From f9149ba8226cbe0f711d2f1c315d991eb6b68815 Mon Sep 17 00:00:00 2001 From: Divyansh Srivastav Date: Sun, 29 Jan 2023 21:05:09 +0530 Subject: [PATCH 1/9] Create auth-api-workflow.yml --- .github/workflows/auth-api-workflow.yml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 .github/workflows/auth-api-workflow.yml diff --git a/.github/workflows/auth-api-workflow.yml b/.github/workflows/auth-api-workflow.yml new file mode 100644 index 00000000..41db5a0e --- /dev/null +++ b/.github/workflows/auth-api-workflow.yml @@ -0,0 +1,19 @@ +name: Auth API Workflow + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + +jobs: + + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - name: Build the Docker image + working-directory: auth-api + run: docker build . --file Dockerfile --tag sample-app-auth-api:${GITHUB_REF##*/}-${GITHUB_SHA} From 973a5d6789dfca446713b493eb3b4088e8c49c07 Mon Sep 17 00:00:00 2001 From: Divyansh Srivastav Date: Sun, 29 Jan 2023 21:15:05 +0530 Subject: [PATCH 2/9] Added workflows. --- .github/workflows/frontend-workflow.yml | 19 +++++++++++++++++++ .../log-message-processor-workflow.yml | 19 +++++++++++++++++++ .github/workflows/todos-api-workflow.yml | 19 +++++++++++++++++++ .github/workflows/users-api-workflow.yml | 19 +++++++++++++++++++ auth-api/Dockerfile | 5 +++-- 5 files changed, 79 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/frontend-workflow.yml create mode 100644 .github/workflows/log-message-processor-workflow.yml create mode 100644 .github/workflows/todos-api-workflow.yml create mode 100644 .github/workflows/users-api-workflow.yml diff --git a/.github/workflows/frontend-workflow.yml b/.github/workflows/frontend-workflow.yml new file mode 100644 index 00000000..198edb44 --- /dev/null +++ b/.github/workflows/frontend-workflow.yml @@ -0,0 +1,19 @@ +name: Frontend API Workflow + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + +jobs: + + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - name: Build the Docker image + working-directory: frontend + run: docker build . --file Dockerfile --tag sample-app-auth-api:${GITHUB_REF##*/}-${GITHUB_SHA} diff --git a/.github/workflows/log-message-processor-workflow.yml b/.github/workflows/log-message-processor-workflow.yml new file mode 100644 index 00000000..40f3e579 --- /dev/null +++ b/.github/workflows/log-message-processor-workflow.yml @@ -0,0 +1,19 @@ +name: Log Messager API Workflow + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + +jobs: + + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - name: Build the Docker image + working-directory: log-message-processor + run: docker build . --file Dockerfile --tag sample-app-auth-api:${GITHUB_REF##*/}-${GITHUB_SHA} diff --git a/.github/workflows/todos-api-workflow.yml b/.github/workflows/todos-api-workflow.yml new file mode 100644 index 00000000..1f02763a --- /dev/null +++ b/.github/workflows/todos-api-workflow.yml @@ -0,0 +1,19 @@ +name: Todos API Workflow + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + +jobs: + + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - name: Build the Docker image + working-directory: todos-api + run: docker build . --file Dockerfile --tag sample-app-auth-api:${GITHUB_REF##*/}-${GITHUB_SHA} diff --git a/.github/workflows/users-api-workflow.yml b/.github/workflows/users-api-workflow.yml new file mode 100644 index 00000000..d881dd32 --- /dev/null +++ b/.github/workflows/users-api-workflow.yml @@ -0,0 +1,19 @@ +name: Users API Workflow + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + +jobs: + + build: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - name: Build the Docker image + working-directory: users-api + run: docker build . --file Dockerfile --tag sample-app-auth-api:${GITHUB_REF##*/}-${GITHUB_SHA} diff --git a/auth-api/Dockerfile b/auth-api/Dockerfile index 444cc0e7..bb5812dd 100644 --- a/auth-api/Dockerfile +++ b/auth-api/Dockerfile @@ -3,8 +3,9 @@ FROM golang:1.9-alpine EXPOSE 8081 WORKDIR /go/src/app -RUN apk --no-cache add curl git && \ - curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh +RUN apk --no-cache add curl git +#RUN curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh +RUN curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh COPY . . RUN dep ensure From 701fe1d7cfc195acbaf494c3d7911fdcb4155ff2 Mon Sep 17 00:00:00 2001 From: Anthony Palermo Date: Wed, 8 Feb 2023 15:00:46 -0800 Subject: [PATCH 3/9] update k8s resources --- k8s/auth-api/deployment.yaml | 36 ++++++++++-------- k8s/auth-api/service.yaml | 2 + k8s/frontend/deployment.yaml | 38 +++++++++++-------- k8s/frontend/service.yaml | 4 +- k8s/log-message-processor/deployment.yaml | 34 ++++++++++------- k8s/redis-queue/deployment.yaml | 11 ++++-- k8s/redis-queue/service.yaml | 2 + k8s/todos-api/deployment.yaml | 45 +++++++++++++---------- k8s/todos-api/service.yaml | 2 + k8s/users-api/deployment.yaml | 32 +++++++++------- k8s/users-api/service.yaml | 2 + k8s/zipkin/deployment.yaml | 11 ++++-- k8s/zipkin/service.yaml | 1 + 13 files changed, 135 insertions(+), 85 deletions(-) diff --git a/k8s/auth-api/deployment.yaml b/k8s/auth-api/deployment.yaml index 4f802c60..810487ad 100644 --- a/k8s/auth-api/deployment.yaml +++ b/k8s/auth-api/deployment.yaml @@ -1,11 +1,17 @@ -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: + namespace: todo labels: app: microservice-app-example + service: auth-api name: auth-api spec: replicas: 1 + selector: + matchLabels: + app: microservice-app-example + service: auth-api template: metadata: labels: @@ -13,18 +19,18 @@ spec: service: auth-api spec: containers: - - env: - - name: AUTH_API_PORT - value: "8081" - - name: JWT_SECRET - value: myfancysecret - - name: USERS_API_ADDRESS - value: http://users-api:8083 - - name: ZIPKIN_URL - value: http://zipkin:9411/api/v2/spans - image: auth-api - name: auth-api - ports: - - containerPort: 8081 - imagePullPolicy: Never + - env: + - name: AUTH_API_PORT + value: "8081" + - name: JWT_SECRET + value: myfancysecret + - name: USERS_API_ADDRESS + value: http://users-api:8083 + - name: ZIPKIN_URL + value: http://zipkin:9411/api/v2/spans + image: auth-api + name: auth-api + ports: + - containerPort: 8081 + imagePullPolicy: Never restartPolicy: Always diff --git a/k8s/auth-api/service.yaml b/k8s/auth-api/service.yaml index 68047183..136986b0 100644 --- a/k8s/auth-api/service.yaml +++ b/k8s/auth-api/service.yaml @@ -1,8 +1,10 @@ apiVersion: v1 kind: Service metadata: + namespace: todo labels: app: microservice-app-example + service: auth-api name: auth-api spec: ports: diff --git a/k8s/frontend/deployment.yaml b/k8s/frontend/deployment.yaml index 78244bfe..4dc9886b 100644 --- a/k8s/frontend/deployment.yaml +++ b/k8s/frontend/deployment.yaml @@ -1,11 +1,17 @@ -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: + namespace: todo labels: app: microservice-app-example + service: frontend name: frontend spec: replicas: 1 + selector: + matchLabels: + app: microservice-app-example + service: frontend template: metadata: labels: @@ -13,18 +19,18 @@ spec: service: frontend spec: containers: - - env: - - name: AUTH_API_ADDRESS - value: http://auth-api:8081 - - name: PORT - value: "8080" - - name: TODOS_API_ADDRESS - value: http://todos-api:8082 - - name: ZIPKIN_URL - value: http://zipkin:9411/api/v2/spans - image: frontend - name: frontend - ports: - - containerPort: 8080 - imagePullPolicy: Never - restartPolicy: Always + - env: + - name: AUTH_API_ADDRESS + value: http://auth-api:8081 + - name: PORT + value: "8080" + - name: TODOS_API_ADDRESS + value: http://todos-api:8082 + - name: ZIPKIN_URL + value: http://zipkin:9411/api/v2/spans + image: frontend + name: frontend + ports: + - containerPort: 8080 + imagePullPolicy: Never + restartPolicy: Always \ No newline at end of file diff --git a/k8s/frontend/service.yaml b/k8s/frontend/service.yaml index 1ab75f78..392dbc71 100644 --- a/k8s/frontend/service.yaml +++ b/k8s/frontend/service.yaml @@ -1,12 +1,14 @@ apiVersion: v1 kind: Service metadata: + namespace: todo labels: app: microservice-app-example + service: frontend name: frontend spec: ports: - port: 8080 selector: service: frontend - type: LoadBalancer \ No newline at end of file + type: ClusterIP \ No newline at end of file diff --git a/k8s/log-message-processor/deployment.yaml b/k8s/log-message-processor/deployment.yaml index 40229bab..fbd13bce 100644 --- a/k8s/log-message-processor/deployment.yaml +++ b/k8s/log-message-processor/deployment.yaml @@ -1,11 +1,17 @@ -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: + namespace: todo labels: app: microservice-app-example + service: log-message-processor name: log-message-processor spec: replicas: 1 + selector: + matchLabels: + app: microservice-app-example + service: log-message-processor template: metadata: labels: @@ -13,17 +19,17 @@ spec: service: log-message-processor spec: containers: - - env: - - name: REDIS_HOST - value: redis-queue - - name: REDIS_PORT - value: "6379" - - name: REDIS_CHANNEL - value: log_channel - - name: ZIPKIN_URL - value: http://zipkin:9411/api/v1/spans - - image: log-message-processor - name: log-message-processor - imagePullPolicy: Never + - env: + - name: REDIS_HOST + value: redis-queue + - name: REDIS_PORT + value: "6379" + - name: REDIS_CHANNEL + value: log_channel + - name: ZIPKIN_URL + value: http://zipkin:9411/api/v1/spans + + image: log-message-processor + name: log-message-processor + imagePullPolicy: Never restartPolicy: Always diff --git a/k8s/redis-queue/deployment.yaml b/k8s/redis-queue/deployment.yaml index 025d1399..2612573b 100644 --- a/k8s/redis-queue/deployment.yaml +++ b/k8s/redis-queue/deployment.yaml @@ -1,11 +1,17 @@ -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: + namespace: todo labels: app: microservice-app-example + service: redis-queue name: redis-queue spec: replicas: 1 + selector: + matchLabels: + app: microservice-app-example + service: redis-queue template: metadata: labels: @@ -13,8 +19,7 @@ spec: service: redis-queue spec: containers: - - env: - image: redis + - image: redis name: redis-queue ports: - containerPort: 6379 diff --git a/k8s/redis-queue/service.yaml b/k8s/redis-queue/service.yaml index a160c2ed..da6a781a 100644 --- a/k8s/redis-queue/service.yaml +++ b/k8s/redis-queue/service.yaml @@ -1,8 +1,10 @@ apiVersion: v1 kind: Service metadata: + namespace: todo labels: app: microservice-app-example + service: redis-queue name: redis-queue spec: ports: diff --git a/k8s/todos-api/deployment.yaml b/k8s/todos-api/deployment.yaml index 20e880b6..119cf5f5 100644 --- a/k8s/todos-api/deployment.yaml +++ b/k8s/todos-api/deployment.yaml @@ -1,11 +1,17 @@ -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: + namespace: todo labels: app: microservice-app-example + service: todos-api name: todos-api spec: replicas: 1 + selector: + matchLabels: + app: microservice-app-example + service: todos-api template: metadata: labels: @@ -13,23 +19,22 @@ spec: service: todos-api spec: containers: - - env: - - name: JWT_SECRET - value: myfancysecret - - name: TODO_API_PORT - value: "8082" - - name: REDIS_HOST - value: redis-queue - - name: REDIS_PORT - value: "6379" - - name: REDIS_CHANNEL - value: log_channel - - name: ZIPKIN_URL - value: http://zipkin:9411/api/v2/spans - - image: todos-api - name: todos-api - ports: - - containerPort: 8082 - imagePullPolicy: Never + - env: + - name: JWT_SECRET + value: myfancysecret + - name: TODO_API_PORT + value: "8082" + - name: REDIS_HOST + value: redis-queue + - name: REDIS_PORT + value: "6379" + - name: REDIS_CHANNEL + value: log_channel + - name: ZIPKIN_URL + value: http://zipkin:9411/api/v2/spans + image: todos-api + name: todos-api + ports: + - containerPort: 8082 + imagePullPolicy: Never restartPolicy: Always diff --git a/k8s/todos-api/service.yaml b/k8s/todos-api/service.yaml index 23c4e257..66a5a1d5 100644 --- a/k8s/todos-api/service.yaml +++ b/k8s/todos-api/service.yaml @@ -1,8 +1,10 @@ apiVersion: v1 kind: Service metadata: + namespace: todo labels: app: microservice-app-example + service: todos-api name: todos-api spec: ports: diff --git a/k8s/users-api/deployment.yaml b/k8s/users-api/deployment.yaml index 0a9e418b..2000e318 100644 --- a/k8s/users-api/deployment.yaml +++ b/k8s/users-api/deployment.yaml @@ -1,11 +1,17 @@ -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: + namespace: todo labels: app: microservice-app-example + service: users-api name: users-api spec: replicas: 1 + selector: + matchLabels: + app: microservice-app-example + service: users-api template: metadata: labels: @@ -13,16 +19,16 @@ spec: service: users-api spec: containers: - - env: - - name: JWT_SECRET - value: myfancysecret - - name: SERVER_PORT - value: "8083" - - name: SPRING_ZIPKIN_BASE_URL - value: http://zipkin:9411 - image: users-api - name: users-api - ports: - - containerPort: 8083 - imagePullPolicy: Never + - env: + - name: JWT_SECRET + value: myfancysecret + - name: SERVER_PORT + value: "8083" + - name: SPRING_ZIPKIN_BASE_URL + value: http://zipkin:9411 + image: users-api + name: users-api + ports: + - containerPort: 8083 + imagePullPolicy: Never restartPolicy: Always diff --git a/k8s/users-api/service.yaml b/k8s/users-api/service.yaml index 81961c76..49d9aa00 100644 --- a/k8s/users-api/service.yaml +++ b/k8s/users-api/service.yaml @@ -1,8 +1,10 @@ apiVersion: v1 kind: Service metadata: + namespace: todo labels: app: microservice-app-example + service: users-api name: users-api spec: ports: diff --git a/k8s/zipkin/deployment.yaml b/k8s/zipkin/deployment.yaml index 52461b9f..f0bccd74 100644 --- a/k8s/zipkin/deployment.yaml +++ b/k8s/zipkin/deployment.yaml @@ -1,11 +1,17 @@ -apiVersion: extensions/v1beta1 +apiVersion: apps/v1 kind: Deployment metadata: + namespace: todo labels: app: microservice-app-example + service: zipkin name: zipkin spec: replicas: 1 + selector: + matchLabels: + app: microservice-app-example + service: zipkin template: metadata: labels: @@ -13,8 +19,7 @@ spec: service: zipkin spec: containers: - - env: - image: openzipkin/zipkin + - image: openzipkin/zipkin name: zipkin ports: - containerPort: 9411 diff --git a/k8s/zipkin/service.yaml b/k8s/zipkin/service.yaml index 715ea148..b1a330a9 100644 --- a/k8s/zipkin/service.yaml +++ b/k8s/zipkin/service.yaml @@ -1,6 +1,7 @@ apiVersion: v1 kind: Service metadata: + namespace: todo labels: app: microservice-app-example name: zipkin From d76d5fa1ff49302371a33aef0e89950da2373d66 Mon Sep 17 00:00:00 2001 From: hemanth-3 <98961835+hemanth-3@users.noreply.github.com> Date: Tue, 14 Feb 2023 16:33:38 +0530 Subject: [PATCH 4/9] Create codeql.yml --- .github/workflows/codeql.yml | 76 ++++++++++++++++++++++++++++++++++++ 1 file changed, 76 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000..2196a219 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,76 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ "master" ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ "master" ] + schedule: + - cron: '35 0 * * 1' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'go', 'java', 'javascript', 'python' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Use only 'java' to analyze code written in Java, Kotlin or both + # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + + + # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" From f2e0fc046d76e61e8e0920d4b231784ac9fe5272 Mon Sep 17 00:00:00 2001 From: hemanth-3 <98961835+hemanth-3@users.noreply.github.com> Date: Fri, 24 Feb 2023 14:39:27 +0530 Subject: [PATCH 5/9] updated the paths --- .github/workflows/auth-api-workflow.yml | 147 ++++++++++++++++- .github/workflows/frontend-workflow.yml | 149 +++++++++++++++++- .../log-message-processor-workflow.yml | 149 +++++++++++++++++- .github/workflows/todos-api-workflow.yml | 148 ++++++++++++++++- .github/workflows/users-api-workflow.yml | 148 ++++++++++++++++- 5 files changed, 702 insertions(+), 39 deletions(-) diff --git a/.github/workflows/auth-api-workflow.yml b/.github/workflows/auth-api-workflow.yml index 41db5a0e..eeb6cb5f 100644 --- a/.github/workflows/auth-api-workflow.yml +++ b/.github/workflows/auth-api-workflow.yml @@ -2,18 +2,151 @@ name: Auth API Workflow on: push: - branches: [ "master" ] - pull_request: - branches: [ "master" ] - + branches: [ "ci/cd_workflows" ] + paths: + - 'auth-api/**' + +env: + REGISTRY: 859047589462.dkr.ecr.us-east-1.amazonaws.com + DOCKER_REPOSITORY: sample-microsvc-app-auth-api + CLUSTER_REPO: https://github.com/CelestialSystem/mcs-poc-001-k8s.git + + +permissions: + contents: read + packages: write + id-token: write + security-events: write jobs: + + getBranch_and_commitHash: + runs-on: ubuntu-latest - build: + outputs: + output1: ${{ steps.branch.outputs.git_branch }} + output2: ${{ steps.hash.outputs.git_hash }} + steps: + - name: Get Branch + id: branch + run: echo "::set-output name=git_branch::${GITHUB_REF#refs/heads/}" + - name: Get Hash + id: hash + run: echo "::set-output name=git_hash::$(echo $GITHUB_SHA | cut -c1-7)" + + build_and_push: + runs-on: ubuntu-latest + needs: getBranch_and_commitHash steps: - - uses: actions/checkout@v3 + - name: Checkout code + uses: actions/checkout@v3 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-1 + + + - name: Login to AWS ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + - name: Build the Docker image working-directory: auth-api - run: docker build . --file Dockerfile --tag sample-app-auth-api:${GITHUB_REF##*/}-${GITHUB_SHA} + run: docker build . --file Dockerfile --tag $REGISTRY/$DOCKER_REPOSITORY:${{needs.getBranch_and_commitHash.outputs.output1}}-${{needs.getBranch_and_commitHash.outputs.output2}} + + - name: Push image to Amazon ECR + run: | + docker push $REGISTRY/$DOCKER_REPOSITORY:${{needs.getBranch_and_commitHash.outputs.output1}}-${{needs.getBranch_and_commitHash.outputs.output2}} + + testDockerImage: + runs-on: ubuntu-latest + needs: [getBranch_and_commitHash, build_and_push] + + steps: + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-1 + + - name: Login to AWS ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - name: Pull Docker Image + run: | + docker pull ${{ env.REGISTRY }}/${{ env.DOCKER_REPOSITORY }}:${{needs.getBranch_and_commitHash.outputs.output1}}-${{needs.getBranch_and_commitHash.outputs.output2}} + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: ${{ env.REGISTRY }}/${{ env.DOCKER_REPOSITORY }}:${{needs.getBranch_and_commitHash.outputs.output1}}-${{needs.getBranch_and_commitHash.outputs.output2}} + format: 'sarif' + output: 'trivy-results-docker.sarif' + severity: 'CRITICAL,HIGH' + + - name: Debug output + run: | + echo "#########TRIVY################" + cat trivy-results-docker.sarif + + - name: Upload Trivy scan results to Github security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results-docker.sarif' + + + deployToDevEnv: + + runs-on: ubuntu-latest + needs: [getBranch_and_commitHash, build_and_push, testDockerImage] + env: + GH_USER: div1127 + CLUSTER_REPO: CelestialSystem/mcs-poc-001-k8s.git + GIT_USER_EMAIL: d.srivastav@celestialsys.com + GIT_USER_NAME: Divyansh Srivastav + ARGOCD_APP: auth-api-service + REPO_CONTEXT: /home/runner/work/mcs-poc-001-k8s + SVC_CONTEXT: /home/runner/work/mcs-poc-001-k8s/k8s/auth-api + + + steps: + + - name: Install yq (YAML Processor) & Git + run: | + sudo add-apt-repository ppa:rmescandon/yq + sudo apt update + sudo apt install yq git -y + - name: Install ArgoCD CLI + run: | + curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64 + sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd + rm argocd-linux-amd64 + - name: GitOps - Update deployment repository with new Image Version + uses: nick-fields/retry@v2 + with: + timeout_minutes: 10 + max_attempts: 4 + retry_on: error + command: | + cd /home/runner/work + git clone "https://${{ env.GH_USER }}:${{ secrets.GH_TOKEN }}@github.com/${{ env.CLUSTER_REPO }}" + cd ${{ env.SVC_CONTEXT }} + yq eval '.spec.template.spec.containers[0].image = "${{ env.REGISTRY }}/${{ env.DOCKER_REPOSITORY }}:${{needs.getBranch_and_commitHash.outputs.output1}}-${{needs.getBranch_and_commitHash.outputs.output2}}"' -i deployment.yaml + cd ${{ env.REPO_CONTEXT }} + git config --global user.email ${{ env.GIT_USER_EMAIL }} + git config --global user.name ${{ env.GIT_USER_NAME }} + git add ${{ env.SVC_CONTEXT}}/deployment.yaml + git commit -m "Updated Image Version." + git push + + - name: Synk ArgoCD app + run: | + argocd login ${{ secrets.ARGOCD_SERVER }} --username ${{ secrets.ARGOCD_USER }} --password ${{ secrets.ARGOCD_PASSWORD }} --insecure --grpc-web + argocd app sync ${{ env.ARGOCD_APP }} --grpc-web \ No newline at end of file diff --git a/.github/workflows/frontend-workflow.yml b/.github/workflows/frontend-workflow.yml index 198edb44..2f9abeeb 100644 --- a/.github/workflows/frontend-workflow.yml +++ b/.github/workflows/frontend-workflow.yml @@ -1,19 +1,152 @@ -name: Frontend API Workflow +name: Auth API Workflow on: push: - branches: [ "master" ] - pull_request: - branches: [ "master" ] - + branches: [ "ci/cd_workflows" ] + paths: + - 'frontend/**' + +env: + REGISTRY: 859047589462.dkr.ecr.us-east-1.amazonaws.com + DOCKER_REPOSITORY: sample-microsvc-app-frontend + CLUSTER_REPO: https://github.com/CelestialSystem/mcs-poc-001-k8s.git + + +permissions: + contents: read + packages: write + id-token: write + security-events: write jobs: + + getBranch_and_commitHash: + runs-on: ubuntu-latest - build: + outputs: + output1: ${{ steps.branch.outputs.git_branch }} + output2: ${{ steps.hash.outputs.git_hash }} + steps: + - name: Get Branch + id: branch + run: echo "::set-output name=git_branch::${GITHUB_REF#refs/heads/}" + - name: Get Hash + id: hash + run: echo "::set-output name=git_hash::$(echo $GITHUB_SHA | cut -c1-7)" + + build_and_push: + runs-on: ubuntu-latest + needs: getBranch_and_commitHash steps: - - uses: actions/checkout@v3 + - name: Checkout code + uses: actions/checkout@v3 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-1 + + + - name: Login to AWS ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + - name: Build the Docker image working-directory: frontend - run: docker build . --file Dockerfile --tag sample-app-auth-api:${GITHUB_REF##*/}-${GITHUB_SHA} + run: docker build . --file Dockerfile --tag $REGISTRY/$DOCKER_REPOSITORY:${{needs.getBranch_and_commitHash.outputs.output1}}-${{needs.getBranch_and_commitHash.outputs.output2}} + + - name: Push image to Amazon ECR + run: | + docker push $REGISTRY/$DOCKER_REPOSITORY:${{needs.getBranch_and_commitHash.outputs.output1}}-${{needs.getBranch_and_commitHash.outputs.output2}} + + testDockerImage: + runs-on: ubuntu-latest + needs: [getBranch_and_commitHash, build_and_push] + + steps: + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-1 + + - name: Login to AWS ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - name: Pull Docker Image + run: | + docker pull ${{ env.REGISTRY }}/${{ env.DOCKER_REPOSITORY }}:${{needs.getBranch_and_commitHash.outputs.output1}}-${{needs.getBranch_and_commitHash.outputs.output2}} + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: ${{ env.REGISTRY }}/${{ env.DOCKER_REPOSITORY }}:${{needs.getBranch_and_commitHash.outputs.output1}}-${{needs.getBranch_and_commitHash.outputs.output2}} + format: 'sarif' + output: 'trivy-results-docker.sarif' + severity: 'CRITICAL,HIGH' + + - name: Debug output + run: | + echo "#########TRIVY################" + cat trivy-results-docker.sarif + + - name: Upload Trivy scan results to Github security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results-docker.sarif' + + + deployToDevEnv: + + runs-on: ubuntu-latest + needs: [getBranch_and_commitHash, build_and_push, testDockerImage] + env: + GH_USER: div1127 + CLUSTER_REPO: CelestialSystem/mcs-poc-001-k8s.git + GIT_USER_EMAIL: d.srivastav@celestialsys.com + GIT_USER_NAME: Divyansh Srivastav + ARGOCD_APP: frontend-app + REPO_CONTEXT: /home/runner/work/mcs-poc-001-k8s + SVC_CONTEXT: /home/runner/work/mcs-poc-001-k8s/k8s/frontend + + + steps: + + - name: Install yq (YAML Processor) & Git + run: | + sudo add-apt-repository ppa:rmescandon/yq + sudo apt update + sudo apt install yq git -y + - name: Install ArgoCD CLI + run: | + curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64 + sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd + rm argocd-linux-amd64 + - name: GitOps - Update deployment repository with new Image Version + uses: nick-fields/retry@v2 + with: + timeout_minutes: 10 + max_attempts: 4 + retry_on: error + command: | + cd /home/runner/work + git clone "https://${{ env.GH_USER }}:${{ secrets.GH_TOKEN }}@github.com/${{ env.CLUSTER_REPO }}" + cd ${{ env.SVC_CONTEXT }} + yq eval '.spec.template.spec.containers[0].image = "${{ env.REGISTRY }}/${{ env.DOCKER_REPOSITORY }}:${{needs.getBranch_and_commitHash.outputs.output1}}-${{needs.getBranch_and_commitHash.outputs.output2}}"' -i deployment.yaml + cd ${{ env.REPO_CONTEXT }} + git config --global user.email ${{ env.GIT_USER_EMAIL }} + git config --global user.name ${{ env.GIT_USER_NAME }} + git add ${{ env.SVC_CONTEXT}}/deployment.yaml + git commit -m "Updated Image Version." + git push + + - name: Synk ArgoCD app + run: | + argocd login ${{ secrets.ARGOCD_SERVER }} --username ${{ secrets.ARGOCD_USER }} --password ${{ secrets.ARGOCD_PASSWORD }} --insecure --grpc-web + argocd app sync ${{ env.ARGOCD_APP }} --grpc-web \ No newline at end of file diff --git a/.github/workflows/log-message-processor-workflow.yml b/.github/workflows/log-message-processor-workflow.yml index 40f3e579..292529e0 100644 --- a/.github/workflows/log-message-processor-workflow.yml +++ b/.github/workflows/log-message-processor-workflow.yml @@ -1,19 +1,152 @@ -name: Log Messager API Workflow +name: Auth API Workflow on: push: - branches: [ "master" ] - pull_request: - branches: [ "master" ] - + branches: [ "ci/cd_workflows" ] + paths: + - 'log-message-processor/**' + +env: + REGISTRY: 859047589462.dkr.ecr.us-east-1.amazonaws.com + DOCKER_REPOSITORY: sample-microsvc-app-log-message-processor + CLUSTER_REPO: https://github.com/CelestialSystem/mcs-poc-001-k8s.git + + +permissions: + contents: read + packages: write + id-token: write + security-events: write jobs: + + getBranch_and_commitHash: + runs-on: ubuntu-latest - build: + outputs: + output1: ${{ steps.branch.outputs.git_branch }} + output2: ${{ steps.hash.outputs.git_hash }} + steps: + - name: Get Branch + id: branch + run: echo "::set-output name=git_branch::${GITHUB_REF#refs/heads/}" + - name: Get Hash + id: hash + run: echo "::set-output name=git_hash::$(echo $GITHUB_SHA | cut -c1-7)" + + build_and_push: + runs-on: ubuntu-latest + needs: getBranch_and_commitHash steps: - - uses: actions/checkout@v3 + - name: Checkout code + uses: actions/checkout@v3 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-1 + + + - name: Login to AWS ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + - name: Build the Docker image working-directory: log-message-processor - run: docker build . --file Dockerfile --tag sample-app-auth-api:${GITHUB_REF##*/}-${GITHUB_SHA} + run: docker build . --file Dockerfile --tag $REGISTRY/$DOCKER_REPOSITORY:${{needs.getBranch_and_commitHash.outputs.output1}}-${{needs.getBranch_and_commitHash.outputs.output2}} + + - name: Push image to Amazon ECR + run: | + docker push $REGISTRY/$DOCKER_REPOSITORY:${{needs.getBranch_and_commitHash.outputs.output1}}-${{needs.getBranch_and_commitHash.outputs.output2}} + + testDockerImage: + runs-on: ubuntu-latest + needs: [getBranch_and_commitHash, build_and_push] + + steps: + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-1 + + - name: Login to AWS ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - name: Pull Docker Image + run: | + docker pull ${{ env.REGISTRY }}/${{ env.DOCKER_REPOSITORY }}:${{needs.getBranch_and_commitHash.outputs.output1}}-${{needs.getBranch_and_commitHash.outputs.output2}} + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: ${{ env.REGISTRY }}/${{ env.DOCKER_REPOSITORY }}:${{needs.getBranch_and_commitHash.outputs.output1}}-${{needs.getBranch_and_commitHash.outputs.output2}} + format: 'sarif' + output: 'trivy-results-docker.sarif' + severity: 'CRITICAL,HIGH' + + - name: Debug output + run: | + echo "#########TRIVY################" + cat trivy-results-docker.sarif + + - name: Upload Trivy scan results to Github security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results-docker.sarif' + + + deployToDevEnv: + + runs-on: ubuntu-latest + needs: [getBranch_and_commitHash, build_and_push, testDockerImage] + env: + GH_USER: div1127 + CLUSTER_REPO: CelestialSystem/mcs-poc-001-k8s.git + GIT_USER_EMAIL: d.srivastav@celestialsys.com + GIT_USER_NAME: Divyansh Srivastav + ARGOCD_APP: log-message-processor-service + REPO_CONTEXT: /home/runner/work/mcs-poc-001-k8s + SVC_CONTEXT: /home/runner/work/mcs-poc-001-k8s/k8s/log-message-processor + + + steps: + + - name: Install yq (YAML Processor) & Git + run: | + sudo add-apt-repository