| .devcontainer | ||
| .github/workflows | ||
| .mvn/wrapper | ||
| .vs | ||
| gradle/wrapper | ||
| grafana/provisioning | ||
| src | ||
| .editorconfig | ||
| .gitattributes | ||
| .gitignore | ||
| .gitpod.yml | ||
| automation.sh | ||
| build.gradle | ||
| docker-compose.yml | ||
| docker-compose_spring-petclinic.yml | ||
| Dockerfile | ||
| Dockerfile.jenkins | ||
| gradlew | ||
| gradlew.bat | ||
| instructions.md | ||
| jenkins.yaml | ||
| Jenkinsfile | ||
| LICENSE.txt | ||
| mvnw | ||
| mvnw.cmd | ||
| pom.xml | ||
| prometheus.yml | ||
| readme.md | ||
| readme_original.md | ||
| settings.gradle | ||
| sonar-project.properties | ||
Getting started - Final Project
Running a build pipeline
docker-compose -f docker-compose_spring-petclinic.yml up -d
Go to the following locations:
Stopping a build pipeline
docker-compose -f docker-compose_spring-petclinic.yml down
Troubleshooting a container
See an event in a running container:
docker logs <container-id>
docker logs spring-petclinic-petclinic-1
Run terminal in a running container:
docker exec -it <container-id> bash
docker exec -it spring-petclinic-petclinic-1 bash
Setting up Jenkins
Steps 1: Set up Jenkins in Docker
-
Create a
Dockerfile.jenkinswith the following content:FROM jenkins/jenkins:lts USER root RUN apt-get update && apt-get install -y docker.io RUN jenkins-plugin-cli --plugins prometheus configuration-as-code COPY jenkins.yaml /var/jenkins_home/casc_configs/jenkins.yaml ENV CASC_JENKINS_CONFIG=/var/jenkins_home/casc_configs/jenkins.yaml USER jenkins EXPOSE 8080 -
Build and Run Jenkins:
docker build -t my-jenkins -f Dockerfile.jenkins . docker run -d --name jenkins --network devsecops-network -p 8081:8080 -v jenkins_home:/var/jenkins_home my-jenkins -
Go to http://localhost:8081/
-
Set up/install plugins.
-
When asked for a password, run the following command:
docker exec -it jenkins cat /var/jenkins_home/secrets/initialAdminPasswordAccess Jenkins at: http://localhost:8081/jenkins
Steps 2: Create Jenkins Pipeline
-
Access Jenkins: Open http://localhost:8081 and set up Jenkins. Install the suggested plugins.
-
Install Required Plugins:
- Go to Manage Jenkins > Manage Plugins and install the following plugins:
- Pipeline
- Git
- GitHub Integration
- Docker Pipeline
- Go to Manage Jenkins > Manage Plugins and install the following plugins:
-
Create a New Pipeline Job:
- Go to Jenkins Dashboard.
- Click on New Item.
- Enter a name for your pipeline (e.g., Spring PetClinic Pipeline).
- Select Pipeline and click OK.
-
Configure the Pipeline:
- In the pipeline configuration, scroll down to the Pipeline section.
- Set Definition to Pipeline script.
- Use the following script to configure the Pipeline:
pipeline { agent any environment { SONARQUBE_URL = 'http://sonarqube:9000' SONARQUBE_CREDENTIALS_ID = 'admin' GITHUB_TOKEN = credentials('github-token') } stages { stage('Checkout') { steps { script { echo "Checking out code..." git url: 'https://github.com/CChariot/spring-petclinic.git', branch: 'FinalProject_main', credentialsId: 'github-token' } } } stage('Build JAR') { steps { script { echo "Building JAR..." sh './mvnw clean package -Dmaven.test.skip=true' } } } stage('Build Docker Image') { steps { script { echo "Building Docker Image..." def dockerImage = docker.build("spring-petclinic", "--no-cache .") echo "Docker Image built: ${dockerImage.id}" env.DOCKER_IMAGE_ID = dockerImage.id } } } // Further stages would reference env.DOCKER_IMAGE_ID if needed } post { always { script { if (env.DOCKER_IMAGE_ID) { echo "Stopping and removing Docker Image with ID: ${env.DOCKER_IMAGE_ID}" sh "docker rmi -f ${env.DOCKER_IMAGE_ID}" } } } success { echo 'Pipeline completed successfully!' } failure { echo 'Pipeline failed.' } } } -
Run the Pipeline:
- Save the Pipeline configuration by clicking Save.
