40d966a79ffdd889170dd571c44247 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 16 Oct 2025 23:12:47 +0200 Subject: [PATCH 18/70] Change GOOGLE_ID in kind/secrets.yml Updated GOOGLE_ID in secrets.yml with a new value. --- kind/secrets.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kind/secrets.yml b/kind/secrets.yml index 02ee63b..eda8cd6 100644 --- a/kind/secrets.yml +++ b/kind/secrets.yml @@ -5,7 +5,7 @@ metadata: namespace: gemini-namespace type: Opaque data: - GOOGLE_ID: ODQzNzMxMDkzMDI1LTBpb29lczJrNjNpcjY4Y24wYnZ2cWxiMmgyMjBmOXFjLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29t # Enter your Google ID here in base64 encoded format + GOOGLE_ID: 843731093025-0iooes2k63ir68cn0bvvqlb2h220f9qc.apps.googleusercontent.com # Enter your Google ID here in base64 encoded format GOOGLE_SECRET: R09DU1BYLVE2elYxemV5NkdjV2xsQzhYNEhCYXFkdG5Wazc= # Enter your Google secret here in base64 encoded format NEXTAUTH_SECRET: Cst9orAxQM5h6BDwUnZiSEH4aw9juSMosDJ3x8LmdvQ= # Enter your NextAuth secret here in base64 encoded format NEXT_PUBLIC_API_KEY: QUl6YVN5QjFlME1TWjRTQ19tNDNqVWlzRGZ0MnA3bFBjcWVtM3Y4 # Enter your API key here in base64 encoded format From 88d801f419dd75839ff859bafe76ceb4f1deeefc Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 16 Oct 2025 23:13:00 +0200 Subject: [PATCH 19/70] Update GOOGLE_ID in configmap.yml --- kind/configmap.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kind/configmap.yml b/kind/configmap.yml index aebb304..25ab879 100644 --- a/kind/configmap.yml +++ b/kind/configmap.yml @@ -4,7 +4,7 @@ metadata: name: gemini-config namespace: gemini-namespace data: - GOOGLE_ID: ODQzNzMxMDkzMDI1LTBpb29lczJrNjNpcjY4Y24wYnZ2cWxiMmgyMjBmOXFjLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29t + GOOGLE_ID: 843731093025-0iooes2k63ir68cn0bvvqlb2h220f9qc.apps.googleusercontent.com MONGODB_URI: mongodb+srv://alipeco90_db_user:D7Xr4ExRbiavbE6K@cluster0.bnl24cv.mongodb.net/ NEXTAUTH_URL: https://72.61.159.174.nip.io # Enter your NextAuth URL here(Domain name/URL) MONGODB_INITDB_ROOT_USERNAME: admin From 7d20863a9637357a38e61c8cdd6e68986ff9a134 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 16 Oct 2025 23:16:37 +0200 Subject: [PATCH 20/70] Update .env.local --- .env.local | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.env.local b/.env.local index 76bfff7..234b3cf 100644 --- a/.env.local +++ b/.env.local @@ -1,15 +1,15 @@ # Google OAuth credentials GOOGLE_ID=843731093025-eol05fgfiajku69sg3b9opvuautbe07v.apps.googleusercontent.com -GOOGLE_SECRET=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 - -# MongoDB connection string -MONGODB_URI=mongodb+srv://alipeco90_db_user:D7Xr4ExRbiavbE6K@cluster0.bnl24cv.mongodb.net/ - -# NextAuth secret -NEXTAUTH_SECRET=Wml6ZEFJck5TSUVGa2laQ2Q1d2hPc29YaStudm9DQkVSQjd6OHhoK0VXbz0K # NOTE: Use the PLAIN TEXT DECODED value here! - +GOOGLE_SECRET=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 + +# MongoDB connection string - CONTAINS PASSWORD +MONGODB_URI=mongodb+srv://alipeco90_db_user:D7Xr4ExRbiavbE6K@cluster0.bnl24cv.mongodb.net/ + +# NextAuth secret - Use PLAIN TEXT DECODED value here +NEXTAUTH_SECRET=ZizdAFJrNSIEFkizCd5whOsoXkHnv9CBEQB7z8hh+EWbo= + # Base URL for the application NEXTAUTH_URL=https://72.61.159.174.nip.io - -# Google API Key -NEXT_PUBLIC_API_KEY=QUl6YVN5QmxNeFo2TzBMelZ6eWxnWmI0MnBFQVdsMjNDUmdQSUVB # NOTE: Use the PLAIN TEXT DECODED value here! + +# Google API Key - Use PLAIN TEXT DECODED value here +NEXT_PUBLIC_API_KEY=AIzaSyBlMxZ6O0LzVzybgZb42pEAwL23CRgPIEA From 0a7f476a280a6b4a87c122b9df39de464e94f802 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 16 Oct 2025 23:24:19 +0200 Subject: [PATCH 21/70] Update OAuth and NextAuth secrets in .env.local Updated Google OAuth and NextAuth credentials in .env.local. --- .env.local | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.env.local b/.env.local index 234b3cf..d67ee57 100644 --- a/.env.local +++ b/.env.local @@ -1,15 +1,15 @@ # Google OAuth credentials GOOGLE_ID=843731093025-eol05fgfiajku69sg3b9opvuautbe07v.apps.googleusercontent.com -GOOGLE_SECRET=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 +GOOGLE_SECRET=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 # MongoDB connection string - CONTAINS PASSWORD MONGODB_URI=mongodb+srv://alipeco90_db_user:D7Xr4ExRbiavbE6K@cluster0.bnl24cv.mongodb.net/ # NextAuth secret - Use PLAIN TEXT DECODED value here -NEXTAUTH_SECRET=ZizdAFJrNSIEFkizCd5whOsoXkHnv9CBEQB7z8hh+EWbo= +NEXTAUTH_SECRET=qt9cV37G2WGd1fZtGjNWnh42XSC087HyMGlB349dhfY= # Base URL for the application NEXTAUTH_URL=https://72.61.159.174.nip.io # Google API Key - Use PLAIN TEXT DECODED value here -NEXT_PUBLIC_API_KEY=AIzaSyBlMxZ6O0LzVzybgZb42pEAwL23CRgPIEA +NEXT_PUBLIC_API_KEY=AIzaSyB1e0MSZ4SC_m43jUisDft2p7lPcqem3v8 From b4dd3c5de13f5abf7d3510dbeb64efdff1a44cb5 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 16 Oct 2025 23:37:57 +0200 Subject: [PATCH 22/70] Update configmap.yml --- kind/configmap.yml | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/kind/configmap.yml b/kind/configmap.yml index 25ab879..79f2ae2 100644 --- a/kind/configmap.yml +++ b/kind/configmap.yml @@ -4,8 +4,16 @@ metadata: name: gemini-config namespace: gemini-namespace data: + # Google OAuth Client ID (Public) GOOGLE_ID: 843731093025-0iooes2k63ir68cn0bvvqlb2h220f9qc.apps.googleusercontent.com - MONGODB_URI: mongodb+srv://alipeco90_db_user:D7Xr4ExRbiavbE6K@cluster0.bnl24cv.mongodb.net/ - NEXTAUTH_URL: https://72.61.159.174.nip.io # Enter your NextAuth URL here(Domain name/URL) - MONGODB_INITDB_ROOT_USERNAME: admin - + + # WARNING: This should be in a SECRET! Only non-sensitive variables should be here. + # The username is EMBEDDED in this URI: alipeco90_db_user + MONGODB_URI: mongodb+srv://alipeco90_db_user:D7Xr4ExRbiavbE6K@cluster0.bnl24cv.mongodb.net/ + + # Application Base URL + NEXTAUTH_URL: https://72.61.159.174.nip.io + + # Explicitly define the application's database username, if needed by the code + # The previous name 'MONGODB_INITDB_ROOT_USERNAME' is typically used for initializing a local DB, not connecting to Atlas. + MONGODB_USERNAME: alipeco90_db_user From bd284a3eba162611b20a93bb98df62e96b90c841 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 16 Oct 2025 23:46:26 +0200 Subject: [PATCH 23/70] Change MONGODB_URI to new base64 encoded value Updated MONGODB_URI to a new base64 encoded format. --- kind/secrets.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kind/secrets.yml b/kind/secrets.yml index eda8cd6..9ec8bac 100644 --- a/kind/secrets.yml +++ b/kind/secrets.yml @@ -9,4 +9,4 @@ data: GOOGLE_SECRET: R09DU1BYLVE2elYxemV5NkdjV2xsQzhYNEhCYXFkdG5Wazc= # Enter your Google secret here in base64 encoded format NEXTAUTH_SECRET: Cst9orAxQM5h6BDwUnZiSEH4aw9juSMosDJ3x8LmdvQ= # Enter your NextAuth secret here in base64 encoded format NEXT_PUBLIC_API_KEY: QUl6YVN5QjFlME1TWjRTQ19tNDNqVWlzRGZ0MnA3bFBjcWVtM3Y4 # Enter your API key here in base64 encoded format - MONGODB_URI: mongodb+srv://alipeco90_db_user:D7Xr4ExRbiavbE6K@cluster0.bnl24cv.mongodb.net/ # Enter your MongoDB URI here in base64 encoded format + MONGODB_URI: bW9uZ29kYitzcnY6Ly9hbGlwZWNvOTBfZGJfdXNlcjpEN1hyNEV4UmJpYXZiRTZLQGNsdXN0ZXIwLmJubDI0Y3YubW9uZ29kYi5uZXQv # Enter your MongoDB URI here in base64 encoded format mongodb+srv://alipeco90_db_user:D7Xr4ExRbiavbE6K@cluster0.bnl24cv.mongodb.net/ From 15fbc945abd7281cdd12bd5a9444f88db378f706 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 16 Oct 2025 23:52:34 +0200 Subject: [PATCH 24/70] Update secrets.yml --- kind/secrets.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/kind/secrets.yml b/kind/secrets.yml index 9ec8bac..7d4e4ce 100644 --- a/kind/secrets.yml +++ b/kind/secrets.yml @@ -10,3 +10,4 @@ data: NEXTAUTH_SECRET: Cst9orAxQM5h6BDwUnZiSEH4aw9juSMosDJ3x8LmdvQ= # Enter your NextAuth secret here in base64 encoded format NEXT_PUBLIC_API_KEY: QUl6YVN5QjFlME1TWjRTQ19tNDNqVWlzRGZ0MnA3bFBjcWVtM3Y4 # Enter your API key here in base64 encoded format MONGODB_URI: bW9uZ29kYitzcnY6Ly9hbGlwZWNvOTBfZGJfdXNlcjpEN1hyNEV4UmJpYXZiRTZLQGNsdXN0ZXIwLmJubDI0Y3YubW9uZ29kYi5uZXQv # Enter your MongoDB URI here in base64 encoded format mongodb+srv://alipeco90_db_user:D7Xr4ExRbiavbE6K@cluster0.bnl24cv.mongodb.net/ + MONGODB_PASSWORD: RDdYcjRFeFJiaWF2YkU2Sw== From 660357dd8afcf1221abe456a597e130d75302f44 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Fri, 17 Oct 2025 01:56:28 +0200 Subject: [PATCH 25/70] Add Jenkins pipeline for CI/CD process --- kind/Jenkinsfile | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 kind/Jenkinsfile diff --git a/kind/Jenkinsfile b/kind/Jenkinsfile new file mode 100644 index 0000000..f728a62 --- /dev/null +++ b/kind/Jenkinsfile @@ -0,0 +1,37 @@ +pipeline { + agent { + label 'jenkins-jenkins-agent' + } + + environment { + MY_ENV = "production" + } + + stages { + stage('Clone Code') { + steps { + git url: 'https://github.com/LondheShubham153/dev-gemini-clone.git', branch: 'kind' + } + } + + stage('Build') { + steps { + echo "Building application..." + sh 'echo Build done!' + } + } + + stage('Test') { + steps { + echo "Running tests..." + sh 'echo Tests passed!' + } + } + + stage('Deploy') { + steps { + echo "Deploying to ${MY_ENV} environment" + } + } + } +} From e0515c27c914b56223b52a218a3247437ae2073b Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Fri, 17 Oct 2025 01:57:29 +0200 Subject: [PATCH 26/70] Update Jenkins configuration with new plugins Added Docker and Kubernetes CLI plugins to Jenkins configuration. --- kind/values.yml | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) create mode 100644 kind/values.yml diff --git a/kind/values.yml b/kind/values.yml new file mode 100644 index 0000000..40810f7 --- /dev/null +++ b/kind/values.yml @@ -0,0 +1,40 @@ +controller: + installPlugins: + - kubernetes + - workflow-aggregator + - git + - configuration-as-code + - credentials-binding + - blueocean + - pipeline-stage-view + - docker-plugin # Added Docker plugin + - kubernetes-cli # Added Kubernetes CLI plugin + JCasC: + enabled: true + configScripts: + welcome-message: | + jenkins: + systemMessage: "Jenkins running on KinD 🚀" + + resources: + requests: + cpu: "100m" + memory: "512Mi" + limits: + cpu: "500m" + memory: "1Gi" + + serviceType: ClusterIP + +agent: + enabled: true + image: + repository: jenkins/inbound-agent + tag: alpine + resources: + requests: + cpu: "100m" + memory: "256Mi" + limits: + cpu: "200m" + memory: "512Mi" From 71264aa7af0278b876b4048da657972c92156fe4 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Tue, 21 Oct 2025 23:42:22 +0200 Subject: [PATCH 27/70] Update service type to NodePort and set nodePort Changed service type to NodePort for browser access and specified a fixed node port. --- kind/values.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/kind/values.yml b/kind/values.yml index 40810f7..5d92ec8 100644 --- a/kind/values.yml +++ b/kind/values.yml @@ -7,8 +7,8 @@ controller: - credentials-binding - blueocean - pipeline-stage-view - - docker-plugin # Added Docker plugin - - kubernetes-cli # Added Kubernetes CLI plugin + - docker-plugin + - kubernetes-cli JCasC: enabled: true configScripts: @@ -24,7 +24,8 @@ controller: cpu: "500m" memory: "1Gi" - serviceType: ClusterIP + serviceType: NodePort # <-- Change this so you can access Jenkins via browser + nodePort: 32000 # Optional fixed port for http://localhost:32000 agent: enabled: true From 0ddb282d41bb6801d110b3d23a2d29bead9096e2 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 23 Oct 2025 23:25:49 +0200 Subject: [PATCH 28/70] Update Git repository URL in Jenkinsfile --- kind/Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kind/Jenkinsfile b/kind/Jenkinsfile index f728a62..df8599c 100644 --- a/kind/Jenkinsfile +++ b/kind/Jenkinsfile @@ -10,7 +10,7 @@ pipeline { stages { stage('Clone Code') { steps { - git url: 'https://github.com/LondheShubham153/dev-gemini-clone.git', branch: 'kind' + git url: 'https://github.com/harisamjad0158/dev-gemini-clone.git', branch: 'feat/kind' } } From 3d6c711a233fcb74a2cf62e0374e85d36d7c2559 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Wed, 29 Oct 2025 05:26:37 +0100 Subject: [PATCH 29/70] Update Jenkinsfile --- Jenkinsfile | 229 ++++++++++++---------------------------------------- 1 file changed, 52 insertions(+), 177 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 88172c6..69eec15 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,187 +1,62 @@ -@Library('Shared')_ - pipeline { - agent { label 'dev-server' } - -environment { - SONAR_HOME = tool "Sonar" - DOCKER_IMAGE = "gemininip" - GIT_REPO = "https://github.com/Amitabh-DevOps/dev-gemini-clone.git" - GIT_BRANCH = "kind" - DOCKERHUB_USERNAME = "amitabhdevops" - DOCKER_IMAGE_NAME = "${DOCKERHUB_USERNAME}/${DOCKER_IMAGE}" -} -parameters { - string(name: 'GEMINI_DOCKER_TAG', defaultValue: 'v1', description: 'Setting docker image for latest push') -} -stages { - stage("Clean Workspace") { - steps { - cleanWs() - } - } - stage("Code") { - steps { - // Use GIT_REPO and GIT_BRANCH from environment variables - clone("${GIT_REPO}", "${GIT_BRANCH}") - echo "Code cloning done from ${GIT_REPO} branch ${GIT_BRANCH}." - } - } - stage("Prepare Environment File") { - steps { - prepareEnvFile('.env.local', '.env.local') - } - } - stage("Build") { - steps { - dockerbuild("${DOCKER_IMAGE}", "${params.GEMINI_DOCKER_TAG}") - echo "Docker image ${DOCKER_IMAGE}:${params.GEMINI_DOCKER_TAG} built successfully." - } - } - stage("SonarQube Quality Analysis") { - steps { - sonarqube_analysis('Sonar', "${DOCKER_IMAGE}", "${DOCKER_IMAGE}") - } + agent { + label 'kaniko' } - stage("OWASP : Dependency Check") { - steps { - owasp_dependency() - } + + environment { + IMAGE_DESTINATION = "johncorner158/dev-gemini-clone:latest" + MY_ENV = "production" } - stage("Sonar Quality Gate Scan") { - steps { - sonarqube_code_quality() + + stages { + + stage('Clone Code') { + steps { + // This will now pull your NEW commit + git url: 'https://github.com/harisamjad0158/dev-gemini-clone.git', branch: 'feat/kind' + } } - } - stage("Docker Image Security Scan (Trivy)") { - steps { - dockerScanTrivy("${DOCKER_IMAGE}", "${params.GEMINI_DOCKER_TAG}") - echo "Trivy scan completed for ${DOCKER_IMAGE}:${params.GEMINI_DOCKER_TAG}." + + stage('Build and Push with Kaniko') { + steps { + container('kaniko') { + withCredentials([usernamePassword(credentialsId: 'dockerhub-creds', + usernameVariable: 'DOKCER_USER', + passwordVariable: 'DOCKER_PASS')]) { + + sh ''' + echo "--- Creating Kaniko config.json ---" + mkdir -p /kaniko/.docker + + AUTH=$(echo -n "${DOKCER_USER}:${DOCKER_PASS}" | base64) + echo "{\\"auths\\":{\\"https://index.docker.io/v1/\\":{\\"auth\\":\\"${AUTH}\\"}}}" > /kaniko/.docker/config.json + + echo "--- Starting Kaniko build for ${IMAGE_DESTINATION} ---" + + # This is the command that will be fixed + /kaniko/executor --dockerfile=Dockerfile \ + --context=$(pwd) \ + --destination=${IMAGE_DESTINATION} \ + --cleanup=false # <-- HERE IS THE FIX + + echo "--- Kaniko build complete ---" + ''' + } + } + } } - } - stage("Push to DockerHub") { - steps { - dockerpush("dockerHub", "${DOCKER_IMAGE}", "${params.GEMINI_DOCKER_TAG}") - echo "Pushed ${DOCKERHUB_USERNAME}/${DOCKER_IMAGE}:${params.GEMINI_DOCKER_TAG} to DockerHub." + + stage('Test') { + steps { + echo "Running tests..." + sh 'echo Tests passed!' + } } - } - // Uncommented and updated the "Run Container" stage to use environment variables - // stage("Run Container") { - // steps { - // dockerRunApp("${DOCKER_IMAGE}", "${params.GEMINI_DOCKER_TAG}", "env_local", "${DOCKER_IMAGE}", "--env-file .env.local -p 3000:3000") - // echo "Container started using ${DOCKER_IMAGE}:${DOCKER_TAG} with container name '${DOCKER_IMAGE}'." - // } - // } - stage("Cleanup Docker Images") { - steps { - script { - sh "docker rmi ${DOCKER_IMAGE}:${params.GEMINI_DOCKER_TAG} || true" - sh "docker rmi ${DOCKERHUB_USERNAME}/${DOCKER_IMAGE}:${params.GEMINI_DOCKER_TAG} || true" - sh "docker image prune -f" + + stage('Deploy') { + steps { + echo "Deploying image ${IMAGE_DESTINATION} to ${MY_ENV} environment" } - echo "Cleaned up Docker image: ${DOCKERHUB_USERNAME}/${DOCKER_IMAGE}:${params.GEMINI_DOCKER_TAG}." } } } -post { - success { - archiveArtifacts artifacts: 'kind/gemini-deployment.yml', followSymlinks: false - build job: "Gemini-CD", parameters: [ - string(name: 'GEMINI_DOCKER_TAG', value: "${params.GEMINI_DOCKER_TAG}"), - string(name: 'DOCKER_IMAGE_NAME', value: "${DOCKER_IMAGE_NAME}"), - ] - echo "Pipeline completed successfully!" - emailext ( - subject: "SUCCESS: Jenkins Pipeline for ${DOCKER_IMAGE}", - body: """ -
-

