Added Jenkinsfile, Nginx Setup, Updated README, and Docker Compose Configuration

[Amitabh-DevOps]

This pull request introduces the following changes to the repository:

1. Jenkinsfile: Added a pipeline script for automating the CI/CD process, including stages for code cloning, building the Docker image, pushing to Docker Hub, and deployment.

2. Nginx Setup: Included Nginx configuration to act as a reverse proxy for the application, ensuring smoother handling of requests and load balancing.

3. Updated README.md: Enhanced the README file with detailed instructions on setting up the Jenkins pipeline, Docker, and Nginx configurations, as well as other setup steps for project deployment.

4. Docker Compose: Updated the docker-compose.yml file to reflect the new Nginx setup and optimize the deployment of multi-container services.

Summary by CodeRabbit

Release Notes

• New Features

  • Introduced a CI/CD pipeline for the banking application using Jenkins and Docker.
  • Added Nginx service to manage requests to the banking application.
  • Updated application properties for MySQL database configuration.

• Bug Fixes

  • Improved Dockerfile structure for clarity and organization.

• Documentation

  • Revised README.md to focus on CI/CD pipeline implementation and setup instructions.

• Chores

  • Updated docker-compose.yml for service configurations and environment variables.

[coderabbitai]

Walkthrough

The pull request introduces significant changes across several files to enhance the CI/CD pipeline for a Spring Boot banking application. Key modifications include updates to the Dockerfile for improved structure, the introduction of a new Jenkinsfile to automate the build and deployment process, and a comprehensive revision of the README.md to focus on CI/CD setup. Additionally, changes to the docker-compose.yml file establish new services and configurations, while new Nginx and application properties files support the application's architecture.

Changes

File	Change Summary
Dockerfile	Updated comments, removed MAINTAINER, added WORKDIR, changed base image, updated JAR paths, exposed port, and modified ENTRYPOINT.
Jenkinsfile	New pipeline defined with stages: "Code", "Build", "Push to DockerHub", "Deploying".
README.md	Restructured content to focus on CI/CD pipeline setup, removed AWS EKS deployment details, added setup instructions for Jenkins and Docker.
docker-compose.yml	Updated mysql service environment variables, changed volume mapping, added nginx service, and updated bankapp service configuration.
nginx/Dockerfile	New Dockerfile for Nginx, copying default.conf for custom configuration.
nginx/default.conf	New configuration file for Nginx, setting up a reverse proxy for bankapp.
src/main/resources/application.properties	Added MySQL database configuration and JPA settings, set server port to 8000.

Sequence Diagram(s)

sequenceDiagram
    participant Developer
    participant GitHub
    participant Jenkins
    participant DockerHub
    participant EC2

    Developer->>GitHub: Push code
    GitHub->>Jenkins: Trigger build
    Jenkins->>Jenkins: Clone repository
    Jenkins->>Jenkins: Build Docker image
    Jenkins->>DockerHub: Push image
    Jenkins->>EC2: Deploy application

Loading

🐰 "In the world of code, we hop with glee,
A pipeline built for all to see.
With Docker and Jenkins, we dance and play,
Deploying our app in a seamless way!
From MySQL to Nginx, all set in line,
Our banking app shines, oh how divine!" 🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 21

🧹 Outside diff range and nitpick comments (7)

src/main/resources/application.properties (3)

Line range hint 4-6: Security Issue: Hardcoded Database Credentials

Storing sensitive credentials directly in application.properties is a security risk, especially in a version-controlled repository.