- Go back to the Jenkins dashboard.
- Select your pipeline job.
- Click on Build Now to run the pipeline.
Steps 3: Running Static Analysis with Sonarqube
-
Access Sonarqube: Open http://localhost:9000 and set up Sonarqube. Install the suggested plugins.
-
Login to Sonarqube with the following user and password:
- Username: admin
- Password: admin (update password when prompted after login)
-
Create project on Sonarqube:
- Navigate over to create project
- set the following variables:
- Project display name = petclinic
- Project key = petclinic
- Main branch name = main
- Choose the following option: global branch setting
- Choose the following Analysis Method: Locally
- Generate a project token
-
Set sonar token:
- Copy the generated project token to clipboard
- In your workspace, set the token environment variable (MY_SONAR_TOKEN)
export MY_SONAR_TOKEN=<paste_token_here> -
Run static analysis:
docker run --rm -e SONAR_HOST_URL=http://sonarqube:9000/ -e SONAR_TOKEN=$MY_SONAR_TOKEN -v "$(pwd):/usr/src" --network=spring-petclinic_custom-network sonarsource/sonar-scanner-cli
Steps 4: Setting Up Prometheus and Grafana
-
Access Prometheus: Open http://localhost:9090 and set up Prometheus.
-
Access Grafana: Open http://localhost:3000 and set up Grafana.
- Username: admin
- Password: admin (update password when prompted after login)
-
Configure Grafana to use Prometheus as a data source:
- Go to Grafana Dashboard > Configuration > Data Sources > Add data source.
- Select Prometheus.
- Set the URL to
http://prometheus:9090. - Click Save & Test to verify the configuration.
Steps 5: Running OWASP ZAP
-
Access ZAP: Open http://localhost:8080/zap and set up ZAP.
-
Run OWASP ZAP with the appropriate configuration:
docker run -v $(pwd)/zap-report:/zap/wrk:rw -t owasp/zap2docker-stable zap-baseline.py -t http://petclinic:8080 -g gen.conf -r zap-report.html -
Add post-build actions to publish HTML reports for OWASP ZAP:
- In Jenkins, go to your pipeline job > Configure.
- In the Post-build Actions section, add a publish HTML report step.
- Set the HTML directory to
zap-reportand the report files tozap-report.html.
Steps 6: Deploying to Production
-
Set up a Virtual Machine (VM) to act as the production web server.
-
Use Ansible on the Jenkins build server to deploy the spring-petclinic application to the production web server (VM).
- Create an Ansible playbook to deploy the application.
- Add an Ansible playbook step in Jenkins to run the playbook after the build is successful.
Deliverables
Step-by-Step Instructions
Provide detailed documentation outlining the steps to set up the environment and configure the DevSecOps pipeline.
Provisioning Scripts and Configuration Files
Submit the Docker commands and scripts used to set up Jenkins, SonarQube, Prometheus, Grafana, OWASP ZAP, and Ansible playbook (e.g., Dockerfiles, Vagrant files, Groovy scripts, YAMLs, INIs, etc.).
Screenshots
- Include a screenshot of the spring-petclinic welcome screen on the production web server.
- Include screenshots of key Jenkins, Sonarqube, Prometheus, Grafana, and OWASP ZAP screens.
- Provide evidence showing that a code change triggers the pipeline, deployment is done, and the content of the application is automatically updated. Show the deployed version is different from before the code was committed.
Pipeline Demonstration
- Provide a short video demonstrating the automated build, deployment, and monitoring process in Jenkins, Sonarqube, Prometheus, and Grafana. (Link for the video in Project Documents).
Advanced Automated Scripting
Fully automated assignment completion will receive a bonus