Issue 357 (#28)

anmolnagpal · VishwajitNagulkar · AshutoshAM2002 · web-flow · commit f9b774e4cedf · 2023-05-25T08:30:02.000-04:00
Co-authored-by: Vishwajit Nagulkar &lt;119565952+VishwajitNagulkar@users.noreply.github.com&gt;
Co-authored-by: vishwajitnagulkar &lt;nagulkarvishwajit1999@gmail.com&gt;
Co-authored-by: Ashutosh Mahajan &lt;ashutoshmahajan2002@gmail.com&gt;
Co-authored-by: Ashutosh Mahajan &lt;78293616+AshutoshAM2002@users.noreply.github.com&gt;
Co-authored-by: Nikita Dugar &lt;nikita@clouddrove.com&gt;
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -3,7 +3,7 @@ name: docker-build-push
 on:
   workflow_call:
     inputs:
-      user:
+      registry:
         required: true
         type: string
       images:
@@ -15,24 +15,21 @@ on:
       ECR_REPOSITORY:
         required: true
         type: string
-      registry:
-        required: true
-        type: string
       IMAGE_TAG:
         required: true
         type: string
       
     secrets:
-      aws-access-key-id:
+      AWS_ACCESS_KEY_ID:
         description: 'aws access keys'
         required: true
-      aws-secret-access-key:
+      AWS_SECRET_ACCESS_KEY:
         description: 'aws secret access keys'
         required: true
-      dockerhub-username:
+      DOCKERHUB_USERNAME:
         description: 'dockerhub username'
         required: true
-      dockerhub-password:
+      DOCKERHUB_PASSWORD:
         description: 'dockerhub password'
         required: true
 
@@ -49,8 +46,8 @@ jobs:
       - name: Login to Docker Hub
         uses: docker/login-action@v2
         with:
-          username: ${{ secrets.dockerhub-username }}
-          password: ${{ secrets.dockerhub-password }}
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
       - name: Push docker image to DOCKERHUB
         if: ${{ inputs.registry == 'DOCKERHUB' }}
@@ -64,8 +61,8 @@ jobs:
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v2
         with:
-          aws-access-key-id: ${{ secrets.aws-access-key-id }}
-          aws-secret-access-key: ${{ secrets.aws-secret-access-key }}
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: ${{ inputs.aws-region }}
 
       - name: Login to Amazon ECR
diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml
@@ -7,26 +7,22 @@ on:
         required: true
         type: string
         description: 'Cloud provider to run the workflow. e.g. azure or aws'
-      aws-region:
-        required: false
-        type: string
-        description: 'AWS EKS cluster region'
       eks-cluster-name:
         required: false
         type: string
         description: 'EKS cluster name'
-      resource-group:
+      aws-region:
         required: false
         type: string
-        description: 'Container for managing Azure resources'
+        description: 'AWS EKS cluster region'
       azure-cluster-name:
         required: false
         type: string
         description: 'Azure cluster name'
-      namespace:
+      resource-group:
         required: false
         type: string
-        description: 'Boundary for Kubernetes resources'
+        description: 'Container for managing Azure resources'
       helm-chart-directory:
         required: true
         type: string
@@ -35,14 +31,11 @@ on:
         required: false
         type: string
         description: 'Unique ID for installed chart'
-      rollback:
-         required: false
-         type: string
-         description: 'Environment name for rollback'
       timeout:
          required: true
          type: string
          description: 'Timeout for helm install step in seconds'
+         default: '120s'
       set-parameters:
         required: false
         type: string 
@@ -55,6 +48,15 @@ on:
         required: true
         type: number
         description: 'number of revisions stored in the revision history.'
+        default: '7'
+      namespace:
+        required: false
+        type: string
+        description: 'Boundary for Kubernetes resources'
+      rollback:
+         required: false
+         type: string
+         description: 'Environment name for rollback'
     secrets:
       aws-access-key-id:
         description: 'AWS Access Key ID'
diff --git a/README.md b/README.md
@@ -1,52 +1,37 @@
-<h1 align="center">github-shared-workflows</h1>
+<h1 align="center">GitHub-Shared-Workflows</h1>
+<p align="center">
+GitHub shared workflow defines a workflow that we can use in multiple repos with a simple structure.
+</p>
 
-## SST Workflow
-
-This workflow is used to deploy serverless stack (SST) application on AWS environment. Workflows have been added in `.github/workflows/sst_workflow.yml`.
-
-Below workflow can be used to deploy SST in preview environment when pull request generated and it destroys the preview environment when pull request closed, merged and labeled as destroy, similarly staging and production is deployed using there defined branches.
+This repo offers to using a workflow with a simple calling structure and proper documentation. This shared workflow feature can overcome the issue of upgrading hundreds of workflows whenever any new updation is required. In this repo, we have many kinds of workflows related to Terraform, Kubernetes, Helm, SST, and regular workflows like maintain changelog, auto assignee, and many more.
 
