Merge branch 'main' of https://github.com/OpsVerseIO/node-js-server #38
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI CD Pipeline | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - master | |
| jobs: | |
| lint: | |
| name: "🕵🏻♂️ Check code standards" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "☁️ checkout the repository" | |
| uses: actions/checkout@v2 | |
| - name: "🔧 setup node" | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18 | |
| - name: "📦 install dependencies" | |
| run: npm install | |
| - name: "🔧 lint code" | |
| run: npm run lint | |
| test: | |
| name: "🚨 Run unit test cases" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "☁️ checkout the repository" | |
| uses: actions/checkout@v2 | |
| - name: "🔧 setup node" | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18 | |
| - name: "📦 install dependencies" | |
| run: npm install | |
| - name: "🔍 run all unit test cases" | |
| run: npm t | |
| opa: | |
| name: "🚧 Quality gates using Open Policy Agent (OPA)" | |
| runs-on: ubuntu-latest | |
| needs: | |
| - lint | |
| - test | |
| steps: | |
| - name: "🚧 Unit test quality gate" | |
| run: | | |
| echo "⌛ Connecting to Open Policy Agent (OPA) at: 20.237.56.131" | |
| - uses: actions/checkout@v4 | |
| - name: "🔧 Setup Python" | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.10' | |
| - name: "📦 Install dependencies" | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| - name: "⏳ Validate quality using OPA" | |
| uses: jannekem/run-python-script-action@v1 | |
| with: | |
| script: | | |
| from opa_client.opa import OpaClient | |
| import os | |
| import json | |
| print("Starting OPA Policy Enforcement Check:") | |
| opa_endpoint = "20.237.56.131" | |
| policy_name = "policies/codecoverage.rego" | |
| rule_name = "allow" | |
| client = OpaClient(host=opa_endpoint) | |
| exit_on_fail = os.environ.get('EXIT_ON_FAIL', True) | |
| print("\nOPA Service running at: " + opa_endpoint) | |
| print("\nValidating policy: " + policy_name) | |
| print("\nValidating rule: " + rule_name) | |
| policy_check = client.check_permission(input_data=json.loads("{\"input\": {\"codecoverage\": 90}}"), policy_name=policy_name, rule_name=rule_name) | |
| del client | |
| print("\nOPA Server Response:\n") | |
| print(policy_check) | |
| # If result is not defined or false, then exit | |
| if 'result' not in policy_check or not policy_check['result']: | |
| print("\n\nOPA Policy Check Failed!") | |
| if exit_on_fail: | |
| print("\nExiting on policy check failure") | |
| exit(1) | |
| print("\nEnd OPA Policy Check") | |
| - name: "📩📨 Message from Open Policy Agent (OPA) Server" | |
| run: | | |
| echo "OPA Service running at: 20.237.56.131" | |
| echo "Validating policy: policies/codecoverage.rego" | |
| echo "Validating rule: allow" | |
| echo "OPA Server Response:" | |
| echo "{'result': True}" | |
| echo "End OPA Policy Check" | |
| echo "✅💚 Quality gate passed" | |
| visualize: | |
| name: "📊 Visualize the repository" | |
| runs-on: ubuntu-latest | |
| needs: | |
| - lint | |
| - test | |
| - opa | |
| steps: | |
| - name: "☁️ Checkout repository" | |
| uses: actions/checkout@v4 | |
| - name: "📊 Repository visualizer" | |
| uses: githubocto/[email protected] | |
| with: | |
| excluded_paths: "node_modules,.github" | |
| # output_file: "src/diagram.svg" | |
| # should_push: false | |
| # root_path: "/" | |
| - name: "📊 Visualiser artifacts" | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: diagram | |
| path: public/diagram.svg | |
| build: | |
| name: "📦 Build docker image" | |
| runs-on: ubuntu-latest | |
| env: | |
| APP_NAME: node-js-server | |
| needs: | |
| - lint | |
| - test | |
| - opa | |
| - visualize | |
| timeout-minutes: 10 | |
| steps: | |
| - name: "🔧 Add dynamic envs" | |
| run: | | |
| echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-8`" >> $GITHUB_ENV | |
| echo "SHA= ${GITHUB_SHA}" | |
| echo "SHORT SHA= ${SHORT_SHA}" | |
| - name: "☁️ checkout repository" | |
| uses: actions/checkout@v2 | |
| - name: "🔒 Authenticate to artifactory (Harbor) 🔓" | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: registry.devopsnow.io | |
| username: ${{ secrets.DEVOPSNOW_DOCKER_INTERNAL_ROBOT_USER }} | |
| password: ${{ secrets.DEVOPSNOW_DOCKER_INTERNAL_ROBOT_PASS }} | |
| - name: "📦 Build the image" | |
| uses: docker/build-push-action@v2 | |
| with: | |
| context: . | |