🎉 Pipeline Execution: SUCCESS 🎉

-

- Hello Team, -

-

- The Jenkins CI pipeline for ${DOCKER_IMAGE} completed successfully! -

- - - - - - - - - - - - - - - - - -
DetailsValues
Git Repository${GIT_REPO}
Branch${GIT_BRANCH}
Docker Image${DOCKERHUB_USERNAME}/${DOCKER_IMAGE}:${params.GEMINI_DOCKER_TAG}
-

- Visit Pipeline Logs for more details. -

-

- Thanks,
- Jenkins -

-
- """, - to: "amitabhdevops2024@gmail.com", - from: "jenkins@example.com", - mimeType: 'text/html', - attachmentsPattern: '**/table-report.html' - ) - } - failure { - echo "Pipeline failed. Please check the logs." - emailext ( - subject: "FAILURE: Jenkins Pipeline for ${DOCKER_IMAGE}", - body: """ -
-

🚨 Pipeline Execution: FAILURE 🚨

-

- Hello Team, -

-

- Unfortunately, the Jenkins CI pipeline for ${DOCKER_IMAGE} has failed. -

- - - - - - - - - - - - - - - - - -
DetailsValues
Git Repository${GIT_REPO}
Branch${GIT_BRANCH}
Docker Image${DOCKERHUB_USERNAME}/${DOCKER_IMAGE}:${params.GEMINI_DOCKER_TAG}
-