Consider:

1. Using environment variables:

-spring.datasource.username=root
-spring.datasource.password=Test@123
+spring.datasource.username=${DB_USERNAME}
+spring.datasource.password=${DB_PASSWORD}

2. Using a secure configuration management service for production

---

Line range hint 9-11: Production Readiness Concerns

Several configuration values need attention for production deployment:

1. ddl-auto=update is risky in production as it can modify database schema
2. show-sql=true might leak sensitive data in logs

Consider using different profiles:

# Add to application-dev.properties
spring.jpa.hibernate.ddl-auto=update
spring.jpa.show-sql=true

# Add to application-prod.properties
spring.jpa.hibernate.ddl-auto=none
spring.jpa.show-sql=false

---

Line range hint 2-13: Missing Essential Configuration Properties

The configuration lacks several important properties for production readiness:

Consider adding:

# Connection pool settings
spring.datasource.hikari.maximum-pool-size=10
spring.datasource.hikari.minimum-idle=5
spring.datasource.hikari.idle-timeout=300000

# Timeout settings
spring.datasource.hikari.connection-timeout=20000
spring.datasource.hikari.max-lifetime=1200000

# Error handling
spring.jpa.properties.hibernate.jdbc.time_zone=UTC
spring.datasource.hikari.auto-commit=false

Jenkinsfile (1)

1-32: Add pipeline documentation and error handling

The pipeline would benefit from:

1. Pipeline-level documentation
2. Post-build actions for notifications
3. Error handling for each stage
4. Cleanup procedures

Add this at the beginning of the pipeline:

+// Banking Application CI/CD Pipeline
+// Builds, tests, and deploys the banking application
+
 pipeline {
     agent {label 'dev-server'}
+    
+    environment {
+        REPO_URL = 'https://github.com/Amitabh-DevOps/banking-app-project.git'
+        DOCKER_IMAGE = 'bankapp-mini'
+    }
+    
+    options {
+        timeout(time: 1, unit: 'HOURS')
+        buildDiscarder(logRotator(numToKeepStr: '10'))
+    }

And at the end:

+    post {
+        success {
+            echo 'Pipeline completed successfully'
+            // Add notification steps
+        }
+        failure {
+            echo 'Pipeline failed'
+            // Add notification steps
+        }
+        always {
+            cleanWs()
+        }
+    }

Dockerfile (1)

6-12: Optimize build stage for better performance and security

Consider the following improvements for the build stage:

1. Add a .dockerignore file to exclude unnecessary files
2. Cache Maven dependencies to speed up builds
3. Copy only necessary files for the build

Apply this optimization:

FROM maven:3.8.3-openjdk-17 AS builder
WORKDIR /app
+ # Copy only the POM file first to cache dependencies
+ COPY pom.xml .
+ RUN mvn dependency:go-offline
+ 
+ # Then copy the source code
+ COPY src ./src
- COPY . /app

docker-compose.yml (1)

36-47: Enhance Nginx service configuration

The Nginx service configuration could be improved with health checks and resource limits.

   nginx:
     image: nginx:1.23.3-alpine
     container_name: nginx
+    deploy:
+      resources:
+        limits:
+          memory: 256M
+          cpus: '0.5'
+        reservations:
+          memory: 128M
+          cpus: '0.25'
+    healthcheck:
+      test: ["CMD", "nginx", "-t"]
+      interval: 30s
+      timeout: 10s
+      retries: 3

README.md (1)

3-5: Format external links using proper markdown syntax

The repository and blog links should be formatted using proper markdown syntax for better readability and consistency.

-**Repository for this Project**: Used this Repo + Shared library repo : https://github.com/Amitabh-DevOps/Jenkins-shared-libraries
-**Check Blog** : https://amitabhdevops.hashnode.dev/spring-boot-bank-jenkins 
+**Repository for this Project**: Used this Repo + [Shared library repo](https://github.com/Amitabh-DevOps/Jenkins-shared-libraries)
+**Check Blog**: [Spring Boot Bank Jenkins Setup](https://amitabhdevops.hashnode.dev/spring-boot-bank-jenkins)

🧰 Tools

🪛 Markdownlint

3-3: null
Bare URL used

(MD034, no-bare-urls)

---

5-5: null
Bare URL used

(MD034, no-bare-urls)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between d16279d and 50e0392.