+## How shared workflow use
 ```yaml
-name: SST Workflow
-
-on:
-  pull_request: 
-    types: [closed, merged, labeled]
-  workflow_dispatch:
 jobs:
-  preview:
-    uses: clouddrove/github-shared-workflows/.github/workflows/sst_workflow.yml@master
-    with:
-      app-env: # preview                  
-      working-directory: # specify your working folder from repo
+  staging: # Job name
+    uses: clouddrove/github-shared-workflows/.github/workflows/example.yml@master
     secrets:
-      aws-access-key-id: # AWS Access Key ID for preview
-      aws-secret-access-key: # AWS Secret Access Key for preview
-
-  staging:
-    if: ${{ github.base_ref == 'stage' }}
-    uses: clouddrove/github-shared-workflows/.github/workflows/sst_workflow.yml@master
+      SECRET_1:
+      SECRET_2: 
     with:
-      app-env: # stage                      
-      working-directory: # specify your working folder from repo
-    secrets:
-      aws-access-key-id: # AWS Access Key ID for stage
-      aws-secret-access-key: # AWS Secret Access Key for stage
-
-  production:
-    if: ${{ github.base_ref == 'master' }}
-    uses: clouddrove/github-shared-workflows/.github/workflows/sst_workflow.yml@master
-    with:
-      app-env: # prod                   
-      working-directory: # specify your working folder from repo
-    secrets:
-      aws-access-key-id: # AWS Access Key ID for prod
-      aws-secret-access-key: # AWS Secret Access Key for prod
+      input_1:                 
+      input_2:
 ```
+Above example is just a simple example to call workflow from github shared workflow to your workflow and used in the jobs as per your requirements.
+
+## 🚀 Table Of Content
+1. [SST Workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/sst.md)   
+2. [Helm Workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/helm.md)
+   * [Example for AWS cloud provider](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/helm.md#example-for-aws-cloud-provider)
+   * [Example for Azure cloud provider](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/helm.md#example-for-azure-cloud-provider) 
+3. [Docker Workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/docker.md)
+   * [Example for scan and push docker image on Dockerhub](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/docker.md#example-for-scan-and-push-docker-image-on-dockerhub)
+   * [Example for scan and push docker image on ECR](https://github.com/clouddrove/github-shared-workflows/blob/master/docs/docker.md#example-for-scan-and-push-docker-image-on-ecr)
+
 ## Feedback 
-If you come accross a bug or have any feedback, please log it in our [issue tracker](https://github.com/clouddrove/terraform-azure-aks/issues), or feel free to drop us an email at [hello@clouddrove.com](mailto:hello@clouddrove.com).
+If you come accross a bug or have any feedback, please log it in our [issue tracker](https://github.com/clouddrove/github-shared-workflows/issues), or feel free to drop us an email at [hello@clouddrove.com](mailto:hello@clouddrove.com).
 
-If you have found it worth your time, go ahead and give us a ★ on [our GitHub](https://github.com/clouddrove/terraform-azure-aks)!
+If you have found it worth your time, go ahead and give us a ★ on [our GitHub](https://github.com/clouddrove/github-shared-workflows)!
 