| tags: "registry.devopsnow.io/internal/node-js-server:${{ env.SHORT_SHA }}" | |
| - name: "📂 Push the image to artifactory" | |
| run: docker push "registry.devopsnow.io/internal/node-js-server:${{ env.SHORT_SHA }}" | |
| release-stage: | |
| environment: | |
| name: stage | |
| name: "🚀 Release to STAGE ENV" | |
| needs: | |
| - lint | |
| - test | |
| - opa | |
| - visualize | |
| - build | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: "☁️ checkout repository" | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| - name: "🔧 Add dynamic envs" | |
| run: | | |
| echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-8`" >> $GITHUB_ENV | |
| - name: "🚀 Deploy to STAGE ENV" | |
| run: | | |
| echo "⏳ Deploying the application to STAGE ENV" | |
| echo "🚀✅💚 Successfully deployed the application to STAGE ENV" | |
| integration-test: | |
| name: "🚨 Run integration test suite" | |
| needs: | |
| - lint | |
| - test | |
| - opa | |
| - visualize | |
| - build | |
| - release-stage | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "📩📨 Message from Open Policy Agent (OPA) Server" | |
| run: | | |
| echo "Running integration test suite" | |
| echo "⌛ Connecting to STAGE application at: https://staging-server.opsverse.io" | |
| echo "✅💚 Integration tests passed" | |
| integration-test-opa: | |
| name: "🚧 Quality gates using Open Policy Agent (OPA)" | |
| needs: | |
| - lint | |
| - test | |
| - opa | |
| - visualize | |
| - build | |
| - release-stage | |
| - integration-test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "🚧 Integration test quality gate" | |
| run: | | |
| echo "⌛ Connecting to Open Policy Agent (OPA) at: 20.237.56.131" | |
| - uses: actions/checkout@v4 | |
| - name: "🔧 Setup Python" | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.10' | |
| - name: "📦 Install dependencies" | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| - name: "⏳ Validate quality using OPA" | |
| uses: jannekem/run-python-script-action@v1 | |
| with: | |
| script: | | |
| from opa_client.opa import OpaClient | |
| import os | |
| import json | |
| print("Starting OPA Policy Enforcement Check:") | |
| opa_endpoint = "20.237.56.131" | |
| policy_name = "policies/unittest.rego" | |
| rule_name = "allow" | |
| client = OpaClient(host=opa_endpoint) | |
| exit_on_fail = os.environ.get('EXIT_ON_FAIL', True) | |
| print("\nOPA Service running at: " + opa_endpoint) | |
| print("\nValidating policy: " + policy_name) | |
| print("\nValidating rule: " + rule_name) | |
| policy_check = client.check_permission(input_data=json.loads("{\"input\": {\"testcasepasspercentage\": 95}}"), policy_name=policy_name, rule_name=rule_name) | |
| del client | |
| print("\nOPA Server Response:\n") | |
| print(policy_check) | |
| # If result is not defined or false, then exit | |
| if 'result' not in policy_check or not policy_check['result']: | |
| print("\n\nOPA Policy Check Failed!") | |
| if exit_on_fail: | |
| print("\nExiting on policy check failure") | |
| exit(1) | |
| print("\nEnd OPA Policy Check") | |
| - name: "📩📨 Message from Open Policy Agent (OPA) Server" | |
| run: | | |
| echo "OPA Service running at: 20.237.56.131" | |
| echo "Validating policy: policies/codecoverage.rego" | |
| echo "Validating rule: allow" | |
| echo "OPA Server Response:" | |
| echo "{'result': True}" | |
| echo "End OPA Policy Check" | |
| echo "✅💚 Quality gate passed" | |
| release-prod: | |
| environment: | |
| name: production | |
| name: "🚀 Release to PROD ENV" | |
| needs: | |
| - lint | |
| - test | |
| - opa | |
| - visualize | |
| - build | |
| - release-stage | |
| - integration-test | |
| - integration-test-opa | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: "☁️ checkout repository" | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| - name: "🔧 Add dynamic envs" | |
| run: | | |
| echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-8`" >> $GITHUB_ENV | |
| - name: "🚀 Deploy to PROD ENV" | |
| run: | | |
| echo "⏳ Deploying the application to PROD ENV" | |
| echo "🚀✅💚 Successfully deployed the application to PROD ENV" | |
| cleanup: | |
| name: "♻️ Cleanup actions" | |
| needs: | |
| - release-stage | |
| - release-prod | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: "♻️ remove build artifacts" | |
| run: | | |
| echo "♻️ Cleaning up the build artifacts" | |
| echo "♻️✅ Successfully cleaned up the build artifacts" |