📒 Files selected for processing (7)

• Dockerfile (1 hunks)
• Jenkinsfile (1 hunks)
• README.md (1 hunks)
• docker-compose.yml (1 hunks)
• nginx/Dockerfile (1 hunks)
• nginx/default.conf (1 hunks)
• src/main/resources/application.properties (2 hunks)

✅ Files skipped from review due to trivial changes (1)

• nginx/Dockerfile

🧰 Additional context used

🪛 LanguageTool

README.md

[style] ~302-~302: Three successive sentences begin with the same word. Consider rewording the sentence or use a thesaurus to find a synonym.
Context: ...ub, and deploying the container. * This script allows to used shared library re...

(ENGLISH_WORD_REPEAT_BEGINNING_RULE)

---

[style] ~370-~370: In American English, abbreviations like “etc.” require a period.
Context: ...cker, shared libraries, multinode agent etc**. This setup not only simplifies the d...

(ETC_PERIOD)

---

[style] ~370-~370: Opting for a less wordy alternative here can improve the clarity of your writing.
Context: ...ries, multinode agent etc**. This setup not only simplifies the deployment process but also enhances productivity by ensuring that every cod...

(NOT_ONLY_ALSO)

🪛 Markdownlint

README.md

308-308: Expected: 2; Actual: 4
Unordered list indentation

(MD007, ul-indent)

---

3-3: null
Bare URL used

(MD034, no-bare-urls)

---

5-5: null
Bare URL used

(MD034, no-bare-urls)

🔇 Additional comments (7)

src/main/resources/application.properties (1)

14-15: Verify Port Configuration Across Environment

The server port change to 8000 needs to be consistent across all configurations.

✅ Verification successful

Port Configuration is Consistent Across All Files

The port change to 8000 is properly configured across all relevant files:

• application.properties: server.port=8000
• Dockerfile: EXPOSE 8000
• docker-compose.yml: ports mapping "8000:8000"
• nginx/default.conf: upstream and proxy_pass configured to port 8000

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check port configuration consistency across Docker and Nginx configs
echo "Checking port configurations in Docker and Nginx files..."

# Check Dockerfile EXPOSE
rg "EXPOSE.*8000" --type dockerfile

# Check docker-compose port mappings
rg "8000:8000" docker-compose.yml

# Check Nginx configuration
rg "proxy_pass.*:8000" --type nginx

Length of output: 319

---

Script:

#!/bin/bash
# Let's check for port configuration in all relevant files
echo "Checking port configurations across all files..."

# Search for port 8000 in any potential configuration files
fd -e yml -e yaml -e properties -e conf -e config -e xml --exec rg -l "8000"

# Specifically look for Dockerfile without relying on file type
fd Dockerfile --exec rg -l "EXPOSE.*8000" {}

# Get content of found files for better context
echo "\nContent of docker-compose.yml:"
cat docker-compose.yml

# Look for any other potential port configurations
rg -g "!node_modules" "port.*=.*" 

Length of output: 1630

---

Script:

#!/bin/bash
# Let's check the content of Dockerfile and nginx config
echo "Content of Dockerfile:"
cat Dockerfile

echo "\nContent of nginx/default.conf:"
cat nginx/default.conf

# Check for any other application properties files that might contain port configurations
fd -e properties --exec rg "server\.port"

Length of output: 1628

nginx/default.conf (1)

1-17: Verify service configuration alignment

Let's ensure the service name and port configurations align with docker-compose.yml.

✅ Verification successful

Port mismatch detected between Nginx configuration and application service

The Nginx configuration is using port 8000 for the bankapp service, but there's no port configuration specified for the bankapp service in docker-compose.yml. This could lead to connection issues.

• In nginx/default.conf: Service is configured to use bankapp:8000
• In docker-compose.yml: No explicit port mapping for bankapp service

---

Nginx configuration is correctly aligned with application settings

The Nginx configuration is properly set up:

• Application's server.port is configured to 8000 in application.properties
• Nginx's upstream and proxy_pass correctly point to bankapp:8000
• Service name 'bankapp' matches the service definition in docker-compose.yml

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify service name and port configuration alignment

# Check if docker-compose.yml exists and contains matching service configuration
echo "Checking docker-compose.yml for service configuration..."
rg -A 5 "bankapp:" 
rg -A 5 "nginx:"

