LIMA-27098: github actions workflow (#29)

* feat: add source code

* feat: add skaffold deployment and kustomization

* feat: skaffold deployment with kustomize

* feat: add github actions for easytrade building

* chore: delete not needed readme template

* docs: update READMEs

* feat: adding tools to improve development

* feat: update kubernetes manifests

* feat: add skaffold profiles

* docs: remove useless comments

* ci: set easytrade locations

* ci: master build

* ci: final adjustments

* ci: add paths triggering workflows

* ci: change branch path to main in master build workflow

* ci: add workflow for snyk scanning

* ci: add secrets declaration

* ci: adding snyk job in branch&master workflows

* ci: add .github dir to the workflow trigger paths

* ci: replace security-severity for license-related findings in snyk

* ci: fix colon syntax error

* ci: fix typo

* ci: always trigger step with security-severity replacement

* chore: update libs suggested by snyk

* ci: fix json-smart version

* ci: fix json-smart dependency

* chore: update poetry lock file

* chore: update poetry lock

* fix: adjust paths in skaffold file

Author: paweldomaradzki-dt

.github/actions/check-credit-card-order/action.yaml

@@ -0,0 +1,40 @@
+name: Check credit card order
+description: Fetch and check the status of the credit card
+
+inputs:
+  user_id:
+    description: ID of the credit card owner
+    default: "3"
+  namespace:
+    description: Kubernetes namespace in which EasyTrade is deployed
+    default: "easytrade"
+
+outputs:
+  result:
+    description: Validation result
+    value: ${{ steps.check-credit-card-order.outputs.result }}
+
+runs:
+  using: composite
+  steps:
+    - name: Check credit card order
+      id: check-credit-card-order
+      shell: bash
+      run: |
+        RESPONSE=$(./.github/actions/scripts/curl-on-cluster.sh ${{ inputs.namespace }} \
+          -sLX GET 'credit-card-order-service:8080/v1/orders/${{ inputs.user_id }}/status/latest' \
+          -H 'accept: application/json')
+        echo "Response: [${RESPONSE}]"
+
+        STATUS=$(echo $RESPONSE | jq -re '.results.status')
+        echo "Latest card status: [${STATUS}]"
+
+        if [[ "$STATUS" == "card_delivered" ]]; then
+          echo Credit card order test passed
+          echo "result=pass" >>$GITHUB_OUTPUT
+          exit 0
+        else
+          echo "::error::Credit card order test failed"
+          echo "result=fail" >>$GITHUB_OUTPUT
+          exit 1
+        fi

.github/actions/get-access-token/action.yaml

@@ -0,0 +1,37 @@
+name: Get access token
+description: Fetch access token for an OAuth client
+
+inputs:
+  client_id:
+    description: OAuth Client ID
+    required: true
+  client_secret:
+    description: OAuth Client Secret
+    required: true
+  sso_url:
+    description: URL of SSO used by the tenant
+    required: true
+
+outputs:
+  token:
+    description: Generated token
+    value: ${{ steps.get-token.outputs.token }}
+
+runs:
+  using: composite
+  steps:
+    - name: Get token
+      id: get-token
+      shell: bash
+      run: |
+        TOKEN=$(curl -sfLX POST "${{ inputs.sso_url }}" \
+          --header "Content-Type: application/x-www-form-urlencoded" \
+          --data-urlencode "grant_type=client_credentials" \
+          --data-urlencode "client_id=${{ inputs.client_id }}" \
+          --data-urlencode "client_secret=${{ inputs.client_secret }}" \
+          --data-urlencode "scope=storage:buckets:read storage:bizevents:read storage:events:write" \
+          | jq -re '.access_token')
+
+        echo "::add-mask::$TOKEN"
+        echo "token=$TOKEN" >> $GITHUB_OUTPUT
+        echo "Generated new token"

