Terraform jenkins cicd pipeline project

.gitignore

@@ -0,0 +1,35 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+crash.*.log
+
+# Exclude all .tfvars files, which are likely to contain sensitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+*.terraform.lock.hcl

Jenkinsfile

@@ -4,136 +4,87 @@ def COLOR_MAP = [
     'UNSTABLE': 'danger'
 ]
 pipeline {
-  agent any
-  environment {
-    WORKSPACE = "${env.WORKSPACE}"
-    NEXUS_CREDENTIAL_ID = 'Nexus-Credential'
-    //NEXUS_USER = "$NEXUS_CREDS_USR"
-    //NEXUS_PASSWORD = "$Nexus-Token"
-    //NEXUS_URL = "172.31.18.62:8081"
-    //NEXUS_REPOSITORY = "maven_project"
-    //NEXUS_REPO_ID    = "maven_project"
-    //ARTVERSION = "${env.BUILD_ID}"
-  }
-  tools {
-    maven 'localMaven'
-    jdk 'localJdk'
-  }
-  stages {
-    stage('Build') {
-      steps {
-        sh 'mvn clean package'
-      }
-      post {
-        success {
-          echo ' now Archiving '
-          archiveArtifacts artifacts: '**/*.war'
-        }
-      }
+    agent any
+    environment {
+        SNYK_HOME = tool name: 'Snyk'
     }
-    stage('Unit Test'){
-        steps {
-            sh 'mvn test'
-        }
+    tools {
+        snyk 'Snyk'
     }
-    stage('Integration Test'){
-        steps {
-          sh 'mvn verify -DskipUnitTests'
-        }
-    }
-    stage ('Checkstyle Code Analysis'){
-        steps {
-            sh 'mvn checkstyle:checkstyle'
-        }
-        post {
-            success {
-                echo 'Generated Analysis Result'
+    stages {
+        // Verifying setup
+        stage('Confirm Tools Installations') {
+            steps {
+                sh 'git --version'
+                sh 'terraform version'
+                // sh 'npm snyk --version'
+                sh 'checkov --version'
             }
         }
-    }
-    stage('SonarQube Inspection') {
-        steps {
-            withSonarQubeEnv('SonarQube') { 
-                withCredentials([string(credentialsId: 'SonarQube-Token', variable: 'SONAR_TOKEN')]) {
-                sh """
-                mvn sonar:sonar \
-                -Dsonar.projectKey=cicd-pipeline-project \
-                -Dsonar.host.url=http://172.31.23.58:9000 \
-                -Dsonar.login=$SONAR_TOKEN
-                """
+        // Providing Snyk Access
+        stage('Authenticate Snyk') {
+            steps {
+                withCredentials([string(credentialsId: 'Snyk-API-Token', variable: 'SNYK_TOKEN')]) {
+                    sh "${SNYK_HOME}/snyk-linux auth $SNYK_TOKEN"
                 }
             }
         }
-    }
-    stage('SonarQube GateKeeper') {
-        steps {
-          timeout(time : 1, unit : 'HOURS'){
-          waitForQualityGate abortPipeline: true
-          }
-       }
-    }
-    stage("Nexus Artifact Uploader"){
-        steps{
-           nexusArtifactUploader(
-              nexusVersion: 'nexus3',
-              protocol: 'http',
-              nexusUrl: '172.31.16.85:8081',
-              groupId: 'webapp',
-              version: "${env.BUILD_ID}-${env.BUILD_TIMESTAMP}",
-              repository: 'maven-project-releases',  //"${NEXUS_REPOSITORY}",
-              credentialsId: "${NEXUS_CREDENTIAL_ID}",
-              artifacts: [
-                  [artifactId: 'webapp',
-                  classifier: '',
-                  file: "${WORKSPACE}/webapp/target/webapp.war",
-                  type: 'war']
-              ]
-           )
-        }
-    }
-    stage('Deploy to Development Env') {
-        environment {
-            HOSTS = 'dev'
+        // IInitialize Terraform
+        stage('Initialize Terraform Environment') {
+            steps {
+                sh 'terraform init'
+            }
         }
