Skip to content

This project configures an automated pipeline script using Jenkins which fetches the source code, builds it, scans the code using Sonarqube, uploads the artifact to Amazon ECR repository and finally deploys it on Amazon ECS.

License

Notifications You must be signed in to change notification settings

SumitM01/CI-CD-using-Jenkins-Sonarqube-ECR-and-ECS

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CI-CD-using-Jenkins-Sonarqube-ECR-and-ECS

This project configures an automated pipeline script using Jenkins which fetches the source code, builds it, scans the code using Sonarqube, uploads the artifact to Amazon ECR repository and finally deploys it on Amazon ECS.

Overview

The key goals of continuous integration are to find and address bugs quicker, improve software quality, and reduce the time it takes to validate and release new software updates.

Looking in the past, developers on a team might work in isolation for an extended period of time and only merge their changes to the master branch once their work was completed. This made merging code changes difficult and time-consuming, and also resulted in bugs accumulating for a long time without correction. These factors made it harder to deliver updates to customers quickly.

Using Continous Integration helps us to tackle the issue by quickly building and running tests on the whole source code and quickly surfacing any errors for correction. Continous Deployment then helps us to quickly deploy the updated changes of the application without any delay.

In this project we are going to setup a code pipeline script using Jenkins which fetches the source code, builds it, scans the code using Sonarqube, uploads the artifact to Amazon ECR repository and finally deploys it on Amazon ECS. This project uses the source code of vprofile-application; a Java application intended to be a social media platform.

Tools/Services Used

  • Jenkins : A CI CD tool used worldwide for software development purposes.
  • Sonarqube Scanner: A source code quality checking tool.
  • Maven: Java build tool used worldwide to build artifacts from java source code.
  • Github: A version control system and software repository known worldwide.
  • AWS EC2: Provides virtual machines to host and run software on AWS cloud.
  • Elastic Container Registry(ECR): Fully managed container registry that makes it easy to store, manage, share, and deploy container images and artifacts anywhere.
  • Elastic Container Service(ECS): Highly secure, reliable, and scalable way to run containers on AWS.

Project Architecture

project-architecture

The following processes take place when a code change is pushed to the central version control system (VSC):

  • The source code is fetched from github(or any other VSC) by the git plugin installed inside jenkins.
  • Then the jenkins runs the build job on the source code using Maven which builds the artifact.
  • After that, unit tests are carried out by jenkins using maven plugin.
  • After that, Jenkins pushes the code to sonarqube scanner for checkstyle analysis and sonar analysis of the code to detect the quality of the code.
  • If the code passes the quality checks then, jenkins builds the artifact and uploads it into Amazon ECR repository ready for deployment.
  • After that, Amazon ECS service detects and deploys the artifact from the repository using custom configured service.

Implementation Details

Launch EC2 instances each for jenkins, nexus and sonarqube

  • Login to AWS management console.
  • Go to EC2, launch instance.
  • On local machine, open cmd, checkout to ci-jenkins branch on vprofile-project repository.
  • Checkout to ci-jenkins branch.
  • Jenkins
    • OS: ubuntu 20/18
    • AMI: t2.small
    • Security group inbound rules:8080 anywhere, 22 anywhere, 80 anywhere
    • User data: Contents of userdata/jenkins-setup.sh
  • Sonarqube :
    • OS: ubuntu 20/18
    • AMI: t2.medium
    • Security group inbound rules:9000 anywhere, 22 anywhere, 80 anywhere
    • User data: Contents of userdata/sonar-setup.sh instances-launched

Setup UI for Jenkins, nexus and Sonarqube

  • JENKINS : get the password from the path provided and then create a new user. jenkins-svc-check jenkins-init-pass

  • SONARQUBE : login using username=admin, password=admin.

Install plugins on Jenkins

  • On jenkins, go to manage jenkins -> manage plugins -> available then search and select following plugins:
    • Nexus artifact uplodaer
    • Sonarqube scanner
    • Pipeline maven integration
    • Build timestamp
    • Pipeline utility steps
    • Docker Pipeline
    • AWS SDK :: All
    • Cloudbees Docker build and publish
    • Amazon ECR
    • Pipeline : AWS steps
  • Click on install without restart to install the plugins.

Setup sonarqube scanner plugin on Jenkins

  • On Jenkins
    • manage jenkins -> global tool configuration -> sonarqube scanner -> add -> mention name and version and note it down.
    • manage jenkins -> configure system -> sonarqube servers -> check environment variables -> give name and url of the sonarqube instance and create.
  • On Sonarqube
    • go to my account -> security -> generate token having jenkins as name and copy the secret generated key.
  • on Jenkins
    • manage jenkins -> configure system -> sonarqube servers -> server authentication token -> select jenkins -> select kind as secret text and paste the secret text from token.

Create a custom quality gate on Sonarqube server

  • On Sonarqube
    • go to quality gates -> create -> parameter = bugs on overall code -> give condition as if bugs greater than 60 then fail .
    • project -> settings -> quality gates -> select the created quality gate.
    • go to account -> webhooks -> create -> give name and proper convention url for sonarqube webhook.

sonar-qg-setup

Setup Docker Engine and AWS CLI on Jenkins

  • On Jenkins
    • SSH to Jenkins instance and run the following commands to install docker in it.
    sudo apt-get update
    sudo apt-get install ca-certificates curl gnupg
    sudo install -m 0755 -d /etc/apt/keyrings
    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
    sudo chmod a+r /etc/apt/keyrings/docker.gpg
    echo \
    "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
    "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
    sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
    sudo apt-get update
    sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

Docker-svc-check - Add Jenkins user to Docker group using the following command bash chmod -a -G docker jenkins add-jenkins-usr-docker
- Run the following command to install awscli: bash sudo apt-get upgrade sudo apt-get install awscli -y

aws-cli-installed
- Reboot the jenkins instance.

AWS services setup

  • On AWS
    • Search for IAM and navigate to IAM console.
    • Create a User with the following permissions:
      • AmazonEC2ContainerRegistryFullAccess
      • AmazonECS_FullAccess

IAM-user-created

- Download the credentials file.
- Store the IAM user credentials on Jenkins

creds-stored-jenkins

- Create ECR repository

ecr-repo-created

- Create a ECS cluster
    - Create a task definition for the 
    - Create a service for the cluster using the task definition with load balancer, target group and security group.

ecs-Cluster-created

- After service has been created, edit the security group of load balancer to allow port 8080 from anywhere.

edit-ecs-sg-rules

  • On Jenkins
    • Go to manage jenkins->Credentials-> SystemGlobal -> credentials (unrestricted)-> add credentials by selecting type as AWS credentials

Prepare the Jenkinsfile and run the pipeline

Prepare a pipeline as a code file to automate the entire setup using Jenkins. For reference use the uploaded pipeline code file.

pipeline-success The pipeline has run successfully

ecs-deploy-success As we can see the app deployment on ECS cluster is successful.

App-access-from-ecs-elb We can now access the app from the URl present in the Networking tab of the ecs-service.

Conclusion

Using the above steps I have setup an automated Continous Integration and Continous Deployment pipeline using Jenkins, Sonarqube, ECR and ECS for vprofile application. Use this document to implement the architecture and share among your friends. Have a good day.😊

References

About

This project configures an automated pipeline script using Jenkins which fetches the source code, builds it, scans the code using Sonarqube, uploads the artifact to Amazon ECR repository and finally deploys it on Amazon ECS.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published