# Check if any other Nginx configurations exist
echo "Checking for additional Nginx configurations..."
fd -t f -e conf

Length of output: 2158

---

Script:

#!/bin/bash
# Check for Spring Boot default port configuration or any port-related settings
rg -A 2 "server.port" 
rg -A 2 "PORT=" 

# Look for any application properties/configuration files
fd "application.properties|application.yml|application.yaml"

Length of output: 269

Jenkinsfile (1)

1-4: Verify shared library configuration and agent constraints

The pipeline uses a shared library and a specific agent label. Please ensure:

1. The 'Shared' library is properly configured in Jenkins
2. The 'dev-server' agent exists and has necessary permissions

✅ Verification successful

Shared library and agent configuration are properly documented and verified

Based on the README.md content:

1. The 'Shared' library is properly configured and documented with a link to the shared library repository at https://github.com/Amitabh-DevOps/Jenkins-shared-libraries
2. The 'dev-server' agent is correctly set up as a Jenkins node with detailed configuration steps in the documentation
3. The pipeline configuration follows the documented architecture where the Jenkins Agent instance is configured as 'dev-server' for deploying the Spring Boot application

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for other Jenkins files that might reference the shared library or agent
rg -l "Library\('Shared'\)" 
rg -l "label 'dev-server'"

Length of output: 114

---

Script:

#!/bin/bash
# Let's check the README.md content to understand the shared library and agent configuration
cat README.md

Length of output: 11415

Dockerfile (2)

27-28: Verify port configuration across all services

The port change from 8080 to 8000 needs to be consistent across all configurations.

Let's verify the port configuration in related files:

#!/bin/bash
# Check port configuration in various files
echo "Checking port configurations..."
rg "8000|8080" docker-compose.yml application.properties nginx/default.conf

---

14-14: Reconsider skipping tests in production builds

While skipping tests speeds up the build process, it's generally not recommended for production builds as it could allow bugs to slip through. Consider:

1. Running tests in the CI/CD pipeline
2. Using test results for quality gates

Let's check if tests exist and are being run in the Jenkins pipeline:

docker-compose.yml (2)

48-49: Verify volume persistence configuration

The MySQL data volume is correctly defined, but ensure it's properly persisted across deployments.

#!/bin/bash
# Check if volume is listed in docker volume ls
if docker volume ls | grep -q "mysql-bankapp"; then
    echo "Volume mysql-bankapp exists"
    docker volume inspect mysql-bankapp
else
    echo "Volume mysql-bankapp not found"
fi

---

42-42: Verify Nginx configuration file existence

The service mounts a local Nginx configuration file, but its existence needs to be verified.

✅ Verification successful

Nginx configuration file verified and valid

The Nginx configuration file exists at nginx/default.conf and contains a valid configuration for proxying requests to the bankapp service. The configuration includes proper upstream definition and server block with appropriate proxy settings.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if the Nginx configuration file exists and is valid
if [ -f "./nginx/default.conf" ]; then
    echo "Nginx configuration file exists"
    cat "./nginx/default.conf"
else
    echo "Error: Nginx configuration file not found at ./nginx/default.conf"
    exit 1
fi

Length of output: 281

---

Script:

#!/bin/bash
# Let's check if the nginx directory and configuration file exist
fd "default.conf" --type f

# Also search for any nginx configuration files in the repository
fd "nginx" --type d

Length of output: 72

---

Script:

#!/bin/bash
# Let's examine the content of the nginx configuration file
cat nginx/default.conf

Length of output: 499

[coderabbitai]

⚠️ Potential issue

Docker Compatibility Issue: Database URL

Using localhost as the database host won't work in a Docker environment since each container has its own network namespace.

