From f743c3b54643120803a4a5725e22279425c1eb60 Mon Sep 17 00:00:00 2001 From: sujiiiin Date: Wed, 18 Jun 2025 21:11:29 +0900 Subject: [PATCH 1/2] Create Jenkinsfile --- Jenkinsfile | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 Jenkinsfile diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..4b907cf --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,92 @@ +pipeline { + agent any + + environment { + ECR_REPO = "590715976556.dkr.ecr.ap-northeast-2.amazonaws.com/whs/devops" + IMAGE_TAG = "latest" + REGION = "ap-northeast-2" + SBOM_EC2_USER = "ec2-user" + SBOM_EC2_IP = "172.31.11.127" + } + + stages { + stage('πŸ“¦ Checkout') { + steps { + checkout scm + } + } + + stage('πŸ”¨ Build JAR') { + steps { + sh 'mvn clean package -DskipTests' + } + } + + stage('πŸš€ Generate SBOM via CDXGEN Docker') { + steps { + script { + def repoUrl = scm.userRemoteConfigs[0].url + def repoName = repoUrl.tokenize('/').last().replace('.git', '') + + echo "πŸ“ REPO URL: ${repoUrl}" + echo "πŸ“ Project Name: ${repoName}" + + withCredentials([sshUserPrivateKey(credentialsId: 'jenkins-sbom-key', keyFileVariable: 'SSH_KEY')]) { + def remoteCmd = """ + ssh -i \$SSH_KEY -o StrictHostKeyChecking=no ${env.SBOM_EC2_USER}@${env.SBOM_EC2_IP} ' + echo "[+] 클린 μž‘μ—…: /tmp/${repoName} 제거" + rm -rf /tmp/${repoName} && \\ + + echo "[+] Git μ €μž₯μ†Œ 클둠: ${repoUrl}" + git clone ${repoUrl} /tmp/${repoName} && \\ + + echo "[+] Java/μ–Έμ–΄ 감지" + cd /tmp/${repoName} && \\ + bash /home/ec2-user/detect-java-version.sh && \\ + + IMAGE_TAG=\$(cat /tmp/cdxgen_image_tag.txt) && \\ + echo "[+] μ„ νƒλœ 이미지 νƒœκ·Έ: \$IMAGE_TAG" && \\ + + if [ "\$IMAGE_TAG" = "cli" ]; then + echo "[πŸš€] CDXGEN(CLI) 도컀 μ‹€ν–‰" && \\ + docker run --rm -v \$(pwd):/app ghcr.io/cyclonedx/cdxgen:latest -o sbom.json + else + echo "[πŸš€] CDXGEN(Java) 도컀 μ‹€ν–‰ (\$IMAGE_TAG)" && \\ + docker run --rm -v \$(pwd):/app ghcr.io/cyclonedx/cdxgen-\$IMAGE_TAG:latest -o sbom.json + fi && \\ + + echo "[+] Dependency-Track μ—…λ‘œλ“œ" + /home/ec2-user/upload-sbom.sh ${repoName} + ' + """ + sh remoteCmd + } + } + } + } + + stage('🐳 Docker Build') { + steps { + sh "docker build -t ${env.ECR_REPO}:${env.IMAGE_TAG} ." + } + } + + stage('πŸ” ECR Login') { + steps { + sh "aws ecr get-login-password --region ${env.REGION} | docker login --username AWS --password-stdin ${env.ECR_REPO}" + } + } + + stage('πŸš€ Push to ECR') { + steps { + sh "docker push ${env.ECR_REPO}:${env.IMAGE_TAG}" + } + } + } + + post { + always { + sh 'rm -f sbom.json || true' + } + } +} From 1a6a06d0ac28d92b1be209e65529626a2e5aed7a Mon Sep 17 00:00:00 2001 From: sujiiiin Date: Wed, 18 Jun 2025 21:13:45 +0900 Subject: [PATCH 2/2] Update Jenkinsfile --- Jenkinsfile | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 4b907cf..bb626ae 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -16,11 +16,7 @@ pipeline { } } - stage('πŸ”¨ Build JAR') { - steps { - sh 'mvn clean package -DskipTests' - } - } + stage('πŸš€ Generate SBOM via CDXGEN Docker') { steps {