Merge branch 'main' of https://github.com/DevOps-Video-Sharing/VideoService

Trinh-Tan-Dat · Trinh-Tan-Dat · commit aea4ae6109b1 · 2024-06-10T09:39:06.000+07:00
diff --git a/.github/workflows/build-image.yaml b/.github/workflows/build-image.yaml
@@ -0,0 +1,37 @@
+name: Build Image Video Service
+
+on:
+  workflow_call:
+    secrets:
+      DOCKER_HUB_ACCESS_TOKEN:
+        required: true
+
+jobs:
+  build-image:
+    name: Build and Push Docker Image
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Setup JDK 17
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'corretto'
+          java-version: 17
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: datuits
+          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+      - name: Build the application
+        run: |
+          mvn clean
+          mvn -B package --file pom.xml
+
+      - name: Build and Push the docker image
+        run: |
+          docker build -t datuits/devops-video-service:latest .
+          docker push datuits/devops-video-service:latest
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -6,10 +6,11 @@ on:
       - main
 
 jobs:
-  build-deploy:
-    name: Build and Deploy Comment Service 
+  testing:
+    name: Testing Video Service
     runs-on: ubuntu-latest
     steps:
+
       - name: Checkout code
         uses: actions/checkout@v3
 
@@ -23,4 +24,28 @@ jobs:
         run: echo "SPRING_DATA_MONGODB_URI=mongodb://localhost:27017/video-service" >> $GITHUB_ENV
 
       - name: Unit Tests
-        run: mvn -B test --file pom.xml
+        run: mvn -B test --file pom.xml
+
+      # - name: SonarQube Scan
+      #   env:
+      #     SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      #   run: mvn org.sonarsource.scanner.maven:sonar-maven-plugin:4.0.0.4121:sonar \
+      #         -Dsonar.projectKey=devops-video-sharing \
+      #         -Dsonar.host.url=https://sonarcloud.io \
+      #         -Dsonar.login=${{ secrets.SONAR_TOKEN }}
+
+  build-image:
+    needs: testing
+    uses: ./.github/workflows/build-image.yaml
+    secrets:
+      DOCKER_HUB_ACCESS_TOKEN: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+
+  scan-image:
+    needs: build-image
+    uses: ./.github/workflows/scan-image.yaml
+
+  notify:
+    needs: scan-image
+    uses: ./.github/workflows/notifyCI.yaml
+    secrets:
+      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
diff --git a/.github/workflows/notifyCI.yaml b/.github/workflows/notifyCI.yaml
@@ -0,0 +1,36 @@
+name: Send Slack Notification for Video Service 
+
+on:
+  workflow_call:
+    secrets:
+      SLACK_WEBHOOK_URL:
+        required: true
+
+jobs:
+  success_notifier:
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Send success notification on Slack
+        uses: slackapi/slack-github-action@v1.24.0
+        with:
+          payload: |
+            {
+              "text": "The Continuous Integration for Video Service workflow has completed successfully."
+            }
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+
+  failure_notifier:
+    if: ${{ github.event.workflow_run.conclusion != 'success' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Send failure notification on Slack
+        uses: slackapi/slack-github-action@v1.24.0
+        with:
+          payload: |
+            {
+              "text": "The Continuous Integration for Video Service workflow has failed."
+            }
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
diff --git a/.github/workflows/scan-image.yaml b/.github/workflows/scan-image.yaml
@@ -0,0 +1,46 @@
+name: Scan Image Video Service
+on:
+  workflow_call:
+
+jobs:
+  scan-image:
+    name: Security Scan
+    runs-on: ubuntu-latest
+    steps:
+      - name: Install Trivy
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y wget
+          wget https://github.com/aquasecurity/trivy/releases/download/v0.40.0/trivy_0.40.0_Linux-64bit.deb
+          sudo dpkg -i trivy_0.40.0_Linux-64bit.deb
+
+      - name: Scan Docker image with Trivy
+        id: scan-image
+        run: |
+          trivy image --format json --output scan-results.json datuits/devops-video-service:latest
+        
+      - name: Extract high and critical vulnerabilities
+        id: extract_vulnerabilities
+        run: |
+          jq -r '
+          def hr(severity):
+            if severity == "HIGH" or severity == "CRITICAL" then true else false end;
+          def to_md:
+            "| " + (.VulnerabilityID // "") + " | " + (.PkgName // "") + " | " + (.InstalledVersion // "") + " | " + (.Severity // "") + " | " + (.Title // "") + " |";
+          [
+            "# Docker Image Scan Results",
+            "",
+            "## High and Critical Vulnerabilities",
+            "",
+            "| Vulnerability ID | Package | Version | Severity | Description |",
+            "|------------------|---------|---------|----------|-------------|",
+            (.Results[] | .Vulnerabilities[] | select(hr(.Severity)) | to_md),
+            ""
+          ] | join("\n")
+          ' scan-results.json > vulnerability-report.md
+
+      - name: Upload vulnerability report
+        uses: actions/upload-artifact@v2
+        with:
+          name: vulnerability-report
+          path: vulnerability-report.md
diff --git a/database.yaml b/database.yaml
@@ -0,0 +1,38 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: video-mongo-deployment
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mongo
+  template:
+    metadata:
+      labels:
+        app: mongo
+    spec:
+      containers:
+      - name: mongo
+        image: mongo:latest
+        ports:
+        - containerPort: 27017
+        env:
+        - name: MONGO_INITDB_DATABASE
+          value: video-service
+        resources:
+            limits:
+              memory: 512Mi
+              cpu: "1"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: video-mongo-service
+spec:
+  selector:
+    app: mongo
+  ports:
+    - protocol: TCP
+      port: 27017
+      targetPort: 27017
diff --git a/resources.yaml b/resources.yaml
@@ -1,45 +1,3 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: video-mongo-deployment
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: mongo
-  template:
-    metadata:
-      labels:
-        app: mongo
-    spec:
-      containers:
-      - name: mongo
-        image: mongo:latest
-        ports:
-        - containerPort: 27017
-        env:
-        - name: MONGO_INITDB_DATABASE
-          value: video-service
-        resources:
-          requests:
-            memory: 128Mi
-            cpu: "0.2"
-          limits:
-            memory: 256Mi
-            cpu: "1"
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: video-mongo-service
-spec:
-  selector:
-    app: mongo
-  ports:
-    - protocol: TCP
-      port: 27017
-      targetPort: 27017
-
 ---
 apiVersion: apps/v1
 kind: Deployment
@@ -66,9 +24,6 @@ spec:
           - name: SPRING_DATA_MONGODB_URI
             value: mongodb://video-mongo-service:27017/video-service
           resources:
-            requests:
-              memory: 256Mi
-              cpu: "0.4"
             limits:
               memory: 512Mi
               cpu: "1"