Replace with:

-spring.datasource.url=jdbc:mysql://localhost:3306/bankappdb?useSSL=false&serverTimezone=UTC
+spring.datasource.url=jdbc:mysql://${DB_HOST:localhost}:3306/bankappdb?useSSL=false&serverTimezone=UTC

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	spring.datasource.url=jdbc:mysql://localhost:3306/bankappdb?useSSL=false&serverTimezone=UTC
	spring.datasource.url=jdbc:mysql://${DB_HOST:localhost}:3306/bankappdb?useSSL=false&serverTimezone=UTC

[coderabbitai]

⚠️ Potential issue

Add security configurations and SSL support

The server block lacks essential security configurations:

1. Missing SSL/TLS setup
2. No security headers defined
3. No rate limiting to prevent DDoS
4. Generic server_name could pose security risks

 server {
-    listen 80;
+    listen 80;
+    listen 443 ssl;
+    ssl_certificate /etc/nginx/ssl/server.crt;
+    ssl_certificate_key /etc/nginx/ssl/server.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
 
     server_name localhost;
 
+    # Add security headers
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Content-Type-Options "nosniff";
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
+
+    # Add rate limiting
+    limit_req_zone $binary_remote_addr zone=one:10m rate=30r/m;
+    limit_req zone=one burst=10 nodelay;

Committable suggestion skipped: line range outside the PR's diff.

[coderabbitai]

🛠️ Refactor suggestion

Enhance upstream configuration for production readiness

The upstream configuration needs additional parameters for reliability and scalability:

1. Add health checks to detect failed instances
2. Consider adding backup servers
3. Specify a load balancing algorithm

 upstream bankapp {
-    server bankapp:8000;  # Use the correct service name from docker-compose.yml
+    server bankapp:8000 max_fails=3 fail_timeout=30s;
+    check interval=3000 rise=2 fall=5 timeout=1000 type=http;
+    check_http_send "HEAD / HTTP/1.0\r\n\r\n";
+    check_http_expect_alive http_2xx http_3xx;
+    least_conn;  # Add load balancing algorithm
 }

Committable suggestion skipped: line range outside the PR's diff.

[coderabbitai]

🛠️ Refactor suggestion

Optimize proxy configuration and add error handling

The proxy configuration needs optimization and additional error handling:

1. Use upstream name instead of repeating the URL
2. Add timeout configurations
3. Configure response buffering
4. Add error handling

     location / {
-        proxy_pass http://bankapp:8000;  # Use the service name 'bankapp' here as well
+        proxy_pass http://bankapp;
         proxy_set_header Host $host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
+        
+        # Add timeouts
+        proxy_connect_timeout 60s;
+        proxy_send_timeout 60s;
+        proxy_read_timeout 60s;
+        
+        # Response buffering
+        proxy_buffering on;
+        proxy_buffer_size 4k;
+        proxy_buffers 4 32k;
+        
+        # Error handling
+        proxy_next_upstream error timeout http_500 http_502 http_503 http_504;
+        proxy_next_upstream_tries 3;
     }
+
+    # Add error pages
+    error_page 500 502 503 504 /50x.html;
+    location = /50x.html {
+        root /usr/share/nginx/html;
+    }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	location / {
	proxy_pass http://bankapp:8000; # Use the service name 'bankapp' here as well
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	}
	location / {
	proxy_pass http://bankapp;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	# Add timeouts
	proxy_connect_timeout 60s;
	proxy_send_timeout 60s;
	proxy_read_timeout 60s;
	# Response buffering
	proxy_buffering on;
	proxy_buffer_size 4k;
	proxy_buffers 4 32k;
	# Error handling
	proxy_next_upstream error timeout http_500 http_502 http_503 http_504;
	proxy_next_upstream_tries 3;
	}
	# Add error pages
	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
	root /usr/share/nginx/html;
	}

[coderabbitai]

⚠️ Potential issue

Security concern: Hardcoded repository URL

The repository URL should not be hardcoded in the pipeline. Consider:

1. Using environment variables or Jenkins credentials
2. Verifying the repository ownership as it points to a personal account

-                clone("https://github.com/Amitabh-DevOps/banking-app-project.git","dev")
+                clone(env.REPO_URL, "dev")

Committable suggestion skipped: line range outside the PR's diff.

[coderabbitai]

🛠️ Refactor suggestion

Add Jenkins security configuration steps

The Jenkins setup should include initial security configuration steps after installation.

