update tag before #52

Workflow file for this run

.github/workflows/ci-cd-pipeline.yml at 8de3cea

	name: Go CI/CD

	on:
	pull_request:
	types: [opened, synchronize, reopened]
	branches:
	- master
	push:
	branches:
	- master

	permissions:
	contents: write

	env:
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	AWS-SESSION-TOKEN: ${{ secrets.AWS_SESSION_TOKEN }}
	AWS_REGION: ${{ vars.AWS_REGION }}

	jobs:
	ci:
	name: CI Pipeline
	runs-on: ubuntu-latest
	if: github.event_name == 'pull_request'

	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Set up Go
	uses: actions/setup-go@v2
	with:
	go-version: ^1.22.1

	- name: Install dependencies
	run: go mod download

	- name: Build
	run: go build -o ./app .

	- name: Format code with gofumpt
	run: go install mvdan.cc/gofumpt@latest && gofumpt -w .

	- name: Install golangci-lint
	run: curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh \| sh -s -- -b $(go env GOPATH)/bin latest

	- name: Run golangci-lint
	run: \|
	OUTPUT=$(golangci-lint run ./... 2>&1) \|\| true
	if [[ -n "$OUTPUT" ]]; then
	echo "golangci-lint found issues:"
	echo "$OUTPUT"
	fi

	- name: Install go-staticcheck
	run: go install honnef.co/go/tools/cmd/staticcheck@latest

	- name: Run go-staticcheck
	run: \|
	OUTPUT=$(staticcheck ./... 2>&1) \|\| true
	if [[ -n "$OUTPUT" ]]; then
	echo "golangci-lint found issues:"
	echo "$OUTPUT"
	fi

	- name: Install gosec
	run: go install github.com/securego/gosec/cmd/gosec@latest

	- name: Run gosec
	run: \|
	OUTPUT=$(gosec -exclude=G104 ./... 2>&1) \|\| true
	if [[ -n "$OUTPUT" ]]; then
	echo "golangci-lint found issues:"
	echo "$OUTPUT"
	fi

	build-and-deploy:
	name: Continuous Delivery Pipeline
	runs-on: ubuntu-latest
	if: github.event_name == 'push'
	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Set up AWS credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
	aws-region: ${{ vars.AWS_REGION }}

	- name: Login to Amazon ECR
	uses: aws-actions/amazon-ecr-login@v2

	- name: Bump version and push tag
	id: tag_version
	uses: mathieudutour/[email protected]
	with:
	github_token: ${{ secrets.GITHUB_TOKEN }}

	- name: Build, tag, and push Docker image to Amazon ECR
	env:
	ECR_REGISTRY: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ vars.AWS_REGION }}.amazonaws.com
	ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY }}
	IMAGE_TAG: ${{ steps.tag_version.outputs.new_tag }}
	run: \|
	IMAGE_URI="$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
	docker build -t $IMAGE_URI .
	docker push $IMAGE_URI
	echo "IMAGE_URI=$IMAGE_URI" >> $GITHUB_ENV

	- name: Update Kubernetes configuration
	run: \|
	sed -i 's\|placeholder_repository_name\|'"$IMAGE_URI"'\|' ./infra/golang-app-deployment.yaml
	cat ./infra/golang-app-deployment.yaml

	- name: Install kubectl
	run: \|
	curl -LO "https://dl.k8s.io/release/$(curl -sSL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
	chmod +x kubectl
	sudo mv kubectl /usr/local/bin/

	- name: Update kube config
	run: aws eks update-kubeconfig --name ${{ vars.AWS_EKS_CLUSTER_NAME }} --region ${{ vars.AWS_REGION }}

	- name: Create Kubernetes secret
	run: \|
	kubectl create secret generic secret-customer-service \
	--from-literal=POSTGRES_USER=${{ secrets.POSTGRES_USER }} \
	--from-literal=POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }} \
	--from-literal=JWT_SECRET=${{ secrets.JWT_SECRET }} \
	--from-literal=JWT_ISSUER=${{ secrets.JWT_ISSUER }} \
	--dry-run=client -o yaml \| kubectl apply -f -

	- name: Create Kubernetes configmap
	run: \|
	kubectl create configmap configmap-customer-service \
	--from-literal=POSTGRES_DB=${{ secrets.POSTGRES_DB }} \
	--from-literal=POSTGRES_HOST=${{ secrets.POSTGRES_HOST_CUSTOMER }} \
	--dry-run=client -o yaml \| kubectl apply -f -

	- name: Deploy to Kubernetes
	env:
	K8S_DEPLOYMENT_NAME: ${{ vars.K8S_DEPLOYMENT_NAME }}
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	run: \|
	kubectl apply -f ./infra --validate=false
	kubectl rollout status deployment/$K8S_DEPLOYMENT_NAME

	- name: Update LoadBalancer Endpoint
	run: \|
	LB_IP=$(kubectl get svc svc-customer-service -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
	echo "LoadBalancer Endpoint: $LB_IP"
	curl -L \
	-X PATCH \
	-H "Accept: application/vnd.github+json" \
	-H "Authorization: Bearer ${{ secrets.TOKEN_GITHUB }}" \
	-H "X-GitHub-Api-Version: 2022-11-28" \
	https://api.github.com/orgs/Food-fusion-Fiap/actions/variables/CUSTOMER_SERVICE_ENDPOINT \
	-H "Content-Type: application/json" \
	-d '{"name":"CUSTOMER_SERVICE_ENDPOINT","value":"'"$LB_IP"'","visibility": "all"}'

	# - name: Deploy to Kubernetes
	# env:
	# ECR_REGISTRY: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ vars.AWS_REGION }}.amazonaws.com
	# ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY }}
	# IMAGE_TAG: ${{ github.sha }}
	# K8S_DEPLOYMENT_NAME: ${{ vars.K8S_DEPLOYMENT_NAME }}
	# K8S_DEPLOYMENT_CONTAINER_NAME: ${{ secrets.K8S_DEPLOYMENT_CONTAINER_NAME }}
	# run: \|
	# kubectl set image deployment/$K8S_DEPLOYMENT_NAME $K8S_DEPLOYMENT_CONTAINER_NAME=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG --record
	# kubectl rollout status deployment/$K8S_DEPLOYMENT_NAME

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

update tag before #52

Workflow file

update tag before #52

Jobs

Run details

Workflow file for this run