diff --git a/.github/workflows/example-build-deploy-python-google.yml b/.github/workflows/example-build-deploy-python-google.yml new file mode 100644 index 0000000..22b85f6 --- /dev/null +++ b/.github/workflows/example-build-deploy-python-google.yml @@ -0,0 +1,245 @@ +name: Build and Deploy Python to Kubernetes on Google Cloud + +on: + push: + branches: [trunk] +## Adding a path filter will only trigger the workflow if the files in the path are modified. +## This is very useful if you have a monorepo structure. +## See https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore for more information. +## +# paths: +# - 'applications/my-app/**' +## +# pull_request: +# branches: [trunk] + +env: + SYSTEM_NAME: 'core' + APPLICATION_NAME: 'demo-api-python' + PROJECT_FILE: 'applications/demo-api-python/uv.lock' + HELM_VALUES_FILE: '.github/deploy/values-demo-api-python.yml' + +jobs: + analyze: + name: Analyze + runs-on: elvia-runner + permissions: + actions: read + contents: read + security-events: write + # Limits the number of concurrent runs of this job to one, and cancels any in progress. + concurrency: + group: '${{ github.workflow }}-${{ github.ref }}-analyze' + cancel-in-progress: true + steps: +# START REMOVE FROM EXAMPLE + - name: Get GitHub App token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ vars.GH_APP_ID }} + owner: ${{ github.repository_owner }} + private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} + repositories: 'core' + + - name: Checkout core repository + uses: actions/checkout@v4 + id: checkout + with: + repository: '3lvia/core' + token: ${{ steps.app-token.outputs.token }} +# END REMOVE FROM EXAMPLE + - uses: 3lvia/core-github-actions-templates/analyze@trunk + with: + # This can be set to a more specific path if you want to analyze only a part of the repository. + working-directory: '.' + language: 'python' +# START REMOVE FROM EXAMPLE + checkout: 'false' + upload-results: 'false' +# END REMOVE FROM EXAMPLE + + build-scan: + name: Build and Scan + runs-on: elvia-runner + permissions: + actions: read + contents: write + id-token: write + pull-requests: write + security-events: write + # Limits the number of concurrent runs of this job to one, and cancels any in progress. + concurrency: + group: '${{ github.workflow }}-${{ github.ref }}-build-scan' + cancel-in-progress: true + environment: build + steps: +# START REMOVE FROM EXAMPLE + - name: Get GitHub App token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ vars.GH_APP_ID }} + owner: ${{ github.repository_owner }} + private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} + repositories: 'core' + + - name: Checkout core repository + uses: actions/checkout@v4 + with: + repository: '3lvia/core' + token: ${{ steps.app-token.outputs.token }} +# END REMOVE FROM EXAMPLE + - uses: 3lvia/core-github-actions-templates/build@trunk + with: + name: ${{ env.APPLICATION_NAME }} + namespace: ${{ env.SYSTEM_NAME }} + project-file: ${{ env.PROJECT_FILE }} + trivy-upload-report: 'false' + trivy-post-comment: 'true' + AZURE_CLIENT_ID: ${{ vars.ACR_CLIENT_ID }} +# START REMOVE FROM EXAMPLE + checkout: 'false' +# END REMOVE FROM EXAMPLE + + deploy-dev: + name: Deploy Dev + # Require all jobs below to be successful before running this job. + # Any of these can be commented out or removed if you want to deploy anyway. + needs: + - build-scan + - analyze + runs-on: elvia-runner + permissions: + contents: read + id-token: write + # Limits the number of concurrent runs of this job to one, but DOES NOT cancel any in progress. + concurrency: + group: '${{ github.workflow }}-${{ github.ref }}-deploy-dev' + environment: dev + steps: +# START REMOVE FROM EXAMPLE + - name: Get GitHub App token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ vars.GH_APP_ID }} + owner: ${{ github.repository_owner }} + private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} + repositories: 'core' + + - name: Checkout core repository + uses: actions/checkout@v4 + with: + repository: '3lvia/core' + token: ${{ steps.app-token.outputs.token }} +# END REMOVE FROM EXAMPLE + - uses: 3lvia/core-github-actions-templates/deploy@trunk + with: + name: ${{ env.APPLICATION_NAME }} + namespace: ${{ env.SYSTEM_NAME }} + environment: 'dev' + helm-values-file: ${{ env.HELM_VALUES_FILE }} + runtime-cloud-provider: 'GKE' + # Will post to the Slack channel of your system if the deployment fails. + # Can be commented out if you don't want this. + slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts' + GC_SERVICE_ACCOUNT: ${{ vars.GC_SERVICE_ACCOUNT }} + GC_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GC_WORKLOAD_IDENTITY_PROVIDER }} +# START REMOVE FROM EXAMPLE + checkout: 'false' +# END REMOVE FROM EXAMPLE + + deploy-test: + name: Deploy Test + # Only deploy to test after dev + needs: [deploy-dev] + runs-on: elvia-runner + permissions: + contents: read + id-token: write + # Limits the number of concurrent runs of this job to one, but DOES NOT cancel any in progress. + concurrency: + group: '${{ github.workflow }}-${{ github.ref }}-deploy-test' + environment: test + # Only on push to trunk + if: github.ref == 'refs/heads/trunk' + steps: +# START REMOVE FROM EXAMPLE + - name: Get GitHub App token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ vars.GH_APP_ID }} + owner: ${{ github.repository_owner }} + private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} + repositories: 'core' + + - name: Checkout core repository + uses: actions/checkout@v4 + with: + repository: '3lvia/core' + token: ${{ steps.app-token.outputs.token }} +# END REMOVE FROM EXAMPLE + - uses: 3lvia/core-github-actions-templates/deploy@trunk + with: + name: ${{ env.APPLICATION_NAME }} + namespace: ${{ env.SYSTEM_NAME }} + environment: 'test' + helm-values-file: ${{ env.HELM_VALUES_FILE }} + runtime-cloud-provider: 'GKE' + # Will post to the Slack channel of your system if the deployment fails. + # Can be commented out if you don't want this. + slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts' + GC_SERVICE_ACCOUNT: ${{ vars.GC_SERVICE_ACCOUNT }} + GC_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GC_WORKLOAD_IDENTITY_PROVIDER }} +# START REMOVE FROM EXAMPLE + checkout: 'false' +# END REMOVE FROM EXAMPLE + + deploy-prod: + name: Deploy Prod + # Only deploy to prod after test + needs: [deploy-test] + runs-on: elvia-runner + permissions: + contents: read + id-token: write + # Limits the number of concurrent runs of this job to one, but DOES NOT cancel any in progress. + concurrency: + group: '${{ github.workflow }}-${{ github.ref }}-deploy-prod' + environment: prod + # Only on push to trunk + if: github.ref == 'refs/heads/trunk' + steps: +# START REMOVE FROM EXAMPLE + - name: Get GitHub App token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ vars.GH_APP_ID }} + owner: ${{ github.repository_owner }} + private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} + repositories: 'core' + + - name: Checkout core repository + uses: actions/checkout@v4 + with: + repository: '3lvia/core' + token: ${{ steps.app-token.outputs.token }} +# END REMOVE FROM EXAMPLE + - uses: 3lvia/core-github-actions-templates/deploy@trunk + with: + name: ${{ env.APPLICATION_NAME }} + namespace: ${{ env.SYSTEM_NAME }} + environment: 'prod' + helm-values-file: ${{ env.HELM_VALUES_FILE }} + runtime-cloud-provider: 'GKE' + # Will post to the Slack channel of your system if the deployment fails. + # Can be commented out if you don't want this. + slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts' + GC_SERVICE_ACCOUNT: ${{ vars.GC_SERVICE_ACCOUNT }} + GC_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GC_WORKLOAD_IDENTITY_PROVIDER }} +# START REMOVE FROM EXAMPLE + checkout: 'false' +# END REMOVE FROM EXAMPLE diff --git a/.github/workflows/example-build-deploy-python.yml b/.github/workflows/example-build-deploy-python.yml new file mode 100644 index 0000000..e7abe94 --- /dev/null +++ b/.github/workflows/example-build-deploy-python.yml @@ -0,0 +1,239 @@ +name: Build and Deploy Python to Kubernetes + +on: + push: + branches: [trunk] +## Adding a path filter will only trigger the workflow if the files in the path are modified. +## This is very useful if you have a monorepo structure. +## See https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore for more information. +## +# paths: +# - 'applications/my-app/**' +## +# pull_request: +# branches: [trunk] + +env: + SYSTEM_NAME: 'core' + APPLICATION_NAME: 'demo-api-python' + PROJECT_FILE: 'applications/demo-api-python/uv.lock' + HELM_VALUES_FILE: '.github/deploy/values-demo-api-python.yml' + +jobs: + analyze: + name: Analyze + runs-on: elvia-runner + permissions: + actions: read + contents: read + security-events: write + # Limits the number of concurrent runs of this job to one, and cancels any in progress. + concurrency: + group: '${{ github.workflow }}-${{ github.ref }}-analyze' + cancel-in-progress: true + steps: +# START REMOVE FROM EXAMPLE + - name: Get GitHub App token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ vars.GH_APP_ID }} + owner: ${{ github.repository_owner }} + private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} + repositories: 'core' + + - name: Checkout core repository + uses: actions/checkout@v4 + id: checkout + with: + repository: '3lvia/core' + token: ${{ steps.app-token.outputs.token }} +# END REMOVE FROM EXAMPLE + - uses: 3lvia/core-github-actions-templates/analyze@trunk + with: + # This can be set to a more specific path if you want to analyze only a part of the repository. + working-directory: '.' + language: 'python' +# START REMOVE FROM EXAMPLE + checkout: 'false' + upload-results: 'false' +# END REMOVE FROM EXAMPLE + + build-scan: + name: Build and Scan + runs-on: elvia-runner + permissions: + actions: read + contents: write + id-token: write + pull-requests: write + security-events: write + # Limits the number of concurrent runs of this job to one, and cancels any in progress. + concurrency: + group: '${{ github.workflow }}-${{ github.ref }}-build-scan' + cancel-in-progress: true + environment: build + steps: +# START REMOVE FROM EXAMPLE + - name: Get GitHub App token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ vars.GH_APP_ID }} + owner: ${{ github.repository_owner }} + private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} + repositories: 'core' + + - name: Checkout core repository + uses: actions/checkout@v4 + with: + repository: '3lvia/core' + token: ${{ steps.app-token.outputs.token }} +# END REMOVE FROM EXAMPLE + - uses: 3lvia/core-github-actions-templates/build@trunk + with: + name: ${{ env.APPLICATION_NAME }} + namespace: ${{ env.SYSTEM_NAME }} + project-file: ${{ env.PROJECT_FILE }} + trivy-upload-report: 'false' + trivy-post-comment: 'true' + AZURE_CLIENT_ID: ${{ vars.ACR_CLIENT_ID }} +# START REMOVE FROM EXAMPLE + checkout: 'false' +# END REMOVE FROM EXAMPLE + + deploy-dev: + name: Deploy Dev + # Require all jobs below to be successful before running this job. + # Any of these can be commented out or removed if you want to deploy anyway. + needs: + - build-scan + - analyze + runs-on: elvia-runner + permissions: + contents: read + id-token: write + # Limits the number of concurrent runs of this job to one, but DOES NOT cancel any in progress. + concurrency: + group: '${{ github.workflow }}-${{ github.ref }}-deploy-dev' + environment: dev + steps: +# START REMOVE FROM EXAMPLE + - name: Get GitHub App token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ vars.GH_APP_ID }} + owner: ${{ github.repository_owner }} + private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} + repositories: 'core' + + - name: Checkout core repository + uses: actions/checkout@v4 + with: + repository: '3lvia/core' + token: ${{ steps.app-token.outputs.token }} +# END REMOVE FROM EXAMPLE + - uses: 3lvia/core-github-actions-templates/deploy@trunk + with: + name: ${{ env.APPLICATION_NAME }} + namespace: ${{ env.SYSTEM_NAME }} + environment: 'dev' + helm-values-file: ${{ env.HELM_VALUES_FILE }} + # Will post to the Slack channel of your system if the deployment fails. + # Can be commented out if you don't want this. + slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts' + AZURE_CLIENT_ID: ${{ vars.AKS_CLIENT_ID }} +# START REMOVE FROM EXAMPLE + checkout: 'false' +# END REMOVE FROM EXAMPLE + + deploy-test: + name: Deploy Test + # Only deploy to test after dev + needs: [deploy-dev] + runs-on: elvia-runner + permissions: + contents: read + id-token: write + # Limits the number of concurrent runs of this job to one, but DOES NOT cancel any in progress. + concurrency: + group: '${{ github.workflow }}-${{ github.ref }}-deploy-test' + environment: test + # Only on push to trunk + if: github.ref == 'refs/heads/trunk' + steps: +# START REMOVE FROM EXAMPLE + - name: Get GitHub App token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ vars.GH_APP_ID }} + owner: ${{ github.repository_owner }} + private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} + repositories: 'core' + + - name: Checkout core repository + uses: actions/checkout@v4 + with: + repository: '3lvia/core' + token: ${{ steps.app-token.outputs.token }} +# END REMOVE FROM EXAMPLE + - uses: 3lvia/core-github-actions-templates/deploy@trunk + with: + name: ${{ env.APPLICATION_NAME }} + namespace: ${{ env.SYSTEM_NAME }} + environment: 'test' + helm-values-file: ${{ env.HELM_VALUES_FILE }} + # Will post to the Slack channel of your system if the deployment fails. + # Can be commented out if you don't want this. + slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts' + AZURE_CLIENT_ID: ${{ vars.AKS_CLIENT_ID }} +# START REMOVE FROM EXAMPLE + checkout: 'false' +# END REMOVE FROM EXAMPLE + + deploy-prod: + name: Deploy Prod + # Only deploy to prod after test + needs: [deploy-test] + runs-on: elvia-runner + permissions: + contents: read + id-token: write + # Limits the number of concurrent runs of this job to one, but DOES NOT cancel any in progress. + concurrency: + group: '${{ github.workflow }}-${{ github.ref }}-deploy-prod' + environment: prod + # Only on push to trunk + if: github.ref == 'refs/heads/trunk' + steps: +# START REMOVE FROM EXAMPLE + - name: Get GitHub App token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ vars.GH_APP_ID }} + owner: ${{ github.repository_owner }} + private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} + repositories: 'core' + + - name: Checkout core repository + uses: actions/checkout@v4 + with: + repository: '3lvia/core' + token: ${{ steps.app-token.outputs.token }} +# END REMOVE FROM EXAMPLE + - uses: 3lvia/core-github-actions-templates/deploy@trunk + with: + name: ${{ env.APPLICATION_NAME }} + namespace: ${{ env.SYSTEM_NAME }} + environment: 'prod' + helm-values-file: ${{ env.HELM_VALUES_FILE }} + # Will post to the Slack channel of your system if the deployment fails. + # Can be commented out if you don't want this. + slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts' + AZURE_CLIENT_ID: ${{ vars.AKS_CLIENT_ID }} +# START REMOVE FROM EXAMPLE + checkout: 'false' +# END REMOVE FROM EXAMPLE