{"id":15083660,"url":"https://github.com/tusuii/iac_cicd_deployment","last_synced_at":"2026-01-04T04:05:38.619Z","repository":{"id":238139852,"uuid":"795961434","full_name":"tusuii/IAC_CICD_deployment","owner":"tusuii","description":"IAC CI/CD Deployment project using jenkins, sonaroube and docker with  on Google cloud Platform","archived":false,"fork":false,"pushed_at":"2024-05-09T16:56:26.000Z","size":5709,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-23T07:09:55.530Z","etag":null,"topics":["gcp-automation-gitops","gcp-cloud-build","gcp-project","github","jenkins","jenkins-pipeline","owasp-dependencycheck","sonarqube"],"latest_commit_sha":null,"homepage":"","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/tusuii.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-05-04T14:18:37.000Z","updated_at":"2024-05-09T19:02:15.000Z","dependencies_parsed_at":"2024-05-09T18:06:12.699Z","dependency_job_id":"13300717-22ac-4f95-a6d5-a752dc3a16a1","html_url":"https://github.com/tusuii/IAC_CICD_deployment","commit_stats":null,"previous_names":["tusuii/iac_cicd_deployment"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tusuii%2FIAC_CICD_deployment","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tusuii%2FIAC_CICD_deployment/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tusuii%2FIAC_CICD_deployment/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/tusuii%2FIAC_CICD_deployment/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/tusuii","download_url":"https://codeload.github.com/tusuii/IAC_CICD_deployment/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243926435,"owners_count":20369979,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gcp-automation-gitops","gcp-cloud-build","gcp-project","github","jenkins","jenkins-pipeline","owasp-dependencycheck","sonarqube"],"created_at":"2024-09-25T06:30:28.872Z","updated_at":"2026-01-04T04:05:33.582Z","avatar_url":"https://github.com/tusuii.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CloudCruise CI/CD Pipeline Solution\n\n## Table of Contents\n1. [Introduction](#introduction)\n2. [Architecture Overview](#architecture-overview)\n3. [Features](#features)\n4. [Prerequisites](#prerequisites)\n5. [Setup Instructions](#setup-instructions)\n6. [Usage](#usage)\n7. [Monitoring and Security](#monitoring-and-security)\n8. [Contributing](#contributing)\n9. [License](#license)\n\n## Introduction\n\nCloudCruise is a unified CI/CD pipeline solution aimed at simplifying the development and deployment workflows for your applications. It integrates seamlessly with popular tools like Jenkins, SonarQube, OWASP Dependency Check, and GitHub, leveraging the power of Google Cloud Platform (GCP) for robust infrastructure and scalability.\n\n## Architecture Overview\n\n![CloudCruise Architecture](docAsset/architecture.png)\n\nCloudCruise architecture is built on GCP's Compute Engine service, providing scalable compute resources for your CI/CD needs. Jenkins serves as the central orchestration hub, managing the build, test, and deployment processes. SonarQube ensures code quality and security with advanced static code analysis, while OWASP Dependency Check identifies and mitigates security vulnerabilities in your dependencies.\n\nGitHub webhooks trigger CI/CD pipelines upon code commits, initiating automated builds and deployments. Docker containers are utilized for application packaging and deployment, ensuring consistency across environments. HTML/CSS/JS are employed for the company website, seamlessly integrated into the CI/CD workflow.\n\n## Features\n\n- **End-to-End Automation:** Automate the entire CI/CD pipeline from code commit to deployment, reducing manual intervention and human error.\n- **Scalable Infrastructure:** Leverage GCP Compute Engine for scalable and reliable compute resources, accommodating varying workloads.\n- **Code Quality Assurance:** Utilize SonarQube for advanced static code analysis, ensuring code quality and adherence to best practices.\n- **Security Monitoring:** OWASP Dependency Check identifies and mitigates security vulnerabilities in project dependencies, enhancing overall application security.\n- **GitHub Integration:** Seamlessly integrate with GitHub repositories using webhooks, triggering automated builds and deployments upon code changes.