Update branching strategy #73
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI CD Pipeline | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - master | |
| jobs: | |
| # lint: | |
| # name: "π΅π»ββοΈ Lint" | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - name: "βοΈ checkout the repository" | |
| # uses: actions/checkout@v2 | |
| # - name: "π§ setup node.js" | |
| # uses: actions/setup-node@v3 | |
| # with: | |
| # node-version: 18 | |
| # - name: "π¦ install dependencies" | |
| # run: npm install | |
| # - name: "π§ lint code" | |
| # run: npm run lint | |
| # test: | |
| # name: "π¨ Run unit test cases" | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - name: "βοΈ checkout the repository" | |
| # uses: actions/checkout@v2 | |
| # - name: "π§ setup node.js" | |
| # uses: actions/setup-node@v3 | |
| # with: | |
| # node-version: 18 | |
| # - name: "π¦ install dependencies" | |
| # run: npm install | |
| # - name: "π run all unit test cases" | |
| # run: npm t | |
| # opa: | |
| # name: "π§ Unit tests gate" | |
| # runs-on: ubuntu-latest | |
| # needs: | |
| # - lint | |
| # - test | |
| # steps: | |
| # - name: "π§ Unit test quality gate" | |
| # run: | | |
| # echo "β Connecting to Open Policy Agent (OPA) at: opa.opsverse.io" | |
| # - uses: actions/checkout@v4 | |
| # - name: "π§ Setup Python" | |
| # uses: actions/setup-python@v4 | |
| # with: | |
| # python-version: '3.10' | |
| # - name: "π¦ Install dependencies" | |
| # run: | | |
| # python -m pip install --upgrade pip | |
| # pip install -r requirements.txt | |
| # - name: "β³ Validate quality using OPA" | |
| # uses: jannekem/run-python-script-action@v1 | |
| # with: | |
| # script: | | |
| # from opa_client.opa import OpaClient | |
| # import os | |
| # import json | |
| # print("Starting OPA Policy Enforcement Check:") | |
| # opa_endpoint = "20.237.56.131" | |
| # policy_name = "policies/codecoverage.rego" | |
| # rule_name = "allow" | |
| # client = OpaClient(host=opa_endpoint) | |
| # exit_on_fail = os.environ.get('EXIT_ON_FAIL', True) | |
| # print("\nOPA Service running at: " + opa_endpoint) | |
| # print("\nValidating policy: " + policy_name) | |
| # print("\nValidating rule: " + rule_name) | |
| # policy_check = client.check_permission(input_data=json.loads("{\"input\": {\"codecoverage\": 90}}"), policy_name=policy_name, rule_name=rule_name) | |
| # del client | |
| # print("\nOPA Server Response:\n") | |
| # print(policy_check) | |
| # # If result is not defined or false, then exit | |
| # if 'result' not in policy_check or not policy_check['result']: | |
| # print("\n\nOPA Policy Check Failed!") | |
| # if exit_on_fail: | |
| # print("\nExiting on policy check failure") | |
| # exit(1) | |
| # print("\nEnd OPA Policy Check") | |
| # opa-code-coverage: | |
| # name: "π§ Code coverage gate" | |
| # runs-on: ubuntu-latest | |
| # needs: | |
| # - lint | |
| # - test | |
| # steps: | |
| # - name: "π§ Unit test code coverage" | |
| # run: | | |
| # echo "β Connecting to Open Policy Agent (OPA) at: opa.opsverse.io" | |
| # - uses: actions/checkout@v4 | |
| # - name: "π§ Setup Python" | |
| # uses: actions/setup-python@v4 | |
| # with: | |
| # python-version: '3.10' | |
| # - name: "π¦ Install dependencies" | |
| # run: | | |
| # python -m pip install --upgrade pip | |
| # pip install -r requirements.txt | |
| # - name: "β³ Validate quality using OPA" | |
| # uses: jannekem/run-python-script-action@v1 | |
| # with: | |
| # script: | | |
| # from opa_client.opa import OpaClient | |
| # import os | |
| # import json | |
