Enterprise Jenkins Pipeline: Deploy WAR to DEV, QA, UAT, and PROD with Approval Gates, Rollback, and SCP
Source: Dev.to
Introduction
In modern enterprise environments, deploying applications manually to multiple environments (DEV, QA, UAT, PROD) is risky, error‑prone, and inefficient.
Organizations need
- Automated deployments
- Environment‑specific targeting
- Approval gates for production
- Backup and rollback capability
- Secure file transfer
- High reliability and auditability
In this article we will build a production‑grade Jenkins pipeline that deploys a WAR file across multiple environments using:
- Parameterized pipelines
- SCP deployment
- SSH secure authentication
- Approval gates
- Automatic backup
- Rollback support
- Tomcat restart
- Deployment verification
This architecture is used in real enterprise environments.
Enterprise Deployment Architecture
Developer
↓
Git Repository
↓
Jenkins Pipeline
↓
Build WAR File
↓
Select Environment (DEV/QA/UAT/PROD)
↓
Approval Gate (PROD only)
↓
Backup Existing WAR
↓
Deploy WAR using SCP
↓
Restart Tomcat
↓
Health Check Verification
↓
Application LivePrerequisites
Before implementing this pipeline, ensure the following:
1. Jenkins Installed
Required plugins
- Pipeline Plugin
- SSH Agent Plugin
- Credentials Plugin
2. Add SSH Credentials in Jenkins
Navigate: Manage Jenkins → Credentials → Global → Add Credentials
- Kind: SSH Username with private key
- ID:
tomcat-key - Username:
ec2-user - Private key: Paste PEM file
3. Tomcat Installed on Target Servers
Typical deployment path:
/opt/tomcat/webapps/⚙️ Complete Enterprise Jenkins Pipeline
pipeline {
agent any
tools {
maven 'Maven-3.9'
}
parameters {
choice(
name: 'ENV',
choices: ['DEV', 'QA', 'UAT', 'PROD'],
description: 'Select Deployment Environment'
)
booleanParam(
name: 'ROLLBACK',
defaultValue: false,
description: 'Rollback deployment'
)
}
environment {
DEV_SERVER = "10.0.0.10"
QA_SERVER = "10.0.0.20"
UAT_SERVER = "10.0.0.30"
PROD_SERVER = "10.0.0.40"
USER = "ec2-user"
DEPLOY_PATH = "/opt/tomcat/webapps/"
BACKUP_PATH = "/opt/tomcat/backup/"
WAR_FILE = "target/myapp.war"
}
stages {
stage('Checkout') {
steps {
git 'https://GitHub.com/sresrinivas/EBusibess.git'
}
}
stage('Build WAR') {
when { expression { params.ROLLBACK == false } }
steps {
sh 'mvn clean package'
}
}
stage('Select Server') {
steps {
script {
if (params.ENV == "DEV") env.SERVER = env.DEV_SERVER
if (params.ENV == "QA") env.SERVER = env.QA_SERVER
if (params.ENV == "UAT") env.SERVER = env.UAT_SERVER
if (params.ENV == "PROD") env.SERVER = env.PROD_SERVER
}
}
}
stage('Approval for PROD') {
when { expression { params.ENV == 'PROD' } }
steps {
input message: "Approve deployment to PROD?", ok: "Deploy"
}
}
stage('Backup WAR') {
steps {
sshagent(['tomcat-key']) {
sh """
ssh -o StrictHostKeyChecking=no ${USER}@${SERVER} '
mkdir -p ${BACKUP_PATH}
cp ${DEPLOY_PATH}/myapp.war ${BACKUP_PATH}/myapp-${BUILD_NUMBER}.war || true
'
"""
}
}
}
stage('Deploy WAR') {
when { expression { params.ROLLBACK == false } }
steps {
sshagent(['tomcat-key']) {
sh """
scp -o StrictHostKeyChecking=no \
${WAR_FILE} \
${USER}@${SERVER}:${DEPLOY_PATH}
"""
}
}
}
stage('Rollback WAR') {
when { expression { params.ROLLBACK == true } }
steps {
sshagent(['tomcat-key']) {
sh """
ssh -o StrictHostKeyChecking=no ${USER}@${SERVER} '
cp ${BACKUP_PATH}/myapp-${BUILD_NUMBER}.war ${DEPLOY_PATH}/myapp.war
'
"""
}
}
}
stage('Restart Tomcat') {
steps {
sshagent(['tomcat-key']) {
sh """
ssh -o StrictHostKeyChecking=no ${USER}@${SERVER} '
systemctl restart tomcat
'
"""
}
}
}
stage('Health Check') {
steps {
sh """
curl -I http://${SERVER}:8080/myapp || true
"""
}
}
}
}Rollback Mechanism
If deployment fails, simply re‑run the pipeline with ROLLBACK = true. The pipeline will restore the previous WAR file automatically.
