Skip to content

Commit

Permalink
update cicd to personal aws account, add ssm
Browse files Browse the repository at this point in the history
  • Loading branch information
pspalmirasara committed Aug 14, 2024
1 parent 3216e7d commit 4cfc3d6
Show file tree
Hide file tree
Showing 4 changed files with 52 additions and 87 deletions.
104 changes: 39 additions & 65 deletions .github/workflows/ci-cd-pipeline.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,19 +4,17 @@ on:
pull_request:
types: [opened, synchronize, reopened]
branches:
- master
- main
push:
branches:
- master
- main

permissions:
contents: write

env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS-SESSION-TOKEN: ${{ secrets.AWS_SESSION_TOKEN }}
AWS_REGION: ${{ vars.AWS_REGION }}

jobs:
ci:
Expand Down Expand Up @@ -75,106 +73,82 @@ jobs:
echo "$OUTPUT"
fi
- name: Test
run: go test ./...

build-and-deploy:
name: Continuous Delivery Pipeline
name: CD Pipeline - Continuous Delivery Pipeline
runs-on: ubuntu-latest
if: github.event_name == 'push'
steps:
- name: Set short git commit SHA
id: commit
uses: prompt/actions-commit-hash@v2

- name: Checkout code
uses: actions/checkout@v4

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
uses: docker/setup-buildx-action@v1

- name: Set up AWS credentials
uses: aws-actions/configure-aws-credentials@v4
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-session-token: ${{ secrets.AWS_SESSION_TOKEN }}
aws-region: ${{ vars.AWS_REGION }}

- name: Login to Amazon ECR
uses: aws-actions/amazon-ecr-login@v2

- name: Bump version and push tag
id: tag_version
uses: mathieudutour/[email protected]
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1

- name: Build, tag, and push Docker image to Amazon ECR
env:
ECR_REGISTRY: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ vars.AWS_REGION }}.amazonaws.com
ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY }}
IMAGE_TAG: ${{ steps.tag_version.outputs.new_tag }}
ECR_REPOSITORY: ${{ vars.SERVICE_NAME }}
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
IMAGE_TAG: ${{ steps.commit.outputs.short }}
run: |
IMAGE_URI="$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
docker build -t $IMAGE_URI .
docker push $IMAGE_URI
echo "IMAGE_URI=$IMAGE_URI" >> $GITHUB_ENV
- name: Update Kubernetes configuration
env:
SERVICE_NAME: ${{ vars.SERVICE_NAME }}
JWT_SECRET: ${{ secrets.JWT_SECRET }}
JWT_ISSUER: ${{ secrets.JWT_ISSUER }}
run: |
DB_NAME=$(aws ssm get-parameter --name "/$SERVICE_NAME/db_name" --with-decryption --output json | jq '.Parameter | .Value')
DB_HOST=$(aws ssm get-parameter --name "/$SERVICE_NAME/db_host" --with-decryption --output json | jq '.Parameter | .Value')
DB_USERNAME=$(aws ssm get-parameter --name "/$SERVICE_NAME/db_username" --with-decryption --output json | jq '.Parameter | .Value')
DB_PASSWORD=$(aws ssm get-parameter --name "/$SERVICE_NAME/db_password" --with-decryption --output json | jq '.Parameter | .Value')
sed -i 's|placeholder_repository_name|'"$IMAGE_URI"'|' ./infra/golang-app-deployment.yaml
cat ./infra/golang-app-deployment.yaml
sed -i 's|aws_ssm_db_name|'"$DB_NAME"'|' ./infra/configmap.yaml
sed -i 's|aws_ssm_db_host|'"$DB_HOST"'|' ./infra/configmap.yaml
sed -i 's|aws_ssm_db_username|'"$DB_USERNAME"'|' ./infra/secrets.yaml
sed -i 's|aws_ssm_db_password|'"$DB_PASSWORD"'|' ./infra/secrets.yaml
sed -i 's|git_hub_secrets_jwt_secret|'"$JWT_SECRET"'|' ./infra/secrets.yaml
sed -i 's|git_hub_secrets_jwt_issuer|'"$JWT_ISSUER"'|' ./infra/secrets.yaml
- name: Install kubectl
run: |
curl -LO "https://dl.k8s.io/release/$(curl -sSL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
chmod +x kubectl
sudo mv kubectl /usr/local/bin/
- name: Update kube config
run: aws eks update-kubeconfig --name ${{ vars.AWS_EKS_CLUSTER_NAME }} --region ${{ vars.AWS_REGION }}
- name: Create Kubernetes secret
run: |
kubectl create secret generic secret-customer-service \
--from-literal=POSTGRES_USER=${{ secrets.POSTGRES_USER }} \
--from-literal=POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }} \
--from-literal=JWT_SECRET=${{ secrets.JWT_SECRET }} \
--from-literal=JWT_ISSUER=${{ secrets.JWT_ISSUER }} \
--dry-run=client -o yaml | kubectl apply -f -
- name: Create Kubernetes configmap
run: |
kubectl create configmap configmap-customer-service \
--from-literal=POSTGRES_DB=${{ secrets.POSTGRES_DB }} \
--from-literal=POSTGRES_HOST=${{ secrets.POSTGRES_HOST_CUSTOMER }} \
--dry-run=client -o yaml | kubectl apply -f -
- name: Update kube config
env:
AWS_EKS_CLUSTER_NAME: ${{ vars.AWS_EKS_CLUSTER_NAME }}
AWS_REGION: ${{ vars.AWS_REGION }}
run: aws eks update-kubeconfig --name $AWS_EKS_CLUSTER_NAME --region $AWS_REGION

