update gitignore, add secrets and cofig map with ssm #62
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Go CI/CD | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| branches: | |
| - main | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: write | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| jobs: | |
| ci: | |
| name: CI Pipeline | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Go | |
| uses: actions/setup-go@v2 | |
| with: | |
| go-version: ^1.22.1 | |
| - name: Install dependencies | |
| run: go mod download | |
| - name: Build | |
| run: go build -o ./app . | |
| - name: Format code with gofumpt | |
| run: go install mvdan.cc/gofumpt@latest && gofumpt -w . | |
| - name: Install golangci-lint | |
| run: curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin latest | |
| - name: Run golangci-lint | |
| run: | | |
| OUTPUT=$(golangci-lint run ./... 2>&1) || true | |
| if [[ -n "$OUTPUT" ]]; then | |
| echo "golangci-lint found issues:" | |
| echo "$OUTPUT" | |
| fi | |
| - name: Install go-staticcheck | |
| run: go install honnef.co/go/tools/cmd/staticcheck@latest | |
| - name: Run go-staticcheck | |
| run: | | |
| OUTPUT=$(staticcheck ./... 2>&1) || true | |
| if [[ -n "$OUTPUT" ]]; then | |
| echo "golangci-lint found issues:" | |
| echo "$OUTPUT" | |
| fi | |
| - name: Install gosec | |
| run: go install github.com/securego/gosec/cmd/gosec@latest | |
| - name: Run gosec | |
| run: | | |
| OUTPUT=$(gosec -exclude=G104 ./... 2>&1) || true | |
| if [[ -n "$OUTPUT" ]]; then | |
| echo "golangci-lint found issues:" | |
| echo "$OUTPUT" | |
| fi | |
| - name: Test | |
| run: go test ./... | |
| build-and-deploy: | |
| name: CD Pipeline - Continuous Delivery Pipeline | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' | |
| steps: | |
| - name: Set short git commit SHA | |
| id: commit | |
| uses: prompt/actions-commit-hash@v2 | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v1 | |
| - name: Set up AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ vars.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Build, tag, and push Docker image to Amazon ECR | |
| env: | |
| ECR_REPOSITORY: ${{ vars.SERVICE_NAME }} | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| IMAGE_TAG: ${{ steps.commit.outputs.short }} | |
| run: | | |
| IMAGE_URI="$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" | |
| docker build -t $IMAGE_URI . | |
| docker push $IMAGE_URI | |
| echo "IMAGE_URI=$IMAGE_URI" >> $GITHUB_ENV | |
| - name: Update Kubernetes configuration | |
| env: | |
| SERVICE_NAME: ${{ vars.SERVICE_NAME }} | |
| JWT_SECRET: ${{ secrets.JWT_SECRET }} | |
| JWT_ISSUER: ${{ secrets.JWT_ISSUER }} | |
| run: | | |
| DB_NAME=$(aws ssm get-parameter --name "/$SERVICE_NAME/db_name" --with-decryption --output json | jq '.Parameter | .Value') | |
| DB_HOST=$(aws ssm get-parameter --name "/$SERVICE_NAME/db_host" --with-decryption --output json | jq '.Parameter | .Value') | |
| DB_USERNAME=$(aws ssm get-parameter --name "/$SERVICE_NAME/db_username" --with-decryption --output json | jq '.Parameter | .Value') | |
| DB_PASSWORD=$(aws ssm get-parameter --name "/$SERVICE_NAME/db_password" --with-decryption --output json | jq '.Parameter | .Value') | |
| sed -i 's|placeholder_repository_name|'"$IMAGE_URI"'|' ./infra/golang-app-deployment.yaml | |
| sed -i 's|aws_ssm_db_name|'"$DB_NAME"'|' ./infra/configmap.yaml | |
| sed -i 's|aws_ssm_db_host|'"$DB_HOST"'|' ./infra/configmap.yaml | |
| sed -i 's|aws_ssm_db_username|'"$DB_USERNAME"'|' ./infra/secrets.yaml | |
| sed -i 's|aws_ssm_db_password|'"$DB_PASSWORD"'|' ./infra/secrets.yaml | |
| sed -i 's|git_hub_secrets_jwt_secret|'"$JWT_SECRET"'|' ./infra/secrets.yaml | |
| sed -i 's|git_hub_secrets_jwt_issuer|'"$JWT_ISSUER"'|' ./infra/secrets.yaml | |
| - name: Install kubectl | |
| run: | | |
| curl -LO "https://dl.k8s.io/release/$(curl -sSL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" | |
| chmod +x kubectl | |
| sudo mv kubectl /usr/local/bin/ | |
| - name: Update kube config | |
| env: | |
| AWS_EKS_CLUSTER_NAME: ${{ vars.AWS_EKS_CLUSTER_NAME }} | |
| AWS_REGION: ${{ vars.AWS_REGION }} | |
| run: aws eks update-kubeconfig --name $AWS_EKS_CLUSTER_NAME --region $AWS_REGION | |
| - name: Deploy to Kubernetes | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| run: | | |
| kubectl config get-contexts | |
| kubectl apply -f ./infra --validate=false | |
| kubectl rollout status deployment/customer-service |