Production Safety Mechanisms
- Manual approval for PROD deployments
- Backup before deployment
- Secure SSH authentication (via Jenkins credentials)
- Health‑check verification after restart
Key Enterprise Features
- Parameterized environment selection
- Secure SSH/SCP transfers
- Automated backup & rollback
- Manual approval gate for production
- Tomcat service management
- Post‑deployment health verificationJenkins Enterprise Deployment Pipeline
Features
✔ Multi‑Environment Deployment
The pipeline supports seamless deployment to DEV, QA, UAT, and PROD using a single Jenkins job. Engineers can select the target environment dynamically at runtime.
✔ Secure Deployment using SCP and SSH
WAR files are transferred securely via SCP with SSH‑key authentication, guaranteeing encrypted communication between Jenkins and the target servers.
✔ Production Approval Gate
A manual approval step is required before any production deployment, preventing accidental releases and enforcing controlled roll‑outs.
✔ Automatic Backup Before Deployment
The pipeline automatically backs up the currently deployed WAR file, ensuring a stable version is always available for recovery.
✔ Instant Rollback Capability
If a deployment fails or introduces issues, the pipeline can instantly restore the previous version from the backup, minimizing downtime and risk.
✔ Fully Automated Deployment Workflow
From build → deployment → service restart → verification, the entire process is automated, reducing manual intervention and human error.
✔ Secure Credential Management
All SSH keys and credentials are stored securely in Jenkins Credentials Manager, providing enterprise‑grade security.
✔ Deployment Verification & Health Check
After deployment, automated health checks verify application availability, confirming a successful release.
Real Enterprise Benefits
✔ Eliminates Manual Deployment Risks
Automation removes the errors, inconsistencies, and delays inherent to manual deployments.
✔ Improves Deployment Speed & Efficiency
What once took 30–60 minutes manually now completes in minutes.
✔ Ensures Production Safety & Stability
Approval gates, backups, and rollback mechanisms keep production environments safe.
✔ Enables Faster Release Cycles
Teams can ship features, fixes, and updates quickly, supporting agile and DevOps practices.
✔ Provides Full Traceability & Auditability
Every deployment is logged in Jenkins, giving complete traceability for compliance.
✔ Reduces Downtime & Improves Reliability
Automatic rollback and health checks keep applications highly available.
✔ Enhances DevOps Automation Maturity
The pipeline reflects enterprise‑level practices used in banking, fintech, healthcare, and large‑scale cloud environments.
✔ Supports Scalable & Future‑Ready Architecture
Easily extendable to Kubernetes, cloud deployments, blue‑green strategies, and GitOps workflows.
Future Improvements
You can enhance the pipeline further with:
- Blue‑Green Deployment
- Canary Deployment
- Kubernetes Deployment
- Automated Rollback on Health‑Check Failure
- Slack (or other) Notifications
- GitOps Integration
Conclusion
This Jenkins pipeline delivers a complete, enterprise‑grade deployment solution featuring:
- Multi‑environment deployment
- Secure SCP transfer
- Production approval gates
- Automatic backup & instant rollback
- Fully automated workflow
It represents a real‑world production deployment pattern adopted by DevOps teams worldwide.