Skip to content

feat: implemented CI #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: implemented CI #25

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
The diff you're trying to view is too large. We only load the first 3000 changed files.
96 changes: 96 additions & 0 deletions .github/workflow/ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
# CICD using GitHub actions

name: CI/CD

# Exclude the workflow to run on changes to the helm chart
on:
push:
branches:
- main
paths-ignore:
- 'helm/**'
- 'k8s/**'
- 'README.md'

jobs:

build:
runs-on: ubuntu-latest

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Set up Go 1.22
uses: actions/setup-go@v2
with:
go-version: 1.22

- name: Build
run: go build -o go-web-app

- name: Test
run: go test ./...

code-quality:
runs-on: ubuntu-latest

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Run golangci-lint
uses: golangci/golangci-lint-action@v6
with:
version: v1.56.2

push:
runs-on: ubuntu-latest

needs: build

steps:
Comment on lines +50 to +52
Copy link

@coderabbitai coderabbitai bot Jul 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Ensure lint passes before pushing an image

push currently depends only on build. If golangci-lint fails, the Docker image will still be published.

-  push:
+  push:
     runs-on: ubuntu-latest
-    needs: build
+    needs: [build, code-quality]

This blocks publishing on failing quality gates and avoids shipping broken code.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
needs: build
steps:
push:
runs-on: ubuntu-latest
needs: [build, code-quality]
steps:
🤖 Prompt for AI Agents 
In .github/workflow/ci.yaml around lines 50 to 52, the push job depends only on
the build job, allowing the Docker image to be published even if golangci-lint
fails. Modify the push job's needs section to include both build and
golangci-lint jobs so that pushing the image only occurs if both build and lint
pass, preventing broken code from being shipped.

- name: Checkout repository
uses: actions/checkout@v4

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1

- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Build and Push action
uses: docker/build-push-action@v6
with:
context: .
file: ./Dockerfile
push: true
tags: ${{ secrets.DOCKERHUB_USERNAME }}/go-web-app:${{github.run_id}}

update-newtag-in-helm-chart:
runs-on: ubuntu-latest

needs: push

steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
token: ${{ secrets.TOKEN }}

- name: Update tag in Helm chart
run: |
sed -i 's/tag: .*/tag: "${{github.run_id}}"/' helm/go-web-app-chart/values.yaml

- name: Commit and push changes
Comment on lines +84 to +88
Copy link

@coderabbitai coderabbitai bot Jul 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

sed replacement risks corrupting YAML – quote the tag value literally

The current command interprets the ${{github.run_id}} on the runner side, not inside the file, producing something like tag: 12345" (note unmatched quote). Use single quotes around the expression part or insert via yq:

- sed -i 's/tag: .*/tag: "${{github.run_id}}"/' helm/go-web-app-chart/values.yaml
+ sed -i "s/^  tag: .*/  tag: \"${{ github.run_id }}\"/" helm/go-web-app-chart/values.yaml

Or, better:

yq e '.image.tag = strenv(GITHUB_RUN_ID)' -i helm/go-web-app-chart/values.yaml

This keeps the YAML valid even if the line has leading spaces.

🤖 Prompt for AI Agents 
In .github/workflow/ci.yaml around lines 84 to 88, the sed command used to
update the tag in the Helm chart risks corrupting the YAML by improperly quoting
the tag value and interpreting the GitHub run ID on the runner side. Replace the
sed command with a yq command that sets the image.tag field using the
environment variable GITHUB_RUN_ID, ensuring the YAML remains valid and
indentation is preserved. Use the command: yq e '.image.tag =
strenv(GITHUB_RUN_ID)' -i helm/go-web-app-chart/values.yaml.

run: |
git config --global user.email "[email protected]"
git config --global user.name "rakesh-IT5"
git add helm/go-web-app-chart/values.yaml
git commit -m "Update tag in Helm chart"
git push


38 changes: 38 additions & 0 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
# Containerize the go application that we have created
# This is the Dockerfile that we will use to build the image
# and run the container

# Start with a base image
FROM golang:1.22 as base

# Set the working directory inside the container
WORKDIR /app

# Copy the go.mod and go.sum files to the working directory
COPY go.mod ./

# Download all the dependencies
RUN go mod download

# Copy the source code to the working directory
COPY . .

# Build the application
RUN go build -o main .

#######################################################
# Reduce the image size using multi-stage builds
# We will use a distroless image to run the application
FROM gcr.io/distroless/base

# Copy the binary from the previous stage
COPY --from=base /app/main .

# Copy the static files from the previous stage
COPY --from=base /app/static ./static

# Expose the port on which the application will run
EXPOSE 8080

# Command to run the application
CMD ["./main"]
Comment on lines +26 to +38
Copy link

@coderabbitai coderabbitai bot Jul 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Run as a non-root user for better container hardening

gcr.io/distroless/base defaults to UID 0. Unless the binary really needs extra privileges, drop root:

 FROM gcr.io/distroless/base
 COPY --from=base /main /main
 COPY --from=base /app/static ./static
+USER nonroot:nonroot
 EXPOSE 8080
 CMD ["/main"]

Most distroless images ship the nonroot (65532) user, so this is a one-liner that satisfies many security scanners.

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents 
In Dockerfile lines 26 to 38, the container runs as root by default which is a
security risk. Modify the Dockerfile to switch to the non-root user by adding a
USER instruction with the nonroot user ID (65532) before the CMD line. This
change will run the application with lower privileges, improving container
security without affecting functionality.

54 changes: 54 additions & 0 deletions k8s/manifests/aws/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
# AWS CLI v2

This bundle contains a built executable of the AWS CLI v2.

## Installation

To install the AWS CLI v2, run the `install` script:
```
$ sudo ./install
You can now run: /usr/local/bin/aws --version
```
This will install the AWS CLI v2 at `/usr/local/bin/aws`. Assuming
`/usr/local/bin` is on your `PATH`, you can now run:
```
$ aws --version
```


### Installing without sudo

If you don't have ``sudo`` permissions or want to install the AWS
CLI v2 only for the current user, run the `install` script with the `-b`
and `-i` options:
```
$ ./install -i ~/.local/aws-cli -b ~/.local/bin
```
This will install the AWS CLI v2 in `~/.local/aws-cli` and create
symlinks for `aws` and `aws_completer` in `~/.local/bin`. For more
information about these options, run the `install` script with `-h`:
```
$ ./install -h
```

### Updating

If you run the `install` script and there is a previously installed version
of the AWS CLI v2, the script will error out. To update to the version included
in this bundle, run the `install` script with `--update`:
```
$ sudo ./install --update
```


### Removing the installation

To remove the AWS CLI v2, delete the its installation and symlinks:
```
$ sudo rm -rf /usr/local/aws-cli
$ sudo rm /usr/local/bin/aws
$ sudo rm /usr/local/bin/aws_completer
```
Note if you installed the AWS CLI v2 using the `-b` or `-i` options, you will
need to remove the installation and the symlinks in the directories you
specified.
Loading