GGH/gg-backend
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bb42581c171f6cae761f79b735ac10966abd0306
gg-backend/Jenkinsfile.prod
T

226 lines
11 KiB
Plaintext
Raw Normal View History

feat: Prod docker compose and Jenkinsfile added
2026-05-01 00:06:27 +05:30
// Single source of truth for env injection.
// Adding/removing a variable means editing one `keys` list — nothing else.
// `path` is the Vault KV path; `file` is the output path relative to ${WORKSPACE}.
def ENV_LAYOUT = [
[path: 'ggh-prod/root', file: '.env', keys: [
'POSTGRES_DB', 'POSTGRES_PASSWORD', 'POSTGRES_USER',
]],
[path: 'ggh-prod/backend', file: 'backend/.env', keys: [
'BYTESCALE_SECRET_API_KEY',
'CORS_ALLOWED_ORIGINS',
'DATABASE_URL',
'EMAIL_FROM',
'JWT_SECRET',
'PORT',
'POSTMARK_API_KEY',
]],
[path: 'ggh-prod/dashboard-frontend', file: 'frontend/.env', keys: [
'VITE_API_URL',
]],
]
pipeline {
agent {
label 'jagent06'
}
environment {
REMOTE_HOST = "root@170.187.237.83"
REMOTE_DEPLOY_DIR = "/root/gg-backend"
SSH_CREDENTIALS_ID = "ssh_id_ed25519"
COMPOSE_FILE = "docker-compose.prod.yml"
}
stages {
stage('Checkout Code') {
steps {
git credentialsId: 'SYS_BOT_PAT', url: 'https://gt.mgsigma.net/GGH/gg-backend.git', branch: 'main'
}
}
stage('Inject .env from Vault') {
steps {
script {
def vaultSecrets = ENV_LAYOUT.collect { layer ->
[
path: layer.path,
engineVersion: 2,
secretValues: layer.keys.collect { k ->
[vaultKey: k, envVar: k]
}
]
}
def writtenFiles = ENV_LAYOUT.collect { it.file }.join(', ')
withVault(
configuration: [
vaultUrl: 'https://vault.mgsigma.net',
vaultCredentialId: 'vault-cicd-01'
],
vaultSecrets: vaultSecrets
) {
// Single-quoted sh + withEnv keeps secret names out of the
// Groovy GString. Values are read at shell runtime via
// `printenv`, so Jenkins's static analyzer has nothing to flag.
ENV_LAYOUT.each { layer ->
withEnv([
"ENV_FILE=${layer.file}",
"ENV_KEYS=${layer.keys.join(' ')}"
]) {
sh '''
set +x
umask 077
mkdir -p "$(dirname "$WORKSPACE/$ENV_FILE")"
: > "$WORKSPACE/$ENV_FILE"
for k in $ENV_KEYS; do
printf '%s=%s\n' "$k" "$(printenv "$k")" >> "$WORKSPACE/$ENV_FILE"
done
'''
}
}
echo "[INFO] env files written: ${writtenFiles}"
}
}
}
}
stage('Sync sources to prod VPS') {
steps {
sshagent (credentials: ["${env.SSH_CREDENTIALS_ID}"]) {
sh """
ssh -o StrictHostKeyChecking=no \$REMOTE_HOST 'mkdir -p \$REMOTE_DEPLOY_DIR'
rsync -az --delete \\
--exclude='.git/' \\
--exclude='node_modules/' \\
--exclude='backend/node_modules/' \\
--exclude='frontend/node_modules/' \\
--exclude='frontend/dist/' \\
-e "ssh -o StrictHostKeyChecking=no" \\
./ \$REMOTE_HOST:\$REMOTE_DEPLOY_DIR/
"""
}
}
}
stage('Deploy on prod VPS') {
steps {
sshagent (credentials: ["${env.SSH_CREDENTIALS_ID}"]) {
sh """
ssh -o StrictHostKeyChecking=no \$REMOTE_HOST '
set -e
cd \$REMOTE_DEPLOY_DIR
if [ -n "\$(docker compose -f $COMPOSE_FILE ps -q 2>/dev/null)" ]; then
echo "[INFO] Stopping existing containers..."
docker compose -f $COMPOSE_FILE down --remove-orphans
else
echo "[INFO] No running containers — skipping stop."
fi
docker image prune -f >/dev/null 2>&1 || true
echo "[INFO] Building and starting services..."
docker compose -f $COMPOSE_FILE up -d --build --remove-orphans
'
"""
}
}
}
}
post {
success {
script {
def causes = currentBuild.getBuildCauses()
def triggeredBy = causes ? causes[0].shortDescription : "Unknown"
def isManual = triggeredBy.contains('Started by user')
def commitHash = sh(script: "git rev-parse --short HEAD", returnStatus: true) == 0 ?
