Final project Dimitar Dimitrov u34 #2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: GitHub Actions Demo | ||
| run-name: ${{ github.actor }} is deploying with GitHub Actions🚀 | ||
| on: | ||
| push: | ||
| paths-ignore: | ||
| - '_homework/*' | ||
| - 'deployment/*' | ||
| - 'terraform/*' | ||
| - 'rollout/*' | ||
| - '.pre-commit-config.yaml' | ||
| - '.gitignore' | ||
| - '.editorconfig' | ||
| - '*.md' | ||
| - 'LICENSE' | ||
| - 'github/workflows/github-action-terraform.yml' | ||
| <<<<<<< HEAD | ||
| ======= | ||
| - 'github/workflows/github-actions-demo.yml' | ||
| >>>>>>> dimitardd-281024 | ||
| branches: | ||
| - main | ||
| - feature-* | ||
| env: | ||
| IMAGE_TAG: dimitardd/dimitar-app02 | ||
| jobs: | ||
| Pylint: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Check out repo | ||
| uses: actions/checkout@v2 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Set Node version | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: '20' | ||
| - name: Set up Python | ||
| uses: actions/setup-python@v3 | ||
| with: | ||
| python-version: '3.10' | ||
| cache: 'pip' | ||
| - run: | | ||
| pip install pylint black flake8 flask prometheus_flask_exporter | ||
| npm install -g markdownlint-cli editorconfig-checker | ||
| - name: Check Editorconfig | ||
| run: editorconfig-checker | ||
| - name: Analysing the code with pylint | ||
| run: pylint --disable=C0111,C0114,C0115,C0116 $(git ls-files '*.py') | ||
| - name: Markdownlint config file | ||
| run: | | ||
| echo '{ | ||
| "MD012": false, | ||
| "MD013": false, | ||
| "line-lenght": false | ||
| }' > .markdownlint.json | ||
| - name: Markdown lint check | ||
| run: markdownlint -i '{**/*.md}' -i '{terraform/*.md}' -i '{*.md}' -i node_modules | ||
| UnitTest: | ||
| needs: Pylint | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - name: Set up Python | ||
| uses: actions/setup-python@v5 | ||
| with: | ||
| python-version: '3.10' | ||
| cache: 'pip' | ||
| - run: | | ||
| pip install flask prometheus_flask_exporter | ||
| - name: Run app test | ||
| run: | | ||
| cd app | ||
| python -m unittest app_test.py | ||
| CheckforSecrets: | ||
| needs: UnitTest | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Gitleaks scan | ||
| uses: gitleaks/gitleaks-action@v2 | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| TrivySecurity: | ||
| runs-on: ubuntu-latest | ||
| needs: UnitTest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - name: Trivy Vulnerability Scan | ||
| uses: aquasecurity/trivy-action@master | ||
| with: | ||
| scan-type: 'fs' | ||
| ignore-unfixed: true | ||
| format: 'sarif' | ||
| output: 'trivy-output.sarif' | ||
| severity: 'CRITICAL' | ||
| - name: Trivy Scan Output | ||
| uses: github/codeql-action/upload-sarif@v3 | ||
| with: | ||
| sarif_file: 'trivy-output.sarif' | ||
| SonarcloudSecurity: | ||
| runs-on: ubuntu-latest | ||
| needs: UnitTest | ||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: SonarCloud Scan | ||
| uses: sonarsource/sonarcloud-github-action@master | ||
| env: | ||
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | ||
| with: | ||
| projectBaseDir: app | ||
| args: > | ||
| -Dsonar.projectKey=dimitardd_devops-programme | ||
| -Dsonar.organization=dimitardd | ||
| Build-Test: | ||
| name: Build Image and Test | ||
| runs-on: ubuntu-latest | ||
| if: ${{ !cancelled() && !failure() }} | ||
| needs: [ SonarcloudSecurity, TrivySecurity, CheckforSecrets ] | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| - name: Build an image from Dockerfile | ||
| run: | | ||
| docker build -t ${{ env.IMAGE_TAG }}:${{ github.sha }} . | ||
| - name: Run Trivy vulnerability scanner | ||
| uses: aquasecurity/trivy-action@0.28.0 | ||
| with: | ||
| image-ref: '${{ env.IMAGE_TAG }}:${{ github.sha }}' | ||
| format: 'sarif' | ||
| output: 'trivy-results-container.sarif' | ||
| - name: Upload Trivy scan results to GitHub Security tab | ||
| uses: github/codeql-action/upload-sarif@v3 | ||
| with: | ||
| sarif_file: 'trivy-results-container.sarif' | ||
| UploadtoDockerHub: | ||
| name: Push container to docker hub | ||
| runs-on: ubuntu-latest | ||
| if: ${{ !cancelled() && !failure() }} | ||
| needs: [ Build-Test ] | ||
| steps: | ||
| - name: Login to Docker Hub | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
| password: ${{ secrets.DOCKERHUB_TOKEN }} | ||
| - name: Push | ||
| uses: docker/build-push-action@v6 | ||
| with: | ||
| push: true | ||
| tags: '${{ env.IMAGE_TAG }}:${{ github.sha }}' | ||
| if: success() # Only push if get login is ok | ||
| PushforArgoCD: | ||
| name: Update deplayment for ArgoCD | ||
| runs-on: ubuntu-latest | ||
| if: ${{ !cancelled() && !failure() }} | ||
| needs: [ UploadtoDockerHub ] | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v2 | ||
| - name: Update sof-app01 deployment image | ||
| run: | | ||
| sudo snap install yq | ||
| sudo apt-get install git -y | ||
| IMAGE_NEWTAG=$(echo ${{ github.sha }}) | ||
| /usr/bin/yq eval ".spec.template.spec.containers[0].image = \"dimitardd/dimitar-app02:${IMAGE_NEWTAG}\"" -i deployment/sof-app01.yaml | ||
| git config --local user.email "dhd.dimitrov@gmail.com" | ||
| git config --local user.name "Dimitar Dimitrov" | ||
| git add $GITHUB_WORKSPACE/deployment/sof-app01.yaml | ||
| git commit -m "Update image to ${{ github.sha }}" | ||
| git push origin main | ||
| env: | ||
| github_token: ${{ secrets.GIT_TOKEN }} | ||
| GITHUB_SHA: ${{ github.sha }} | ||