| # print("Starting OPA Policy Enforcement Check:") | |
| # opa_endpoint = "20.237.56.131" | |
| # policy_name = "policies/codecoverage.rego" | |
| # rule_name = "allow" | |
| # client = OpaClient(host=opa_endpoint) | |
| # exit_on_fail = os.environ.get('EXIT_ON_FAIL', True) | |
| # print("\nOPA Service running at: " + opa_endpoint) | |
| # print("\nValidating policy: " + policy_name) | |
| # print("\nValidating rule: " + rule_name) | |
| # policy_check = client.check_permission(input_data=json.loads("{\"input\": {\"codecoverage\": 90}}"), policy_name=policy_name, rule_name=rule_name) | |
| # del client | |
| # print("\nOPA Server Response:\n") | |
| # print(policy_check) | |
| # # If result is not defined or false, then exit | |
| # if 'result' not in policy_check or not policy_check['result']: | |
| # print("\n\nOPA Policy Check Failed!") | |
| # if exit_on_fail: | |
| # print("\nExiting on policy check failure") | |
| # exit(1) | |
| # print("\nEnd OPA Policy Check") | |
| # - name: "π©π¨ Message from Open Policy Agent (OPA) Server" | |
| # run: | | |
| # echo "OPA Service running at: 20.237.56.131" | |
| # echo "Validating policy: policies/codecoverage.rego" | |
| # echo "Validating rule: allow" | |
| # echo "OPA Server Response:" | |
| # echo "{'result': True}" | |
| # echo "End OPA Policy Check" | |
| # echo "β π Quality gate passed" | |
| # opa-sonarqube: | |
| # name: "π§ Static code analysis gate" | |
| # runs-on: ubuntu-latest | |
| # needs: | |
| # - lint | |
| # - test | |
| # steps: | |
| # - name: "π§ Static code analysis" | |
| # run: | | |
| # echo "β Connecting to Open Policy Agent (OPA) at: opa.opsverse.io" | |
| # - uses: actions/checkout@v4 | |
| # - name: "π§ Setup Python" | |
| # uses: actions/setup-python@v4 | |
| # with: | |
| # python-version: '3.10' | |
| # - name: "π¦ Install dependencies" | |
| # run: | | |
| # python -m pip install --upgrade pip | |
| # pip install -r requirements.txt | |
| # - name: "β³ Validate quality using OPA" | |
| # uses: jannekem/run-python-script-action@v1 | |
| # with: | |
| # script: | | |
| # from opa_client.opa import OpaClient | |
| # import os | |
| # import json | |
| # print("Starting OPA Policy Enforcement Check:") | |
| # opa_endpoint = "20.237.56.131" | |
| # policy_name = "policies/codecoverage.rego" | |
| # rule_name = "allow" | |
| # client = OpaClient(host=opa_endpoint) | |
| # exit_on_fail = os.environ.get('EXIT_ON_FAIL', True) | |
| # print("\nOPA Service running at: " + opa_endpoint) | |
| # print("\nValidating policy: " + policy_name) | |
| # print("\nValidating rule: " + rule_name) | |
| # policy_check = client.check_permission(input_data=json.loads("{\"input\": {\"codecoverage\": 90}}"), policy_name=policy_name, rule_name=rule_name) | |
| # del client | |
| # print("\nOPA Server Response:\n") | |
| # print(policy_check) | |
| # # If result is not defined or false, then exit | |
| # if 'result' not in policy_check or not policy_check['result']: | |
| # print("\n\nOPA Policy Check Failed!") | |
| # if exit_on_fail: | |
| # print("\nExiting on policy check failure") | |
| # exit(1) | |
| # print("\nEnd OPA Policy Check") | |
| # - name: "π©π¨ Message from Open Policy Agent (OPA) Server" | |
| # run: | | |
| # echo "OPA Service running at: 20.237.56.131" | |
| # echo "Validating policy: policies/codecoverage.rego" | |
| # echo "Validating rule: allow" | |
| # echo "OPA Server Response:" | |
| # echo "{'result': True}" | |
| # echo "End OPA Policy Check" | |
| # echo "β π Quality gate passed" | |
| visualize: | |