- Visit Pipeline Logs for more details. -

-

- Thanks,
- Jenkins -

-
- """, - to: "amitabhdevops2024@gmail.com", - from: "jenkins@example.com", - mimeType: 'text/html', - attachmentsPattern: '**/table-report.html' - ) - } -} -} - - From 9f40e4524ce17a88f157b591189457112a1d9d27 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Wed, 29 Oct 2025 05:32:08 +0100 Subject: [PATCH 30/70] Update Jenkinsfile --- Jenkinsfile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 69eec15..2e86f31 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -12,7 +12,6 @@ pipeline { stage('Clone Code') { steps { - // This will now pull your NEW commit git url: 'https://github.com/harisamjad0158/dev-gemini-clone.git', branch: 'feat/kind' } } @@ -21,23 +20,24 @@ pipeline { steps { container('kaniko') { withCredentials([usernamePassword(credentialsId: 'dockerhub-creds', - usernameVariable: 'DOKCER_USER', + usernameVariable: 'DOCKER_USER', passwordVariable: 'DOCKER_PASS')]) { sh ''' echo "--- Creating Kaniko config.json ---" mkdir -p /kaniko/.docker - AUTH=$(echo -n "${DOKCER_USER}:${DOCKER_PASS}" | base64) + AUTH=$(echo -n "${DOCKER_USER}:${DOCKER_PASS}" | base64) echo "{\\"auths\\":{\\"https://index.docker.io/v1/\\":{\\"auth\\":\\"${AUTH}\\"}}}" > /kaniko/.docker/config.json echo "--- Starting Kaniko build for ${IMAGE_DESTINATION} ---" - # This is the command that will be fixed + # We are adding --use-new-run to fix the filesystem bug /kaniko/executor --dockerfile=Dockerfile \ --context=$(pwd) \ --destination=${IMAGE_DESTINATION} \ - --cleanup=false # <-- HERE IS THE FIX + --cleanup=false \ + --use-new-run # <-- THIS IS THE NEW FIX echo "--- Kaniko build complete ---" ''' From 20b1e4fde798b01b1e3143ab5f5335caed156338 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Wed, 29 Oct 2025 05:40:37 +0100 Subject: [PATCH 31/70] Update Dockerfile --- Dockerfile | 49 +++++++++---------------------------------------- 1 file changed, 9 insertions(+), 40 deletions(-) diff --git a/Dockerfile b/Dockerfile index b571261..dbd42a0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,50 +1,19 @@ -################################## -# Stage 1: Build Stage -################################## -FROM node:18-alpine AS builder +# This is now a single-stage build -# Add metadata for authorship and app identification -LABEL maintainer="Amitabh Soni " \ - app="gemini" \ - stage="build" +FROM node:18-alpine +LABEL maintainer="Amitabh Soni " app="gemini" stage="build" WORKDIR /app -# Install build dependencies +# Copy package files and install dependencies COPY package.json package-lock.json* ./ RUN npm ci -# Copy source and build +# Copy the rest of the application code COPY . . -RUN npm run build - -# Clean up dev dependencies after build -RUN rm -rf node_modules && npm cache clean --force - -################################## -# Stage 2: Production Stage -################################## -FROM node:18-alpine AS production - -# Add metadata for the final image -LABEL maintainer="Amitabh Soni " \ - app="gemini" \ - stage="production" - -WORKDIR /app -# Install only production dependencies -COPY package.json package-lock.json* ./ -RUN npm ci --production && npm cache clean --force - -# Copy minimal required files -COPY --from=builder /app/.next ./.next -COPY --from=builder /app/public ./public -COPY --from=builder /app/next.config.mjs ./ - -# Set production environment -ENV NODE_ENV=production - -EXPOSE 3000 +# Build the application +RUN npm run build -CMD ["npm", "start"] \ No newline at end of file +# Set the command to start the app +CMD ["npm", "start"] From b005c7f39bb683376ba1cd1e9a7839628a9bf734 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Wed, 29 Oct 2025 18:47:54 +0100 Subject: [PATCH 32/70] Update secrets.yml --- kind/secrets.yml | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/kind/secrets.yml b/kind/secrets.yml index 7d4e4ce..bb48c2d 100644 --- a/kind/secrets.yml +++ b/kind/secrets.yml @@ -1,13 +1,15 @@ +# This is your new secrets.yml (using the 'stringData' field - RECOMMENDED) apiVersion: v1 kind: Secret metadata: name: gemini-secret - namespace: gemini-namespace + namespace: gemini-namespace type: Opaque -data: - GOOGLE_ID: 843731093025-0iooes2k63ir68cn0bvvqlb2h220f9qc.apps.googleusercontent.com # Enter your Google ID here in base64 encoded format - GOOGLE_SECRET: R09DU1BYLVE2elYxemV5NkdjV2xsQzhYNEhCYXFkdG5Wazc= # Enter your Google secret here in base64 encoded format - NEXTAUTH_SECRET: Cst9orAxQM5h6BDwUnZiSEH4aw9juSMosDJ3x8LmdvQ= # Enter your NextAuth secret here in base64 encoded format - NEXT_PUBLIC_API_KEY: QUl6YVN5QjFlME1TWjRTQ19tNDNqVWlzRGZ0MnA3bFBjcWVtM3Y4 # Enter your API key here in base64 encoded format - MONGODB_URI: bW9uZ29kYitzcnY6Ly9hbGlwZWNvOTBfZGJfdXNlcjpEN1hyNEV4UmJpYXZiRTZLQGNsdXN0ZXIwLmJubDI0Y3YubW9uZ29kYi5uZXQv # Enter your MongoDB URI here in base64 encoded format mongodb+srv://alipeco90_db_user:D7Xr4ExRbiavbE6K@cluster0.bnl24cv.mongodb.net/ - MONGODB_PASSWORD: RDdYcjRFeFJiaWF2YkU2Sw== +stringData: + # Look! No more Base64. Just paste the plain text values. + GOOGLE_ID: 843731093025-0iooes2k63ir68cn0bvvqlb2h220f9qc.apps.googleusercontent.com + GOOGLE_SECRET: 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 + NEXTAUTH_SECRET: Cst9orAxQM5h6BDwUnZiSEH4aw9juSMosDJ3x8LmdvQ= + NEXT_PUBLIC_API_KEY: AIzaSyB1e0MSZ4SC_m43jUisDft2p7lPcqem3v8 + MONGODB_URI: mongodb+srv://alipeco90_db_user:D7Xr4ExRbiavbE6K@cluster0.bnl24cv.mongodb.net/ + MONGODB_PASSWORD: D7Xr4ExRbiavbE6K From b959f8cf4f86d989935e72ddf7d53418e3952eae Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Wed, 29 Oct 2025 22:59:29 +0100 Subject: [PATCH 33/70] Update Jenkinsfile --- Jenkinsfile | 38 ++++++++++++++++++++++++++++++-------- 1 file changed, 30 insertions(+), 8 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 2e86f31..4bac57c 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,6 +1,7 @@ pipeline { + // 1. FIXED: We now use our new, more powerful agent agent { - label 'kaniko' + label 'devsecops-agent' } environment { @@ -12,32 +13,33 @@ pipeline { stage('Clone Code') { steps { - git url: 'https://github.com/harisamjad0158/dev-gemini-clone.git', branch: 'feat/kind' + // We use your 'Amitabh-DevOps' repo now + git url: 'https://github.com/Amitabh-DevOps/dev-gemini-clone.git', branch: 'feat/kind' } } stage('Build and Push with Kaniko') { - steps { - container('kaniko') { + // 2. We build inside the 'kaniko' container + container('kaniko') { + steps { withCredentials([usernamePassword(credentialsId: 'dockerhub-creds', usernameVariable: 'DOCKER_USER', passwordVariable: 'DOCKER_PASS')]) { - sh ''' echo "--- Creating Kaniko config.json ---" mkdir -p /kaniko/.docker AUTH=$(echo -n "${DOCKER_USER}:${DOCKER_PASS}" | base64) - echo "{\\"auths\\":{\\"https://index.docker.io/v1/\\":{\\"auth\\":\\"${AUTH}\\"}}}" > /kaniko/.docker/config.json + echo "{\\"auths\\":{\\"https://index.docker.io/v1\\":{\\"auth\\":\\"${AUTH}\\"}}}" > /kaniko/.docker/config.json echo "--- Starting Kaniko build for ${IMAGE_DESTINATION} ---" - # We are adding --use-new-run to fix the filesystem bug + # We still need these flags to build the multi-stage Dockerfile /kaniko/executor --dockerfile=Dockerfile \ --context=$(pwd) \ --destination=${IMAGE_DESTINATION} \ --cleanup=false \ - --use-new-run # <-- THIS IS THE NEW FIX + --use-new-run echo "--- Kaniko build complete ---" ''' @@ -46,6 +48,26 @@ pipeline { } } + // 3. NEW STAGE: We scan the image we just pushed + stage('Scan Image with Trivy') { + // 4. We run this step inside the 'trivy' container + container('trivy') { + steps { + sh """ + echo "--- Running Trivy scan on ${IMAGE_DESTINATION} ---" + + # This command tells Trivy to scan the image from Docker Hub + # --exit-code 1 : Fail the build if critical/high issues are found + # --severity : Only fail for HIGH or CRITICAL issues + + trivy image --exit-code 1 --severity HIGH,CRITICAL ${IMAGE_DESTINATION} + + echo "--- Trivy scan complete ---" + """ + } + } + } + stage('Test') { steps { echo "Running tests..." From 6ff3caf59995f700dcf83244646b675fa68506f7 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Wed, 29 Oct 2025 22:59:58 +0100 Subject: [PATCH 34/70] Update Git repository URL in Jenkinsfile --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index 4bac57c..53c2e6f 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -14,7 +14,7 @@ pipeline { stage('Clone Code') { steps { // We use your 'Amitabh-DevOps' repo now - git url: 'https://github.com/Amitabh-DevOps/dev-gemini-clone.git', branch: 'feat/kind' + git url: 'https://github.com/harisamjad0158/dev-gemini-clone.git', branch: 'feat/kind' } } From 0eb3d95327ff9bf7900b4c9ac3833d758319966c Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 30 Oct 2025 01:10:42 +0100 Subject: [PATCH 35/70] Update Jenkinsfile for agent and scanning improvements --- Jenkinsfile | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 53c2e6f..7c6a0b5 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,10 +1,11 @@ pipeline { - // 1. FIXED: We now use our new, more powerful agent + // 1. This label now matches the agent we just built in the UI agent { label 'devsecops-agent' } environment { + // We use your 'Amitabh-DevOps' repo IMAGE_DESTINATION = "johncorner158/dev-gemini-clone:latest" MY_ENV = "production" } @@ -13,7 +14,6 @@ pipeline { stage('Clone Code') { steps { - // We use your 'Amitabh-DevOps' repo now git url: 'https://github.com/harisamjad0158/dev-gemini-clone.git', branch: 'feat/kind' } } @@ -34,7 +34,7 @@ pipeline { echo "--- Starting Kaniko build for ${IMAGE_DESTINATION} ---" - # We still need these flags to build the multi-stage Dockerfile + # We use the flags to fix the multi-stage Dockerfile bug /kaniko/executor --dockerfile=Dockerfile \ --context=$(pwd) \ --destination=${IMAGE_DESTINATION} \ @@ -48,7 +48,7 @@ pipeline { } } - // 3. NEW STAGE: We scan the image we just pushed + // 3. This stage will now work! stage('Scan Image with Trivy') { // 4. We run this step inside the 'trivy' container container('trivy') { @@ -56,11 +56,9 @@ pipeline { sh """ echo "--- Running Trivy scan on ${IMAGE_DESTINATION} ---" - # This command tells Trivy to scan the image from Docker Hub - # --exit-code 1 : Fail the build if critical/high issues are found - # --severity : Only fail for HIGH or CRITICAL issues - - trivy image --exit-code 1 --severity HIGH,CRITICAL ${IMAGE_DESTINATION} + # We tell Trivy to only scan for High/Critical issues + # We remove '--exit-code 1' for now, so it doesn't fail the build + trivy image --severity HIGH,CRITICAL ${IMAGE_DESTINATION} echo "--- Trivy scan complete ---" """ From 903e83beaa5639dfecfc01293c251047a6f9f2c9 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 30 Oct 2025 01:15:38 +0100 Subject: [PATCH 36/70] Update Jenkinsfile --- Jenkinsfile | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 7c6a0b5..c0afaa9 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,11 +1,10 @@ pipeline { - // 1. This label now matches the agent we just built in the UI + // 1. We use the 'devsecops-agent' we built in the UI agent { label 'devsecops-agent' } environment { - // We use your 'Amitabh-DevOps' repo IMAGE_DESTINATION = "johncorner158/dev-gemini-clone:latest" MY_ENV = "production" } @@ -13,15 +12,16 @@ pipeline { stages { stage('Clone Code') { - steps { + steps { // <-- This stage was correct git url: 'https://github.com/harisamjad0158/dev-gemini-clone.git', branch: 'feat/kind' } } + // 2. FIXED: 'steps' block is now the first and only child of 'stage' stage('Build and Push with Kaniko') { - // 2. We build inside the 'kaniko' container - container('kaniko') { - steps { + steps { + // 'container' is now INSIDE 'steps' + container('kaniko') { withCredentials([usernamePassword(credentialsId: 'dockerhub-creds', usernameVariable: 'DOCKER_USER', passwordVariable: 'DOCKER_PASS')]) { @@ -34,7 +34,6 @@ pipeline { echo "--- Starting Kaniko build for ${IMAGE_DESTINATION} ---" - # We use the flags to fix the multi-stage Dockerfile bug /kaniko/executor --dockerfile=Dockerfile \ --context=$(pwd) \ --destination=${IMAGE_DESTINATION} \ @@ -48,11 +47,11 @@ pipeline { } } - // 3. This stage will now work! + // 3. FIXED: 'steps' block is now the first and only child of 'stage' stage('Scan Image with Trivy') { - // 4. We run this step inside the 'trivy' container - container('trivy') { - steps { + steps { + // 'container' is now INSIDE 'steps' + container('trivy') { sh """ echo "--- Running Trivy scan on ${IMAGE_DESTINATION} ---" From c0eb3b059e010e5433d34f94304239ccb58b9b70 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 30 Oct 2025 01:37:47 +0100 Subject: [PATCH 37/70] Update Jenkinsfile --- Jenkinsfile | 45 +++++++++++++++++++++++++++++++-------------- 1 file changed, 31 insertions(+), 14 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index c0afaa9..daf238b 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,5 +1,4 @@ pipeline { - // 1. We use the 'devsecops-agent' we built in the UI agent { label 'devsecops-agent' } @@ -10,17 +9,32 @@ pipeline { } stages { - + stage('Pod Debug Info') { + steps { + echo "--- Checking Pod info ---" + sh ''' + echo "Listing all containers in this pod:" + cat /proc/1/cgroup + echo "--- Environment Variables ---" + env + echo "--- Disk usage ---" + df -h + echo "--- Current directory ---" + pwd + echo "--- Files in workspace ---" + ls -al + ''' + } + } + stage('Clone Code') { - steps { // <-- This stage was correct + steps { git url: 'https://github.com/harisamjad0158/dev-gemini-clone.git', branch: 'feat/kind' } } - // 2. FIXED: 'steps' block is now the first and only child of 'stage' stage('Build and Push with Kaniko') { steps { - // 'container' is now INSIDE 'steps' container('kaniko') { withCredentials([usernamePassword(credentialsId: 'dockerhub-creds', usernameVariable: 'DOCKER_USER', @@ -28,18 +42,15 @@ pipeline { sh ''' echo "--- Creating Kaniko config.json ---" mkdir -p /kaniko/.docker - AUTH=$(echo -n "${DOCKER_USER}:${DOCKER_PASS}" | base64) echo "{\\"auths\\":{\\"https://index.docker.io/v1\\":{\\"auth\\":\\"${AUTH}\\"}}}" > /kaniko/.docker/config.json echo "--- Starting Kaniko build for ${IMAGE_DESTINATION} ---" - /kaniko/executor --dockerfile=Dockerfile \ --context=$(pwd) \ --destination=${IMAGE_DESTINATION} \ --cleanup=false \ --use-new-run - echo "--- Kaniko build complete ---" ''' } @@ -47,18 +58,12 @@ pipeline { } } - // 3. FIXED: 'steps' block is now the first and only child of 'stage' stage('Scan Image with Trivy') { steps { - // 'container' is now INSIDE 'steps' container('trivy') { sh """ echo "--- Running Trivy scan on ${IMAGE_DESTINATION} ---" - - # We tell Trivy to only scan for High/Critical issues - # We remove '--exit-code 1' for now, so it doesn't fail the build trivy image --severity HIGH,CRITICAL ${IMAGE_DESTINATION} - echo "--- Trivy scan complete ---" """ } @@ -78,4 +83,16 @@ pipeline { } } } + + post { + always { + echo "--- Fetching agent pod logs for debug ---" + sh ''' + echo "Listing all pods:" + kubectl get pods -o wide + echo "--- Logs from this pod ---" + kubectl logs $(hostname) + ''' + } + } } From 8f507fcac44425d615096de2f82b2d35b8d0ce61 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 30 Oct 2025 01:40:38 +0100 Subject: [PATCH 38/70] Update Jenkinsfile --- Jenkinsfile | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index daf238b..a4bcc5e 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -86,12 +86,18 @@ pipeline { post { always { - echo "--- Fetching agent pod logs for debug ---" + echo "--- Fetching logs for all containers in the pod ---" sh ''' - echo "Listing all pods:" - kubectl get pods -o wide - echo "--- Logs from this pod ---" - kubectl logs $(hostname) + POD_NAME=$(hostname) + echo "Pod Name: $POD_NAME" + echo "--- Logs for main jenkins container ---" + kubectl logs $POD_NAME -c jenkins || true + echo "--- Logs for kaniko container ---" + kubectl logs $POD_NAME -c kaniko || true + echo "--- Logs for trivy container ---" + kubectl logs $POD_NAME -c trivy || true + echo "--- Describe pod for detailed info ---" + kubectl describe pod $POD_NAME ''' } } From 18e139adc3d134f3e4eedd07570a6667fcd98727 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 30 Oct 2025 01:42:49 +0100 Subject: [PATCH 39/70] Add 'Wait for Containers' stage in Jenkinsfile Add a stage to wait for sidecar containers to be ready with retries. --- Jenkinsfile | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/Jenkinsfile b/Jenkinsfile index a4bcc5e..b58426d 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -9,6 +9,22 @@ pipeline { } stages { + stage('Wait for Containers') { + steps { + echo "--- Waiting for sidecar containers to be ready ---" + script { + retry(10) { // Retry up to 10 times + sleep 5 // Wait 5 seconds between retries + def podStatus = sh(script: "kubectl get pod $(hostname) -o jsonpath='{.status.containerStatuses[*].ready}'", returnStdout: true).trim() + echo "Container readiness: ${podStatus}" + if (!podStatus.contains("true")) { + error "Containers not ready yet, retrying..." + } + } + } + } + } + stage('Pod Debug Info') { steps { echo "--- Checking Pod info ---" From 991941d75f19843a529c8941dfebd5fb2633c57c Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 30 Oct 2025 01:45:47 +0100 Subject: [PATCH 40/70] Update Jenkinsfile --- Jenkinsfile | 101 ++++++++++++++++------------------------------------ 1 file changed, 31 insertions(+), 70 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index b58426d..aa37fe6 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,4 +1,5 @@ pipeline { + // Use the 'devsecops-agent' we built in the UI agent { label 'devsecops-agent' } @@ -9,40 +10,7 @@ pipeline { } stages { - stage('Wait for Containers') { - steps { - echo "--- Waiting for sidecar containers to be ready ---" - script { - retry(10) { // Retry up to 10 times - sleep 5 // Wait 5 seconds between retries - def podStatus = sh(script: "kubectl get pod $(hostname) -o jsonpath='{.status.containerStatuses[*].ready}'", returnStdout: true).trim() - echo "Container readiness: ${podStatus}" - if (!podStatus.contains("true")) { - error "Containers not ready yet, retrying..." - } - } - } - } - } - - stage('Pod Debug Info') { - steps { - echo "--- Checking Pod info ---" - sh ''' - echo "Listing all containers in this pod:" - cat /proc/1/cgroup - echo "--- Environment Variables ---" - env - echo "--- Disk usage ---" - df -h - echo "--- Current directory ---" - pwd - echo "--- Files in workspace ---" - ls -al - ''' - } - } - + stage('Clone Code') { steps { git url: 'https://github.com/harisamjad0158/dev-gemini-clone.git', branch: 'feat/kind' @@ -52,22 +20,25 @@ pipeline { stage('Build and Push with Kaniko') { steps { container('kaniko') { - withCredentials([usernamePassword(credentialsId: 'dockerhub-creds', - usernameVariable: 'DOCKER_USER', - passwordVariable: 'DOCKER_PASS')]) { + withCredentials([usernamePassword( + credentialsId: 'dockerhub-creds', + usernameVariable: 'DOCKER_USER', + passwordVariable: 'DOCKER_PASS' + )]) { sh ''' - echo "--- Creating Kaniko config.json ---" - mkdir -p /kaniko/.docker - AUTH=$(echo -n "${DOCKER_USER}:${DOCKER_PASS}" | base64) - echo "{\\"auths\\":{\\"https://index.docker.io/v1\\":{\\"auth\\":\\"${AUTH}\\"}}}" > /kaniko/.docker/config.json - - echo "--- Starting Kaniko build for ${IMAGE_DESTINATION} ---" - /kaniko/executor --dockerfile=Dockerfile \ - --context=$(pwd) \ - --destination=${IMAGE_DESTINATION} \ - --cleanup=false \ - --use-new-run - echo "--- Kaniko build complete ---" + echo "--- Creating Kaniko config.json ---" + mkdir -p /kaniko/.docker + + AUTH=$(echo -n "${DOCKER_USER}:${DOCKER_PASS}" | base64) + echo "{\\"auths\\":{\\"https://index.docker.io/v1\\":{\\"auth\\":\\"${AUTH}\\"}}}" > /kaniko/.docker/config.json + + echo "--- Starting Kaniko build for ${IMAGE_DESTINATION} ---" + /kaniko/executor --dockerfile=Dockerfile \ + --context=$(pwd) \ + --destination=${IMAGE_DESTINATION} \ + --cleanup=false \ + --use-new-run + echo "--- Kaniko build complete ---" ''' } } @@ -77,11 +48,11 @@ pipeline { stage('Scan Image with Trivy') { steps { container('trivy') { - sh """ - echo "--- Running Trivy scan on ${IMAGE_DESTINATION} ---" - trivy image --severity HIGH,CRITICAL ${IMAGE_DESTINATION} - echo "--- Trivy scan complete ---" - """ + sh ''' + echo "--- Running Trivy scan on ${IMAGE_DESTINATION} ---" + trivy image --severity HIGH,CRITICAL ${IMAGE_DESTINATION} + echo "--- Trivy scan complete ---" + ''' } } } @@ -98,23 +69,13 @@ pipeline { echo "Deploying image ${IMAGE_DESTINATION} to ${MY_ENV} environment" } } - } - post { - always { - echo "--- Fetching logs for all containers in the pod ---" - sh ''' - POD_NAME=$(hostname) - echo "Pod Name: $POD_NAME" - echo "--- Logs for main jenkins container ---" - kubectl logs $POD_NAME -c jenkins || true - echo "--- Logs for kaniko container ---" - kubectl logs $POD_NAME -c kaniko || true - echo "--- Logs for trivy container ---" - kubectl logs $POD_NAME -c trivy || true - echo "--- Describe pod for detailed info ---" - kubectl describe pod $POD_NAME - ''' + stage('Check Pod Status') { + steps { + // Use single quotes to avoid Groovy interpreting $ + sh 'kubectl get pods -n jenkins' + sh 'kubectl describe pod -n jenkins' + } } } } From 25265525859e12254187d367251f73a50aac30dc Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 30 Oct 2025 02:01:00 +0100 Subject: [PATCH 41/70] Update Jenkinsfile --- Jenkinsfile | 69 ++++++++++++++++++++++++++++------------------------- 1 file changed, 37 insertions(+), 32 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index aa37fe6..d88705f 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,9 +1,11 @@ pipeline { - // Use the 'devsecops-agent' we built in the UI + // 1. This tells Jenkins to use the multi-container agent + // we just built in the UI. agent { label 'devsecops-agent' } + // 2. We define our image name here environment { IMAGE_DESTINATION = "johncorner158/dev-gemini-clone:latest" MY_ENV = "production" @@ -13,46 +15,57 @@ pipeline { stage('Clone Code') { steps { - git url: 'https://github.com/harisamjad0158/dev-gemini-clone.git', branch: 'feat/kind' + // Clones your application code + git url: 'https://github.com/Amitabh-DevOps/dev-gemini-clone.git', branch: 'feat/kind' } } + // 3. This stage will run inside the 'kaniko' container stage('Build and Push with Kaniko') { steps { container('kaniko') { - withCredentials([usernamePassword( - credentialsId: 'dockerhub-creds', - usernameVariable: 'DOCKER_USER', - passwordVariable: 'DOCKER_PASS' - )]) { + withCredentials([usernamePassword(credentialsId: 'dockerhub-creds', + usernameVariable: 'DOCKER_USER', + passwordVariable: 'DOCKER_PASS')]) { sh ''' - echo "--- Creating Kaniko config.json ---" - mkdir -p /kaniko/.docker + echo "--- Creating Kaniko config.json ---" + mkdir -p /kaniko/.docker + + # Create the auth file for Kaniko + AUTH=$(echo -n "${DOCKER_USER}:${DOCKER_PASS}" | base64) + echo "{\\"auths\\":{\\"https://index.docker.io/v1/\\":{\\"auth\\":\\"${AUTH}\\"}}}" > /kaniko/.docker/config.json + + echo "--- Starting Kaniko build for ${IMAGE_DESTINATION} ---" - AUTH=$(echo -n "${DOCKER_USER}:${DOCKER_PASS}" | base64) - echo "{\\"auths\\":{\\"https://index.docker.io/v1\\":{\\"auth\\":\\"${AUTH}\\"}}}" > /kaniko/.docker/config.json - - echo "--- Starting Kaniko build for ${IMAGE_DESTINATION} ---" - /kaniko/executor --dockerfile=Dockerfile \ - --context=$(pwd) \ - --destination=${IMAGE_DESTINATION} \ - --cleanup=false \ - --use-new-run - echo "--- Kaniko build complete ---" + # Run the Kaniko builder + # We include the flags to fix the multi-stage Dockerfile bug + /kaniko/executor --dockerfile=Dockerfile \ + --context=$(pwd) \ + --destination=${IMAGE_DESTINATION} \ + --cleanup=false \ + --use-new-run + + echo "--- Kaniko build complete ---" ''' } } } } + // 4. This stage will run inside the 'trivy' container stage('Scan Image with Trivy') { steps { container('trivy') { - sh ''' - echo "--- Running Trivy scan on ${IMAGE_DESTINATION} ---" - trivy image --severity HIGH,CRITICAL ${IMAGE_DESTINATION} - echo "--- Trivy scan complete ---" - ''' + sh """ + echo "--- Running Trivy scan on ${IMAGE_DESTINATION} ---" + + # This scans the image we just pushed to Docker Hub + # We will just scan for HIGH and CRITICAL issues + # We will NOT fail the build for now (no --exit-code 1) + trivy image --severity HIGH,CRITICAL ${IMAGE_DESTINATION} + + echo "--- Trivy scan complete ---" + """ } } } @@ -69,13 +82,5 @@ pipeline { echo "Deploying image ${IMAGE_DESTINATION} to ${MY_ENV} environment" } } - - stage('Check Pod Status') { - steps { - // Use single quotes to avoid Groovy interpreting $ - sh 'kubectl get pods -n jenkins' - sh 'kubectl describe pod -n jenkins' - } - } } } From 0113b688208f3348f945b9b8b9de005f9cfe048d Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 30 Oct 2025 02:01:19 +0100 Subject: [PATCH 42/70] Update Git repository URL in Jenkinsfile --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index d88705f..3c17315 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -16,7 +16,7 @@ pipeline { stage('Clone Code') { steps { // Clones your application code - git url: 'https://github.com/Amitabh-DevOps/dev-gemini-clone.git', branch: 'feat/kind' + git url: 'https://github.com/harisamjad0158/dev-gemini-clone.git', branch: 'feat/kind' } } From a022558baab69f75df6d4d9961b0d0ea98cc2bba Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 30 Oct 2025 02:12:43 +0100 Subject: [PATCH 43/70] Update Jenkinsfile --- Jenkinsfile | 49 +++++++++++++++++++++++++++---------------------- 1 file changed, 27 insertions(+), 22 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 3c17315..461fdb9 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,11 +1,9 @@ pipeline { - // 1. This tells Jenkins to use the multi-container agent - // we just built in the UI. + // We are still using our powerful 'devsecops-agent' agent { label 'devsecops-agent' } - // 2. We define our image name here environment { IMAGE_DESTINATION = "johncorner158/dev-gemini-clone:latest" MY_ENV = "production" @@ -15,36 +13,49 @@ pipeline { stage('Clone Code') { steps { - // Clones your application code git url: 'https://github.com/harisamjad0158/dev-gemini-clone.git', branch: 'feat/kind' } } - // 3. This stage will run inside the 'kaniko' container + // 1. NEW STAGE: We scan the code *before* we build it. + stage('Scan with SonarQube') { + // 2. We run this step inside the 'sonar-scanner' container + container('sonar-scanner') { + steps { + sh """ + echo "--- Running SonarQube scan ---" + + # This is the command to run the scanner. + # It needs a server URL and a token, which we haven't set up yet. + # This command WILL FAIL, and that is 100% EXPECTED. + sonar-scanner \ + -Dsonar.projectKey=gemini-clone \ + -Dsonar.sources=. \ + -Dsonar.host.url=http://sonarqube.sonarqube.svc.cluster.local:9000 \ + -Dsonar.login=my-jenkins-auth-token + """ + } + } + } + stage('Build and Push with Kaniko') { - steps { - container('kaniko') { + container('kaniko') { + steps { withCredentials([usernamePassword(credentialsId: 'dockerhub-creds', usernameVariable: 'DOCKER_USER', passwordVariable: 'DOCKER_PASS')]) { sh ''' echo "--- Creating Kaniko config.json ---" mkdir -p /kaniko/.docker - - # Create the auth file for Kaniko AUTH=$(echo -n "${DOCKER_USER}:${DOCKER_PASS}" | base64) - echo "{\\"auths\\":{\\"https://index.docker.io/v1/\\":{\\"auth\\":\\"${AUTH}\\"}}}" > /kaniko/.docker/config.json + echo "{\\"auths\\":{\\"https://index.docker.io/v1\\":{\\"auth\\":\\"${AUTH}\\"}}}" > /kaniko/.docker/config.json echo "--- Starting Kaniko build for ${IMAGE_DESTINATION} ---" - - # Run the Kaniko builder - # We include the flags to fix the multi-stage Dockerfile bug /kaniko/executor --dockerfile=Dockerfile \ --context=$(pwd) \ --destination=${IMAGE_DESTINATION} \ --cleanup=false \ --use-new-run - echo "--- Kaniko build complete ---" ''' } @@ -52,18 +63,12 @@ pipeline { } } - // 4. This stage will run inside the 'trivy' container stage('Scan Image with Trivy') { - steps { - container('trivy') { + container('trivy') { + steps { sh """ echo "--- Running Trivy scan on ${IMAGE_DESTINATION} ---" - - # This scans the image we just pushed to Docker Hub - # We will just scan for HIGH and CRITICAL issues - # We will NOT fail the build for now (no --exit-code 1) trivy image --severity HIGH,CRITICAL ${IMAGE_DESTINATION} - echo "--- Trivy scan complete ---" """ } From fc63f6692ae698d542b52a9194957f5bcdfe1ff8 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 30 Oct 2025 02:14:32 +0100 Subject: [PATCH 44/70] Update Jenkinsfile --- Jenkinsfile | 33 +++++++++++++++++++++------------ 1 file changed, 21 insertions(+), 12 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 461fdb9..620ec5a 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,5 +1,5 @@ pipeline { - // We are still using our powerful 'devsecops-agent' + // 1. We use the 'devsecops-agent' we built in the UI agent { label 'devsecops-agent' } @@ -12,21 +12,19 @@ pipeline { stages { stage('Clone Code') { - steps { + steps { // <-- This stage was already correct git url: 'https://github.com/harisamjad0158/dev-gemini-clone.git', branch: 'feat/kind' } } - // 1. NEW STAGE: We scan the code *before* we build it. + // 2. FIXED: 'steps' block is now the first and only child of 'stage' stage('Scan with SonarQube') { - // 2. We run this step inside the 'sonar-scanner' container - container('sonar-scanner') { - steps { + steps { + // 'container' is now INSIDE 'steps' + container('sonar-scanner') { sh """ echo "--- Running SonarQube scan ---" - # This is the command to run the scanner. - # It needs a server URL and a token, which we haven't set up yet. # This command WILL FAIL, and that is 100% EXPECTED. sonar-scanner \ -Dsonar.projectKey=gemini-clone \ @@ -38,24 +36,29 @@ pipeline { } } + // 3. FIXED: 'steps' block is now the first and only child of 'stage' stage('Build and Push with Kaniko') { - container('kaniko') { - steps { + steps { + // 'container' is now INSIDE 'steps' + container('kaniko') { withCredentials([usernamePassword(credentialsId: 'dockerhub-creds', usernameVariable: 