\n- **Dockerization:** Package applications into Docker containers for consistent deployment across different environments.\n- **Email Notifications:** Receive email notifications for build and deployment statuses, keeping stakeholders informed throughout the process.\n- **Web UI Testing:** Incorporate automated testing of the company website to ensure functionality and compatibility across browsers.\n\n## Prerequisites\n\nBefore setting up CloudCruise, ensure you have the following prerequisites:\n\n- Access to a Google Cloud Platform account with permissions to create Compute Engine instances.\n- Jenkins installed and configured on a virtual machine within your GCP environment.\n- SonarQube server deployed for code analysis.\n- OWASP Dependency Check integrated into your CI/CD pipeline.\n- Docker installed on your Jenkins server for containerization.\n- A GitHub repository hosting your application code.\n- Basic knowledge of HTML/CSS/JS for website development.\n\n## Setup Instructions\n\nFollow these steps to set up CloudCruise:\n\n* compute engine (VM configurations and installation):\n\n## Terraform script\n\n``` hcl\n# This code is compatible with Terraform 4.25.0 and versions that are backward compatible to 4.25.0.\n# For information about validating this Terraform code, see https://developer.hashicorp.com/terraform/tutorials/gcp-get-started/google-cloud-platform-build#format-and-validate-the-configuration\n\nresource \"google_compute_instance\" \"iac-project-cicd-server\" {\n  boot_disk {\n    auto_delete = true\n    device_name = \"iac-project-cicd-server\"\n\n    initialize_params {\n      image = \"projects/debian-cloud/global/images/debian-12-bookworm-v20240415\"\n      size  = 10\n      type  = \"pd-balanced\"\n    }\n\n    mode = \"READ_WRITE\"\n  }\n\n  can_ip_forward      = false\n  deletion_protection = false\n  enable_display      = false\n\n  labels = {\n    goog-ec-src = \"vm_add-tf\"\n  }\n\n  machine_type = \"n2-standard-4\"\n  name         = \"iac-project-cicd-server\"\n\n  network_interface {\n    access_config {\n      network_tier = \"PREMIUM\"\n    }\n\n    queue_count = 0\n    stack_type  = \"IPV4_ONLY\"\n    subnetwork  = \"projects/simple-website-421905/regions/asia-south1/subnetworks/default\"\n  }\n\n  scheduling {\n    automatic_restart   = true\n    on_host_maintenance = \"MIGRATE\"\n    preemptible         = false\n    provisioning_model  = \"STANDARD\"\n  }\n\n  service_account {\n    email  = \"209890922410-compute@developer.gserviceaccount.com\"\n    scopes = [\"https://www.googleapis.com/auth/cloud-platform\"]\n  }\n\n  shielded_instance_config {\n    enable_integrity_monitoring = true\n    enable_secure_boot          = false\n    enable_vtpm                 = true\n  }\n\n  tags = [\"http-server\", \"https-server\"]\n  zone = \"asia-south1-c\"\n}\n\n```\n\n### installation of jenkins into server ,java11 and setup docker\n\n```bash\nsudo apt install openjdk-11-jre\nsudo wget -O /usr/share/keyrings/jenkins-keyring.asc \\\n  https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key\necho \"deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc]\" \\\n  https://pkg.jenkins.io/debian-stable binary/ | sudo tee \\\n  /etc/apt/sources.list.d/jenkins.list \u003e /dev/null\nsudo apt-get update\nsudo apt-get install jenkins\n\n# Add Docker's official GPG key:\nsudo apt-get update\nsudo apt-get install ca-certificates curl\nsudo install -m 0755 -d /etc/apt/keyrings\nsudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc\nsudo chmod a+r /etc/apt/keyrings/docker.asc\n\n# Add the repository to Apt sources:\necho \\\n  \"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \\\n  $(. /etc/os-release \u0026\u0026 echo \"$VERSION_CODENAME\") stable\" | \\\n  sudo tee /etc/apt/sources.list.d/docker.list \u003e /dev/null\nsudo apt-get update\n\nsudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin\n\nsudo groupadd docker\nsudo usermod -aG docker $USER\nnewgrp docker\n\n```\n### setting up sonarqube with docker\n\n```bash\ndocker run -d -p 9000:9000 sonarqube:lts-community\n```\nrun jenkins :\n  \n  #### ip:8080 \n\nrun sonarqube :\n  \n  #### ip:9000\n\n1. After setup Compute instance setup and configure Jenkins.