.github/actions/get-validation-result/action.yaml

@@ -0,0 +1,48 @@
+name: Get validation result
+description: Fetch and check the validation workflow result
+
+inputs:
+  access_token:
+    description: Authentication token for the Dynatrace tenant
+    required: true
+  tenant_url:
+    description: URL of the Dynatrace tenant
+    required: true
+  event_type:
+    description: Event type of the validation result event
+    required: true
+  timeframe:
+    description: Timeframe for validation
+    required: true
+  job_id:
+    description: Job ID
+    required: true
+  retries:
+    description: Retry count limit
+    default: "3"
+    required: true
+  interval_seconds:
+    description: Interval between retires in seconds
+    default: "30"
+    required: true
+
+outputs:
+  result:
+    description: Validation result
+    value: ${{ steps.get-validation-result.outputs.result }}
+
+runs:
+  using: composite
+  steps:
+    - name: Get result of Validation
+      id: get-validation-result
+      shell: bash
+      env:
+        ACCESS_TOKEN: ${{ inputs.access_token }}
+        TENANT_URL: ${{ inputs.tenant_url }}
+        EVENT_TYPE: ${{ inputs.event_type }}
+        TIMEFRAME: ${{ inputs.timeframe }}
+        JOB_ID: ${{ github.run_number }}-${{ github.sha }}
+        RETRIES: ${{ inputs.retries }}
+        INTERVAL_SECONDS: ${{ inputs.interval_seconds }}
+      run: ./.github/actions/scripts/get-validation-result.sh

.github/actions/order-credit-card/action.yaml

@@ -0,0 +1,31 @@
+name: Order credit card
+description: Order a new credit card in the EasyTrade application
+
+inputs:
+  user_id:
+    description: ID of the credit card owner
+    default: "3"
+  namespace:
+    description: Kubernetes namespace in which EasyTrade is deployed
+    default: "easytrade"
+
+runs:
+  using: composite
+  steps:
+    - name: Get token
+      shell: bash
+      run: |
+        BODY='{
+          "accountId": ${{ inputs.user_id }},
+          "email": "[email protected]",
+          "name": "Demo User",
+          "shippingAddress": "ulica Andersa 352 91-682 Ilaw",
+          "cardLevel": "Platinum"
+        }'
+
+        RESPONSE=$(./.github/actions/scripts/curl-on-cluster.sh ${{ inputs.namespace }} \
+          -sLX POST 'credit-card-order-service:8080/v1/orders' \
+          -H 'accept: application/json' \
+          -H 'Content-Type: application/json' \
+          -d "${BODY}")
+        echo "Card ordered, response: [${RESPONSE}]"

.github/actions/run-validation/action.yaml

@@ -0,0 +1,50 @@
+name: Run validation
+description: Start validation workflow and check the result
+
+inputs:
+  client_id:
+    description: OAuth Client ID
+    required: true
+  client_secret:
+    description: OAuth Client Secret
+    required: true
+  sso_url:
+    description: URL of SSO used by the tenant
+    required: true
+  tenant_url:
+    description: URL of the Dynatrace tenant
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - uses: ./.github/actions/get-access-token
+      id: get-access-token
+      with:
+        client_id: ${{ inputs.client_id }}
+        client_secret: ${{ inputs.client_secret }}
+        sso_url: ${{ inputs.sso_url }}
+
+    - name: Trigger validation
+      uses: ./.github/actions/send-bizevent
+      with:
+        access_token: ${{ steps.get-access-token.outputs.token }}
+        tenant_url: ${{ inputs.tenant_url }}
+        bizevent_body: |
+          {
+            "timeframe.from": "now-15m",
+            "timeframe.to": "now",
+            "srg.variable.timeframe": 15,
+            "event.provider": "Github Actions",
+            "event.type": "demoability.validation.trigger",
+            "tags.application": "easytrade-k8s",
+            "tags.job.id": "${{ github.run_number }}-${{ github.sha }}"
+          }
+
+    - uses: ./.github/actions/get-validation-result
+      with:
+        access_token: ${{ steps.get-access-token.outputs.token }}
+        tenant_url: ${{ inputs.tenant_url }}
+        event_type: demoability.validation.result
+        timeframe: 5m
+        job_id: ${{ github.run_number }}-${{ github.sha }}

.github/actions/scripts/curl-on-cluster.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+if [ "$#" -lt 2 ]; then
+    echo >&2 "Usage: ./curl-on-cluster.sh <NAMESPACE> <CURL ARGS>"
+    exit 1
+fi
+
+NAMESPACE=$1
+shift
+ARGS=("$@")
+POD_NAME=curl-$(date +%s%N)
+
+echo >&2 "Running 'curl ${ARGS[@]}' in the pod $NAMESPACE/$POD_NAME"
+
+kubectl run -n $NAMESPACE $POD_NAME --restart=Never --image=curlimages/curl -- "${ARGS[@]}" >&2
+
+kubectl wait -n $NAMESPACE --for=jsonpath="{.status.containerStatuses[*].state.terminated}" --timeout=30s pod/$POD_NAME >&2
+
+OUTPUT=$(kubectl logs -n $NAMESPACE $POD_NAME)
+
+kubectl delete -n $NAMESPACE pod $POD_NAME >&2
+
+echo $OUTPUT