ppa:rmescandon/yq + sudo apt update + sudo apt install yq git -y + - name: Install ArgoCD CLI + run: | + curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64 + sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd + rm argocd-linux-amd64 + - name: GitOps - Update deployment repository with new Image Version + uses: nick-fields/retry@v2 + with: + timeout_minutes: 10 + max_attempts: 4 + retry_on: error + command: | + cd /home/runner/work + git clone "https://${{ env.GH_USER }}:${{ secrets.GH_TOKEN }}@github.com/${{ env.CLUSTER_REPO }}" + cd ${{ env.SVC_CONTEXT }} + yq eval '.spec.template.spec.containers[0].image = "${{ env.REGISTRY }}/${{ env.DOCKER_REPOSITORY }}:${{needs.getBranch_and_commitHash.outputs.output1}}-${{needs.getBranch_and_commitHash.outputs.output2}}"' -i deployment.yaml + cd ${{ env.REPO_CONTEXT }} + git config --global user.email ${{ env.GIT_USER_EMAIL }} + git config --global user.name ${{ env.GIT_USER_NAME }} + git add ${{ env.SVC_CONTEXT}}/deployment.yaml + git commit -m "Updated Image Version." + git push + + - name: Synk ArgoCD app + run: | + argocd login ${{ secrets.ARGOCD_SERVER }} --username ${{ secrets.ARGOCD_USER }} --password ${{ secrets.ARGOCD_PASSWORD }} --insecure --grpc-web + argocd app sync ${{ env.ARGOCD_APP }} --grpc-web \ No newline at end of file diff --git a/.github/workflows/todos-api-workflow.yml b/.github/workflows/todos-api-workflow.yml index 1f02763a..bd93cd92 100644 --- a/.github/workflows/todos-api-workflow.yml +++ b/.github/workflows/todos-api-workflow.yml @@ -1,19 +1,151 @@ -name: Todos API Workflow +name: Auth API Workflow on: push: - branches: [ "master" ] - pull_request: - branches: [ "master" ] - + branches: [ "ci/cd_workflows" ] + paths: + - 'todos-api/**' + +env: + REGISTRY: 859047589462.dkr.ecr.us-east-1.amazonaws.com + DOCKER_REPOSITORY: sample-microsvc-app-todos-api + CLUSTER_REPO: https://github.com/CelestialSystem/mcs-poc-001-k8s.git + + +permissions: + contents: read + packages: write + id-token: write + security-events: write jobs: + + getBranch_and_commitHash: + runs-on: ubuntu-latest - build: + outputs: + output1: ${{ steps.branch.outputs.git_branch }} + output2: ${{ steps.hash.outputs.git_hash }} + steps: + - name: Get Branch + id: branch + run: echo "::set-output name=git_branch::${GITHUB_REF#refs/heads/}" + - name: Get Hash + id: hash + run: echo "::set-output name=git_hash::$(echo $GITHUB_SHA | cut -c1-7)" + + build_and_push: + runs-on: ubuntu-latest + needs: getBranch_and_commitHash steps: - - uses: actions/checkout@v3 + - name: Checkout code + uses: actions/checkout@v3 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-1 + + + - name: Login to AWS ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + - name: Build the Docker image working-directory: todos-api - run: docker build . --file Dockerfile --tag sample-app-auth-api:${GITHUB_REF##*/}-${GITHUB_SHA} + run: docker build . --file Dockerfile --tag $REGISTRY/$DOCKER_REPOSITORY:${{needs.getBranch_and_commitHash.outputs.output1}}-${{needs.getBranch_and_commitHash.outputs.output2}} + + - name: Push image to Amazon ECR + run: | + docker push $REGISTRY/$DOCKER_REPOSITORY:${{needs.getBranch_and_commitHash.outputs.output1}}-${{needs.getBranch_and_commitHash.outputs.output2}} + + testDockerImage: + runs-on: ubuntu-latest + needs: [getBranch_and_commitHash, build_and_push] + + steps: + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-1 + + - name: Login to AWS ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - name: Pull Docker Image + run: | + docker pull ${{ env.REGISTRY }}/${{ env.DOCKER_REPOSITORY }}:${{needs.getBranch_and_commitHash.outputs.output1}}-${{needs.getBranch_and_commitHash.outputs.output2}} + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: ${{ env.REGISTRY }}/${{ env.DOCKER_REPOSITORY }}:${{needs.getBranch_and_commitHash.outputs.output1}}-${{needs.getBranch_and_commitHash.outputs.output2}} + format: 'sarif' + output: 'trivy-results-docker.sarif' + severity: 'CRITICAL,HIGH' + + - name: Debug output + run: | + echo "#########TRIVY################" + cat trivy-results-docker.sarif + + - name: Upload Trivy scan results to Github security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results-docker.sarif' + + + deployToDevEnv: + + runs-on: ubuntu-latest + needs: [getBranch_and_commitHash, build_and_push, testDockerImage] + env: + GH_USER: div1127 + CLUSTER_REPO: CelestialSystem/mcs-poc-001-k8s.git + GIT_USER_EMAIL: d.srivastav@celestialsys.com + GIT_USER_NAME: Divyansh Srivastav + ARGOCD_APP: todos-api-service + REPO_CONTEXT: /home/runner/work/mcs-poc-001-k8s + SVC_CONTEXT: /home/runner/work/mcs-poc-001-k8s/k8s/todos-api + + steps: + + - name: Install yq (YAML Processor) & Git + run: | + sudo add-apt-repository ppa:rmescandon/yq + sudo apt update + sudo apt install yq git -y + - name: Install ArgoCD CLI + run: | + curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64 + sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd + rm argocd-linux-amd64 + - name: GitOps - Update deployment repository with new Image Version + uses: nick-fields/retry@v2 + with: + timeout_minutes: 10 + max_attempts: 4 + retry_on: error + command: | + cd /home/runner/work + git clone "https://${{ env.GH_USER }}:${{ secrets.GH_TOKEN }}@github.com/${{ env.CLUSTER_REPO }}" + cd ${{ env.SVC_CONTEXT }} + yq eval '.spec.template.spec.containers[0].image = "${{ env.REGISTRY }}/${{ env.DOCKER_REPOSITORY }}:${{needs.getBranch_and_commitHash.outputs.output1}}-${{needs.getBranch_and_commitHash.outputs.output2}}"' -i deployment.yaml + cd ${{ env.REPO_CONTEXT }} + git config --global user.email ${{ env.GIT_USER_EMAIL }} + git config --global user.name ${{ env.GIT_USER_NAME }} + git add ${{ env.SVC_CONTEXT}}/deployment.yaml + git commit -m "Updated Image Version." + git push + + - name: Synk ArgoCD app + run: | + argocd login ${{ secrets.ARGOCD_SERVER }} --username ${{ secrets.ARGOCD_USER }} --password ${{ secrets.ARGOCD_PASSWORD }} --insecure --grpc-web + argocd app sync ${{ env.ARGOCD_APP }} --grpc-web \ No newline at end of file diff --git a/.github/workflows/users-api-workflow.yml b/.github/workflows/users-api-workflow.yml index d881dd32..a74f901d 100644 --- a/.github/workflows/users-api-workflow.yml +++ b/.github/workflows/users-api-workflow.yml @@ -1,19 +1,151 @@ -name: Users API Workflow +name: Auth API Workflow on: push: - branches: [ "master" ] - pull_request: - branches: [ "master" ] - + branches: [ "ci/cd_workflows" ] + paths: + - 'users-api/**' + +env: + REGISTRY: 859047589462.dkr.ecr.us-east-1.amazonaws.com + DOCKER_REPOSITORY: sample-microsvc-app-users-api + CLUSTER_REPO: https://github.com/CelestialSystem/mcs-poc-001-k8s.git + + +permissions: + contents: read + packages: write + id-token: write + security-events: write jobs: + + getBranch_and_commitHash: + runs-on: ubuntu-latest - build: + outputs: + output1: ${{ steps.branch.outputs.git_branch }} + output2: ${{ steps.hash.outputs.git_hash }} + steps: + - name: Get Branch + id: branch + run: echo "::set-output name=git_branch::${GITHUB_REF#refs/heads/}" + - name: Get Hash + id: hash + run: echo "::set-output name=git_hash::$(echo $GITHUB_SHA | cut -c1-7)" + + build_and_push: + runs-on: ubuntu-latest + needs: getBranch_and_commitHash steps: - - uses: actions/checkout@v3 + - name: Checkout code + uses: actions/checkout@v3 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-1 + + + - name: Login to AWS ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + - name: Build the Docker image working-directory: users-api - run: docker build . --file Dockerfile --tag sample-app-auth-api:${GITHUB_REF##*/}-${GITHUB_SHA} + run: docker build . --file Dockerfile --tag $REGISTRY/$DOCKER_REPOSITORY:${{needs.getBranch_and_commitHash.outputs.output1}}-${{needs.getBranch_and_commitHash.outputs.output2}} + + - name: Push image to Amazon ECR + run: | + docker push $REGISTRY/$DOCKER_REPOSITORY:${{needs.getBranch_and_commitHash.outputs.output1}}-${{needs.getBranch_and_commitHash.outputs.output2}} + + testDockerImage: + runs-on: ubuntu-latest + needs: [getBranch_and_commitHash, build_and_push] + + steps: + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-east-1 + + - name: Login to AWS ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - name: Pull Docker Image + run: | + docker pull ${{ env.REGISTRY }}/${{ env.DOCKER_REPOSITORY }}:${{needs.getBranch_and_commitHash.outputs.output1}}-${{needs.getBranch_and_commitHash.outputs.output2}} + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: ${{ env.REGISTRY }}/${{ env.DOCKER_REPOSITORY }}:${{needs.getBranch_and_commitHash.outputs.output1}}-${{needs.getBranch_and_commitHash.outputs.output2}} + format: 'sarif' + output: 'trivy-results-docker.sarif' + severity: 'CRITICAL,HIGH' + + - name: Debug output + run: | + echo "#########TRIVY################" + cat trivy-results-docker.sarif + + - name: Upload Trivy scan results to Github security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results-docker.sarif' + + + deployToDevEnv: + + runs-on: ubuntu-latest + needs: [getBranch_and_commitHash, build_and_push, testDockerImage] + env: + GH_USER: div1127 + CLUSTER_REPO: CelestialSystem/mcs-poc-001-k8s.git + GIT_USER_EMAIL: d.srivastav@celestialsys.com + GIT_USER_NAME: Divyansh Srivastav + ARGOCD_APP: users-api-service + REPO_CONTEXT: /home/runner/work/mcs-poc-001-k8s + SVC_CONTEXT: /home/runner/work/mcs-poc-001-k8s/k8s/users-api + + + steps: + + - name: Install yq (YAML Processor) & Git + run: | + sudo add-apt-repository ppa:rmescandon/yq + sudo apt update + sudo apt install yq git -y + - name: Install ArgoCD CLI + run: | + curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64 + sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd + rm argocd-linux-amd64 + - name: GitOps - Update deployment repository with new Image Version + uses: nick-fields/retry@v2 + with: + timeout_minutes: 10 + max_attempts: 4 + retry_on: error + command: | + cd /home/runner/work + git clone "https://${{ env.GH_USER }}:${{ secrets.GH_TOKEN }}@github.com/${{ env.CLUSTER_REPO }}" + cd ${{ env.SVC_CONTEXT }} + yq eval '.spec.template.spec.containers[0].image = "${{ env.REGISTRY }}/${{ env.DOCKER_REPOSITORY }}:${{needs.getBranch_and_commitHash.outputs.output1}}-${{needs.getBranch_and_commitHash.outputs.output2}}"' -i deployment.yaml + cd ${{ env.REPO_CONTEXT }} + git config --global user.email ${{ env.GIT_USER_EMAIL }} + git config --global user.name ${{ env.GIT_USER_NAME }} + git add ${{ env.SVC_CONTEXT}}/deployment.yaml + git commit -m "Updated Image Version." + git push + + - name: Synk ArgoCD app + run: | + argocd login ${{ secrets.ARGOCD_SERVER }} --username ${{ secrets.ARGOCD_USER }} --password ${{ secrets.ARGOCD_PASSWORD }} --insecure --grpc-web \ No newline at end of file From 2ee805672a6a6aad4b38ca6ba12e10dbaf0a8c65 Mon Sep 17 00:00:00 2001 From: hemanth-3 <98961835+hemanth-3@users.noreply.github.com> Date: Fri, 24 Feb 2023 16:54:13 +0530 Subject: [PATCH 6/9] updated the branch name --- .github/workflows/auth-api-workflow.yml | 2 +- .github/workflows/frontend-workflow.yml | 2 +- .github/workflows/log-message-processor-workflow.yml | 2 +- .github/workflows/todos-api-workflow.yml | 2 +- .github/workflows/users-api-workflow.yml | 2 +- auth-api/Dockerfile | 4 ++-- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/auth-api-workflow.yml b/.github/workflows/auth-api-workflow.yml index eeb6cb5f..393bf241 100644 --- a/.github/workflows/auth-api-workflow.yml +++ b/.github/workflows/auth-api-workflow.yml @@ -2,7 +2,7 @@ name: Auth