\n* setup username and account settings\n\n2. Install and configure Jenkins with necessary plugins for CI/CD and write a pipeline.\n\n- plugins :\n    * sonarScanner\n    * Docker Commons Plugin\n    * Docker Compose Build Step Plugin\n    * Docker Pipeline\n    * GitHub Branch Source Plugi\n    * SSH2 Easy Plugin\n    * OWASP Dependency-Track Plugin\n    * Email Extension Plugin\n\n### jenkins groovy script for pipeline build sonarQube scanner and OWASP scanner With Docker build \n\n\n![jenkins](docAsset/jenkins_pipeline.png)\n\n![jenkins](docAsset/jenkins_pipeline1.png)\n\n``` groovy\npipeline {\n    agent any\n    \n    environment {\n        SCANNER_HOME = tool 'sonarqube'\n    }\n\n    stages {\n        stage('Github Checkout') {\n            steps {\n                // Checkout the source code from the repository\n                checkout([$class: 'GitSCM',\n                          branches: [[name: '*/main']],\n                          userRemoteConfigs: [[url: 'https://github.com/tusuii/IAC_CICD_deployment.git']]])\n            }\n        }\n        \n        stage('SonarQube Scan') {\n            steps {\n                script {\n                    sh \"${SCANNER_HOME}/bin/sonar-scanner \\\n                        -Dsonar.projectKey=sonarqube \\\n                        -Dsonar.projectName=sonarqube \\\n                        -Dsonar.sources=. \\\n                        -Dsonar.java.binaries=. \\\n                        -Dsonar.host.url=http://35.202.14.231:9000/ \\\n                        -Dsonar.login=sqa_0cb1245b6826ead4c45dd4dbd030679d70404157\"\n                }\n            }\n        }\n        \n        stage('OWASP Scan') {\n            steps {\n                script {\n                    // Perform OWASP Dependency Check\n                    dependencyCheck additionalArguments: '''\n                        -o './'\n                        -s './'\n                        -f 'ALL'\n                        --prettyPrint''', odcInstallation: 'DP'\n                    // Publish OWASP Dependency Check results\n                    dependencyCheckPublisher pattern: 'dependency-check-report.xml'\n                }\n            }\n        }\n        \n        \n        stage('Build Docker Image') {\n            steps {\n                script {\n                    // Check if Docker image exists\n                    def imageExists = sh(script: \"docker images -q webapp:latest\", returnStatus: true) == 0\n                    if (!imageExists) {\n                        // Build Docker image if it doesn't exist\n                        sh \"docker build -t webapp .\"\n                        \n                        \n                    } else {\n                        // Stop and remove existing Docker container\n                        sh \"docker stop app\"\n                        sh \"docker rm app\"\n                        sh \"docker build -t webapp .\"\n                    }\n                }\n            }\n        }\n        \n        \n        stage('Run Docker Application Container') {\n            steps {\n                // Run Docker container\n                script {\n                    sh \"docker run -d -p 8070:80 --name app webapp\"\n                }\n            }\n        }\n        stage('Trigger email notification') {\n            steps {\n                build job: \"IAC CICD pipeline Email\" , wait: true\n            }\n        }\n    }\n    \n    post {\n        success {\n            echo 'Docker container is up and running.'\n        }\n        failure {\n            echo 'Failed to build Docker image or run container.'\n        }\n    }\n    \n    triggers {\n        githubPush()\n    }\n}\n\n\n```\n\n## jenkins groovy script for sending mail and reports\n\n``` groovy\npipeline {\n    agent any\n\n    stages {\n        stage('CD Pipeline started') {\n            steps {\n                echo 'CD pipeline'\n            }\n        }\n        stage('Trivy Report generation') {\n            steps {\n                sh \"trivy fs . --format table -o trivy-report.html\"\n            }\n        }\n        \n    }\n    post {\n    always {\n        script {\n            def jobName = env.JOB_NAME\n            def buildNumber = env.BUILD_NUMBER\n            def pipelineStatus = currentBuild.result ?: 'UNKNOWN'\n            def bannerColor = pipelineStatus.toUpperCase() == 'SUCCESS' ? 