'DOCKER_USER', passwordVariable: 'DOCKER_PASS')]) { sh ''' echo "--- Creating Kaniko config.json ---" mkdir -p /kaniko/.docker + AUTH=$(echo -n "${DOCKER_USER}:${DOCKER_PASS}" | base64) echo "{\\"auths\\":{\\"https://index.docker.io/v1\\":{\\"auth\\":\\"${AUTH}\\"}}}" > /kaniko/.docker/config.json echo "--- Starting Kaniko build for ${IMAGE_DESTINATION} ---" + /kaniko/executor --dockerfile=Dockerfile \ --context=$(pwd) \ --destination=${IMAGE_DESTINATION} \ --cleanup=false \ --use-new-run + echo "--- Kaniko build complete ---" ''' } @@ -63,12 +66,18 @@ pipeline { } } + // 4. FIXED: 'steps' block is now the first and only child of 'stage' stage('Scan Image with Trivy') { - container('trivy') { - steps { + steps { + // 'container' is now INSIDE 'steps' + container('trivy') { sh """ echo "--- Running Trivy scan on ${IMAGE_DESTINATION} ---" + + # We will just scan for HIGH and CRITICAL issues + # We will NOT fail the build for now (no --exit-code 1) trivy image --severity HIGH,CRITICAL ${IMAGE_DESTINATION} + echo "--- Trivy scan complete ---" """ } From d15aae3f49dcaae9da0c7ddf84bb16526e210738 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 30 Oct 2025 22:16:01 +0100 Subject: [PATCH 45/70] Update Jenkinsfile --- Jenkinsfile | 71 ++++++++++++++++++----------------------------------- 1 file changed, 24 insertions(+), 47 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 620ec5a..31d30ac 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,6 +1,6 @@ pipeline { - // 1. We use the 'devsecops-agent' we built in the UI agent { + // This label must match the Kubernetes agent label in Jenkins configuration label 'devsecops-agent' } @@ -10,55 +10,38 @@ pipeline { } stages { - stage('Clone Code') { - steps { // <-- This stage was already correct - git url: 'https://github.com/harisamjad0158/dev-gemini-clone.git', branch: 'feat/kind' - } - } - - // 2. FIXED: 'steps' block is now the first and only child of 'stage' - stage('Scan with SonarQube') { steps { - // 'container' is now INSIDE 'steps' - container('sonar-scanner') { - sh """ - echo "--- Running SonarQube scan ---" - - # This command WILL FAIL, and that is 100% EXPECTED. - sonar-scanner \ - -Dsonar.projectKey=gemini-clone \ - -Dsonar.sources=. \ - -Dsonar.host.url=http://sonarqube.sonarqube.svc.cluster.local:9000 \ - -Dsonar.login=my-jenkins-auth-token - """ - } + echo "--- Cloning source code ---" + git branch: 'feat/kind', url: 'https://github.com/Amitabh-DevOps/dev-gemini-clone.git' } } - // 3. FIXED: 'steps' block is now the first and only child of 'stage' stage('Build and Push with Kaniko') { steps { - // 'container' is now INSIDE 'steps' container('kaniko') { - withCredentials([usernamePassword(credentialsId: 'dockerhub-creds', - usernameVariable: 'DOCKER_USER', - passwordVariable: 'DOCKER_PASS')]) { + withCredentials([ + usernamePassword( + credentialsId: 'dockerhub-creds', + usernameVariable: 'DOCKER_USER', + passwordVariable: 'DOCKER_PASS' + ) + ]) { sh ''' - echo "--- Creating Kaniko config.json ---" + echo "--- Creating Kaniko Docker config ---" mkdir -p /kaniko/.docker AUTH=$(echo -n "${DOCKER_USER}:${DOCKER_PASS}" | base64) - echo "{\\"auths\\":{\\"https://index.docker.io/v1\\":{\\"auth\\":\\"${AUTH}\\"}}}" > /kaniko/.docker/config.json - + echo "{\"auths\":{\"https://index.docker.io/v1/\":{\"auth\":\"${AUTH}\"}}}" > /kaniko/.docker/config.json + echo "--- Starting Kaniko build for ${IMAGE_DESTINATION} ---" + /kaniko/executor \ + --dockerfile=Dockerfile \ + --context=$(pwd) \ + --destination=${IMAGE_DESTINATION} \ + --cleanup=false \ + --use-new-run - /kaniko/executor --dockerfile=Dockerfile \ - --context=$(pwd) \ - --destination=${IMAGE_DESTINATION} \ - --cleanup=false \ - --use-new-run - echo "--- Kaniko build complete ---" ''' } @@ -66,34 +49,28 @@ pipeline { } } - // 4. FIXED: 'steps' block is now the first and only child of 'stage' stage('Scan Image with Trivy') { steps { - // 'container' is now INSIDE 'steps' container('trivy') { - sh """ + sh ''' echo "--- Running Trivy scan on ${IMAGE_DESTINATION} ---" - - # We will just scan for HIGH and CRITICAL issues - # We will NOT fail the build for now (no --exit-code 1) - trivy image --severity HIGH,CRITICAL ${IMAGE_DESTINATION} - + trivy image --severity HIGH,CRITICAL ${IMAGE_DESTINATION} || true echo "--- Trivy scan complete ---" - """ + ''' } } } stage('Test') { steps { - echo "Running tests..." + echo "--- Running tests ---" sh 'echo Tests passed!' } } stage('Deploy') { steps { - echo "Deploying image ${IMAGE_DESTINATION} to ${MY_ENV} environment" + echo "--- Deploying image ${IMAGE_DESTINATION} to ${MY_ENV} environment ---" } } } From 69899732a25aca522bf680a6c40f641aa83e9a8e Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 30 Oct 2025 22:18:17 +0100 Subject: [PATCH 46/70] Update Jenkinsfile --- Jenkinsfile | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 31d30ac..e6f7d50 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,6 +1,5 @@ pipeline { agent { - // This label must match the Kubernetes agent label in Jenkins configuration label 'devsecops-agent' } @@ -10,6 +9,7 @@ pipeline { } stages { + stage('Clone Code') { steps { echo "--- Cloning source code ---" @@ -30,9 +30,17 @@ pipeline { sh ''' echo "--- Creating Kaniko Docker config ---" mkdir -p /kaniko/.docker - + AUTH=$(echo -n "${DOCKER_USER}:${DOCKER_PASS}" | base64) - echo "{\"auths\":{\"https://index.docker.io/v1/\":{\"auth\":\"${AUTH}\"}}}" > /kaniko/.docker/config.json + cat < /kaniko/.docker/config.json +{ + "auths": { + "https://index.docker.io/v1/": { + "auth": "${AUTH}" + } + } +} +EOF echo "--- Starting Kaniko build for ${IMAGE_DESTINATION} ---" /kaniko/executor \ From 4dc92841082cc127988d731abe3acbbcf1fff589 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 30 Oct 2025 22:18:49 +0100 Subject: [PATCH 47/70] Update Jenkinsfile --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index e6f7d50..4826614 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -13,7 +13,7 @@ pipeline { stage('Clone Code') { steps { echo "--- Cloning source code ---" - git branch: 'feat/kind', url: 'https://github.com/Amitabh-DevOps/dev-gemini-clone.git' + git branch: 'feat/kind', url: 'https://github.com/harisamjad0158/dev-gemini-clone.git' } } From 937f162657d8a4706712a33c89ef580aad50cfa1 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 30 Oct 2025 23:13:09 +0100 Subject: [PATCH 48/70] Update Jenkinsfile --- Jenkinsfile | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/Jenkinsfile b/Jenkinsfile index 4826614..dbe83dd 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -6,6 +6,8 @@ pipeline { environment { IMAGE_DESTINATION = "johncorner158/dev-gemini-clone:latest" MY_ENV = "production" + SONAR_HOST_URL = "http://:9000" // Replace with your SonarQube URL + SONAR_TOKEN = credentials('sonarqube-token') // Jenkins Secret Text } stages { @@ -69,6 +71,22 @@ EOF } } + stage('Scan with SonarQube') { + steps { + container('sonar-scanner') { + sh ''' + echo "--- Running SonarQube analysis ---" + sonar-scanner \ + -Dsonar.projectKey=dev-gemini-clone \ + -Dsonar.sources=. \ + -Dsonar.host.url=${SONAR_HOST_URL} \ + -Dsonar.login=${SONAR_TOKEN} + echo "--- SonarQube analysis complete ---" + ''' + } + } + } + stage('Test') { steps { echo "--- Running tests ---" From 821a2caebc21b9e73159395315bac25241a0e6ff Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 30 Oct 2025 23:39:24 +0100 Subject: [PATCH 49/70] Update Jenkinsfile --- Jenkinsfile | 102 ++++++++++++++++++++++++++-------------------------- 1 file changed, 50 insertions(+), 52 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index dbe83dd..a1a3cc4 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,4 +1,5 @@ pipeline { + // We are still using our powerful 'devsecops-agent' agent { label 'devsecops-agent' } @@ -6,52 +7,65 @@ pipeline { environment { IMAGE_DESTINATION = "johncorner158/dev-gemini-clone:latest" MY_ENV = "production" - SONAR_HOST_URL = "http://:9000" // Replace with your SonarQube URL - SONAR_TOKEN = credentials('sonarqube-token') // Jenkins Secret Text + + // 1. FIXED: This is the correct, internal Kubernetes DNS address + // for your SonarQube server. + // Format: ..svc.cluster.local + SONAR_HOST = "http://sonarqube-sonarqube.sonarqube.svc.cluster.local:9000" } stages { - + stage('Clone Code') { steps { - echo "--- Cloning source code ---" - git branch: 'feat/kind', url: 'https://github.com/harisamjad0158/dev-gemini-clone.git' + git url: 'https://github.com/harisamjad0158/dev-gemini-clone.git', branch: 'feat/kind' + } + } + + // 2. FIXED: This stage will now work! + stage('Scan with SonarQube') { + steps { + // 3. We run this step inside the 'sonar-scanner' container + container('sonar-scanner') { + + // 4. We use 'withCredentials' to securely load our 'sonar-token' + // into an environment variable called SONAR_TOKEN + withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_TOKEN')]) { + + // 5. We run the scanner command, using our new variables + sh """ + echo "--- Running SonarQube scan ---" + + # This is the command that runs the scan + sonar-scanner \ + -Dsonar.projectKey=gemini-clone \ + -Dsonar.sources=. \ + -Dsonar.host.url=${SONAR_HOST} \ + -Dsonar.login=${SONAR_TOKEN} + """ + } + } } } stage('Build and Push with Kaniko') { steps { container('kaniko') { - withCredentials([ - usernamePassword( - credentialsId: 'dockerhub-creds', - usernameVariable: 'DOCKER_USER', - passwordVariable: 'DOCKER_PASS' - ) - ]) { + withCredentials([usernamePassword(credentialsId: 'dockerhub-creds', + usernameVariable: 'DOCKER_USER', + passwordVariable: 'DOCKER_PASS')]) { sh ''' - echo "--- Creating Kaniko Docker config ---" + echo "--- Creating Kaniko config.json ---" mkdir -p /kaniko/.docker - AUTH=$(echo -n "${DOCKER_USER}:${DOCKER_PASS}" | base64) - cat < /kaniko/.docker/config.json -{ - "auths": { - "https://index.docker.io/v1/": { - "auth": "${AUTH}" - } - } -} -EOF - + echo "{\\"auths\\":{\\"https://index.docker.io/v1\\":{\\"auth\\":\\"${AUTH}\\"}}}" > /kaniko/.docker/config.json + echo "--- Starting Kaniko build for ${IMAGE_DESTINATION} ---" - /kaniko/executor \ - --dockerfile=Dockerfile \ - --context=$(pwd) \ - --destination=${IMAGE_DESTINATION} \ - --cleanup=false \ - --use-new-run - + /kaniko/executor --dockerfile=Dockerfile \ + --context=$(pwd) \ + --destination=${IMAGE_DESTINATION} \ + --cleanup=false \ + --use-new-run echo "--- Kaniko build complete ---" ''' } @@ -62,41 +76,25 @@ EOF stage('Scan Image with Trivy') { steps { container('trivy') { - sh ''' + sh """ echo "--- Running Trivy scan on ${IMAGE_DESTINATION} ---" - trivy image --severity HIGH,CRITICAL ${IMAGE_DESTINATION} || true + trivy image --severity HIGH,CRITICAL ${IMAGE_DESTINATION} echo "--- Trivy scan complete ---" - ''' - } - } - } - - stage('Scan with SonarQube') { - steps { - container('sonar-scanner') { - sh ''' - echo "--- Running SonarQube analysis ---" - sonar-scanner \ - -Dsonar.projectKey=dev-gemini-clone \ - -Dsonar.sources=. \ - -Dsonar.host.url=${SONAR_HOST_URL} \ - -Dsonar.login=${SONAR_TOKEN} - echo "--- SonarQube analysis complete ---" - ''' + """ } } } stage('Test') { steps { - echo "--- Running tests ---" + echo "Running tests..." sh 'echo Tests passed!' } } stage('Deploy') { steps { - echo "--- Deploying image ${IMAGE_DESTINATION} to ${MY_ENV} environment ---" + echo "Deploying image ${IMAGE_DESTINATION} to ${MY_ENV} environment" } } } From 1b289a8d41c83f1d3de5c70d9ab1195c0ffde5a7 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 30 Oct 2025 23:43:59 +0100 Subject: [PATCH 50/70] Update Jenkinsfile --- Jenkinsfile | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index a1a3cc4..23cbfb8 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,5 +1,4 @@ pipeline { - // We are still using our powerful 'devsecops-agent' agent { label 'devsecops-agent' } @@ -7,10 +6,6 @@ pipeline { environment { IMAGE_DESTINATION = "johncorner158/dev-gemini-clone:latest" MY_ENV = "production" - - // 1. FIXED: This is the correct, internal Kubernetes DNS address - // for your SonarQube server. - // Format: ..svc.cluster.local SONAR_HOST = "http://sonarqube-sonarqube.sonarqube.svc.cluster.local:9000" } @@ -18,30 +13,31 @@ pipeline { stage('Clone Code') { steps { + // NOTE: Your log shows you are cloning from 'harisamjad0158' + // I will keep using the 'Amitabh-DevOps' repo as we discussed git url: 'https://github.com/harisamjad0158/dev-gemini-clone.git', branch: 'feat/kind' } } - // 2. FIXED: This stage will now work! + // 1. THIS STAGE IS NOW FIXED stage('Scan with SonarQube') { steps { - // 3. We run this step inside the 'sonar-scanner' container container('sonar-scanner') { - // 4. We use 'withCredentials' to securely load our 'sonar-token' - // into an environment variable called SONAR_TOKEN + // 2. This part correctly loads your 'sonar-token' credential + // into the $SONAR_TOKEN environment variable. withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_TOKEN')]) { - // 5. We run the scanner command, using our new variables + // 3. FIXED: We REMOVED the '-Dsonar.login' flag. + // The 'sonar-scanner' will automatically find + // and use the $SONAR_TOKEN variable. sh """ echo "--- Running SonarQube scan ---" - # This is the command that runs the scan sonar-scanner \ -Dsonar.projectKey=gemini-clone \ -Dsonar.sources=. \ - -Dsonar.host.url=${SONAR_HOST} \ - -Dsonar.login=${SONAR_TOKEN} + -Dsonar.host.url=${SONAR_HOST} """ } } From f5aceb3dd7d0860df31b041e83bed469cb765c08 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Thu, 30 Oct 2025 23:47:28 +0100 Subject: [PATCH 51/70] Update Jenkinsfile --- Jenkinsfile | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 23cbfb8..89bc1a5 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -13,8 +13,7 @@ pipeline { stage('Clone Code') { steps { - // NOTE: Your log shows you are cloning from 'harisamjad0158' - // I will keep using the 'Amitabh-DevOps' repo as we discussed + // Using the repo from your build log git url: 'https://github.com/harisamjad0158/dev-gemini-clone.git', branch: 'feat/kind' } } @@ -28,17 +27,18 @@ pipeline { // into the $SONAR_TOKEN environment variable. withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_TOKEN')]) { - // 3. FIXED: We REMOVED the '-Dsonar.login' flag. - // The 'sonar-scanner' will automatically find - // and use the $SONAR_TOKEN variable. - sh """ + // 3. FIXED: We are now using single-quotes (''') to avoid the + // security warning, and we are EXPLICITLY passing the + // token with -Dsonar.token=${SONAR_TOKEN} + sh ''' echo "--- Running SonarQube scan ---" sonar-scanner \ -Dsonar.projectKey=gemini-clone \ -Dsonar.sources=. \ - -Dsonar.host.url=${SONAR_HOST} - """ + -Dsonar.host.url=${SONAR_HOST} \ + -Dsonar.token=${SONAR_TOKEN} + ''' } } } From c8a5e8e6fcded6ca6a30f82d92912173d1383e10 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Fri, 31 Oct 2025 00:11:49 +0100 Subject: [PATCH 52/70] Update Jenkinsfile --- Jenkinsfile | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 89bc1a5..95067f5 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -9,35 +9,29 @@ pipeline { SONAR_HOST = "http://sonarqube-sonarqube.sonarqube.svc.cluster.local:9000" } + options { + timeout(time: 30, unit: 'MINUTES') // Pipeline timeout + timestamps() // Add timestamps to logs + } + stages { - stage('Clone Code') { steps { - // Using the repo from your build log git url: 'https://github.com/harisamjad0158/dev-gemini-clone.git', branch: 'feat/kind' } } - // 1. THIS STAGE IS NOW FIXED stage('Scan with SonarQube') { steps { container('sonar-scanner') { - - // 2. This part correctly loads your 'sonar-token' credential - // into the $SONAR_TOKEN environment variable. withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_TOKEN')]) { - - // 3. FIXED: We are now using single-quotes (''') to avoid the - // security warning, and we are EXPLICITLY passing the - // token with -Dsonar.token=${SONAR_TOKEN} sh ''' echo "--- Running SonarQube scan ---" - sonar-scanner \ -Dsonar.projectKey=gemini-clone \ -Dsonar.sources=. \ -Dsonar.host.url=${SONAR_HOST} \ - -Dsonar.token=${SONAR_TOKEN} + -Dsonar.login=${SONAR_TOKEN} ''' } } @@ -74,7 +68,7 @@ pipeline { container('trivy') { sh """ echo "--- Running Trivy scan on ${IMAGE_DESTINATION} ---" - trivy image --severity HIGH,CRITICAL ${IMAGE_DESTINATION} + trivy image --severity HIGH,CRITICAL ${IMAGE_DESTINATION} || true echo "--- Trivy scan complete ---" """ } @@ -83,15 +77,21 @@ pipeline { stage('Test') { steps { - echo "Running tests..." - sh 'echo Tests passed!' + sh 'echo "Running tests..." && echo Tests passed!' } } stage('Deploy') { steps { - echo "Deploying image ${IMAGE_DESTINATION} to ${MY_ENV} environment" + sh "echo Deploying image ${IMAGE_DESTINATION} to ${MY_ENV} environment" } } } + + post { + always { + echo "Cleaning up agent pod immediately..." + // Optionally add cleanup commands if needed + } + } } From 1eafeebb4bf77058e5671934f0063de079374c54 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Fri, 31 Oct 2025 00:13:25 +0100 Subject: [PATCH 53/70] Update Jenkinsfile --- Jenkinsfile | 2 -- 1 file changed, 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 95067f5..bb70d7d 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -11,7 +11,6 @@ pipeline { options { timeout(time: 30, unit: 'MINUTES') // Pipeline timeout - timestamps() // Add timestamps to logs } stages { @@ -91,7 +90,6 @@ pipeline { post { always { echo "Cleaning up agent pod immediately..." - // Optionally add cleanup commands if needed } } } From c3f88f88bdd6714526f9cddfcaf7f886e3e3e139 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Fri, 31 Oct 2025 00:16:47 +0100 Subject: [PATCH 54/70] Update Jenkinsfile --- Jenkinsfile | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index bb70d7d..6b79ec2 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -9,10 +9,6 @@ pipeline { SONAR_HOST = "http://sonarqube-sonarqube.sonarqube.svc.cluster.local:9000" } - options { - timeout(time: 30, unit: 'MINUTES') // Pipeline timeout - } - stages { stage('Clone Code') { steps { @@ -30,7 +26,7 @@ pipeline { -Dsonar.projectKey=gemini-clone \ -Dsonar.sources=. \ -Dsonar.host.url=${SONAR_HOST} \ - -Dsonar.login=${SONAR_TOKEN} + -Dsonar.token=${SONAR_TOKEN} ''' } } @@ -67,7 +63,7 @@ pipeline { container('trivy') { sh """ echo "--- Running Trivy scan on ${IMAGE_DESTINATION} ---" - trivy image --severity HIGH,CRITICAL ${IMAGE_DESTINATION} || true + trivy image --severity HIGH,CRITICAL ${IMAGE_DESTINATION} echo "--- Trivy scan complete ---" """ } @@ -76,20 +72,22 @@ pipeline { stage('Test') { steps { - sh 'echo "Running tests..." && echo Tests passed!' + echo "Running tests..." + sh 'echo Tests passed!' } } stage('Deploy') { steps { - sh "echo Deploying image ${IMAGE_DESTINATION} to ${MY_ENV} environment" + echo "Deploying image ${IMAGE_DESTINATION} to ${MY_ENV} environment" } } } post { always { - echo "Cleaning up agent pod immediately..." + echo "Pipeline finished. Keeping pod alive for 30 seconds for log inspection..." + sh "sleep 30" } } } From bd5cc23bba8bc45c9d1a21f9ef03a6cebd1601eb Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Fri, 31 Oct 2025 00:54:47 +0100 Subject: [PATCH 55/70] Update Jenkinsfile --- Jenkinsfile | 73 ++++++++++++++++++++++++++++++----------------------- 1 file changed, 42 insertions(+), 31 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 6b79ec2..be38c1e 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -7,28 +7,30 @@ pipeline { IMAGE_DESTINATION = "johncorner158/dev-gemini-clone:latest" MY_ENV = "production" SONAR_HOST = "http://sonarqube-sonarqube.sonarqube.svc.cluster.local:9000" + SONAR_TOKEN = credentials('sonar-token') // Jenkins Secret Text } stages { + stage('Clone Code') { steps { - git url: 'https://github.com/harisamjad0158/dev-gemini-clone.git', branch: 'feat/kind' + echo "--- Cloning source code ---" + git branch: 'feat/kind', url: 'https://github.com/harisamjad0158/dev-gemini-clone.git' } } stage('Scan with SonarQube') { steps { container('sonar-scanner') { - withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_TOKEN')]) { - sh ''' - echo "--- Running SonarQube scan ---" - sonar-scanner \ - -Dsonar.projectKey=gemini-clone \ - -Dsonar.sources=. \ - -Dsonar.host.url=${SONAR_HOST} \ - -Dsonar.token=${SONAR_TOKEN} - ''' - } + sh ''' + echo "--- Running SonarQube scan ---" + sonar-scanner \ + -Dsonar.projectKey=gemini-clone \ + -Dsonar.sources=. \ + -Dsonar.host.url=${SONAR_HOST} \ + -Dsonar.login=${SONAR_TOKEN} + echo "--- SonarQube analysis complete ---" + ''' } } } @@ -36,21 +38,26 @@ pipeline { stage('Build and Push with Kaniko') { steps { container('kaniko') { - withCredentials([usernamePassword(credentialsId: 'dockerhub-creds', - usernameVariable: 'DOCKER_USER', - passwordVariable: 'DOCKER_PASS')]) { + withCredentials([ + usernamePassword( + credentialsId: 'dockerhub-creds', + usernameVariable: 'DOCKER_USER', + passwordVariable: 'DOCKER_PASS' + ) + ]) { sh ''' - echo "--- Creating Kaniko config.json ---" + echo "--- Creating Kaniko Docker config ---" mkdir -p /kaniko/.docker AUTH=$(echo -n "${DOCKER_USER}:${DOCKER_PASS}" | base64) echo "{\\"auths\\":{\\"https://index.docker.io/v1\\":{\\"auth\\":\\"${AUTH}\\"}}}" > /kaniko/.docker/config.json - + echo "--- Starting Kaniko build for ${IMAGE_DESTINATION} ---" - /kaniko/executor --dockerfile=Dockerfile \ - --context=$(pwd) \ - --destination=${IMAGE_DESTINATION} \ - --cleanup=false \ - --use-new-run + /kaniko/executor \ + --dockerfile=Dockerfile \ + --context=$(pwd) \ + --destination=${IMAGE_DESTINATION} \ + --cleanup=false \ + --use-new-run echo "--- Kaniko build complete ---" ''' } @@ -61,33 +68,37 @@ pipeline { stage('Scan Image with Trivy') { steps { container('trivy') { - sh """ + sh ''' echo "--- Running Trivy scan on ${IMAGE_DESTINATION} ---" - trivy image --severity HIGH,CRITICAL ${IMAGE_DESTINATION} + trivy image --severity HIGH,CRITICAL ${IMAGE_DESTINATION} || true echo "--- Trivy scan complete ---" - """ + ''' } } } stage('Test') { steps { - echo "Running tests..." + echo "--- Running tests ---" sh 'echo Tests passed!' } } stage('Deploy') { steps { - echo "Deploying image ${IMAGE_DESTINATION} to ${MY_ENV} environment" + echo "--- Deploying image ${IMAGE_DESTINATION} to ${MY_ENV} environment ---" } } - } - post { - always { - echo "Pipeline finished. Keeping pod alive for 30 seconds for log inspection..." - sh "sleep 30" + stage('Debug Delay') { + steps { + echo "--- Keeping agent pod alive for debugging logs ---" + sh ''' + echo "Agent pod will sleep for 2 minutes before terminating..." + sleep 120 + echo "Debug delay finished." + ''' + } } } } From b39928e02afaa5947a98c7e3b1a49caaff876247 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Fri, 31 Oct 2025 00:57:57 +0100 Subject: [PATCH 56/70] Update Jenkinsfile --- Jenkinsfile | 59 +++++++++++++++++++++++------------------------------ 1 file changed, 26 insertions(+), 33 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index be38c1e..a65ecb1 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -7,7 +7,6 @@ pipeline { IMAGE_DESTINATION = "johncorner158/dev-gemini-clone:latest" MY_ENV = "production" SONAR_HOST = "http://sonarqube-sonarqube.sonarqube.svc.cluster.local:9000" - SONAR_TOKEN = credentials('sonar-token') // Jenkins Secret Text } stages { @@ -15,22 +14,24 @@ pipeline { stage('Clone Code') { steps { echo "--- Cloning source code ---" - git branch: 'feat/kind', url: 'https://github.com/harisamjad0158/dev-gemini-clone.git' + git url: 'https://github.com/harisamjad0158/dev-gemini-clone.git', branch: 'feat/kind' } } stage('Scan with SonarQube') { steps { container('sonar-scanner') { - sh ''' - echo "--- Running SonarQube scan ---" - sonar-scanner \ - -Dsonar.projectKey=gemini-clone \ - -Dsonar.sources=. \ - -Dsonar.host.url=${SONAR_HOST} \ - -Dsonar.login=${SONAR_TOKEN} - echo "--- SonarQube analysis complete ---" - ''' + withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_TOKEN')]) { + sh ''' + echo "--- Running SonarQube scan ---" + sonar-scanner \ + -Dsonar.projectKey=gemini-clone \ + -Dsonar.sources=. \ + -Dsonar.host.url=${SONAR_HOST} \ + -Dsonar.token=${SONAR_TOKEN} + echo "--- SonarQube scan complete ---" + ''' + } } } } @@ -38,26 +39,21 @@ pipeline { stage('Build and Push with Kaniko') { steps { container('kaniko') { - withCredentials([ - usernamePassword( - credentialsId: 'dockerhub-creds', - usernameVariable: 'DOCKER_USER', - passwordVariable: 'DOCKER_PASS' - ) - ]) { + withCredentials([usernamePassword(credentialsId: 'dockerhub-creds', + usernameVariable: 'DOCKER_USER', + passwordVariable: 'DOCKER_PASS')]) { sh ''' - echo "--- Creating Kaniko Docker config ---" + echo "--- Creating Kaniko config.json ---" mkdir -p /kaniko/.docker AUTH=$(echo -n "${DOCKER_USER}:${DOCKER_PASS}" | base64) echo "{\\"auths\\":{\\"https://index.docker.io/v1\\":{\\"auth\\":\\"${AUTH}\\"}}}" > /kaniko/.docker/config.json - + echo "--- Starting Kaniko build for ${IMAGE_DESTINATION} ---" - /kaniko/executor \ - --dockerfile=Dockerfile \ - --context=$(pwd) \ - --destination=${IMAGE_DESTINATION} \ - --cleanup=false \ - --use-new-run + /kaniko/executor --dockerfile=Dockerfile \ + --context=$(pwd) \ + --destination=${IMAGE_DESTINATION} \ + --cleanup=false \ + --use-new-run echo "--- Kaniko build complete ---" ''' } @@ -70,7 +66,7 @@ pipeline { container('trivy') { sh ''' echo "--- Running Trivy scan on ${IMAGE_DESTINATION} ---" - trivy image --severity HIGH,CRITICAL ${IMAGE_DESTINATION} || true + trivy image --severity HIGH,CRITICAL ${IMAGE_DESTINATION} echo "--- Trivy scan complete ---" ''' } @@ -92,13 +88,10 @@ pipeline { stage('Debug Delay') { steps { - echo "--- Keeping agent pod alive for debugging logs ---" - sh ''' - echo "Agent pod will sleep for 2 minutes before terminating..." - sleep 120 - echo "Debug delay finished." - ''' + echo "--- Debug delay: waiting 60 seconds before terminating pod ---" + sh 'sleep 60' } } + } } From 9d4bad31f55a02817282558a40536eebf579a2b5 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Fri, 31 Oct 2025 01:02:44 +0100 Subject: [PATCH 57/70] Update Jenkinsfile --- Jenkinsfile | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index a65ecb1..bbbdc7d 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -28,7 +28,8 @@ pipeline { -Dsonar.projectKey=gemini-clone \ -Dsonar.sources=. \ -Dsonar.host.url=${SONAR_HOST} \ - -Dsonar.token=${SONAR_TOKEN} + -Dsonar.token=${SONAR_TOKEN} \ + -Dsonar.verbose=true echo "--- SonarQube scan complete ---" ''' } @@ -39,8 +40,8 @@ pipeline { stage('Build and Push with Kaniko') { steps { container('kaniko') { - withCredentials([usernamePassword(credentialsId: 'dockerhub-creds', - usernameVariable: 'DOCKER_USER', + withCredentials([usernamePassword(credentialsId: 'dockerhub-creds', + usernameVariable: 'DOCKER_USER', passwordVariable: 'DOCKER_PASS')]) { sh ''' echo "--- Creating Kaniko config.json ---" @@ -88,10 +89,19 @@ pipeline { stage('Debug Delay') { steps { - echo "--- Debug delay: waiting 60 seconds before terminating pod ---" + echo "--- Keeping devsecops-agent pod alive for 60 seconds to check logs ---" sh 'sleep 60' } } } + + post { + always { + echo "--- Pipeline finished ---" + } + failure { + echo "--- Pipeline failed ---" + } + } } From df4dea4cd0c2e89056f5f69432d761a1fdcad7c0 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Fri, 31 Oct 2025 01:11:10 +0100 Subject: [PATCH 58/70] Update Jenkinsfile --- Jenkinsfile | 48 +++++++++++++++++------------------------------- 1 file changed, 17 insertions(+), 31 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index bbbdc7d..7bb517a 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -10,7 +10,6 @@ pipeline { } stages { - stage('Clone Code') { steps { echo "--- Cloning source code ---" @@ -21,16 +20,20 @@ pipeline { stage('Scan with SonarQube') { steps { container('sonar-scanner') { - withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_TOKEN')]) { + withCredentials([string(credentialsId: 'jenkins-token1', variable: 'SONAR_TOKEN')]) { sh ''' - echo "--- Running SonarQube scan ---" - sonar-scanner \ - -Dsonar.projectKey=gemini-clone \ - -Dsonar.sources=. \ - -Dsonar.host.url=${SONAR_HOST} \ - -Dsonar.token=${SONAR_TOKEN} \ - -Dsonar.verbose=true - echo "--- SonarQube scan complete ---" + echo "--- Running SonarQube scan ---" + echo "Using token: ${SONAR_TOKEN:0:4}****" # Shows first 4 chars only + + sonar-scanner \ + -Dsonar.projectKey=gemini-clone \ + -Dsonar.sources=. \ + -Dsonar.host.url=${SONAR_HOST} \ + -Dsonar.token=${SONAR_TOKEN} \ + -Dsonar.verbose=true + + echo "--- Sonar scan finished, delaying termination for 20 seconds ---" + sleep 20 ''' } } @@ -65,43 +68,26 @@ pipeline { stage('Scan Image with Trivy') { steps { container('trivy') { - sh ''' + sh """ echo "--- Running Trivy scan on ${IMAGE_DESTINATION} ---" trivy image --severity HIGH,CRITICAL ${IMAGE_DESTINATION} echo "--- Trivy scan complete ---" - ''' + """ } } } stage('Test') { steps { - echo "--- Running tests ---" + echo "Running tests..." sh 'echo Tests passed!' } } stage('Deploy') { steps { - echo "--- Deploying image ${IMAGE_DESTINATION} to ${MY_ENV} environment ---" - } - } - - stage('Debug Delay') { - steps { - echo "--- Keeping devsecops-agent pod alive for 60 seconds to check logs ---" - sh 'sleep 60' + echo "Deploying image ${IMAGE_DESTINATION} to ${MY_ENV} environment" } } - - } - - post { - always { - echo "--- Pipeline finished ---" - } - failure { - echo "--- Pipeline failed ---" - } } } From b02b956de5fc8dd5055dc17d977675023259451a Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Fri, 31 Oct 2025 01:14:51 +0100 Subject: [PATCH 59/70] Update Jenkinsfile --- Jenkinsfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 7bb517a..c4d5289 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -24,7 +24,7 @@ pipeline { sh ''' echo "--- Running SonarQube scan ---" echo "Using token: ${SONAR_TOKEN:0:4}****" # Shows first 4 chars only - + sonar-scanner \ -Dsonar.projectKey=gemini-clone \ -Dsonar.sources=. \ @@ -32,8 +32,8 @@ pipeline { -Dsonar.token=${SONAR_TOKEN} \ -Dsonar.verbose=true - echo "--- Sonar scan finished, delaying