RedHatTraining/rht-labs-docs.git

			@@ -6,7 +6,7 @@

			There are a number of ways pipeline as code can be achieved in Jenkins.
			* The Job DSL Plugin - this is a slightly older but very functional DSL mechanism to create reusable pipelines. Create a `groovy` file to run Jenkins Domain Specific Language to create jobs, functions and other items. In Jenkins; you then can execute this file which will build all of the config.xml files needed for each Job.
			* The Scripted Pipeline - The scripted pipeline introduced the Jenkinsfile and the ability for developers to write their Jenkins setup as groovy code. A repo with a Jenkinsfile in it's root can be pointed to by Jenkins and it will automatically build out each of the stages described within. The scripted pipeline is ultimately Groovy at it's core.
			* The Scripted Pipeline - The scripted pipeline introduced the Jenkinsfile and the ability for developers to write their Jenkins setup as groovy code. A repo with a Jenkinsfile in its root can be pointed to by Jenkins and it will automatically build out each of the stages described within. The scripted pipeline is ultimately Groovy at its core.
			* The Declarative Pipeline - This approach looks to simplify and opinionate what you can do and when you can do it in a pipeline. It does this by giving you top level `block` which define sections, directives and steps. The declarative syntax is not run as groovy but you can execute groovy inside script blocks. The advantage of it over scripted is validation of the config and lighter approach with requirement to understand all of the `groovy` syntax

			_____
			@@ -27,14 +27,16 @@
			1. [Arachni Crawler](http://www.arachni-scanner.com/) - Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications. It is free, with its source code public and available for review. It is versatile enough to cover a great deal of use cases, ranging from a simple command line scanner utility, to a global high performance grid of scanners, to a Ruby library allowing for scripted audits, to a multi-user multi-scan web collaboration platform. In addition, its simple REST API makes integration a cinch.

			## Big Picture
			This exercise begins cluster containing blah blah
			> From the previous exercise; we gated our pipeline. Now we will add a pipeline-as-code in the form of the Jenkinfile and re-use it on the Backend too.

			![big-picture](../images/big-picture/big-picture-3.jpg)

			_____

			## 10,000 Ft View
			> The goal of this exercise is to move to using the Jenkinsfile in the todolist-api and todolist-fe projects. Additionally we will create new slaves for use in the next exercise.

			2. On Jenkins; create a multibranch pipeline project to scan the GitLab endpoint for each app. Use the Jenkinsfile provided to run the stages. Replace the `<YOUR_NAME>` with appropriate variable.
			2. On Jenkins; create a multibranch pipeline project to scan the GitLab endpoint for each app. Use the Jenkinsfile provided to run the stages. Replace `<YOUR_NAME>` with the appropriate variable.

			2. Create two new Jenkins slaves for the `OWASP ZAP` scanner and the `Arachni` WebCrawler

			@@ -58,8 +60,8 @@
			* `stage {}` all jobs must have one stage. This is the logical part of the build that will be executed e.g. `bake-image`
			* `steps {}` each `stage` has one or more steps involved. These could be execute shell or git checkout etc.
			* `agent {}` specifies the node the build should be run on e.g. `jenkins-slave-npm`
			* `post {}` hook is used to specify the post-build-actions. Jenkins declarative provides very useful callbacks for `success`, `failure` and `always` which are useful for controlling the job flow
			* `when {}` is used for flow control. It can be used at stage level and be used to stop pipeline entering that stage. e.g. when branch is master; deploy to `test` environment.
			* `post {}` hook is used to specify the post-build-actions. Jenkins declarative pipeline syntax provides very useful callbacks for `success`, `failure` and `always` which are useful for controlling the job flow
			* `when {}` is used for flow control. It can be used at the stage level and be used to stop pipeline entering that stage. e.g. when branch is master; deploy to `test` environment.

			2. The Jenkinsfile is mostly complete to do all the testing etc that was done in previous exercises. Some minor changes will be needed to orchestrate namespaces. Find and replace all instances of `<YOUR_NAME>` in the Jenkinsfile. Update the `<GIT_USERNAME>` to the one you login to the cluster with; this variable is used in the namespace of your git projects when checking out code etc. Ensure the `GITLAB_DOMAIN` matches your git host.
			```groovy
			@@ -73,7 +75,7 @@

			GIT_SSL_NO_VERIFY = true
			GIT_CREDENTIALS = credentials('jenkins-git-creds')
			GITLAB_DOMAIN = "gitlab.apps.<SOME_DOMAIN>.com"
			GITLAB_DOMAIN = "gitlab.<APPS_URL>"
			GITLAB_PROJECT = "<GIT_USERNAME>"
			}
			```
			@@ -97,13 +99,13 @@
			2. On the job's configure page; set the Branch Sources to `git`
			![multibranch-select-git](../images/exercise4/multibranch-select-git.png)

