-
Notifications
You must be signed in to change notification settings - Fork 1
141 lines (113 loc) · 3.65 KB
/
Copy pathci.yml
File metadata and controls
141 lines (113 loc) · 3.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
name: CI/CD Pipeline
on:
push:
branches: [ main, master, develop ]
pull_request:
branches: [ main, master ]
env:
RUBY_VERSION: '3.4.8'
BUNDLER_VERSION: '4.0.10'
BUNDLE_PATH: vendor/bundle
jobs:
test:
name: Test Suite
runs-on: ubuntu-latest
services:
prometheus:
image: prom/prometheus:latest
ports:
- 9090:9090
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: ${{ env.RUBY_VERSION }}
bundler: ${{ env.BUNDLER_VERSION }}
bundler-cache: true
- name: Install dependencies
run: |
bundle config path vendor/bundle
bundle install --jobs 4 --retry 3
- name: Run RuboCop
run: bundle exec rubocop
- name: Run RSpec tests
run: bundle exec rspec --format documentation
- name: Upload coverage reports
uses: codecov/codecov-action@v3
if: success()
with:
file: ./coverage/lcov.info
flags: unittests
name: codecov-umbrella
security:
name: Security Scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: ${{ env.RUBY_VERSION }}
bundler: ${{ env.BUNDLER_VERSION }}
bundler-cache: true
- name: Run security audit
run: |
bundle exec bundle-audit check --update
bundle exec brakeman --no-pager
build:
name: Build Podman Image
runs-on: ubuntu-latest
needs: [test, security]
if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master')
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install Podman
run: |
sudo apt-get update
sudo apt-get install -y podman qemu-user-static
- name: Log in to container registry
env:
QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
QUAY_TOKEN: ${{ secrets.QUAY_TOKEN }}
run: echo "$QUAY_TOKEN" | podman login quay.io -u "$QUAY_USERNAME" --password-stdin
- name: Build and push container image
env:
IMAGE: quay.io/dkirwan/asset_monitoring
run: |
set -euo pipefail
podman manifest rm "${IMAGE}:manifest" 2>/dev/null || true
podman manifest create "${IMAGE}:manifest"
for platform in linux/amd64 linux/arm64; do
arch="${platform#linux/}"
podman build --platform "${platform}" -t "${IMAGE}:build-${arch}" -f Containerfile .
podman manifest add "${IMAGE}:manifest" "${IMAGE}:build-${arch}"
done
for tag in "${GITHUB_SHA}" latest "${GITHUB_REF_NAME}"; do
podman manifest push "${IMAGE}:manifest" "${IMAGE}:${tag}"
done
deploy:
name: Deploy to Kubernetes
runs-on: ubuntu-latest
needs: [build]
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
environment: production
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Configure kubectl
uses: azure/k8s-set-context@v3
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBE_CONFIG }}
- name: Deploy to Kubernetes
run: |
# Update image tag in deployment
sed -i "s|quay.io/dkirwan/asset_monitoring:.*|quay.io/dkirwan/asset_monitoring:${GITHUB_SHA}|g" kubernetes/deployment.yaml
# Apply Kubernetes manifests
kubectl apply -f kubernetes/
# Wait for deployment to be ready
kubectl rollout status deployment/crypto -n monitoring-example --timeout=300s