Building a Scalable PetClinic Web Application: A Full-Stack Approach

Vagrant for Local Setup

Initialize Vagrant with Ubuntu

vagrant init ubuntu/jammy64

Update Vagrantfile

Uncomment the private and public network settings and set the private network as per your choice.

Start Vagrant

vagrant up

(If prompted, choose network bridge 1.) Wait for it to be successfully up and running.

SSH into Vagrant Machine

vagrant ssh

Set Hostname

sudo hostname jenkins-apache
exec bash

Install Jenkins

Create a jenkins.sh file and add the following commands:

sudo vi jenkins.sh

Add the following content:

sudo apt-get update
curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee \    
    /usr/share/keyrings/jenkins-keyring.asc > /dev/null
echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \    
    https://pkg.jenkins.io/debian-stable binary/ | sudo tee \    
    /etc/apt/sources.list.d/jenkins.list > /dev/null
sudo apt update
sudo apt install openjdk-17-jdk -y
sudo apt install openjdk-17-jre -y
sudo apt-get install jenkins -y
sudo systemctl enable jenkins
sudo systemctl start jenkins
sudo systemctl status jenkins

Make Jenkins Script Executable & Run

sudo chmod +x jenkins.sh
./jenkins.sh

Retrieve Jenkins Admin Password

ADMIN_PASSWORD=$(sudo cat /var/lib/jenkins/secrets/initialAdminPassword)
echo "Your Jenkins initial admin password is $ADMIN_PASSWORD"

Find IP Address

hostname -I

Example output:

10.0.2.15 192.168.56.56 192.168.1.108 fd00::e3:d8ff:feeb:2b51

Access Jenkins at http://192.168.56.56:8080.

Install Docker

sudo apt-get install docker.io -y
sudo usermod -aG docker $USER
sudo chmod 666 /var/run/docker.sock
sudo docker ps

Install SonarQube on Docker

docker run -d --name sonar -p 9000:9000 sonarqube:lts-community

If unable to access:

sudo ufw enable
sudo ufw allow 9000/tcp

Install Trivy

Create a trivy.sh file and add:

sudo vi trivy.sh

Add the following content:

sudo apt-get install wget apt-transport-https gnupg lsb-release -y
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add -
echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install trivy -y
TRIVY_VERSION=$(trivy version)
echo $TRIVY_VERSION

Run:

sudo chmod +x trivy.sh
./trivy.sh

Configure Jenkins Plugins

Install the following plugins:

• Eclipse Temurin Installer
• SonarQube Scanner
• Maven
• OWASP Dependency Check
• Docker Plugins

Configure Java and Maven

Go to Manage Jenkins → Tools → Install JDK and Maven3 → Apply and Save.

Create a Jenkins Pipeline Job

Create a new job, label it as PetClinic, select Pipeline, and add the following script:

pipeline {
    agent any
    tools{
        jdk 'jdk17'
        maven 'maven3'
    }
    stages{
        stage("Git Checkout"){
            steps{
                git branch: 'local', url: 'https://github.com/surendergupta/petclinic.git'
            }
        }
        stage("Compile"){
            steps{
                sh "mvn clean compile"
            }
        }
        stage("Test Cases"){
            steps{
                sh "mvn test"
            }
        }
    }
}

Configure SonarQube in Jenkins

• Go to Manage Jenkins → System → SonarQube installations → Add SonarQube
• Name: sonar-server
• Server URL: http://<IP_ADDRESS_SONAR_SERVER>:9000
• Authentication Token: sonar-token

Add SonarQube Scanner under Manage Jenkins → Tools.

Add SonarQube Analysis Stage to Pipeline

stage("Sonarqube Analysis") {
    steps{
        withSonarQubeEnv('sonar-server') {
            sh ''' $SCANNER_HOME/bin/sonar-scanner -Dsonar.projectName=Petclinic \
            -Dsonar.java.binaries=. \
            -Dsonar.projectKey=Petclinic '''
        }
    }
}
stage("Sonarqube Quality Gate") {
    steps {
        waitForQualityGate abortPipeline: false, credentialsId: 'sonar-token'
    }
}

Configure OWASP Dependency Check

• Go to Manage Jenkins → Plugins → Install OWASP Dependency-Check.
• Configure under Manage Jenkins → Tools → Add Dependency-Check.

Add OWASP Dependency Check Stage to Pipeline

stage('OWASP FS SCAN') {
    steps {
        dependencyCheck additionalArguments: '--scan ./ --enableExperimental --format XML', odcInstallation: 'DP-Check'
        dependencyCheckPublisher pattern: '**/dependency-check-report.xml'
    }
}

Build and Install Stage

stage("Build"){
    steps{
        sh "mvn clean install"
    }
}

Configure Email Notifications

Install the Email Extended Notification plugin and configure:

• SMTP Server: smtp.gmail.com
• Port: 465
• Use SSL: Checked
• Username: <your-email>
• Password: <app-password>

Trivy File System Scan

stage("Trivy File System Scan"){
    steps{
        sh "trivy fs --format table -o trivy-fs-report.html ."
    }
}

Email Trivy Report

post {
    always {
        emailext attachLog: true,
        subject: "'${currentBuild.result}'",
        body: "Please find the attached Trivy FS Scan Report",
        recipientProviders: [[$class: 'DevelopersRecipientProvider']],
        attachmentsPattern: "trivy-fs-report.html"
    }
}

This completes the setup for a fully integrated PetClinic web application pipeline.