Update Jenkinsfile

Jenkinsfile

@@ -5,7 +5,7 @@ pipeline {
   environment {
     DOTNET_CLI_TELEMETRY_OPTOUT = '1'
     DOTNET_SKIP_FIRST_TIME_EXPERIENCE = '1'
-    SONAR_PROJECT_KEY  = 'as400api-dotnet'           // <-- change if you like
+    SONAR_PROJECT_KEY  = 'as400api-dotnet'
     SONAR_PROJECT_NAME = 'AS400_API_DOTNET (.NET 9)'
   }
 
@@ -15,35 +15,51 @@ pipeline {
       steps { checkout scm }
     }
 
-    stage('SCA (NuGet vulnerabilities + OWASP)') {
+    // Bootstrap .NET SDK if dotnet is missing
-      agent { docker { image 'mcr.microsoft.com/dotnet/sdk:9.0'; reuseNode true } }
+    stage('Bootstrap .NET SDK') {
+      agent any
       steps {
         sh '''
           set -e
+          if ! command -v dotnet >/dev/null 2>&1; then
+            echo "Installing .NET SDK locally for this build..."
+            curl -fsSL https://dot.net/v1/dotnet-install.sh -o dotnet-install.sh
+            bash dotnet-install.sh --channel 9.0 --install-dir "$HOME/.dotnet"
+          fi
+          export PATH="$HOME/.dotnet:$PATH"
           dotnet --info
-          dotnet restore
+        '''
+      }
+    }
+
+    stage('SCA (NuGet vulnerabilities + OWASP)') {
+      agent any
+      steps {
+        sh '''
+          set -e
+          export PATH="$HOME/.dotnet:$PATH"
 
           echo "=== NuGet vulnerability audit ==="
-          # Prints known vulnerable packages (won't fail the build by default)
+          dotnet restore
           dotnet list package --vulnerable || true
 
-          echo "=== OWASP Dependency-Check (try Docker first) ==="
+          echo "=== OWASP Dependency-Check (no Docker) ==="
           mkdir -p depcheck
-          if command -v docker >/dev/null 2>&1; then
+          DC_VER=latest
-            docker run --rm \
+          # Grab the release (platform-independent zip)
-              -v "$PWD":/src \
+          curl -Ls -o depcheck.zip \
-              -v "$PWD/depcheck":/report \
+            https://github.com/jeremylong/DependencyCheck/releases/${DC_VER}/download/dependency-check-${DC_VER}-release.zip || \
-              owasp/dependency-check:latest \
+          curl -Ls -o depcheck.zip \
-              --scan /src --format "HTML" --out /report || true
+            https://github.com/jeremylong/DependencyCheck/releases/latest/download/dependency-check-release.zip
-          else
+          rm -rf dependency-check && mkdir dependency-check
-            echo "Docker not found; falling back to CLI zip…"
+          unzip -q depcheck.zip -d dependency-check
-            curl -sSL -o depcheck.zip https://github.com/jeremylong/DependencyCheck/releases/latest/download/dependency-check.zip || true
+          DC_BIN=$(echo dependency-check/dependency-check*/bin/dependency-check.sh)
-            if [ -f depcheck.zip ]; then
+          bash "$DC_BIN" \
-              unzip -q depcheck.zip -d depcheckcli || true
+            --format "HTML,XML" \
-              java -jar depcheckcli/dependency-check/bin/dependency-check.jar \
+            --project "AS400_API_DOTNET" \
-                --scan . --format HTML --out depcheck || true
+            --scan "." \
-            fi
+            --out "depcheck" \
-          fi
+            --noupdate || true
 
           echo "SCA reports generated in depcheck/"
         '''
@@ -56,39 +72,35 @@ pipeline {
     }
 
     stage('SAST + Coverage (SonarQube + Tests)') {
-      agent { docker { image 'mcr.microsoft.com/dotnet/sdk:9.0'; reuseNode true } }
+      agent any
-      environment { SONAR_TOKEN = credentials('sonar-token') }
       steps {
-        withSonarQubeEnv('SonarQubeServer') {
+        withSonarQubeEnv('SonarQube') {
           sh '''
             set -e
-            dotnet tool install --global dotnet-sonarscanner --version 7.*
+            export PATH="$HOME/.dotnet:$PATH"
-            dotnet tool install --global dotnet-reportgenerator-globaltool
-            export PATH="$PATH:/root/.dotnet/tools"
 
-            dotnet sonarscanner begin \
+            # run tests with coverage (coverlet integrated)
-              /k:"$SONAR_PROJECT_KEY" \
+            dotnet test /p:CollectCoverage=true /p:CoverletOutput=coverage/ \
-              /n:"$SONAR_PROJECT_NAME" \
+                         /p:CoverletOutputFormat=cobertura
-              /d:sonar.host.url="$SONAR_HOST_URL" \
+
-              /d:sonar.login="$SONAR_TOKEN" \
+            # prepare coverage report location
-              /d:sonar.cs.opencover.reportsPaths="**/TestResults/**/coverage.opencover.xml" \
+            mkdir -p coverage-report
-              /d:sonar.coverage.exclusions="**/*.cshtml,**/Migrations/**"
+            # many test templates already emit Cobertura; adjust path if needed
+            cp **/coverage.cobertura.xml coverage-report/Cobertura.xml || true
+
+            # Sonar scan (assuming global dotnet-sonarscanner or use local tool)
+            if ! command -v dotnet-sonarscanner >/dev/null 2>&1; then
+              dotnet tool install --global dotnet-sonarscanner
+              export PATH="$PATH:$HOME/.dotnet/tools"
+            fi
+
+            dotnet-sonarscanner begin \
+              /k:"${SONAR_PROJECT_KEY}" \
+              /n:"${SONAR_PROJECT_NAME}" \
+              /d:sonar.cs.opencover.reportsPaths="coverage-report/Cobertura.xml"
 
             dotnet build -c Release
-            # run tests; produce OpenCover coverage for Sonar
+            dotnet-sonarscanner end
-            # If your test project path differs, specify it explicitly or run at solution level:
-            dotnet test -c Release \
-              /p:CollectCoverage=true \
-              /p:CoverletOutputFormat=opencover \
-              /p:CoverletOutput=./TestResults/coverage
-
-            dotnet sonarscanner end /d:sonar.login="$SONAR_TOKEN"
-
-            # Generate a Cobertura report for Jenkins Coverage UI
-            reportgenerator \
-              -reports:**/TestResults/**/coverage.opencover.xml \
-              -targetdir:coverage-report \
-              -reporttypes:Cobertura
           '''
         }
       }
@@ -103,10 +115,11 @@ pipeline {
     }
 
     stage('Build Artifact') {
-      agent { docker { image 'mcr.microsoft.com/dotnet/sdk:9.0'; reuseNode true } }
+      agent any
       steps {
         sh '''
           set -e
+          export PATH="$HOME/.dotnet:$PATH"
           dotnet publish -c Release -o out
           ls -la out
         '''