Tools: How to create shared library lab

🧠 LAB GOAL ## 🟢 PART 1 — Create Shared Library Repository ## Step 1 — Go to GitHub ## Step 2 — Create Required Folder Structure ## Step 3 — Write First Shared Function ## Step 4 — Add Second Function ## ✅ Shared Library Repo Is Ready ## 🟢 PART 2 — Configure Shared Library in Jenkins ## Step 1 — Go To: ## Step 2 — Fill Configuration ## ✅ Shared Library Is Now Connected ## 🟢 PART 3 — Create Application Repository ## Step 1 — Add Jenkinsfile ## 🟢 PART 4 — Create Pipeline Job in Jenkins ## Step 1 — Configure SCM ## 🟢 PART 5 — Run The Pipeline ## 🧠 What Just Happened? ## 🧑‍💻 Who Creates What in Real Company? ## 🔐 What DevOps Must Pay Attention To ## 📦 Final Architecture ## 🧠 LAB GOAL ## ⚙️ PRE-REQUISITES (VERY IMPORTANT) ## 🔐 IAM PERMISSION (BEST PRACTICE) ## 🟢 PART 1 — Create ECR Repository ## 🟢 PART 2 — Create Shared Library Repo ## Step 1 — Create Folder ## Step 2 — Paste This Code ## 🟢 PART 3 — Configure Shared Library in Jenkins ## 🟢 PART 4 — Create Application Repo ## Step 1 — Add Dockerfile ## Step 2 — Add index.html ## Step 3 — Add Jenkinsfile ## 🟢 PART 5 — Create Jenkins Pipeline Job ## Configure ## ▶️ RUN BUILD ## 🔎 Verify in AWS ## 🧠 What Just Happened? ## 🏢 Real Enterprise Architecture ## 🔐 What DevOps Must Pay Attention To ## 🎯 Interview-Level Explanation By the end, you will understand: Inside that repository: Click Add file → Create new file In the file name field write: This automatically creates the vars folder. Inside vars/buildApp.groovy, paste: Click Add file → Create new file Your repo should now look like: Now go to your Jenkins UI: Manage Jenkins → Manage System Global Trusted Pipeline Libraries (We use Trusted because DevOps owns this library.) Paste your shared library GitHub URL If private: Add credentials. "Whenever someone writes @Library('company-lib'), load this repo." Now create second GitHub repository. Go to Jenkins Dashboard. Repository URL: Paste sample-app GitHub URL Watch Console Output. Step-by-step internally: Controller = Brain Agent = Worker Developers should NOT control deployment logic. Very important production topics: Shared Library solves: Shared Library function: Before starting, make sure: On Jenkins Linux Agent: Restart agent if needed. On EC2 Jenkins instance: Attach IAM Role with permissions: Best practice: use IAM Role (not access keys). Go to AWS Console → ECR → Create Repository Go to GitHub → Create new repo: Manage Jenkins → Manage System → Global Trusted Pipeline Libraries → Add SCM: Git Repository URL: your shared library repo Create new GitHub repo: Pipeline script from SCM SCM: Git Repository URL: docker-demo-app repo Branch: main Script Path: Jenkinsfile Go to AWS Console → ECR → demo-app You will see image tag: They don’t handle login or credentials. Cleanup example inside library: “How do you standardize Docker builds in Jenkins?” "I create a centralized shared library that handles Docker build and ECR push logic using IAM role authentication. This ensures consistent tagging, secure credential handling, and reuse across multiple microservices." That is senior DevOps answer. Templates let you quickly answer FAQs or store snippets for re-use. Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink. Hide child comments as well For further actions, you may consider blocking this person and/or reporting abuse CODE_BLOCK: company-shared-lib Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: company-shared-lib CODE_BLOCK: company-shared-lib CODE_BLOCK: vars/buildApp.groovy Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: vars/buildApp.groovy CODE_BLOCK: vars/buildApp.groovy CODE_BLOCK: def call() { echo "Shared Library: Starting Build Stage" sh "echo Running build on $(hostname)" } Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: def call() { echo "Shared Library: Starting Build Stage" sh "echo Running build on $(hostname)" } CODE_BLOCK: def call() { echo "Shared Library: Starting Build Stage" sh "echo Running build on $(hostname)" } CODE_BLOCK: vars/deployApp.groovy Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: vars/deployApp.groovy CODE_BLOCK: vars/deployApp.groovy CODE_BLOCK: def call(String environment) { echo "Shared Library: Deploying to ${environment}" if (environment == "prod") { input "Approve Production Deployment?" } sh "echo Deployment to ${environment} completed" } Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: def call(String environment) { echo "Shared Library: Deploying to ${environment}" if (environment == "prod") { input "Approve Production Deployment?" } sh "echo Deployment to ${environment} completed" } CODE_BLOCK: def call(String environment) { echo "Shared Library: Deploying to ${environment}" if (environment == "prod") { input "Approve Production Deployment?" } sh "echo Deployment to ${environment} completed" } CODE_BLOCK: company-shared-lib/ └── vars/ ├── buildApp.groovy └── deployApp.groovy Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: company-shared-lib/ └── vars/ ├── buildApp.groovy └── deployApp.groovy CODE_BLOCK: company-shared-lib/ └── vars/ ├── buildApp.groovy └── deployApp.groovy CODE_BLOCK: http://13.59.246.183:8080 Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: http://13.59.246.183:8080 CODE_BLOCK: http://13.59.246.183:8080 CODE_BLOCK: company-lib Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: company-lib CODE_BLOCK: company-lib CODE_BLOCK: main Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: sample-app Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: Jenkinsfile Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: Jenkinsfile CODE_BLOCK: Jenkinsfile CODE_BLOCK: @Library('company-lib') _ pipeline { agent { label 'linux' } stages { stage('Build') { steps { buildApp() } } stage('Deploy to Dev') { steps { deployApp("dev") } } stage('Deploy to Prod') { steps { deployApp("prod") } } } } Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: @Library('company-lib') _ pipeline { agent { label 'linux' } stages { stage('Build') { steps { buildApp() } } stage('Deploy to Dev') { steps { deployApp("dev") } } stage('Deploy to Prod') { steps { deployApp("prod") } } } } CODE_BLOCK: @Library('company-lib') _ pipeline { agent { label 'linux' } stages { stage('Build') { steps { buildApp() } } stage('Deploy to Dev') { steps { deployApp("dev") } } stage('Deploy to Prod') { steps { deployApp("prod") } } } } CODE_BLOCK: sample-app-pipeline Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: sample-app-pipeline CODE_BLOCK: sample-app-pipeline CODE_BLOCK: Pipeline script from SCM Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: Pipeline script from SCM CODE_BLOCK: Pipeline script from SCM CODE_BLOCK: Git Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: main Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: Jenkinsfile Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: Jenkinsfile CODE_BLOCK: Jenkinsfile CODE_BLOCK: @Library('[email protected]') _ Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: @Library('[email protected]') _ CODE_BLOCK: @Library('[email protected]') _ CODE_BLOCK: buildAndPushECR(imageName, awsRegion) Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: buildAndPushECR(imageName, awsRegion) CODE_BLOCK: buildAndPushECR(imageName, awsRegion) COMMAND_BLOCK: docker --version aws --version Enter fullscreen mode Exit fullscreen mode COMMAND_BLOCK: docker --version aws --version COMMAND_BLOCK: docker --version aws --version COMMAND_BLOCK: sudo apt update sudo apt install docker.io -y sudo apt