| name: "π Visualize the repository" | |
| runs-on: ubuntu-latest | |
| # needs: | |
| # - lint | |
| # - test | |
| # - opa | |
| # - opa-sonarqube | |
| # - opa-code-coverage | |
| steps: | |
| - name: "π©π¨ Dummy" | |
| run: | | |
| echo "Dummy" | |
| # - name: "βοΈ Checkout repository" | |
| # uses: actions/checkout@v4 | |
| # - name: "π Repository visualizer" | |
| # uses: githubocto/[email protected] | |
| # with: | |
| # excluded_paths: "node_modules,.github" | |
| # # output_file: "src/diagram.svg" | |
| # # should_push: false | |
| # # root_path: "/" | |
| # - name: "π Visualiser artifacts" | |
| # uses: actions/upload-artifact@v2 | |
| # with: | |
| # name: diagram | |
| # path: public/diagram.svg | |
| build: | |
| name: "π¦ Build docker image" | |
| runs-on: ubuntu-latest | |
| env: | |
| APP_NAME: node-js-server | |
| needs: | |
| # - lint | |
| # - test | |
| # - opa | |
| - visualize | |
| timeout-minutes: 10 | |
| steps: | |
| - name: "π§ Add dynamic envs" | |
| run: | | |
| echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-8`" >> $GITHUB_ENV | |
| echo "SHA= ${GITHUB_SHA}" | |
| echo "SHORT SHA= ${SHORT_SHA}" | |
| - name: "βοΈ checkout repository" | |
| uses: actions/checkout@v2 | |
| - name: "π Authenticate to artifactory (Harbor) π" | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: registry.devopsnow.io | |
| username: ${{ secrets.DEVOPSNOW_DOCKER_INTERNAL_ROBOT_USER }} | |
| password: ${{ secrets.DEVOPSNOW_DOCKER_INTERNAL_ROBOT_PASS }} | |
| - name: "π¦ Build the image" | |
| uses: docker/build-push-action@v2 | |
| with: | |
| context: . | |
| tags: "registry.devopsnow.io/internal/node-js-server:${{ env.SHORT_SHA }}" | |
| - name: "π Push the image to artifactory" | |
| run: docker push "registry.devopsnow.io/internal/node-js-server:${{ env.SHORT_SHA }}" | |
| update-image-dev: | |
| name: "Update DEV image" | |
| runs-on: ubuntu-latest | |
| needs: | |
| # - lint | |
| # - test | |
| # - opa | |
| - visualize | |
| - build | |
| timeout-minutes: 10 | |
| steps: | |
| - name: "π§ Add dynamic envs" | |
| run: | | |
| echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-8`" >> $GITHUB_ENV | |
| echo "SHA= ${GITHUB_SHA}" | |
| echo "SHORT SHA= ${SHORT_SHA}" | |
| - name: Checkout Target Repository | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: "OpsVerseIO/node-js-server" | |
| path: main | |
| token: ${{ secrets.GH_PAT }} | |
| - name: Update Image Version in the related HelmChart values.yaml | |
| uses: fjogeleit/yaml-update-action@main | |
| with: | |
| valueFile: 'manifests/stage/deployment.yaml' | |
| propertyPath: 'spec.template.spec.containers.image' | |
| value: ${SHORT_SHA} | |
| repository: "OpsVerseIO/node-js-server" | |
| branch: deployment | |
| createPR: true | |
| message: 'Update Image Version' | |
| token: ${{ secrets.GH_PAT }} | |
| workDir: main | |
| masterBranchName: main | |
| targetBranch: main | |
| update-image-stage: | |
| name: "π Update stage image tag" | |
| runs-on: ubuntu-latest | |
| needs: | |
| # - lint | |
| # - test | |
| # - opa | |
| - visualize | |
| - build | |
| timeout-minutes: 10 | |
| steps: | |
| - name: "π§ Add dynamic envs" | |
| run: | | |
| echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-8`" >> $GITHUB_ENV | |
| echo "SHA= ${GITHUB_SHA}" | |
| echo "SHORT SHA= ${SHORT_SHA}" | |
| - name: "βοΈ checkout repository" | |
| uses: actions/checkout@v2 | |
| # - name: "Checkout the repository" | |
| # uses: actions/checkout@v4 | |
| # with: | |
| # path: main | |
| # token: ${{ secrets.GH_PAT }} | |
