anupong/AS400_API_DOTNET
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: anupong:71675a856163131857d601fbaa5f724a14e6e80c
Branches Tags
anupong:main
...
compare: anupong:16482f82b3778201a2c22cfeb0e1a16b53962116
Branches Tags
anupong:main

2 Commits
71675a8561 ... 16482f82b3

Author SHA1 Message Date
PoohMac
16482f82b3 Update Jenkins file. 2025-10-17 17:52:49 +07:00
Anupong Hompan
1fe968196e add Jenkinfile 2025-10-17 17:19:55 +07:00
1 changed files with 117 additions and 0 deletions
Show Stats Expand all files Collapse all files

117
Jenkinsfile vendored Normal file
View File

@ -0,0 +1,117 @@
pipeline {
agent none
options { ansiColor('xterm'); timestamps() }
environment {
DOTNET_CLI_TELEMETRY_OPTOUT = '1'
DOTNET_SKIP_FIRST_TIME_EXPERIENCE = '1'
SONAR_PROJECT_KEY = 'as400api-dotnet' // <-- change if you like
SONAR_PROJECT_NAME = 'AS400_API_DOTNET (.NET 9)'
}
stages {
stage('Checkout') {
agent any
steps { checkout scm }
}
stage('SCA (NuGet vulnerabilities + OWASP)') {
agent { docker { image 'mcr.microsoft.com/dotnet/sdk:9.0'; reuseNode true } }
steps {
sh '''
set -e
dotnet --info
dotnet restore
echo "=== NuGet vulnerability audit ==="
# Prints known vulnerable packages (won't fail the build by default)
dotnet list package --vulnerable || true
echo "=== OWASP Dependency-Check (try Docker first) ==="
mkdir -p depcheck
if command -v docker >/dev/null 2>&1; then
docker run --rm \
-v "$PWD":/src \
-v "$PWD/depcheck":/report \
owasp/dependency-check:latest \
--scan /src --format "HTML" --out /report || true
else
echo "Docker not found; falling back to CLI zip…"
curl -sSL -o depcheck.zip https://github.com/jeremylong/DependencyCheck/releases/latest/download/dependency-check.zip || true
if [ -f depcheck.zip ]; then
unzip -q depcheck.zip -d depcheckcli || true
java -jar depcheckcli/dependency-check/bin/dependency-check.jar \
--scan . --format HTML --out depcheck || true
fi
fi
echo "SCA reports generated in depcheck/"
'''
}
post {
always {
archiveArtifacts artifacts: 'depcheck/**', allowEmptyArchive: true
}
}
}
stage('SAST + Coverage (SonarQube + Tests)') {
agent { docker { image 'mcr.microsoft.com/dotnet/sdk:9.0'; reuseNode true } }
environment { SONAR_TOKEN = credentials('sonar-token') }
steps {
withSonarQubeEnv('SonarQubeServer') {
sh '''
set -e
dotnet tool install --global dotnet-sonarscanner --version 7.*
dotnet tool install --global dotnet-reportgenerator-globaltool
export PATH="$PATH:/root/.dotnet/tools"
dotnet sonarscanner begin \
/k:"$SONAR_PROJECT_KEY" \
/n:"$SONAR_PROJECT_NAME" \
/d:sonar.host.url="$SONAR_HOST_URL" \
/d:sonar.login="$SONAR_TOKEN" \
/d:sonar.cs.opencover.reportsPaths="**/TestResults/**/coverage.opencover.xml" \
/d:sonar.coverage.exclusions="**/*.cshtml,**/Migrations/**"
dotnet build -c Release
# run tests; produce OpenCover coverage for Sonar
# If your test project path differs, specify it explicitly or run at solution level:
dotnet test -c Release \
/p:CollectCoverage=true \
/p:CoverletOutputFormat=opencover \
/p:CoverletOutput=./TestResults/coverage
dotnet sonarscanner end /d:sonar.login="$SONAR_TOKEN"
# Generate a Cobertura report for Jenkins Coverage UI
reportgenerator \
-reports:**/TestResults/**/coverage.opencover.xml \
-targetdir:coverage-report \
-reporttypes:Cobertura
'''
}
}
post {
always {
publishCoverage adapters: [coberturaAdapter('coverage-report/Cobertura.xml')],
sourceFileResolver: sourceFiles('STORE_LAST_BUILD')
junit '**/TestResults/**/*.trx'
archiveArtifacts artifacts: 'coverage-report/**', allowEmptyArchive: true
}
}
}
stage('Build Artifact') {
agent { docker { image 'mcr.microsoft.com/dotnet/sdk:9.0'; reuseNode true } }
steps {
sh '''
set -e
dotnet publish -c Release -o out
ls -la out
'''
archiveArtifacts artifacts: 'out/**', fingerprint: true
}
}
}
}