Add the following section:

### Important Security Steps After Jenkins Installation

1. Install recommended security plugins
2. Configure Global Security Settings:
   * Enable CSRF protection
   * Enable agent-to-master security
   * Configure proper authentication
3. Set up proper backup strategy for Jenkins configuration
4. Review and update Jenkins system configurations

[coderabbitai]

🛠️ Refactor suggestion

Enhance Jenkins Agent security configuration

The agent setup should include proper directory permissions and SSH security measures.

     * **Remote root directory**: `/home/ubuntu/bankapp`
+    * Create and set proper permissions:
+      ```bash
+      sudo mkdir -p /home/ubuntu/bankapp
+      sudo chown jenkins:jenkins /home/ubuntu/bankapp
+      ```
     * **Labels**: Add `dev-server`
     * **Usage**: Choose **Only build jobs with label expressions matching this node**
+    * **Host Key Verification Strategy**: Select "Manually trusted key Verification Strategy"
+    * **Advanced Options**:
+      * Set proper connection timeout
+      * Enable TCP_NODELAY

[coderabbitai]

🛠️ Refactor suggestion

Enhance webhook and deployment security

The webhook setup should include a secret token and HTTPS configuration.

     * Enter the **Payload URL**:
     ```http
-    http://<your-ec2-public-ip>:8080/github-webhook/
+    https://<your-jenkins-domain>:8080/github-webhook/
     ```
-    * Set **Content type** to default one and enable **Just the push event**.
+    * Set **Content type** to `application/json`
+    * Generate and configure a secret token
+    * Enable SSL/TLS for secure communication
+    * Select specific events to trigger the webhook:
+      * Push events
+      * Pull request events (if needed)
     * Click on **Add webhook** and wait for it to show a green tick, indicating successful setup.

[coderabbitai]

⚠️ Potential issue

Update Ubuntu version and enhance security group configuration

1. Ubuntu 24.04 LTS doesn't exist yet. Use Ubuntu 22.04 LTS instead.
2. The security group configuration is incomplete. Additional ports are needed for Jenkins and the application.

-    * Select the **Ubuntu 24.04 LTS** AMI.
+    * Select the **Ubuntu 22.04 LTS** AMI.

     * Configure **Security Group**:
         * **SSH (port 22)** for remote access.
         * **HTTP (port 80)** to access Jenkins through the browser.
+        * **Custom TCP (port 8080)** for Jenkins web interface
+        * **Custom TCP (port 8000)** for the Spring Boot application
+        * **Custom TCP (port 50000)** for Jenkins agent communication

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	* Select the **Ubuntu 24.04 LTS** AMI.
	* Choose **t2.micro** for the Jenkins Master instance, eligible for the free tier.
	* Configure **Security Group**:
	* **SSH (port 22)** for remote access.
	* **HTTP (port 80)** to access Jenkins through the browser.
	* Click **Review and Launch**.
	* Select the **Ubuntu 22.04 LTS** AMI.
	* Choose **t2.micro** for the Jenkins Master instance, eligible for the free tier.
	* Configure **Security Group**:
	* **SSH (port 22)** for remote access.
	* **HTTP (port 80)** to access Jenkins through the browser.
	* **Custom TCP (port 8080)** for Jenkins web interface
	* **Custom TCP (port 8000)** for the Spring Boot application
	* **Custom TCP (port 50000)** for Jenkins agent communication
	* Click **Review and Launch**.

[coderabbitai]

🛠️ Refactor suggestion

Improve Jenkinsfile security and stability

The pipeline configuration needs enhancements for better security and stability.

-@Library('Shared')_
+@Library('Shared@v1.0.0')_

 pipeline{
     agent {label 'dev-server'}
+    environment {
+        DOCKER_CREDENTIALS = credentials('dockerHub')
+    }
     
     stages{
         stage("Code"){
             steps{
-                clone("https://github.com/Amitabh-DevOps/banking-app-project.git","dev")
+                git branch: 'dev',
+                    url: 'https://github.com/Amitabh-DevOps/banking-app-project.git'
                 echo "Code clonning done."
             }
         }

Committable suggestion skipped: line range outside the PR's diff.