sh(script: "git rev-parse --short HEAD", returnStdout: true).trim() : "N/A"
def commitAuthor = sh(script: "git log -1 --pretty=format:%an", returnStatus: true) == 0 ?
sh(script: "git log -1 --pretty=format:%an", returnStdout: true).trim() : "N/A"
def commitMessage = sh(script: "git log -1 --pretty=format:%s", returnStatus: true) == 0 ?
sh(script: "git log -1 --pretty=format:%s", returnStdout: true).trim() : "No commit message found"
def envInfo = """
<ul>
<li><strong>Environment:</strong> <span style="color:#087d6b">Production</span></li>
<li><strong>Deployed By:</strong> ${isManual ? 'Manual Trigger' : triggeredBy}</li>
<li><strong>Deploy Time:</strong> ${new Date().format('yyyy-MM-dd HH:mm:ss', java.util.TimeZone.getTimeZone('Asia/Kolkata'))}</li>
</ul>
"""
emailext (
subject: "[PRODUCTION] SUCCESS: ${env.JOB_NAME} #${env.BUILD_NUMBER}",
body: """
<div style="font-family:Arial,sans-serif;">
<h2 style="color:#037235;">Production Deployment Successful</h2>
${envInfo}
<p><strong>Commit Info:</strong></p>
<ul>
<li><strong>Hash:</strong> ${commitHash}</li>
<li><strong>Author:</strong> ${commitAuthor}</li>
<li><strong>Message:</strong> ${commitMessage}</li>
</ul>
<p>Review the output here:</p>
<p>
<a href="${env.BUILD_URL}" style="display:inline-block; margin-top:10px; color:#fff; background:#28a745; text-decoration:none; padding:10px 20px; border-radius:4px;">View Build Log</a>
</p>
<hr>
<p style="font-size:small; color:#6c757d;">Production deployment via Jenkins. Contact DevOps for any issues.</p>
</div>
""",
mimeType: 'text/html',
to: 'admin@msigmagokulam.com, ashir@mgsigma.net, ajiahamed@msigmagokulam.com, arjunsthampi@mgsigma.net'
)
}
}
failure {
script {
def causes = currentBuild.getBuildCauses()
def triggeredBy = causes ? causes[0].shortDescription : "Unknown"
def isManual = triggeredBy.contains('Started by user')
def commitHash = sh(script: "git rev-parse --short HEAD", returnStatus: true) == 0 ?
sh(script: "git rev-parse --short HEAD", returnStdout: true).trim() : "N/A"
def commitAuthor = sh(script: "git log -1 --pretty=format:%an", returnStatus: true) == 0 ?
sh(script: "git log -1 --pretty=format:%an", returnStdout: true).trim() : "N/A"
def commitMessage = sh(script: "git log -1 --pretty=format:%s", returnStatus: true) == 0 ?
sh(script: "git log -1 --pretty=format:%s", returnStdout: true).trim() : "No commit message found"
def envInfo = """
<ul>
<li><strong>Environment:</strong> <span style="color:#c82333">Production</span></li>
<li><strong>Deployed By:</strong> ${isManual ? 'Manual Trigger' : triggeredBy}</li>
<li><strong>Deploy Time:</strong> ${new Date().format('yyyy-MM-dd HH:mm:ss', java.util.TimeZone.getTimeZone('Asia/Kolkata'))}</li>
</ul>
"""
emailext (
subject: "[PRODUCTION] FAILURE: ${env.JOB_NAME} #${env.BUILD_NUMBER}",
body: """
<div style="font-family:Arial,sans-serif;">
<h2 style="color:#b21f2d;">Production Deployment Failed</h2>
${envInfo}
<p><strong>Commit Info:</strong></p>
<ul>
<li><strong>Hash:</strong> ${commitHash}</li>
<li><strong>Author:</strong> ${commitAuthor}</li>
<li><strong>Message:</strong> ${commitMessage}</li>
</ul>
<p>Review error logs here:</p>
<p>
<a href="${env.BUILD_URL}" style="display:inline-block; margin-top:10px; color:#fff; background:#28a745; text-decoration:none; padding:10px 20px; border-radius:4px;">View Build Log</a>
</p>
<hr>
<p style="font-size:small; color:#6c757d;">Production deployment via Jenkins. Contact DevOps for any issues.</p>
</div>
""",
mimeType: 'text/html',
to: 'admin@msigmagokulam.com, ashir@mgsigma.net, ajiahamed@msigmagokulam.com, arjunsthampi@mgsigma.net'
)
}
}
}
}
Reference in New Issue Copy Permalink