 ## About us
 
diff --git a/docs/docker.md b/docs/docker.md
@@ -0,0 +1,75 @@
+## Docker Workflow
+#### [1. Docker Scanner workflow reference](https://github.com/clouddrove/github-shared-workflows/blob/master/.github/workflows/docker-scanner.yml)
+#### [2. Docker push workflow reference](https://github.com/clouddrove/github-shared-workflows/blob/master/.github/workflows/docker.yml)
+
+This workflow scans the Docker image locally before pushing it to the Docker registry. Workflows have been added in `.github/workflows/docker-scanner.yml`.
+
+#### Usage
+The following workflow can build and scan a Docker image locally, providing vulnerability results under the code scanning section of the security tab. It also allows you to choose which vulnerability should block the workflow before pushing the Docker image to the Docker registry this workflow support DOCKERHUB, ECR or both.
+
+#### Example for scan and push docker image on Dockerhub
+
+```yaml
+name: Docker Workflow
+# This permission are helpful for pushing vulnerability in security tab
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+  statuses: write
+
+on:
+  workflow_dispatch:
+
+jobs:
+  docker-scanner:
+    uses: clouddrove/github-shared-workflows/.github/workflows/docker-scanner.yml@master
+    with:
+      severity: # which vulnerability should disable the workflow before pusing image to registry. eg. 'HIGH,CRITICAL,MEDIUM,LOW'
+
+  docker-push:
+    needs: docker-scanner  
+    if: ${{ success() && needs.docker-scanner.result == 'success' }}   # This condition start this docker push workflow on succesfull scanning of docker image
+    uses: clouddrove/github-shared-workflows/.github/workflows/docker.yml@master
+    secrets:
+      DOCKERHUB_USERNAME: # Dockerhub username
+      DOCKERHUB_PASSWORD: # Dockerhub password
+    with:
+      registry: # DOCKERHUB
+      images: # dockerhub repository name
+      IMAGE_TAG: # image tag eg. ${{ github.run_number }}
+```
+
+#### Example for scan and push docker image on ECR
+
+```yaml
+name: Docker Workflow
+# This permission are helpful for pushing vulnerability in security tab
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+  statuses: write
+
+on:
+  workflow_dispatch:
+
+jobs:
+  docker-scanner:
+    uses: clouddrove/github-shared-workflows/.github/workflows/docker-scanner.yml@master
+    with:
+      severity: # which vulnerability should disable the workflow before pusing image to registry. eg. 'HIGH,CRITICAL,MEDIUM,LOW'
+
+  docker-push:
+    needs: docker-scanner
+    if: ${{ success() && needs.docker-scanner.result == 'success' }}   # This condition start this docker push workflow on succesfull scanning of docker image
+    uses: clouddrove/github-shared-workflows/.github/workflows/docker.yml@master
+    secrets:
+      AWS_ACCESS_KEY_ID: # AWS Access Key ID
+      AWS_SECRET_ACCESS_KEY: # AWS Secret Access Key ID
+    with:
+      registry: # 'ECR'
+      ECR_REPOSITORY: # ECR Repository name
+      aws-region: # AWS region
+      IMAGE_TAG: # image tag eg. ${{ github.run_number }}
+```
diff --git a/docs/helm.md b/docs/helm.md
@@ -0,0 +1,83 @@
+## [Helm Workflow](https://github.com/clouddrove/github-shared-workflows/blob/master/.github/workflows/helm.yml)
+
+This workflow is used to deploy and rollback Helm charts using GitHub Actions. It utilizes the workflows defined in `.github/workflows/helm.yml`
+
+#### Usage
+The helm workflow can be triggered manually using the GitHub Actions workflow dispatch feature. It deploys or rollback Helm charts based on the specified inputs. Additionally, it also performs Helm template and Helm lint operations.
+To use the helm Workflow, add the following workflow definition to your `.github/workflows/helm.yml` file:
+
+#### Example for AWS cloud provider
+
+```yaml
+name: Helm Workflow AWS
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        required: false 
+        type: choice
+        description: Select Environment name
+        options:
+          -            # This option is blank beacause we did not given name to helm deploy or you can give this name eg. deploy
+          - rollback   # GitHub manual workflow trigger with environment selection for rollback
+jobs:
+  aws:
+    uses: clouddrove/github-shared-workflows/.github/workflows/helm.yml@master
+    secrets:
+      AWS_ACCESS_KEY_ID: # AWS Access Key ID
+      AWS_SECRET_ACCESS_KEY: # AWS Secret Access Key ID
+    with:
+      provider: # aws 
+      aws-region: # AWS region 
+      helm-chart-directory: # Helm chart directory from repo
+      eks-cluster-name: # EKS cluster name 
+      release-name: # Helm chart realease name
+      helm-chart-directory: # Helm chart directory from repo
+      # Set parameter is optionals below format support set parameter
+      set-parameters:
+       # --set image.tag=latest
+       # --set replicaCount=3
+       # --set service.type=LoadBalancer
+      timeout: # Timeout in seconds default values is 120s
+      values-file-path: #Values file path
+      history-max: # Revision history deafault values is 7
+      namespace: # Namespace 
+      rollback: ${{ github.event.inputs.environment }}  # Mandetory input do not change this 
+```
+
+#### Example for Azure cloud provider
+
+```yaml
+name: Helm Workflow Azure
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        required: false 
+        type: choice
+        description: Select Environment name
+        options:
+          -            # This option is blank beacause we did not given name to helm deploy or you can give this name eg. deploy
+          - rollback   # GitHub manual workflow trigger with environment selection for rollback
+jobs:
+  azure:
+    uses: clouddrove/github-shared-workflows/.github/workflows/helm.yml@master
+    secrets:
+      AZURE_CREDENTIALS: # Azure Credentials
+    with:
+      provider: # azure
+      azure-cluster-name: # Azure cluster name
+      resource-group: # Resource group name
+      release-name: # Helm chart realease name
+      helm-chart-directory: # Helm chart directory from repo
+      # Set parameter is optionals below format support set parameters
+      set-parameters:
+       # --set image.tag=latest
+       # --set replicaCount=3
+       # --set service.type=LoadBalancer
+      timeout: # Timeout in seconds default values is 120s
+      values-file-path: #Values file path
+      history-max: # Revision history deafault values is 7
+      namespace: # Namespace 
+      rollback: ${{ github.event.inputs.environment }}  # Mandetory input do not change this 
+```
diff --git a/docs/sst.md b/docs/sst.md
