Sunday, June 1, 2025

CI/CD (1) - Continous Integration - Jenkins (3) - Jenkins + SonarCube + Docker + Trivy + AWS ECR

 


       Process of development and release of websites evolved since first web pages.
Huge change occur when cloud started. The most popular cloud provides are AWS, AZURE, GCP and many other provides. In current release process Continuous Integration (CI) oraz Continuous Delivery (CD) gain popularity. CI/CD help organize and maintenance release process. IaC (Infrastructure as Code) allow incorporate automation in delivery product on market.

There are tools like Gitlab, CircleCI, Github Action or Jenkins which support building compile CI/CD pipelines.
 
In this entry, I put more focus on CI part of pipeline. CD part, I will build when I increase my knowledge of Kubernetes and ArgoCD area.

Currently I choose build my CI pipeline on premise, to reduce cost. I created Jenkins server in Docker. Jenkins dashboard show below.  



As good practice demands, before anything, run sudo apt update and sudo apt upgrade. Before creating Jenkins, I logged in to be able pull image from Docker Hub. 

docker login

For reference I paste code:

sudo docker run -d --name jenkins-dind \
-p 8080:8080 -p 50000:50000 \
-v /var/run/docker.sock:/var/run/docker.sock \
-v $(which docker):/usr/bin/docker \
-u root \
-e DOCKER_GID=$(getent group docker | cut -d: -f3) \
jenkins/jenkins:lts


Jenkins in brower: http://127.0.0.1:8080/

 

Set up SonarCube in Docker 

Instruction of SonarCube was from https://hub.docker.com/_/sonarqube

Run script below sudo is needed. Script without has error. 

sysctl -w vm.max_map_count=524288
sysctl -w fs.file-max=131072
ulimit -n 131072
ulimit -u 8192


SonarCube with Docker

https://docs.sonarsource.com/sonarqube-server/latest/try-out-sonarqube/

$ sudodocker run -d --name sonarqube -e SONAR_ES_BOOTSTRAP_CHECKS_DISABLE=true -p 9000:9000 sonarqube:latest

 

 


 SonarCube  logging page:

L: admin

P: admin 

 We build project:

 complete-cicd

 

Installation Trivy:

Command line to install Trivy in CLI:  

curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sudo sh -s -- -b /usr/local/bin v0.62.1

 

 

Trivy documentation:

https://trivy.dev/latest/getting-started/installation/

https://www.cyberciti.biz/faq/how-to-install-curl-command-on-a-ubuntu-linux/

https://trivy.dev/v0.33/

 

Install AWS CLI:

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

 

Code for pipeline and simple app are in link to GitHub repo: 

https://github.com/andsidor/Complete_CICD_02

 My pipeline had step like below:

- Check SCM

- Install NodeJS

- Contect to github

- Run Test

- SonarQube analysis

- Docker build

- Trivy Scan

- Login to AWS ECR

- Push docker image to ECR 


  













-
Labels: , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

K8s cluster - bash install

     In my homelab, I testes another method of installation of Kubernetes. Average time of installation of Kubernetes via Ansible was 15 min...

  • Kubespray Homelab
            In the past I broke my K3s homelab more than few times. To set up K3s cluster again it was not complicated. I want to automate proce...
  • K9s install
      K9s K9s is a terminal based UI to interact with your Kubernetes clusters. The aim of this project is to make it easier to navigate, obser...
  • K3s HA + Cllium homelab set up - Updated
             Today I would like to document my base set up for my homelab. I try serveral Linux distros RHEL, Ubuntu, Fedora combined with K8s, ...