install awscli -y sudo usermod -aG docker jenkins Enter fullscreen mode Exit fullscreen mode COMMAND_BLOCK: sudo apt update sudo apt install docker.io -y sudo apt install awscli -y sudo usermod -aG docker jenkins COMMAND_BLOCK: sudo apt update sudo apt install docker.io -y sudo apt install awscli -y sudo usermod -aG docker jenkins CODE_BLOCK: ecr:GetAuthorizationToken ecr:BatchCheckLayerAvailability ecr:PutImage ecr:InitiateLayerUpload ecr:UploadLayerPart ecr:CompleteLayerUpload Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: ecr:GetAuthorizationToken ecr:BatchCheckLayerAvailability ecr:PutImage ecr:InitiateLayerUpload ecr:UploadLayerPart ecr:CompleteLayerUpload CODE_BLOCK: ecr:GetAuthorizationToken ecr:BatchCheckLayerAvailability ecr:PutImage ecr:InitiateLayerUpload ecr:UploadLayerPart ecr:CompleteLayerUpload CODE_BLOCK: demo-app Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: 021399177326.dkr.ecr.us-east-2.amazonaws.com/demo-app Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: 021399177326.dkr.ecr.us-east-2.amazonaws.com/demo-app CODE_BLOCK: 021399177326.dkr.ecr.us-east-2.amazonaws.com/demo-app CODE_BLOCK: company-shared-lib Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: company-shared-lib CODE_BLOCK: company-shared-lib CODE_BLOCK: vars/buildAndPushECR.groovy Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: vars/buildAndPushECR.groovy CODE_BLOCK: vars/buildAndPushECR.groovy CODE_BLOCK: def call(String imageName, String region) { def accountId = sh( script: "aws sts get-caller-identity --query Account --output text", returnStdout: true ).trim() def ecrRepo = "${accountId}.dkr.ecr.${region}.amazonaws.com/${imageName}" def tag = "${env.BUILD_NUMBER}" echo "Building Docker Image..." sh "docker build -t ${imageName}:${tag} ." echo "Logging into ECR..." sh """ aws ecr get-login-password --region ${region} | \ docker login --username AWS --password-stdin ${accountId}.dkr.ecr.${region}.amazonaws.com """ echo "Tagging Image..." sh "docker tag ${imageName}:${tag} ${ecrRepo}:${tag}" echo "Pushing Image..." sh "docker push ${ecrRepo}:${tag}" echo "Image pushed successfully: ${ecrRepo}:${tag}" } Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: def call(String imageName, String region) { def accountId = sh( script: "aws sts get-caller-identity --query Account --output text", returnStdout: true ).trim() def ecrRepo = "${accountId}.dkr.ecr.${region}.amazonaws.com/${imageName}" def tag = "${env.BUILD_NUMBER}" echo "Building Docker Image..." sh "docker build -t ${imageName}:${tag} ." echo "Logging into ECR..." sh """ aws ecr get-login-password --region ${region} | \ docker login --username AWS --password-stdin ${accountId}.dkr.ecr.${region}.amazonaws.com """ echo "Tagging Image..." sh "docker tag ${imageName}:${tag} ${ecrRepo}:${tag}" echo "Pushing Image..." sh "docker push ${ecrRepo}:${tag}" echo "Image pushed successfully: ${ecrRepo}:${tag}" } CODE_BLOCK: def call(String imageName, String region) { def accountId = sh( script: "aws sts get-caller-identity --query Account --output text", returnStdout: true ).trim() def ecrRepo = "${accountId}.dkr.ecr.${region}.amazonaws.com/${imageName}" def tag = "${env.BUILD_NUMBER}" echo "Building Docker Image..." sh "docker build -t ${imageName}:${tag} ." echo "Logging into ECR..." sh """ aws ecr get-login-password --region ${region} | \ docker login --username AWS --password-stdin ${accountId}.dkr.ecr.