.github/actions/scripts/get-validation-result.sh

@@ -0,0 +1,39 @@
+#!/bin/bash
+
+getValidationResult() {
+    URL=${TENANT_URL}/platform/storage/query/v1/query:execute?enrich=metric-metadata
+
+    QUERY="fetch bizevents, from: now() - ${TIMEFRAME} | filter event.type == \"${EVENT_TYPE}\" and tags.job.id == \"${JOB_ID}\""
+    echo Running DQL query: $QUERY
+
+    BODY=$(jq -cn --arg query "$QUERY" --argjson requestTimeoutMilliseconds 1000 '$ARGS.named')
+
+    RESPONSE=$(curl -sfLX POST "$URL" \
+        --header "Content-Type: application/json" \
+        --header "Accept: application/json" \
+        --header "Authorization: Bearer ${ACCESS_TOKEN}" \
+        --data-raw "${BODY}")
+    RESULT=$(echo $RESPONSE | jq -re '.result.records[0].result')
+
+    echo Found result [${RESULT}] for job [JOB_ID::${JOB_ID}]
+    if [[ "$RESULT" == "pass" ]]; then
+        return 0
+    fi
+
+    return 1
+}
+
+for ATTEMPT in $(seq 1 $RETRIES); do
+    echo "Waiting [${INTERVAL_SECONDS}s] for results of job [JOB_ID::${JOB_ID}] try [${ATTEMPT}/${RETRIES}]"
+    sleep $INTERVAL_SECONDS
+
+    if getValidationResult; then
+        echo "Successfully validated the deployment"
+        echo "result=pass" >>$GITHUB_OUTPUT
+        exit 0
+    fi
+done
+
+echo "::error::Failed to validate deployment"
+echo "result=fail" >>$GITHUB_OUTPUT
+exit 1

.github/actions/scripts/set-version.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+
+replace_all() {
+    FROM=$1
+    TO=$2
+    echo "Replacing [$FROM] with [$TO]"
+    grep -rl $FROM . --exclude-dir={.git,node_modules,bin,obj,build} | xargs sed -i "s/$FROM/$TO/g"
+}
+
+BUILD_VERSION=$1
+WORKDIR=${2:-.}
+BUILD_DATE=${3:-$(date '+%Y-%m-%d %H:%M')}
+BUILD_COMMIT=${4:-$(git log --pretty=format:'%h' -n 1)}
+
+if [ -z "$BUILD_VERSION" ]; then
+    echo "Build version not set"
+    exit 1
+fi
+
+cd $WORKDIR
+
+echo "Build version: $BUILD_VERSION, date: $BUILD_DATE, commit: $BUILD_COMMIT, path: $(pwd)"
+
+replace_all "1.0.0-easytrade" "$BUILD_VERSION"
+replace_all "{{BUILD_VERSION}}" "$BUILD_VERSION"
+replace_all "{{BUILD_DATE}}" "$BUILD_DATE"
+replace_all "{{BUILD_COMMIT}}" "$BUILD_COMMIT"

.github/actions/send-bizevent/action.yaml

@@ -0,0 +1,26 @@
+name: Send bizevent
+description: Push a bizevent to the Dynatrace tenant
+
+inputs:
+  access_token:
+    description: Authentication token for the Dynatrace tenant
+    required: true
+  tenant_url:
+    description: URL of the Dynatrace tenant
+    required: true
+  bizevent_body:
+    description: JSON body of the bizevent
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Send bizevent
+      shell: bash
+      run: |
+        curl -sfLX POST "${{ inputs.tenant_url }}/platform/classic/environment-api/v2/bizevents/ingest" \
+          --header "Content-Type: application/json" \
+          --header "Authorization: Bearer ${{ inputs.access_token }}" \
+          --data-raw "$(echo '${{ inputs.bizevent_body }}' | jq -c)"
+
+         echo "Bizevent sent"

.github/actions/set-version/action.yaml

@@ -0,0 +1,14 @@
+name: Set version
+description: Set EasyTrade release version
+
+inputs:
+  version:
+    description: Version of the EasyTrade application
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Set application version
+      shell: bash
+      run: ./.github/actions/scripts/set-version.sh ${{ inputs.version }}