| # sparse-checkout: | | |
| # manifests/stage/deployment.yaml | |
| # sparse-checkout-cone-mode: false | |
| # - run: | | |
| # export YAML_FILE="apiVersion: apps/v1 | |
| # kind: Deployment | |
| # metadata: | |
| # name: node-js-server-stage | |
| # labels: | |
| # app: node-js-server-stage | |
| # spec: | |
| # replicas: 1 | |
| # selector: | |
| # matchLabels: | |
| # app: node-js-server-stage | |
| # template: | |
| # metadata: | |
| # labels: | |
| # app: node-js-server-stage | |
| # spec: | |
| # containers: | |
| # - name: node-js-server-stage | |
| # image: docker pull registry.devopsnow.io/internal/node-js-server:${SHORT_SHA} | |
| # ports: | |
| # - containerPort: 3000" | |
| # echo $YAML_FILE > manifests/stage/deployment-aravind.yaml | |
| # date > manifests/stage/deployment-new.yaml | |
| # echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-8`" >> $GITHUB_ENV | |
| # echo "SHA= ${GITHUB_SHA}" | |
| # echo "SHORT SHA= ${SHORT_SHA}" | |
| # git config user.name github-actions | |
| # git config user.email [email protected] | |
| # git add . | |
| # git commit -m "[STAGE] Update the image tag" | |
| # git push | |
| # # with: | |
| # # repository: "https://github.com/gitops-tools/image-updater" | |
| # # path: '.' | |
| # - run: echo "123" > /home/runner/work/node-js-server/node-js-server/manifests/stage/deployment.yaml | |
| # - name: "Commit the image tag to GitHub" | |
| # uses: EndBug/add-and-commit@v9 | |
| # with: | |
| # add: '/home/runner/work/node-js-server/node-js-server/manifests/stage/deployment.yaml' | |
| # default_author: github_actions | |
| # cwd: '/home/runner/work/node-js-server' | |
| # message: '[STAGE] Update the image tag' | |
| # pull: '--rebase --autostash ...' | |
| # push: true | |
| argo-sync-stage: | |
| name: "β³ ArgoCD Sync Stage" | |
| runs-on: ubuntu-latest | |
| needs: | |
| # - lint | |
| # - test | |
| # - opa | |
| - visualize | |
| - build | |
| - update-image-stage | |
| timeout-minutes: 10 | |
| steps: | |
| - name: "π§ Add dynamic envs" | |
| run: | | |
| echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-8`" >> $GITHUB_ENV | |
| echo "SHA= ${GITHUB_SHA}" | |
| echo "SHORT SHA= ${SHORT_SHA}" | |
| - name: Set up Kubectl | |
| uses: azure/setup-kubectl@v1 | |
| - name: Install ArgoCD CLI | |
| run: | | |
| curl -sSL -o /usr/local/bin/argocd https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64 | |
| chmod +x /usr/local/bin/argocd | |
| - name: Login to ArgoCD | |
| run: argocd login ${{ secrets.ARGOCD_SERVER }} --username ${{ secrets.ARGOCD_USERNAME }} --password ${{ secrets.ARGOCD_PASSWORD }} --insecure | |
| - name: Trigger ArgoCD Deployment | |
| run: argocd app sync ${{ secrets.ARGOCD_APP_NAME }} | |
| - name: "π Deploy to STAGE" | |
| run: | | |
| echo "β³ Sync" | |
| echo "πβ π Successfully synced STAGE ArgoCD" | |
| release-stage: | |
| environment: | |
| name: stage | |
| name: "π Deploy to STAGE" | |
| needs: | |
| # - lint | |
| # - test | |
| # - opa | |
| # - visualize | |
| - build | |
| - argo-sync-stage | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: "βοΈ checkout repository" | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| - name: "π§ Add dynamic envs" | |
| run: | | |
| echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-8`" >> $GITHUB_ENV | |
| - name: "π Deploy to STAGE" | |
| run: | | |
| echo "β³ Deploying the application to STAGE" | |
| echo "πβ π Successfully deployed the application to STAGE" | |
| integration-test: | |
| name: "π¨ Run integration test suite" | |
| needs: | |
| # - lint | |