${region}.amazonaws.com """ echo "Tagging Image..." sh "docker tag ${imageName}:${tag} ${ecrRepo}:${tag}" echo "Pushing Image..." sh "docker push ${ecrRepo}:${tag}" echo "Image pushed successfully: ${ecrRepo}:${tag}" } CODE_BLOCK: company-lib Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: company-lib CODE_BLOCK: company-lib CODE_BLOCK: main Enter fullscreen mode Exit fullscreen mode COMMAND_BLOCK: docker-demo-app Enter fullscreen mode Exit fullscreen mode COMMAND_BLOCK: docker-demo-app COMMAND_BLOCK: docker-demo-app CODE_BLOCK: Dockerfile Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: FROM nginx:alpine COPY index.html /usr/share/nginx/html/index.html Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: FROM nginx:alpine COPY index.html /usr/share/nginx/html/index.html CODE_BLOCK: FROM nginx:alpine COPY index.html /usr/share/nginx/html/index.html CODE_BLOCK: <h1>Jenkins Shared Library ECR Demo</h1> Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: <h1>Jenkins Shared Library ECR Demo</h1> CODE_BLOCK: <h1>Jenkins Shared Library ECR Demo</h1> CODE_BLOCK: @Library('company-lib') _ pipeline { agent { label 'linux' } environment { AWS_REGION = "us-east-2" IMAGE_NAME = "demo-app" } stages { stage('Build and Push to ECR') { steps { buildAndPushECR(IMAGE_NAME, AWS_REGION) } } } } Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: @Library('company-lib') _ pipeline { agent { label 'linux' } environment { AWS_REGION = "us-east-2" IMAGE_NAME = "demo-app" } stages { stage('Build and Push to ECR') { steps { buildAndPushECR(IMAGE_NAME, AWS_REGION) } } } } CODE_BLOCK: @Library('company-lib') _ pipeline { agent { label 'linux' } environment { AWS_REGION = "us-east-2" IMAGE_NAME = "demo-app" } stages { stage('Build and Push to ECR') { steps { buildAndPushECR(IMAGE_NAME, AWS_REGION) } } } } COMMAND_BLOCK: docker-ecr-pipeline Enter fullscreen mode Exit fullscreen mode COMMAND_BLOCK: docker-ecr-pipeline COMMAND_BLOCK: docker-ecr-pipeline CODE_BLOCK: 1 Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: buildAndPushECR("my-service", "us-east-2") Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: buildAndPushECR("my-service", "us-east-2") CODE_BLOCK: buildAndPushECR("my-service", "us-east-2") CODE_BLOCK: sh "docker system prune -f" Enter fullscreen mode Exit fullscreen mode CODE_BLOCK: sh "docker system prune -f" CODE_BLOCK: sh "docker system prune -f" - Create a Shared Library repository - Add proper folder structure - Configure it in Jenkins - Create an application repo - Use the library inside Jenkinsfile - Run the pipeline - Who creates it - Who uses it - What DevOps controls - What happens internally - vars folder name must be exact - File name becomes function name - def call() makes it callable like a function - Shared Library loaded - Build stage executed - Dev deployment executed - Production stage waits for approval - Jenkins Controller loaded shared library repo - It imported functions from vars - It read Jenkinsfile - It sent shell commands to linux agent - Agent executed commands - Controller saved logs - Version control shared library - Protect Git branch - Use PR approvals - Never hardcode credentials - Test library changes in dev Jenkins - Monitor disk space on agents - Pin production pipelines to specific library version - Orchestrates - Stores history - Loads library - Shared library repo - Execute build - Duplicate pipeline logic - Standardization - Security control - Production safety - Centralized CI/CD - Build Docker image - Login to ECR - Push to ECR - AmazonEC2ContainerRegistryFullAccess OR custom policy allowing: - Docker build - Docker push - Jenkins loaded shared library - It executed Groovy function - Agent built Docker image - Agent authenticated using IAM role - Agent pushed image to ECR - Controller saved logs - Writes shared library - Controls Docker logic - Controls tagging standard - Controls ECR login method - Controls security - Never store AWS keys in Jenkinsfile - Use IAM Role on EC2 - Protect shared library repo - Version library - Scan Docker image before push - Clean old Docker images to save disk