- name: Deploy to Kubernetes
env:
K8S_DEPLOYMENT_NAME: ${{ vars.K8S_DEPLOYMENT_NAME }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
run: |
kubectl config get-contexts
kubectl apply -f ./infra --validate=false
kubectl rollout status deployment/$K8S_DEPLOYMENT_NAME
- name: Update LoadBalancer Endpoint
run: |
LB_IP=$(kubectl get svc svc-customer-service -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
echo "LoadBalancer Endpoint: $LB_IP"
curl -L \
-X PATCH \
-H "Accept: application/vnd.github+json" \
-H "Authorization: Bearer ${{ secrets.TOKEN_GITHUB }}" \
-H "X-GitHub-Api-Version: 2022-11-28" \
https://api.github.com/orgs/Food-fusion-Fiap/actions/variables/CUSTOMER_SERVICE_ENDPOINT \
-H "Content-Type: application/json" \
-d '{"name":"CUSTOMER_SERVICE_ENDPOINT","value":"'"$LB_IP"'","visibility": "all"}'
# - name: Deploy to Kubernetes
# env:
# ECR_REGISTRY: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ vars.AWS_REGION }}.amazonaws.com
# ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY }}
# IMAGE_TAG: ${{ github.sha }}
# K8S_DEPLOYMENT_NAME: ${{ vars.K8S_DEPLOYMENT_NAME }}
# K8S_DEPLOYMENT_CONTAINER_NAME: ${{ secrets.K8S_DEPLOYMENT_CONTAINER_NAME }}
# run: |
# kubectl set image deployment/$K8S_DEPLOYMENT_NAME $K8S_DEPLOYMENT_CONTAINER_NAME=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG --record
# kubectl rollout status deployment/$K8S_DEPLOYMENT_NAME


kubectl rollout status deployment/customer-service
18 changes: 13 additions & 5 deletions .github/workflows/sonarcloud.yml → .github/workflows/sonar.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ name: SonarCloud analysis

on:
push:
branches: [ "master" ]
branches: [ "main" ]
pull_request:
branches: [ "master" ]
branches: [ "main" ]
workflow_dispatch:

permissions:
Expand All @@ -28,6 +28,12 @@ jobs:
run: |
go test -coverprofile=./cov.out ./...
# - name: Run Gosec Security Scanner
# run: |
# go get github.com/securego/gosec/cmd/gosec
# gosec -no-fail -fmt=sonarqube -out report.json ./...

- name: Analyze with SonarCloud

# You can pin the exact commit or the version.
Expand All @@ -40,18 +46,20 @@ jobs:
args:
# Unique keys of your project and organization. You can find them in SonarCloud > Information (bottom-left menu)
# mandatory
-Dsonar.projectKey=Food-fusion-Fiap_customer-service
-Dsonar.projectKey=Food-fusion-Fiap_payment-service
-Dsonar.organization=food-fusion-fiap
-Dsonar.tests=.
-Dsonar.test.inclusions=**/*_test.go
-Dsonar.sources=src/
-Dsonar.exclusions=src/infra/**,src/adapters/**,src/utils/**
-Dsonar.exclusions=src/adapters/gateways/mocks/**,src/infra/web/routes/**,**/*_mock.go,src/infra/db/repositories/**,src/infra/external/order_service_mock/mock_order_interface.go
-Dsonar.go.coverage.reportPaths=cov.out

#-Dsonar.externalIssuesReportPaths=report.json
# Comma-separated paths to directories containing main source files.
#-Dsonar.sources= # optional, default is project base directory
# Comma-separated paths to directories containing test source files.
#-Dsonar.tests= # optional. For more info about Code Coverage, please refer to https://docs.sonarcloud.io/enriching/test-coverage/overview/
# Adds more detail to both client and server-side analysis logs, activating DEBUG mode for the scanner, and adding client-side environment variables and system properties to the server-side log of analysis report processing.
#-Dsonar.verbose= # optional, default is false
# When you need the analysis to take place in a directory other than the one from which it was launched, default is .
# When you need the analysis to take place in a directory other than the one from which it was launched, default is .
projectBaseDir: .
7 changes: 0 additions & 7 deletions infra/template-dev/configmap.yaml

This file was deleted.

10 changes: 0 additions & 10 deletions infra/template-dev/secrets.yaml

This file was deleted.

0 comments on commit 4cfc3d6

Please sign in to comment.