API Workflow on: push: - branches: [ "ci/cd_workflows" ] + branches: [ "ci_cd_workflows" ] paths: - 'auth-api/**' diff --git a/.github/workflows/frontend-workflow.yml b/.github/workflows/frontend-workflow.yml index 2f9abeeb..47b1cb6c 100644 --- a/.github/workflows/frontend-workflow.yml +++ b/.github/workflows/frontend-workflow.yml @@ -2,7 +2,7 @@ name: Auth API Workflow on: push: - branches: [ "ci/cd_workflows" ] + branches: [ "ci_cd_workflows" ] paths: - 'frontend/**' diff --git a/.github/workflows/log-message-processor-workflow.yml b/.github/workflows/log-message-processor-workflow.yml index 292529e0..a4423aca 100644 --- a/.github/workflows/log-message-processor-workflow.yml +++ b/.github/workflows/log-message-processor-workflow.yml @@ -2,7 +2,7 @@ name: Auth API Workflow on: push: - branches: [ "ci/cd_workflows" ] + branches: [ "ci_cd_workflows" ] paths: - 'log-message-processor/**' diff --git a/.github/workflows/todos-api-workflow.yml b/.github/workflows/todos-api-workflow.yml index bd93cd92..cfd700af 100644 --- a/.github/workflows/todos-api-workflow.yml +++ b/.github/workflows/todos-api-workflow.yml @@ -2,7 +2,7 @@ name: Auth API Workflow on: push: - branches: [ "ci/cd_workflows" ] + branches: [ "ci_cd_workflows" ] paths: - 'todos-api/**' diff --git a/.github/workflows/users-api-workflow.yml b/.github/workflows/users-api-workflow.yml index a74f901d..9f9d6666 100644 --- a/.github/workflows/users-api-workflow.yml +++ b/.github/workflows/users-api-workflow.yml @@ -2,7 +2,7 @@ name: Auth API Workflow on: push: - branches: [ "ci/cd_workflows" ] + branches: [ "ci_cd_workflows" ] paths: - 'users-api/**' diff --git a/auth-api/Dockerfile b/auth-api/Dockerfile index bb5812dd..9d59b594 100644 --- a/auth-api/Dockerfile +++ b/auth-api/Dockerfile @@ -1,3 +1,4 @@ +# auth_api FROM golang:1.9-alpine EXPOSE 8081 @@ -12,5 +13,4 @@ RUN dep ensure RUN go build -o auth-api -CMD /go/src/app/auth-api - +CMD /go/src/app/auth-api \ No newline at end of file From 67f0d8a66ebcb3c00ed22f4254b7bc8120999f4b Mon Sep 17 00:00:00 2001 From: hemanth-3 <98961835+hemanth-3@users.noreply.github.com> Date: Fri, 24 Feb 2023 16:55:53 +0530 Subject: [PATCH 7/9] Update Dockerfile --- auth-api/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/auth-api/Dockerfile b/auth-api/Dockerfile index 9d59b594..219ef80f 100644 --- a/auth-api/Dockerfile +++ b/auth-api/Dockerfile @@ -1,4 +1,4 @@ -# auth_api +# auth_api_workflow FROM golang:1.9-alpine EXPOSE 8081 @@ -13,4 +13,4 @@ RUN dep ensure RUN go build -o auth-api -CMD /go/src/app/auth-api \ No newline at end of file +CMD /go/src/app/auth-api From f00667a9d718796e704087b0b2490cde886b6373 Mon Sep 17 00:00:00 2001 From: hemanth-3 <98961835+hemanth-3@users.noreply.github.com> Date: Fri, 24 Feb 2023 16:57:59 +0530 Subject: [PATCH 8/9] Update auth-api-workflow.yml --- .github/workflows/auth-api-workflow.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/auth-api-workflow.yml b/.github/workflows/auth-api-workflow.yml index 393bf241..a5f4f029 100644 --- a/.github/workflows/auth-api-workflow.yml +++ b/.github/workflows/auth-api-workflow.yml @@ -2,7 +2,7 @@ name: Auth API Workflow on: push: - branches: [ "ci_cd_workflows" ] + branches: [ "ci_cd_workflow" ] paths: - 'auth-api/**' @@ -149,4 +149,4 @@ jobs: - name: Synk ArgoCD app run: | argocd login ${{ secrets.ARGOCD_SERVER }} --username ${{ secrets.ARGOCD_USER }} --password ${{ secrets.ARGOCD_PASSWORD }} --insecure --grpc-web - argocd app sync ${{ env.ARGOCD_APP }} --grpc-web \ No newline at end of file + argocd app sync ${{ env.ARGOCD_APP }} --grpc-web From afbe10f1ead4fc4b889f8bf454cafba250672dd9 Mon Sep 17 00:00:00 2001 From: hemanth-3 <98961835+hemanth-3@users.noreply.github.com> Date: Fri, 24 Feb 2023 16:59:52 +0530 Subject: [PATCH 9/9] updated the path --- .github/workflows/frontend-workflow.yml | 2 +- .github/workflows/log-message-processor-workflow.yml | 2 +- .github/workflows/todos-api-workflow.yml | 2 +- .github/workflows/users-api-workflow.yml | 2 +- auth-api/Dockerfile | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/frontend-workflow.yml b/.github/workflows/frontend-workflow.yml index 47b1cb6c..e7050669 100644 --- a/.github/workflows/frontend-workflow.yml +++ b/.github/workflows/frontend-workflow.yml @@ -2,7 +2,7 @@ name: Auth API Workflow on: push: - branches: [ "ci_cd_workflows" ] + branches: [ "ci_cd_workflow" ] paths: - 'frontend/**' diff --git a/.github/workflows/log-message-processor-workflow.yml b/.github/workflows/log-message-processor-workflow.yml index a4423aca..5fabec1d 100644 --- a/.github/workflows/log-message-processor-workflow.yml +++ b/.github/workflows/log-message-processor-workflow.yml @@ -2,7 +2,7 @@ name: Auth API Workflow on: push: - branches: [ "ci_cd_workflows" ] + branches: [ "ci_cd_workflow" ] paths: - 'log-message-processor/**' diff --git a/.github/workflows/todos-api-workflow.yml b/.github/workflows/todos-api-workflow.yml index cfd700af..1f8758bd 100644 --- a/.github/workflows/todos-api-workflow.yml +++ b/.github/workflows/todos-api-workflow.yml @@ -2,7 +2,7 @@ name: Auth API Workflow on: push: - branches: [ "ci_cd_workflows" ] + branches: [ "ci_cd_workflow" ] paths: - 'todos-api/**' diff --git a/.github/workflows/users-api-workflow.yml b/.github/workflows/users-api-workflow.yml index 9f9d6666..d0f32d5b 100644 --- a/.github/workflows/users-api-workflow.yml +++ b/.github/workflows/users-api-workflow.yml @@ -2,7 +2,7 @@ name: Auth API Workflow on: push: - branches: [ "ci_cd_workflows" ] + branches: [ "ci_cd_workflow" ] paths: - 'users-api/**' diff --git a/auth-api/Dockerfile b/auth-api/Dockerfile index 219ef80f..bf8bb220 100644 --- a/auth-api/Dockerfile +++ b/auth-api/Dockerfile @@ -1,4 +1,4 @@ -# auth_api_workflow +# auth_api_workflow. FROM golang:1.9-alpine EXPOSE 8081