Merge pull request #10 from Food-fusion-Fiap/remove-pgadmin-and-secrets #23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Go CI/CD | |
on: | |
pull_request: | |
types: [opened, synchronize, reopened] | |
branches: | |
- master | |
push: | |
branches: | |
- master | |
permissions: | |
contents: write | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS-SESSION-TOKEN: ${{ secrets.AWS_SESSION_TOKEN }} | |
AWS_REGION: ${{ vars.AWS_REGION }} | |
jobs: | |
ci: | |
name: CI Pipeline | |
runs-on: ubuntu-latest | |
if: github.event_name == 'pull_request' | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up Go | |
uses: actions/setup-go@v2 | |
with: | |
go-version: ^1.22.1 | |
- name: Install dependencies | |
run: go mod download | |
- name: Build | |
run: go build -o ./app . | |
- name: Format code with gofumpt | |
run: go install mvdan.cc/gofumpt@latest && gofumpt -w . | |
- name: Install golangci-lint | |
run: curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin latest | |
- name: Run golangci-lint | |
run: | | |
OUTPUT=$(golangci-lint run ./... 2>&1) || true | |
if [[ -n "$OUTPUT" ]]; then | |
echo "golangci-lint found issues:" | |
echo "$OUTPUT" | |
fi | |
- name: Install go-staticcheck | |
run: go install honnef.co/go/tools/cmd/staticcheck@latest | |
- name: Run go-staticcheck | |
run: | | |
OUTPUT=$(staticcheck ./... 2>&1) || true | |
if [[ -n "$OUTPUT" ]]; then | |
echo "golangci-lint found issues:" | |
echo "$OUTPUT" | |
fi | |
- name: Install gosec | |
run: go install github.com/securego/gosec/cmd/gosec@latest | |
- name: Run gosec | |
run: | | |
OUTPUT=$(gosec -exclude=G104 ./... 2>&1) || true | |
if [[ -n "$OUTPUT" ]]; then | |
echo "golangci-lint found issues:" | |
echo "$OUTPUT" | |
fi | |
build-and-deploy: | |
name: Continuous Delivery Pipeline | |
runs-on: ubuntu-latest | |
if: github.event_name == 'push' | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Set up AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }} | |
aws-region: ${{ vars.AWS_REGION }} | |
- name: Login to Amazon ECR | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Calculate next tag | |
id: tagger | |
run: | | |
TAG="0.1.0" # Initialize with the starting version | |
LATEST_TAG=$(git tag --sort=-v:refname | head -n 1) | |
if [ ! -z "$LATEST_TAG" ]; then | |
TAG=$(echo $LATEST_TAG | awk -F. '{$NF+=1; OFS="."; print $0}') | |
fi | |
echo "Next tag: $TAG" | |
echo "::set-output name=next_tag::$TAG" | |
- name: Build, tag, and push Docker image to Amazon ECR | |
env: | |
ECR_REGISTRY: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ vars.AWS_REGION }}.amazonaws.com | |
ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY }} | |
IMAGE_TAG: ${{ steps.tagger.outputs.next_tag }} | |
run: | | |
IMAGE_URI="$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" | |
docker build -t $IMAGE_URI . | |
docker push $IMAGE_URI | |
echo "IMAGE_URI=$IMAGE_URI" >> $GITHUB_ENV | |
- name: Update Kubernetes configuration | |
run: | | |
sed -i 's|placeholder_repository_name|'"$IMAGE_URI"'|' ./infra/golang-app-deployment.yaml | |
cat ./infra/golang-app-deployment.yaml | |
- name: Install kubectl | |
run: | | |
curl -LO "https://dl.k8s.io/release/$(curl -sSL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" | |
chmod +x kubectl | |
sudo mv kubectl /usr/local/bin/ | |
- name: Update kube config | |
run: aws eks update-kubeconfig --name ${{ vars.AWS_EKS_CLUSTER_NAME }} --region ${{ vars.AWS_REGION }} | |
- name: Create Kubernetes secret | |
run: | | |
kubectl create secret generic secret-group-18-fastfood-backend \ | |
--from-literal=POSTGRES_USER=${{ secrets.POSTGRES_USER }} \ | |
--from-literal=POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }} \ | |
--from-literal=JWT_SECRET=${{ secrets.JWT_SECRET }} \ | |
--from-literal=JWT_ISSUER=${{ secrets.JWT_ISSUER }} \ | |
--dry-run=client -o yaml | kubectl apply -f - | |
- name: Create Kubernetes configmap | |
run: | | |
kubectl create configmap configmap-group-18-fastfood-backend \ | |
--from-literal=POSTGRES_DB=${{ secrets.POSTGRES_DB }} \ | |
--from-literal=POSTGRES_HOST=${{ secrets.POSTGRES_HOST }} \ | |
--dry-run=client -o yaml | kubectl apply -f - | |
- name: Deploy to Kubernetes | |
env: | |
K8S_DEPLOYMENT_NAME: ${{ vars.K8S_DEPLOYMENT_NAME }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
run: | | |
kubectl apply -f ./infra --validate=false | |
kubectl rollout status deployment/$K8S_DEPLOYMENT_NAME | |
# - name: Deploy to Kubernetes | |
# env: | |
# ECR_REGISTRY: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ vars.AWS_REGION }}.amazonaws.com | |
# ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY }} | |
# IMAGE_TAG: ${{ github.sha }} | |
# K8S_DEPLOYMENT_NAME: ${{ vars.K8S_DEPLOYMENT_NAME }} | |
# K8S_DEPLOYMENT_CONTAINER_NAME: ${{ secrets.K8S_DEPLOYMENT_CONTAINER_NAME }} | |
# run: | | |
# kubectl set image deployment/$K8S_DEPLOYMENT_NAME $K8S_DEPLOYMENT_CONTAINER_NAME=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG --record | |
# kubectl rollout status deployment/$K8S_DEPLOYMENT_NAME | |
- name: Bump version and push tag | |
id: tag_version | |
uses: mathieudutour/[email protected] | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} |