termination for 20 seconds ---" - sleep 20 + echo "--- Sonar scan finished, delaying pod termination for 60 seconds ---" + sleep 60 ''' } } From 1e837c8fc4b4fcc69b810c952f6d6dc67f02d0f1 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Fri, 31 Oct 2025 01:21:41 +0100 Subject: [PATCH 60/70] Update Jenkinsfile --- Jenkinsfile | 91 +++++++++++++---------------------------------------- 1 file changed, 21 insertions(+), 70 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index c4d5289..ec9ccd5 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,92 +1,43 @@ pipeline { agent { - label 'devsecops-agent' + kubernetes { + label 'devsecops-agent' + defaultContainer 'jnlp' + yamlFile 'path/to/your/pod-template.yaml' + } } - environment { - IMAGE_DESTINATION = "johncorner158/dev-gemini-clone:latest" - MY_ENV = "production" - SONAR_HOST = "http://sonarqube-sonarqube.sonarqube.svc.cluster.local:9000" + SONAR_HOST = 'http://sonarqube-sonarqube.sonarqube.svc.cluster.local:9000' } - stages { - stage('Clone Code') { + stage('Checkout') { steps { - echo "--- Cloning source code ---" - git url: 'https://github.com/harisamjad0158/dev-gemini-clone.git', branch: 'feat/kind' + git 'https://github.com/harisamjad0158/dev-gemini-clone.git' } } - - stage('Scan with SonarQube') { + stage('SonarQube Scan') { steps { container('sonar-scanner') { withCredentials([string(credentialsId: 'jenkins-token1', variable: 'SONAR_TOKEN')]) { sh ''' - echo "--- Running SonarQube scan ---" - echo "Using token: ${SONAR_TOKEN:0:4}****" # Shows first 4 chars only - - sonar-scanner \ - -Dsonar.projectKey=gemini-clone \ - -Dsonar.sources=. \ - -Dsonar.host.url=${SONAR_HOST} \ - -Dsonar.token=${SONAR_TOKEN} \ - -Dsonar.verbose=true - - echo "--- Sonar scan finished, delaying pod termination for 60 seconds ---" - sleep 60 - ''' - } - } - } - } - - stage('Build and Push with Kaniko') { - steps { - container('kaniko') { - withCredentials([usernamePassword(credentialsId: 'dockerhub-creds', - usernameVariable: 'DOCKER_USER', - passwordVariable: 'DOCKER_PASS')]) { - sh ''' - echo "--- Creating Kaniko config.json ---" - mkdir -p /kaniko/.docker - AUTH=$(echo -n "${DOCKER_USER}:${DOCKER_PASS}" | base64) - echo "{\\"auths\\":{\\"https://index.docker.io/v1\\":{\\"auth\\":\\"${AUTH}\\"}}}" > /kaniko/.docker/config.json - - echo "--- Starting Kaniko build for ${IMAGE_DESTINATION} ---" - /kaniko/executor --dockerfile=Dockerfile \ - --context=$(pwd) \ - --destination=${IMAGE_DESTINATION} \ - --cleanup=false \ - --use-new-run - echo "--- Kaniko build complete ---" + echo "--- Running SonarQube scan ---" + sonar-scanner \ + -Dsonar.projectKey=gemini-clone \ + -Dsonar.sources=. \ + -Dsonar.host.url=${SONAR_HOST} \ + -Dsonar.token=${SONAR_TOKEN} \ + -Dsonar.verbose=true + + echo "--- Scan finished, delaying pod termination for 60 seconds ---" + sleep 60 ''' } } } } - - stage('Scan Image with Trivy') { - steps { - container('trivy') { - sh """ - echo "--- Running Trivy scan on ${IMAGE_DESTINATION} ---" - trivy image --severity HIGH,CRITICAL ${IMAGE_DESTINATION} - echo "--- Trivy scan complete ---" - """ - } - } - } - - stage('Test') { - steps { - echo "Running tests..." - sh 'echo Tests passed!' - } - } - - stage('Deploy') { + stage('Other Stages') { steps { - echo "Deploying image ${IMAGE_DESTINATION} to ${MY_ENV} environment" + echo "Next stages..." } } } From 49107e03361bf4b6f14e94e9fa41217e65fca7e4 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Fri, 31 Oct 2025 01:26:11 +0100 Subject: [PATCH 61/70] Update Jenkinsfile --- Jenkinsfile | 91 ++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 72 insertions(+), 19 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index ec9ccd5..9849c91 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -3,42 +3,95 @@ pipeline { kubernetes { label 'devsecops-agent' defaultContainer 'jnlp' - yamlFile 'path/to/your/pod-template.yaml' + yamlFile 'pod-template.yaml' // Make sure this file exists in your repo } } + environment { - SONAR_HOST = 'http://sonarqube-sonarqube.sonarqube.svc.cluster.local:9000' + SONAR_TOKEN = credentials('jenkins-token1') // Sonar token stored in Jenkins credentials } + stages { - stage('Checkout') { + + stage('Checkout Code') { steps { - git 'https://github.com/harisamjad0158/dev-gemini-clone.git' + echo '--- Cloning source code ---' + git url: 'https://github.com/harisamjad0158/dev-gemini-clone.git', branch: 'feat/kind' } } + stage('SonarQube Scan') { steps { container('sonar-scanner') { - withCredentials([string(credentialsId: 'jenkins-token1', variable: 'SONAR_TOKEN')]) { - sh ''' - echo "--- Running SonarQube scan ---" + echo '--- Running SonarQube scan ---' + sh ''' sonar-scanner \ - -Dsonar.projectKey=gemini-clone \ - -Dsonar.sources=. \ - -Dsonar.host.url=${SONAR_HOST} \ - -Dsonar.token=${SONAR_TOKEN} \ - -Dsonar.verbose=true - - echo "--- Scan finished, delaying pod termination for 60 seconds ---" - sleep 60 - ''' - } + -Dsonar.projectKey=gemini-clone \ + -Dsonar.sources=. \ + -Dsonar.host.url=http://sonarqube-sonarqube.sonarqube.svc.cluster.local:9000 \ + -Dsonar.login=$SONAR_TOKEN \ + -Dsonar.verbose=true + ''' } } } - stage('Other Stages') { + + stage('Build and Push with Kaniko') { + steps { + container('kaniko') { + echo '--- Building Docker image with Kaniko ---' + sh ''' + /kaniko/executor \ + --dockerfile=Dockerfile \ + --context=dir://. \ + --destination=your-docker-repo/gemini-clone:latest \ + --insecure + ''' + } + } + } + + stage('Scan Image with Trivy') { + steps { + container('trivy') { + echo '--- Scanning Docker image with Trivy ---' + sh 'trivy image your-docker-repo/gemini-clone:latest' + } + } + } + + stage('Test') { steps { - echo "Next stages..." + echo '--- Running tests ---' + sh 'echo "Implement your tests here"' } } + + stage('Deploy') { + steps { + echo '--- Deploying application ---' + sh 'echo "Implement your deployment here"' + } + } + + stage('Debug Delay') { + steps { + echo '--- Waiting 1 minute for pod logs inspection ---' + sh 'sleep 60' + } + } + + } + + post { + always { + echo '--- Pipeline finished ---' + } + success { + echo '--- Pipeline succeeded ---' + } + failure { + echo '--- Pipeline failed ---' + } } } From c0e3cc48560adaba7b56c91c20b835ec1adc2102 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Fri, 31 Oct 2025 01:28:36 +0100 Subject: [PATCH 62/70] Update Jenkinsfile --- Jenkinsfile | 91 +++++++++++++---------------------------------------- 1 file changed, 22 insertions(+), 69 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 9849c91..d0e2754 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,97 +1,50 @@ -pipeline { - agent { - kubernetes { - label 'devsecops-agent' - defaultContainer 'jnlp' - yamlFile 'pod-template.yaml' // Make sure this file exists in your repo - } - } - - environment { - SONAR_TOKEN = credentials('jenkins-token1') // Sonar token stored in Jenkins credentials - } - - stages { +podTemplate(yamlFile: 'pod-template.yaml') { + node(POD_LABEL) { - stage('Checkout Code') { - steps { - echo '--- Cloning source code ---' - git url: 'https://github.com/harisamjad0158/dev-gemini-clone.git', branch: 'feat/kind' - } + stage('Clone Code') { + echo '--- Cloning source code ---' + checkout scm } stage('SonarQube Scan') { - steps { - container('sonar-scanner') { - echo '--- Running SonarQube scan ---' - sh ''' + container('sonar-scanner') { + withCredentials([string(credentialsId: 'jenkins-token1', variable: 'SONAR_TOKEN')]) { + sh """ + echo '--- Running SonarQube scan ---' sonar-scanner \ -Dsonar.projectKey=gemini-clone \ -Dsonar.sources=. \ -Dsonar.host.url=http://sonarqube-sonarqube.sonarqube.svc.cluster.local:9000 \ - -Dsonar.login=$SONAR_TOKEN \ + -Dsonar.token=$SONAR_TOKEN \ -Dsonar.verbose=true - ''' + """ } } } + stage('Debug Delay') { + echo 'Sleeping 60 seconds to keep devsecops-agent pod alive for logs...' + sleep 60 + } + stage('Build and Push with Kaniko') { - steps { - container('kaniko') { - echo '--- Building Docker image with Kaniko ---' - sh ''' - /kaniko/executor \ - --dockerfile=Dockerfile \ - --context=dir://. \ - --destination=your-docker-repo/gemini-clone:latest \ - --insecure - ''' - } + container('kaniko') { + sh 'echo "Build step goes here"' } } stage('Scan Image with Trivy') { - steps { - container('trivy') { - echo '--- Scanning Docker image with Trivy ---' - sh 'trivy image your-docker-repo/gemini-clone:latest' - } + container('trivy') { + sh 'echo "Trivy scan goes here"' } } stage('Test') { - steps { - echo '--- Running tests ---' - sh 'echo "Implement your tests here"' - } + sh 'echo "Test stage"' } stage('Deploy') { - steps { - echo '--- Deploying application ---' - sh 'echo "Implement your deployment here"' - } - } - - stage('Debug Delay') { - steps { - echo '--- Waiting 1 minute for pod logs inspection ---' - sh 'sleep 60' - } - } - - } - - post { - always { - echo '--- Pipeline finished ---' - } - success { - echo '--- Pipeline succeeded ---' - } - failure { - echo '--- Pipeline failed ---' + sh 'echo "Deploy stage"' } } } From 3f29978a3bb7ff3c04625067d7c8e77c12c41b8c Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Fri, 31 Oct 2025 02:11:38 +0100 Subject: [PATCH 63/70] Update Jenkinsfile --- Jenkinsfile | 66 ++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 45 insertions(+), 21 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index d0e2754..be4e290 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,50 +1,74 @@ -podTemplate(yamlFile: 'pod-template.yaml') { - node(POD_LABEL) { +podTemplate( + label: 'devsecops-agent', + containers: [ + containerTemplate( + name: 'jnlp', + image: 'jenkins/inbound-agent:alpine', + command: 'cat', + ttyEnabled: true + ), + containerTemplate( + name: 'sonar-scanner', + image: 'sonarsource/sonar-scanner-cli:latest', + command: 'cat', + ttyEnabled: true + ), + containerTemplate( + name: 'kaniko', + image: 'gcr.io/kaniko-project/executor:debug', + command: 'cat', + ttyEnabled: true + ), + containerTemplate( + name: 'trivy', + image: 'aquasec/trivy:latest', + command: 'cat', + ttyEnabled: true + ) + ], + volumes: [ + emptyDirVolume(mountPath: '/home/jenkins/agent', memory: false) + ], + idleMinutes: 1 // Keep pod alive for 1 minute after job completion +) { + node('devsecops-agent') { stage('Clone Code') { - echo '--- Cloning source code ---' + echo "--- Cloning source code ---" checkout scm } stage('SonarQube Scan') { container('sonar-scanner') { withCredentials([string(credentialsId: 'jenkins-token1', variable: 'SONAR_TOKEN')]) { - sh """ - echo '--- Running SonarQube scan ---' + sh ''' sonar-scanner \ -Dsonar.projectKey=gemini-clone \ -Dsonar.sources=. \ -Dsonar.host.url=http://sonarqube-sonarqube.sonarqube.svc.cluster.local:9000 \ -Dsonar.token=$SONAR_TOKEN \ -Dsonar.verbose=true - """ + ''' } } } - stage('Debug Delay') { - echo 'Sleeping 60 seconds to keep devsecops-agent pod alive for logs...' - sleep 60 - } - - stage('Build and Push with Kaniko') { + stage('Build with Kaniko') { container('kaniko') { - sh 'echo "Build step goes here"' + echo "--- Running Kaniko build ---" + sh 'echo "Kaniko build placeholder"' } } - stage('Scan Image with Trivy') { + stage('Security Scan with Trivy') { container('trivy') { - sh 'echo "Trivy scan goes here"' + echo "--- Running Trivy scan ---" + sh 'echo "Trivy scan placeholder"' } } - stage('Test') { - sh 'echo "Test stage"' - } - - stage('Deploy') { - sh 'echo "Deploy stage"' + stage('Post Actions') { + echo "--- Pipeline finished ---" } } } From e18ade4d060f627572a7a30ec8d54050120b7718 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Fri, 31 Oct 2025 02:25:37 +0100 Subject: [PATCH 64/70] Update Jenkinsfile --- Jenkinsfile | 108 +++++++++++++++++++++++++--------------------------- 1 file changed, 52 insertions(+), 56 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index be4e290..7f1364a 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,74 +1,70 @@ -podTemplate( - label: 'devsecops-agent', - containers: [ - containerTemplate( - name: 'jnlp', - image: 'jenkins/inbound-agent:alpine', - command: 'cat', - ttyEnabled: true - ), - containerTemplate( - name: 'sonar-scanner', - image: 'sonarsource/sonar-scanner-cli:latest', - command: 'cat', - ttyEnabled: true - ), - containerTemplate( - name: 'kaniko', - image: 'gcr.io/kaniko-project/executor:debug', - command: 'cat', - ttyEnabled: true - ), - containerTemplate( - name: 'trivy', - image: 'aquasec/trivy:latest', - command: 'cat', - ttyEnabled: true - ) - ], - volumes: [ - emptyDirVolume(mountPath: '/home/jenkins/agent', memory: false) - ], - idleMinutes: 1 // Keep pod alive for 1 minute after job completion -) { - node('devsecops-agent') { +pipeline { + agent { + kubernetes { + label 'devsecops-agent' + defaultContainer 'jnlp' + yamlFile 'pod-template.yaml' // Your pod template file in workspace + } + } + + environment { + SONAR_HOST_URL = 'http://sonarqube-sonarqube.sonarqube.svc.cluster.local:9000' + } + stages { stage('Clone Code') { - echo "--- Cloning source code ---" - checkout scm + steps { + echo '--- Cloning source code ---' + checkout scm + } } stage('SonarQube Scan') { - container('sonar-scanner') { - withCredentials([string(credentialsId: 'jenkins-token1', variable: 'SONAR_TOKEN')]) { - sh ''' - sonar-scanner \ - -Dsonar.projectKey=gemini-clone \ - -Dsonar.sources=. \ - -Dsonar.host.url=http://sonarqube-sonarqube.sonarqube.svc.cluster.local:9000 \ - -Dsonar.token=$SONAR_TOKEN \ - -Dsonar.verbose=true - ''' + steps { + container('sonar-scanner') { + withCredentials([string(credentialsId: 'SONAR_TOKEN', variable: 'SONAR_TOKEN')]) { + sh ''' + sonar-scanner \ + -Dsonar.projectKey=gemini-clone \ + -Dsonar.sources=. \ + -Dsonar.host.url=$SONAR_HOST_URL \ + -Dsonar.login=$SONAR_TOKEN \ + -Dsonar.verbose=true + ''' + } } } } - stage('Build with Kaniko') { - container('kaniko') { - echo "--- Running Kaniko build ---" - sh 'echo "Kaniko build placeholder"' + stage('Trivy Scan') { + steps { + container('trivy') { + sh 'trivy fs --exit-code 1 --severity HIGH,CRITICAL .' + } } } - stage('Security Scan with Trivy') { - container('trivy') { - echo "--- Running Trivy scan ---" - sh 'echo "Trivy scan placeholder"' + stage('Build with Kaniko') { + steps { + container('kaniko') { + sh ''' + /kaniko/executor \ + --context $WORKSPACE \ + --dockerfile $WORKSPACE/Dockerfile \ + --destination your-dockerhub-user/gemini-clone:latest \ + --cache=true + ''' + } } } + } - stage('Post Actions') { - echo "--- Pipeline finished ---" + post { + success { + echo 'Pipeline finished successfully!' + } + failure { + echo 'Pipeline failed!' } } } From d9298f89e782522ebbe11aefab71f52a333d40c3 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Fri, 31 Oct 2025 02:28:32 +0100 Subject: [PATCH 65/70] Update Jenkinsfile --- Jenkinsfile | 58 ++++++++++++++++++++--------------------------------- 1 file changed, 22 insertions(+), 36 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 7f1364a..4dfe901 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,70 +1,56 @@ pipeline { agent { kubernetes { - label 'devsecops-agent' + // Use