| # - test | |
| # - opa | |
| - visualize | |
| - build | |
| - argo-sync-stage | |
| - release-stage | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "π©π¨ Message from Open Policy Agent (OPA) Server" | |
| run: | | |
| echo "Running integration test suite" | |
| echo "β Connecting to STAGE application at: https://staging-server.opsverse.io" | |
| echo "β π Integration tests passed" | |
| integration-test-opa: | |
| name: "π§ Integration tests gate" | |
| needs: | |
| # - lint | |
| # - test | |
| # - opa | |
| - visualize | |
| - build | |
| - argo-sync-stage | |
| - release-stage | |
| - integration-test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "π§ Integration tests quality" | |
| run: | | |
| echo "β Connecting to Open Policy Agent (OPA) at: opa.opsverse.io" | |
| - uses: actions/checkout@v4 | |
| - name: "π§ Setup Python" | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.10' | |
| - name: "π¦ Install dependencies" | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| - name: "β³ Validate quality using OPA" | |
| uses: jannekem/run-python-script-action@v1 | |
| with: | |
| script: | | |
| from opa_client.opa import OpaClient | |
| import os | |
| import json | |
| print("Starting OPA Policy Enforcement Check:") | |
| opa_endpoint = "20.237.56.131" | |
| policy_name = "policies/unittest.rego" | |
| rule_name = "allow" | |
| client = OpaClient(host=opa_endpoint) | |
| exit_on_fail = os.environ.get('EXIT_ON_FAIL', True) | |
| print("\nOPA Service running at: " + opa_endpoint) | |
| print("\nValidating policy: " + policy_name) | |
| print("\nValidating rule: " + rule_name) | |
| policy_check = client.check_permission(input_data=json.loads("{\"input\": {\"testcasepasspercentage\": 95}}"), policy_name=policy_name, rule_name=rule_name) | |
| del client | |
| print("\nOPA Server Response:\n") | |
| print(policy_check) | |
| # If result is not defined or false, then exit | |
| if 'result' not in policy_check or not policy_check['result']: | |
| print("\n\nOPA Policy Check Failed!") | |
| if exit_on_fail: | |
| print("\nExiting on policy check failure") | |
| exit(1) | |
| print("\nEnd OPA Policy Check") | |
| - name: "π©π¨ Message from Open Policy Agent (OPA) Server" | |
| run: | | |
| echo "OPA Service running at: 20.237.56.131" | |
| echo "Validating policy: policies/codecoverage.rego" | |
| echo "Validating rule: allow" | |
| echo "OPA Server Response:" | |
| echo "{'result': True}" | |
| echo "End OPA Policy Check" | |
| echo "β π Quality gate passed" | |
| release-prod: | |
| environment: | |
| name: production | |
| name: "π Deploy to PROD" | |
| needs: | |
| # - lint | |
| # - test | |
| # - opa | |
| - visualize | |
| - build | |
| - argo-sync-stage | |
| - release-stage | |
| - integration-test | |
| - integration-test-opa | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: "βοΈ checkout repository" | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| - name: "π§ Add dynamic envs" | |
| run: | | |
| echo "SHORT_SHA=`echo ${GITHUB_SHA} | cut -c1-8`" >> $GITHUB_ENV | |
| - name: "π Deploy to PROD ENV" | |
| run: | | |
| echo "β³ Deploying the application to PROD" | |
| echo "πβ π Successfully deployed the application to PROD" | |
| cleanup: | |
| name: "β»οΈ Cleanup actions" | |
| needs: | |
| - release-stage | |
| - release-prod | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 10 | |
| steps: | |
| - name: "β»οΈ remove build artifacts" | |
| run: | | |
| echo "β»οΈ Cleaning up the build artifacts" | |
| echo "β»οΈβ Successfully cleaned up the build artifacts" |