			2. Fill in the Git settings with your `todolist-api` GitLab url and set the credentials as you've done before. `https://gitlab.apps.lader.rht-labs.com/<YOUR_NAME>/todolist-api.git`
			2. Fill in the Git settings with your `todolist-api` GitLab url and set the credentials as you've done before. `https://gitlab.<APPS_URL>/<YOUR_NAME>/todolist-api.git`
			![multibranch-git](../images/exercise4/multibranch-git.png)

			2. Set the `Scan Multibranch Pipeline Triggers` to be periodic and the interval to 1 minute. This will poll the GitLab instance for new branches or change sets to build.
			![multibranch-scan-time](../images/exercise4/multibranch-scan-time.png)

			2. Save the Job configuration to run the intial scan. The log will show scans for `master` and `develop` branch which have no `Jenkinsfile` so are skipped. The resulting view will show the `feature/jenkinsfile` job corresponding the only branch that currently has one. The build should run automatically.
			2. Save the Job configuration to run the intial scan. The log will show scans for `master` and `develop` branches, which have no `Jenkinsfile` so are skipped. The resulting view will show the `feature/jenkinsfile` job corresponding the only branch that currently has one. The build should run automatically.
			![todolist-api-multi](../images/exercise4/todolist-api-multi.png)

			2. The pipeline file is setup to only run `bake` & `deploy` stages when on `master` or `develop` branch. This is to provide us with very fast feedback for team members working on feature or bug fix branches. Each time someone commits or creates a new branch a basic build with testing occurs to give very rapid feedback to the team. Let's now update our `master` and `develop` branches to include the Jenkinsfile and delete the feature branch.
			@@ -208,7 +210,7 @@

			2. Open the `params/ocp-pipeline` file and update `PIPELINE_SOURCE_REPOSITORY_URL` with the git url of your project (Don't forget to add the `.git` at the end). For example:
			```
			PIPELINE_SOURCE_REPOSITORY_URL=https://gitlab.apps.<SOME_DOMAIN>.com/<GIT_USERNAME>/todolist-fe.git
			PIPELINE_SOURCE_REPOSITORY_URL=https://gitlab.<APPS_URL>/<GIT_USERNAME>/todolist-fe.git
			PIPELINE_SOURCE_REPOSITORY_REF=develop
			NAME=todolist-fe
			```
			@@ -262,7 +264,7 @@

			2. Update the `todolist-api/.openshift-applier/params/ocp-pipeline`
			```
			PIPELINE_SOURCE_REPOSITORY_URL=https://gitlab.apps.<SOME_DOMAIN>.com/<GIT_USERNAME>/todolist-api.git
			PIPELINE_SOURCE_REPOSITORY_URL=https://gitlab.<APPS_URL>/<GIT_USERNAME>/todolist-api.git
			PIPELINE_SOURCE_REPOSITORY_REF=develop
			NAME=todolist-api
			```
			@@ -322,7 +324,7 @@
			-e "filter_tags=zap"
			```

			3. Head to https://console.lader.rht-labs.com on OpenShift and move to your ci-cd project > builds. You should see `jenkins-slave-zap` has been built.
			3. Head to <CLUSTER_URL> on OpenShift and move to your ci-cd project > builds. You should see `jenkins-slave-zap` has been built.
			![zap-build](../images/exercise4/zap-build.png)

			#### 3b - Arachni Scan
			@@ -345,7 +347,7 @@

			3. Update the `jenkins-slave-arachni` files `SOURCE_REPOSITORY_URL` to point to your GitLab's hosted version of the `enablement-ci-cd` repo.
			```
			SOURCE_REPOSITORY_URL=https://gitlab.apps.lader.rht-labs.com/<GIT_USERNAME>/enablement-ci-cd.git
			SOURCE_REPOSITORY_URL=https://gitlab.<APPS_URL>/<GIT_USERNAME>/enablement-ci-cd.git
			SOURCE_CONTEXT_DIR=docker/jenkins-slave-arachni
			BUILDER_IMAGE_NAME=registry.access.redhat.com/openshift3/jenkins-slave-base-rhel7:latest
			NAME=jenkins-slave-arachni
			@@ -370,7 +372,7 @@
			-e "filter_tags=arachni"
			```

			3. Head to https://console.lader.rht-labs.com on OpenShift and move to your ci-cd project > builds. You should see `jenkins-slave-arachni`.
			3. Head to <CLUSTER_URL> on OpenShift and move to your ci-cd project > builds. You should see `jenkins-slave-arachni`.
			![builds-zap-arachni](../images/exercise4/builds-zap-arachni.png)

			_____
			@@ -382,7 +384,7 @@
			- Add the multi-branch configuration to the S2I to have Jenkins come alive with the `todolist-api` and `-fe` configuration cooked into it for future uses.

			Jenkins Pipeline Extension
			- Add an extension to the pipeline that promotes code to UAT environment once the master job has been successful.
			- Add an extension to the pipeline that promotes code to the UAT environment once the master job has been successful.
			- Use a WAIT to allow for manual input to approve the promotion

			Jenkins e2e extension (blue/green)