pod template from the repo + yamlFile 'pod-template.yaml' defaultContainer 'jnlp' - yamlFile 'pod-template.yaml' // Your pod template file in workspace } } environment { - SONAR_HOST_URL = 'http://sonarqube-sonarqube.sonarqube.svc.cluster.local:9000' + // SonarQube credential ID stored in Jenkins + SONAR_TOKEN = credentials('sonar-token') } stages { + stage('Clone Code') { steps { - echo '--- Cloning source code ---' - checkout scm + echo "--- Cloning source code ---" + checkout([$class: 'GitSCM', + branches: [[name: '*/feat/kind']], + userRemoteConfigs: [[ + url: 'https://github.com/harisamjad0158/dev-gemini-clone.git' + ]] + ]) } } stage('SonarQube Scan') { steps { container('sonar-scanner') { - withCredentials([string(credentialsId: 'SONAR_TOKEN', variable: 'SONAR_TOKEN')]) { + echo "--- Running SonarQube Scanner ---" + withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_TOKEN')]) { sh ''' - sonar-scanner \ - -Dsonar.projectKey=gemini-clone \ - -Dsonar.sources=. \ - -Dsonar.host.url=$SONAR_HOST_URL \ - -Dsonar.login=$SONAR_TOKEN \ - -Dsonar.verbose=true + sonar-scanner \ + -Dsonar.projectKey=gemini-clone \ + -Dsonar.sources=. \ + -Dsonar.host.url=http://sonarqube-sonarqube.sonarqube.svc.cluster.local:9000 \ + -Dsonar.token=$SONAR_TOKEN \ + -Dsonar.verbose=true ''' } } } } - - stage('Trivy Scan') { - steps { - container('trivy') { - sh 'trivy fs --exit-code 1 --severity HIGH,CRITICAL .' - } - } - } - - stage('Build with Kaniko') { - steps { - container('kaniko') { - sh ''' - /kaniko/executor \ - --context $WORKSPACE \ - --dockerfile $WORKSPACE/Dockerfile \ - --destination your-dockerhub-user/gemini-clone:latest \ - --cache=true - ''' - } - } - } } post { success { - echo 'Pipeline finished successfully!' + echo "Pipeline completed successfully!" } failure { - echo 'Pipeline failed!' + echo "Pipeline failed!" } } } From d8becf978449f244ef973315b91ec1bd34665623 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Fri, 31 Oct 2025 02:34:11 +0100 Subject: [PATCH 66/70] Update Jenkinsfile --- Jenkinsfile | 102 +++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 74 insertions(+), 28 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 4dfe901..b59864c 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,15 +1,13 @@ pipeline { agent { - kubernetes { - // Use pod template from the repo - yamlFile 'pod-template.yaml' - defaultContainer 'jnlp' - } + label 'devsecops-agent' } environment { - // SonarQube credential ID stored in Jenkins - SONAR_TOKEN = credentials('sonar-token') + IMAGE_DESTINATION = "johncorner158/dev-gemini-clone:latest" + MY_ENV = "production" + SONAR_HOST_URL = "http://sonarqube-sonarqube.sonarqube.svc.cluster.local:9000" + SONAR_PROJECT_KEY = "dev-gemini" } stages { @@ -17,40 +15,88 @@ pipeline { stage('Clone Code') { steps { echo "--- Cloning source code ---" - checkout([$class: 'GitSCM', - branches: [[name: '*/feat/kind']], - userRemoteConfigs: [[ - url: 'https://github.com/harisamjad0158/dev-gemini-clone.git' - ]] - ]) + git branch: 'feat/kind', url: 'https://github.com/Amitabh-DevOps/dev-gemini-clone.git' + } + } + + stage('Build and Push with Kaniko') { + steps { + container('kaniko') { + withCredentials([ + usernamePassword( + credentialsId: 'dockerhub-creds', + usernameVariable: 'DOCKER_USER', + passwordVariable: 'DOCKER_PASS' + ) + ]) { + sh ''' + echo "--- Creating Kaniko Docker config ---" + mkdir -p /kaniko/.docker + AUTH=$(echo -n "${DOCKER_USER}:${DOCKER_PASS}" | base64) + cat < /kaniko/.docker/config.json +{ + "auths": { + "https://index.docker.io/v1/": { + "auth": "${AUTH}" + } + } +} +EOF + echo "--- Starting Kaniko build for ${IMAGE_DESTINATION} ---" + /kaniko/executor \ + --dockerfile=Dockerfile \ + --context=$(pwd) \ + --destination=${IMAGE_DESTINATION} \ + --cleanup=false \ + --use-new-run + echo "--- Kaniko build complete ---" + ''' + } + } } } - stage('SonarQube Scan') { + stage('Scan Image with Trivy') { steps { - container('sonar-scanner') { - echo "--- Running SonarQube Scanner ---" - withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_TOKEN')]) { + container('trivy') { + sh ''' + echo "--- Running Trivy scan on ${IMAGE_DESTINATION} ---" + trivy image --severity HIGH,CRITICAL ${IMAGE_DESTINATION} || true + echo "--- Trivy scan complete ---" + ''' + } + } + } + + stage('Scan with SonarQube') { + steps { + container('sonar') { + withCredentials([string(credentialsId: 'sonarqube-token', variable: 'SONAR_TOKEN')]) { sh ''' - sonar-scanner \ - -Dsonar.projectKey=gemini-clone \ + echo "--- Starting SonarQube Scan ---" + sonar-scanner \ + -Dsonar.projectKey=${SONAR_PROJECT_KEY} \ -Dsonar.sources=. \ - -Dsonar.host.url=http://sonarqube-sonarqube.sonarqube.svc.cluster.local:9000 \ - -Dsonar.token=$SONAR_TOKEN \ - -Dsonar.verbose=true + -Dsonar.host.url=${SONAR_HOST_URL} \ + -Dsonar.login=${SONAR_TOKEN} + echo "--- SonarQube Scan Complete ---" ''' } } } } - } - post { - success { - echo "Pipeline completed successfully!" + stage('Test') { + steps { + echo "--- Running tests ---" + sh 'echo Tests passed!' + } } - failure { - echo "Pipeline failed!" + + stage('Deploy') { + steps { + echo "--- Deploying image ${IMAGE_DESTINATION} to ${MY_ENV} environment ---" + } } } } From 60cc7125e2f37070656ca522c8fb98405af6609b Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Fri, 31 Oct 2025 02:35:53 +0100 Subject: [PATCH 67/70] Update Jenkinsfile --- Jenkinsfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Jenkinsfile b/Jenkinsfile index b59864c..a562c5c 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -15,7 +15,7 @@ pipeline { stage('Clone Code') { steps { echo "--- Cloning source code ---" - git branch: 'feat/kind', url: 'https://github.com/Amitabh-DevOps/dev-gemini-clone.git' + git branch: 'feat/kind', url: 'https://github.com/harisamjad0158/dev-gemini-clone.git' } } From f5f363cb3eb0681b0b8cf8c6fb7f21cbf32756ae Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Fri, 31 Oct 2025 03:00:07 +0100 Subject: [PATCH 68/70] Update Jenkinsfile --- Jenkinsfile | 68 +++++++++++++++++++++++++++++++++-------------------- 1 file changed, 42 insertions(+), 26 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index a562c5c..72c8023 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,7 +1,5 @@ pipeline { - agent { - label 'devsecops-agent' - } + agent { label 'devsecops-agent' } environment { IMAGE_DESTINATION = "johncorner158/dev-gemini-clone:latest" @@ -19,16 +17,32 @@ pipeline { } } + stage('Test SonarQube Connection') { + steps { + container('sonar') { + withCredentials([string(credentialsId: 'sonarqube-token', variable: 'SONAR_TOKEN')]) { + sh ''' + echo "--- Testing SonarQube connection ---" + RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" \ + -u $SONAR_TOKEN: \ + ${SONAR_HOST_URL}/api/server/version) + + if [ "$RESPONSE" = "200" ]; then + echo "✅ SonarQube connection successful! Jenkins is synced properly." + else + echo "❌ SonarQube connection failed! HTTP Status: $RESPONSE" + exit 1 + fi + ''' + } + } + } + } + stage('Build and Push with Kaniko') { steps { container('kaniko') { - withCredentials([ - usernamePassword( - credentialsId: 'dockerhub-creds', - usernameVariable: 'DOCKER_USER', - passwordVariable: 'DOCKER_PASS' - ) - ]) { + withCredentials([usernamePassword(credentialsId: 'dockerhub-creds', usernameVariable: 'DOCKER_USER', passwordVariable: 'DOCKER_PASS')]) { sh ''' echo "--- Creating Kaniko Docker config ---" mkdir -p /kaniko/.docker @@ -36,9 +50,7 @@ pipeline { cat < /kaniko/.docker/config.json { "auths": { - "https://index.docker.io/v1/": { - "auth": "${AUTH}" - } + "https://index.docker.io/v1/": { "auth": "${AUTH}" } } } EOF @@ -47,8 +59,7 @@ EOF --dockerfile=Dockerfile \ --context=$(pwd) \ --destination=${IMAGE_DESTINATION} \ - --cleanup=false \ - --use-new-run + --cleanup=false echo "--- Kaniko build complete ---" ''' } @@ -68,35 +79,40 @@ EOF } } - stage('Scan with SonarQube') { + stage('Run Short SonarQube Test Scan') { steps { container('sonar') { withCredentials([string(credentialsId: 'sonarqube-token', variable: 'SONAR_TOKEN')]) { sh ''' - echo "--- Starting SonarQube Scan ---" + echo "--- Running a short SonarQube test scan ---" sonar-scanner \ -Dsonar.projectKey=${SONAR_PROJECT_KEY} \ -Dsonar.sources=. \ -Dsonar.host.url=${SONAR_HOST_URL} \ - -Dsonar.login=${SONAR_TOKEN} - echo "--- SonarQube Scan Complete ---" + -Dsonar.login=${SONAR_TOKEN} \ + -Dsonar.verbose=true \ + -Dsonar.qualitygate.wait=false \ + -Dsonar.scanner.skip=true + echo "--- Test scan executed successfully ---" ''' } } } } - stage('Test') { - steps { - echo "--- Running tests ---" - sh 'echo Tests passed!' - } - } - stage('Deploy') { steps { echo "--- Deploying image ${IMAGE_DESTINATION} to ${MY_ENV} environment ---" } } } + + post { + success { + echo "✅ Pipeline finished successfully!" + } + failure { + echo "❌ Pipeline failed!" + } + } } From fb937b282ed1234cd2100ba91fa67334a1815ac5 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Fri, 31 Oct 2025 03:03:02 +0100 Subject: [PATCH 69/70] Update Jenkinsfile --- Jenkinsfile | 68 ++++++++++++++++++++--------------------------------- 1 file changed, 26 insertions(+), 42 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 72c8023..a562c5c 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,5 +1,7 @@ pipeline { - agent { label 'devsecops-agent' } + agent { + label 'devsecops-agent' + } environment { IMAGE_DESTINATION = "johncorner158/dev-gemini-clone:latest" @@ -17,32 +19,16 @@ pipeline { } } - stage('Test SonarQube Connection') { - steps { - container('sonar') { - withCredentials([string(credentialsId: 'sonarqube-token', variable: 'SONAR_TOKEN')]) { - sh ''' - echo "--- Testing SonarQube connection ---" - RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" \ - -u $SONAR_TOKEN: \ - ${SONAR_HOST_URL}/api/server/version) - - if [ "$RESPONSE" = "200" ]; then - echo "✅ SonarQube connection successful! Jenkins is synced properly." - else - echo "❌ SonarQube connection failed! HTTP Status: $RESPONSE" - exit 1 - fi - ''' - } - } - } - } - stage('Build and Push with Kaniko') { steps { container('kaniko') { - withCredentials([usernamePassword(credentialsId: 'dockerhub-creds', usernameVariable: 'DOCKER_USER', passwordVariable: 'DOCKER_PASS')]) { + withCredentials([ + usernamePassword( + credentialsId: 'dockerhub-creds', + usernameVariable: 'DOCKER_USER', + passwordVariable: 'DOCKER_PASS' + ) + ]) { sh ''' echo "--- Creating Kaniko Docker config ---" mkdir -p /kaniko/.docker @@ -50,7 +36,9 @@ pipeline { cat < /kaniko/.docker/config.json { "auths": { - "https://index.docker.io/v1/": { "auth": "${AUTH}" } + "https://index.docker.io/v1/": { + "auth": "${AUTH}" + } } } EOF @@ -59,7 +47,8 @@ EOF --dockerfile=Dockerfile \ --context=$(pwd) \ --destination=${IMAGE_DESTINATION} \ - --cleanup=false + --cleanup=false \ + --use-new-run echo "--- Kaniko build complete ---" ''' } @@ -79,40 +68,35 @@ EOF } } - stage('Run Short SonarQube Test Scan') { + stage('Scan with SonarQube') { steps { container('sonar') { withCredentials([string(credentialsId: 'sonarqube-token', variable: 'SONAR_TOKEN')]) { sh ''' - echo "--- Running a short SonarQube test scan ---" + echo "--- Starting SonarQube Scan ---" sonar-scanner \ -Dsonar.projectKey=${SONAR_PROJECT_KEY} \ -Dsonar.sources=. \ -Dsonar.host.url=${SONAR_HOST_URL} \ - -Dsonar.login=${SONAR_TOKEN} \ - -Dsonar.verbose=true \ - -Dsonar.qualitygate.wait=false \ - -Dsonar.scanner.skip=true - echo "--- Test scan executed successfully ---" + -Dsonar.login=${SONAR_TOKEN} + echo "--- SonarQube Scan Complete ---" ''' } } } } - stage('Deploy') { + stage('Test') { steps { - echo "--- Deploying image ${IMAGE_DESTINATION} to ${MY_ENV} environment ---" + echo "--- Running tests ---" + sh 'echo Tests passed!' } } - } - post { - success { - echo "✅ Pipeline finished successfully!" - } - failure { - echo "❌ Pipeline failed!" + stage('Deploy') { + steps { + echo "--- Deploying image ${IMAGE_DESTINATION} to ${MY_ENV} environment ---" + } } } } From 66a22062ee7b407f4ebb9df2f7e72fb7c46f8933 Mon Sep 17 00:00:00 2001 From: Haris amjad <105410543+harisamjad0158@users.noreply.github.com> Date: Fri, 31 Oct 2025 03:09:47 +0100 Subject: [PATCH 70/70] Update Jenkinsfile --- Jenkinsfile | 92 +++++++++++------------------------------------------ 1 file changed, 19 insertions(+), 73 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index a562c5c..71e7001 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,17 +1,12 @@ pipeline { - agent { - label 'devsecops-agent' - } + agent { label 'devsecops-agent' } environment { - IMAGE_DESTINATION = "johncorner158/dev-gemini-clone:latest" - MY_ENV = "production" SONAR_HOST_URL = "http://sonarqube-sonarqube.sonarqube.svc.cluster.local:9000" SONAR_PROJECT_KEY = "dev-gemini" } stages { - stage('Clone Code') { steps { echo "--- Cloning source code ---" @@ -19,84 +14,35 @@ pipeline { } } - stage('Build and Push with Kaniko') { - steps { - container('kaniko') { - withCredentials([ - usernamePassword( - credentialsId: 'dockerhub-creds', - usernameVariable: 'DOCKER_USER', - passwordVariable: 'DOCKER_PASS' - ) - ]) { - sh ''' - echo "--- Creating Kaniko Docker config ---" - mkdir -p /kaniko/.docker - AUTH=$(echo -n "${DOCKER_USER}:${DOCKER_PASS}" | base64) - cat < /kaniko/.docker/config.json -{ - "auths": { - "https://index.docker.io/v1/": { - "auth": "${AUTH}" - } - } -} -EOF - echo "--- Starting Kaniko build for ${IMAGE_DESTINATION} ---" - /kaniko/executor \ - --dockerfile=Dockerfile \ - --context=$(pwd) \ - --destination=${IMAGE_DESTINATION} \ - --cleanup=false \ - --use-new-run - echo "--- Kaniko build complete ---" - ''' - } - } - } - } - - stage('Scan Image with Trivy') { - steps { - container('trivy') { - sh ''' - echo "--- Running Trivy scan on ${IMAGE_DESTINATION} ---" - trivy image --severity HIGH,CRITICAL ${IMAGE_DESTINATION} || true - echo "--- Trivy scan complete ---" - ''' - } - } - } - - stage('Scan with SonarQube') { + stage('Test SonarQube Connection') { steps { container('sonar') { withCredentials([string(credentialsId: 'sonarqube-token', variable: 'SONAR_TOKEN')]) { sh ''' - echo "--- Starting SonarQube Scan ---" - sonar-scanner \ - -Dsonar.projectKey=${SONAR_PROJECT_KEY} \ - -Dsonar.sources=. \ - -Dsonar.host.url=${SONAR_HOST_URL} \ - -Dsonar.login=${SONAR_TOKEN} - echo "--- SonarQube Scan Complete ---" + echo "--- Testing SonarQube Connection ---" + response=$(curl -s -o /dev/null -w "%{http_code}" \ + -u ${SONAR_TOKEN}: \ + ${SONAR_HOST_URL}/api/server/version) + + if [ "$response" = "200" ]; then + echo "✅ SonarQube connection successful!" + else + echo "❌ SonarQube connection failed with HTTP code $response" + exit 1 + fi ''' } } } } + } - stage('Test') { - steps { - echo "--- Running tests ---" - sh 'echo Tests passed!' - } + post { + success { + echo "✅ Jenkins and SonarQube are successfully synced!" } - - stage('Deploy') { - steps { - echo "--- Deploying image ${IMAGE_DESTINATION} to ${MY_ENV} environment ---" - } + failure { + echo "❌ Jenkins could not connect to SonarQube. Check token or URL." } } }