ln-web/Jenkinsfile

pipeline {
    agent any

    parameters {
        choice(name: 'env', choices: ['dev', 'test', 'prod'], description: '部署环境')
        string(name: 'NAMESPACE', defaultValue: 'portal-frontend', description: 'K8s 命名空间')
        string(name: 'DOMAIN', defaultValue: 'radar-power.asia', description: 'Ingress 域名（留空则不创建 Ingress）')
        string(name: 'TLS_SECRET', defaultValue: 'portal-tls', description: 'TLS Secret 名称（仅在 DOMAIN 非空时使用）')
    }

    environment {
        PROJECT_NAME    = 'new-portal-frontend'
        BUILD_DIR       = 'dist'
        NODE_ENV        = 'production'
        HARBOR_HOST     = '8.130.28.21:81'
        KUBECONFIG_PATH = '/root/.kube/config'
        HARBOR_USER     = 'admin'
        HARBOR_PASS     = 'Hfln@1024'
        HARBOR_RETENTION_ID = '1'
    }

    stages {
        stage('🧬 初始化环境') {
            steps {
                script {
                    env.HARBOR_PROJECT = params.env
                    env.IMAGE_TAG = "${HARBOR_HOST}/${env.HARBOR_PROJECT}/${PROJECT_NAME}:${BUILD_NUMBER}"
                    echo ">>> 环境：${params.env}, Harbor项目：${env.HARBOR_PROJECT}, K8s命名空间：${params.NAMESPACE}"
                    if (params.DOMAIN?.trim()) {
                        echo ">>> 域名：${params.DOMAIN}, TLS Secret：${params.TLS_SECRET}"
                    }
                }
            }
        }

        stage('📥 拉取代码') {
            steps {
                checkout scm
                echo "✅ 代码拉取成功"
            }
        }

        stage('🔧 构建 Docker 镜像') {
            steps {
                script {
                    sh """
                        docker login -u ${HARBOR_USER} -p ${HARBOR_PASS} ${HARBOR_HOST}
                        docker build --build-arg ENV=${params.env} -t ${IMAGE_TAG} .
                    """
                    echo "✅ 镜像构建成功：${IMAGE_TAG}"
                }
            }
        }

        stage('🚀 推送镜像到 Harbor') {
            steps {
                script {
                    sh """
                        docker push ${IMAGE_TAG}
                        docker rmi ${IMAGE_TAG}
                    """
                    echo "✅ 镜像推送并本地清理完成"
                }
            }
        }

        stage('   Kubernetes 部署') {
            steps {
                script {
                    def domain = params.DOMAIN?.trim()
                    sh """
                        export KUBECONFIG=${KUBECONFIG_PATH}

                        # 确保命名空间存在
                        kubectl get ns ${params.NAMESPACE} >/dev/null 2>&1 || kubectl create ns ${params.NAMESPACE}

                        # 如果 Deployment 存在，更新镜像
                        if kubectl get deployment ${PROJECT_NAME} -n ${params.NAMESPACE} >/dev/null 2>&1; then
                            echo ">>> Deployment 已存在，更新镜像..."
                            kubectl set image deployment/${PROJECT_NAME} ${PROJECT_NAME}=${IMAGE_TAG} -n ${params.NAMESPACE}
                            kubectl rollout status deployment/${PROJECT_NAME} -n ${params.NAMESPACE} --timeout=120s

                            # 更新 Ingress（如果提供了域名）
                            if [ -n "${domain}" ]; then
                                kubectl apply -n ${params.NAMESPACE} -f - <<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ${PROJECT_NAME}-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
    nginx.ingress.kubernetes.io/ssl-passthrough: "false"
    nginx.ingress.kubernetes.io/proxy-body-size: "8m"
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  tls:
  - hosts:
    - ${domain}
    secretName: ${params.TLS_SECRET}
  rules:
  - host: ${domain}
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: ${PROJECT_NAME}
            port:
              number: 80
EOF
                            fi
                        else
                            # 创建新的 Deployment 和 Service
                            kubectl apply -n ${params.NAMESPACE} -f - <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
  name: ${PROJECT_NAME}
spec:
  replicas: 2
  selector:
    matchLabels:
      app: ${PROJECT_NAME}
  template:
    metadata:
      labels:
        app: ${PROJECT_NAME}
    spec:
      containers:
      - name: ${PROJECT_NAME}
        image: ${IMAGE_TAG}
        ports:
        - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: ${PROJECT_NAME}
spec:
  type: ClusterIP
  selector:
    app: ${PROJECT_NAME}
  ports:
  - port: 80
    targetPort: 80
EOF

                            # 创建 Ingress（如果提供了域名）
                            if [ -n "${domain}" ]; then
                                kubectl apply -n ${params.NAMESPACE} -f - <<EOF
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ${PROJECT_NAME}-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
    nginx.ingress.kubernetes.io/ssl-passthrough: "false"
    nginx.ingress.kubernetes.io/proxy-body-size: "8m"
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  tls:
  - hosts:
    - ${domain}
    secretName: ${params.TLS_SECRET}
  rules:
  - host: ${domain}
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: ${PROJECT_NAME}
            port:
              number: 80
EOF
                            fi
                        fi

                        # 显示部署状态
                        echo ">>> 部署状态："
                        kubectl get all -n ${params.NAMESPACE}
                        kubectl get ingress -n ${params.NAMESPACE} || echo ">>> 未配置 Ingress"

                        # 如果配置了域名，显示访问信息
                        if [ -n "${domain}" ]; then
                            echo ">>> 应用部署完成！"
                            echo ">>> 访问地址：https://${domain}"
                            echo ">>> 注意：确保域名 ${domain} 已正确解析到集群"
                        else
                            echo ">>> 应用部署完成！"
                            echo ">>> 注意：未配置域名，请手动配置 Ingress 或使用 NodePort 访问"
                        fi
                    """
                }
            }
        }

        stage('🧹 清理本地旧镜像（保留最新3个）') {
            steps {
                script {
                    def baseImage = "${HARBOR_HOST}/${env.HARBOR_PROJECT}/${PROJECT_NAME}"
                    sh """
                        docker images ${baseImage} --format "{{.Repository}}:{{.Tag}}" \\
                        | grep -v latest \\
                        | sort -r -t ':' -k2 \\
                        | tail -n +4 \\
                        | xargs -r docker rmi || true
                    """
                    echo "✅ 本地旧镜像清理完成"
                }
            }
        }

        stage('   清理悬空镜像 <none>') {
            steps {
                script {
                    sh """
                        docker images -f "dangling=true" -q | xargs -r docker rmi || true
                    """
                    echo "✅ 悬空镜像（<none>）清理完成"
                }
            }
        }

        stage('   触发 Harbor 镜像保留策略') {
            steps {
                script {
                    sh """
                        curl -u ${HARBOR_USER}:${HARBOR_PASS} -X POST \\
                        "http://${HARBOR_HOST}/api/v2.0/retentions/${HARBOR_RETENTION_ID}/executions"
                    """
                    echo "✅ Harbor 镜像保留策略已触发"
                }
            }
        }
    }

    post {
        success {
            echo "✅ 构建 & 部署成功   "
        }
        failure {
            echo "❌ 构建或部署失败，请检查日志"
        }
        always {
            cleanWs()
        }
    }
}