Add CI and build image

Author: DucBaoUIT

.github/workflows/build-image.yaml

@@ -0,0 +1,31 @@
+name: Build Image Frontend
+
+on:
+  workflow_call:
+    secrets:
+
+      DOCKER_HUB_ACCESS_TOKEN:
+        required: true
+
+jobs:
+  build-image:
+    name: Build and Push Docker Image
+    runs-on: ubuntu-latest
+    steps:
+        - name: Build Docker Image
+          uses: docker/[email protected]
+          with:
+            push: false
+            tags: datuits/devops-frontend:latest
+
+        - name: Login to Docker Hub
+          uses: docker/login-action@v1
+          with:
+            username: datuits
+            password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+        - name: Push to Docker Hub
+          uses: docker/build-push-action@v2
+          with:
+            push: true
+            tags: datuits/devops-frontend:latest

.github/workflows/main.yaml

@@ -0,0 +1,58 @@
+name: Continuous Integration for Frontend
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  testing:
+    name: Testing Frontend
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [18.x]
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Use Node.js ${{ matrix.node-version }}
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node-version }}
+
+      - name: Run Build App
+        run: 
+            npm ci
+            npm run build
+        env:
+          CI: ""
+
+      - name: Set up MongoDB URI
+        run: echo "SPRING_DATA_MONGODB_URI=mongodb://localhost:27017/frontend" >> $GITHUB_ENV
+
+  # sonar-cloud-scan:
+  #   needs: testing
+  #   uses: ./.github/workflows/sonarqube-scan.yaml
+  #   secrets: 
+  #     SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+
+  build-image:
+    needs: testing
+    uses: ./.github/workflows/build-image.yaml
+    secrets:
+      DOCKER_HUB_ACCESS_TOKEN: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+#   scan-image:
+#     needs: build-image
+#     uses: ./.github/workflows/scan-image.yaml
+
+  # notify:
+  #   needs: scan-image
+  #   uses: ./.github/workflows/notifyCI.yaml
+  #   secrets:
+  #     SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+
+  ### Push image ###

.github/workflows/notifyCI.yaml

@@ -0,0 +1,36 @@
+name: Send Slack Notification for Frontend
+
+on:
+  workflow_call:
+    secrets:
+      SLACK_WEBHOOK_URL:
+        required: true
+
+jobs:
+  success_notifier:
+    if: success()
+    runs-on: ubuntu-latest
+    steps:
+      - name: Send success notification on Slack
+        uses: slackapi/[email protected]
+        with:
+          payload: |
+            {
+              "text": "The Continuous Integration for Frontend workflow has completed successfully."
+            }
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+
+  failure_notifier:
+    if: failure()
+    runs-on: ubuntu-latest
+    steps:
+      - name: Send failure notification on Slack
+        uses: slackapi/[email protected]
+        with:
+          payload: |
+            {
+              "text": "The Continuous Integration for Frontend workflow has failed."
+            }
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

.github/workflows/scan-image.yaml

@@ -0,0 +1,47 @@
+name: Scan Image Frontend
+on:
+  workflow_call:
+
+jobs:
+  scan-image:
+    name: Security Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install Trivy
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y wget
+          wget https://github.com/aquasecurity/trivy/releases/download/v0.40.0/trivy_0.40.0_Linux-64bit.deb
+          sudo dpkg -i trivy_0.40.0_Linux-64bit.deb
+
+      - name: Scan Docker image with Trivy
+        id: scan-image
+        run: |
+          trivy image --format json --output scan-results.json datuits/devops-frontend:latest
+        
+      - name: Extract high and critical vulnerabilities
+        id: extract_vulnerabilities
+        run: |
+          jq -r '
+          def hr(severity):
+            if severity == "HIGH" or severity == "CRITICAL" then true else false end;
+          def to_md:
+            "| " + (.VulnerabilityID // "") + " | " + (.PkgName // "") + " | " + (.InstalledVersion // "") + " | " + (.Severity // "") + " | " + (.Title // "") + " |";
+          [
+            "# Docker Image Scan Results",
+            "",
+            "## High and Critical Vulnerabilities",
+            "",
+            "| Vulnerability ID | Package | Version | Severity | Description |",
+            "|------------------|---------|---------|----------|-------------|",
+            (.Results[] | .Vulnerabilities[] | select(hr(.Severity)) | to_md),
+            ""
+          ] | join("\n")
+          ' scan-results.json > vulnerability-report.md
+
+      - name: Upload vulnerability report
+        uses: actions/upload-artifact@v2
+        with:
+          name: vulnerability-report
+          path: vulnerability-report.md
+          

.github/workflows/sonarqube-scan.yaml

@@ -0,0 +1,18 @@
+name: SonarCloud for Frontend
+on:
+  workflow_call:
+    secrets: 
+      SONAR_TOKEN: 
+        required: true
+jobs:
+  sonarcloud-scan:
+    name: SonarCloud
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: SonarCloud Scan
+        uses: SonarSource/sonarcloud-github-action@master
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}