-        steps {
-            withCredentials([usernamePassword(credentialsId: 'Ansible-Credential', passwordVariable: 'PASSWORD', usernameVariable: 'USER_NAME')]) {
-                sh "ansible-playbook -i ${WORKSPACE}/ansible-config/aws_ec2.yaml ${WORKSPACE}/deploy.yaml --extra-vars \"ansible_user=$USER_NAME ansible_password=$PASSWORD hosts=tag_Environment_$HOSTS workspace_path=$WORKSPACE\""
+        // Check terraform confugirations syntax
+        stage('Validate Terraform Configurations') {
+            steps {
+                sh 'terraform validate'
+
             }
         }
-    }
-    stage('Deploy to Staging Env') {
-        environment {
-            HOSTS = 'stage'
+        // Generating Execution Plan
+        stage('Generate Terraform Plan') {
+            steps {
+                sh 'terraform plan'
+            }
         }
-        steps {
-            withCredentials([usernamePassword(credentialsId: 'Ansible-Credential', passwordVariable: 'PASSWORD', usernameVariable: 'USER_NAME')]) {
-                sh "ansible-playbook -i ${WORKSPACE}/ansible-config/aws_ec2.yaml ${WORKSPACE}/deploy.yaml --extra-vars \"ansible_user=$USER_NAME ansible_password=$PASSWORD hosts=tag_Environment_$HOSTS workspace_path=$WORKSPACE\""
+        // Snyk Infrastructure Automation Test
+        stage('Snyk Security Test') {
+            steps {
+                sh '${SNYK_HOME}/snyk-linux iac test .'
             }
         }
-    }
-    stage('Quality Assurance Approval') {
-        steps {
-            input('Do you want to proceed?')
+        // Checkov Infrastructure Automation Test
+        stage('Checkov scan') {
+            steps {
+                sh 'checkov -d .'
+            }
         }
-    }
-    stage('Deploy to Production Env') {
-        environment {
-            HOSTS = 'prod'
+        // Deployment Apporval
+        stage('Manual Approval') {
+            steps {
+                input 'Approval Infra Deployment'
+            }
         }
-        steps {
-            withCredentials([usernamePassword(credentialsId: 'Ansible-Credential', passwordVariable: 'PASSWORD', usernameVariable: 'USER_NAME')]) {
-                sh "ansible-playbook -i ${WORKSPACE}/ansible-config/aws_ec2.yaml ${WORKSPACE}/deploy.yaml --extra-vars \"ansible_user=$USER_NAME ansible_password=$PASSWORD hosts=tag_Environment_$HOSTS workspace_path=$WORKSPACE\""
+        // Deploy Terraform Infrastructure
+        stage('Deploy Infrastructure') {
+            steps {
+                sh 'terraform apply --auto-approve'
             }
-         }
-      }
-   }
-  post {
-    always {
-        echo 'Slack Notifications.'
-        slackSend channel: '#cicd-pipeline-project-alerts', //update and provide your channel name
-        color: COLOR_MAP[currentBuild.currentResult],
-        message: "*${currentBuild.currentResult}:* Job Name '${env.JOB_NAME}' build ${env.BUILD_NUMBER} \n Build Timestamp: ${env.BUILD_TIMESTAMP} \n Project Workspace: ${env.WORKSPACE} \n More info at: ${env.BUILD_URL}"
+        }
+        // Destroy Environment
+        // stage('Terraform Destroy') {
+        //     steps {
+        //         sh 'terraform destroy --var-file=prod.tfvars --auto-approve'
+        //     }
+        // }
     }
-  }
+//     post {
+//     always {
+//         echo 'Slack Notifications.'
+//         slackSend channel: '#ma-terraform-cicd-alerts', //update and provide your channel name
+//         color: COLOR_MAP[currentBuild.currentResult],
+//         message: "*${currentBuild.currentResult}:* Job Name '${env.JOB_NAME}' build ${env.BUILD_NUMBER} \n Build Timestamp: ${env.BUILD_TIMESTAMP} \n Project Workspace: ${env.WORKSPACE} \n More info at: ${env.BUILD_URL}"
+//     }
+//   }
 }
-