99 - master
1010
1111env :
12+ AWS_REGION : ap-southeast-2
13+ ECR_REPOSITORY : restapi-users
1214 EKS_CLUSTER_NAME : restapi-users-cluster
1315
1416jobs :
15- build_and_test :
16- name : Build, Test, and Push
17+ build :
18+ name : Build, Test & Push
1719 runs-on : ubuntu-latest
20+ outputs :
21+ image : ${{ steps.build-image.outputs.image }}
22+
1823 steps :
1924 - name : Checkout Code
2025 uses : actions/checkout@v4
2429 with :
2530 aws-access-key-id : ${{ secrets.AWS_ACCESS_KEY_ID }}
2631 aws-secret-access-key : ${{ secrets.AWS_SECRET_ACCESS_KEY }}
27- aws-region : ${{ secrets .AWS_REGION }}
32+ aws-region : ${{ env .AWS_REGION }}
2833
2934 - name : Login to Amazon ECR
3035 id : login-ecr
@@ -41,29 +46,32 @@ jobs:
4146 - name : Run Unit Tests
4247 run : npm test
4348
44- - name : Security Scan with Trivy
49+ - name : Build and tag the Docker image
50+ id : build-image
51+ run : |
52+ IMAGE_TAG=${{ github.sha }}
53+ docker build -t ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${IMAGE_TAG} .
54+ echo "image=${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${IMAGE_TAG}" >> $GITHUB_OUTPUT
55+
56+ name : Scan Docker Image with Trivy
4557 uses : aquasecurity/trivy-action@master
4658 with :
47- image-ref : ${{ steps.login-ecr .outputs.registry }}/${{ secrets.ECR_REPOSITORY }}:${{ github.sha }}
59+ image-ref : ${{ steps.build-image .outputs.image }}
4860 format : " table"
4961 exit-code : " 1"
5062 ignore-unfixed : true
5163 vuln-type : " os,library"
5264 severity : " CRITICAL,HIGH"
5365
54- - name : Build and Push Docker Image
55- env :
56- ECR_REGISTRY : ${{ steps.login-ecr.outputs.registry }}
57- IMAGE_TAG : ${{ github.sha }}
58- run : |
59- docker build -t $ECR_REGISTRY/${{ secrets.ECR_REPOSITORY }}:$IMAGE_TAG .
60- docker push $ECR_REGISTRY/${{ secrets.ECR_REPOSITORY }}:$IMAGE_TAG
66+ - name : Push image to Amazon ECR
67+ run : docker push ${{ steps.build-image.outputs.image }}
6168
62- deploy_to_staging :
69+ deploy :
6370 name : Deploy to Staging (EKS)
64- needs : build_and_test
71+ needs : build
6572 runs-on : ubuntu-latest
66- if : github.ref == 'refs/heads/master'
73+ if : github.ref == 'refs/heads/master' && github.event_name == 'push'
74+
6775 steps :
6876 - name : Checkout Code
6977 uses : actions/checkout@v4
@@ -73,25 +81,19 @@ jobs:
7381 with :
7482 aws-access-key-id : ${{ secrets.AWS_ACCESS_KEY_ID }}
7583 aws-secret-access-key : ${{ secrets.AWS_SECRET_ACCESS_KEY }}
76- aws-region : ${{ secrets .AWS_REGION }}
84+ aws-region : ${{ env .AWS_REGION }}
7785
7886 - name : Set up Kubeconfig
79- run : aws eks update-kubeconfig --name $EKS_CLUSTER_NAME --region $AWS_REGION
87+ run : aws eks update-kubeconfig --name ${{ env. EKS_CLUSTER_NAME }} --region ${{ env. AWS_REGION }}
8088
8189 - name : Create K8s Secret File from GitHub Secrets
8290 run : echo "${{ secrets.K8S_SECRET_YAML }}" > k8s/secret.yaml
8391
84- - name : Deploy to Kubernetes
85- env :
86- ECR_REGISTRY : ${{ needs.build_and_test.outputs.registry }}
87- IMAGE_TAG : ${{ github.sha }}
88- run : |
89- sed -i "s|<YOUR_ECR_REPOSITORY_URL>|${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}|g" k8s/deployment.yaml
92+ - name : Update Kubernetes deployment manifest
93+ run : sed -i "s|IMAGE_PLACEHOLDER|${{ needs.build.outputs.image }}|g" k8s/deployment.yaml
9094
91- kubectl apply -f k8s/secret.yaml
92- kubectl apply -f k8s/configmap.yaml
93- kubectl apply -f k8s/deployment.yaml
94- kubectl apply -f k8s/service.yaml
95- kubectl apply -f k8s/ingress.yaml
95+ - name : Apply Kubernetes manifests
96+ run : kubectl apply -f k8s/
9697
97- kubectl rollout restart deployment restapi-users-deployment
98+ - name : Verify deployment rollout
99+ run : kubectl rollout status deployment/restapi-users-deployment --timeout=120s
0 commit comments