'green' : 'red'\n\n            def body = \"\"\"\u003chtml\u003e\n                          \u003cbody\u003e\n                          \u003cdiv style=\"border: 4px solid ${bannerColor}; padding: 10px;\"\u003e\n                          \u003ch2\u003e${jobName} - Build ${buildNumber}\u003c/h2\u003e\n                          \u003cdiv style=\"background-color: ${bannerColor}; padding: 10px;\"\u003e\n                          \u003ch3 style=\"color: white;\"\u003ePipeline Status: ${pipelineStatus.toUpperCase()}\u003c/h3\u003e\n                          \u003c/div\u003e\n                          \u003cp\u003eCheck the \u003ca href=\"${BUILD_URL}\"\u003econsole output\u003c/a\u003e.\u003c/p\u003e\n                          \u003c/div\u003e\n                          \u003c/body\u003e\n                          \u003c/html\u003e\"\"\"\n                          \n            emailext (\n                subject: \"${jobName} - Build ${buildNumber} - ${pipelineStatus.toUpperCase()}\",\n                body: body,\n                to: 'subodhkamble099@gmail.com',\n                from: 'jenkins@example.com',\n                replyTo: 'jenkins@example.com',\n                mimeType: 'text/html',\n                attachmentsPattern: 'trivy-report.html'\n            )\n        }\n    }\n}\n\n}\n\n```\n\n3. Set up SonarQube server for code analysis.\n\n![sonarqube](docAsset/cfgsonar.png)\n\n![sonarqube](docAsset/sonarqube.png)\n\n![sonarqube1](docAsset/sonarqube1.png)\n\n4. Integrate OWASP Dependency Check into your Jenkins pipeline.\n\n![owasp](docAsset/cfgdp.png)\n\n![owasp](docAsset/dp.png)\n\n5. Configure GitHub webhooks to trigger Jenkins builds upon code commits.\n\n![owasp](docAsset/cfgithub.png)\n\n\n6. Containerize your application using Docker.\n\n````Dockerfile\nFROM nginx:alpine\n\nCOPY . /usr/share/nginx/html/\n\nEXPOSE 80\n\nCMD [\"nginx\", \"-g\", \"daemon off;\"]\n\n````\n\n7. Implement email notification functionality in Jenkins for build and deployment statuses.\n\n![owasp](docAsset/cfgemail.png)\n\n\n\n8. Develop and integrate automated tests for the company website.\n\nFor detailed setup instructions, refer to the [Setup Guide](https://www.jenkins.io/doc/pipeline/tour/hello-world/#:~:text=Click%20the%20New%20Item%20menu,watch%20your%20first%20Pipeline%20run).\n\n9. Email Output.\n\n![email](docAsset/emailfail.png)\n\n![email](docAsset/emailsucess.png)\n\n## Usage\n\nOnce CloudCruise is set up, the CI/CD pipeline will automatically trigger upon code commits to your GitHub repository. Developers can push changes to the repository, and CloudCruise will handle the rest, including building, testing, and deploying the application.\n\nFor day-to-day usage instructions, refer to the [User Guide](https://www.jenkins.io/doc/book/pipeline/running-pipelines/).\n\n## Monitoring and Security\n\nCloudCruise ensures robust monitoring and security throughout the CI/CD pipeline:\n\n- **Monitoring:** Utilize Jenkins dashboard to monitor build and deployment statuses in real-time.\n- **Security:** Regularly scan project dependencies using OWASP Dependency Check and address any identified vulnerabilities promptly.\n\n## Contributing\n\nWe welcome contributions from the community to enhance CloudCruise further. If you'd like to contribute, please follow our [Contribution Guidelines](CONTRIBUTING.md).\n\n## License\n\nCloudCruise is licensed under the [GPL3](LICENSE).\n\n---\n\nThank you for you attention for my project CloudCruise CI/CD pipeline. If you have any questions or encounter any issues, please don't hesitate to reach out to me. Happy cruising, Have a great day! 🚀\n\n---\n\n## ScreenShots with demo \n\n![web](docAsset/web1.png)\n\n![web](docAsset/web2.png)\n\n![web](docAsset/web3.png)\n\n![web](docAsset/web4.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftusuii%2Fiac_cicd_deployment","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftusuii%2Fiac_cicd_deployment","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftusuii%2Fiac_cicd_deployment/lists"}