Changed paths to folders, files. Added checks for folder create job a… #15

Workflow file for this run

.github/workflows/data_pipeline.yml at cf00181

	name: Pipeline Data-Service

	on:
	push:
	paths:
	- 'app/data-service/**'
	- 'app/data-service/**.py'
	- 'kubernetes/data-deploy.**'
	- 'ansible/deploy-data.**'

	jobs:
	editorconfig:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- name: check if editorconfig exists
	if: ${{ hashFiles('.editorconfig') == '' }}
	run: exit 'editorconfig does not exist.'

	- name: Add checker
	uses: editorconfig-checker/action-editorconfig-checker@main

	- name: Run checker
	run: editorconfig-checker

	linter:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- name: Set up Python
	uses: actions/setup-python@v4
	with:
	python-version: 3.11

	- name: Install dependencies
	run: pip install black

	- name: Run the linters
	uses: wearerequired/lint-action@v2
	with:
	black: true

	scan:
	name: gitleaks
	runs-on: ubuntu-latest
	needs: [editorconfig, linter,]
	steps:
	- uses: actions/checkout@v3
	with:
	fetch-depth: '0'
	- uses: gitleaks/gitleaks-action@v2
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	ACTIONS_STEP_DEBUG: true

	code-smells:
	name: sonarcloud
	needs: [editorconfig, linter]
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: sonarsource/sonarcloud-github-action@master
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

	build-push-test:
	runs-on: ubuntu-latest
	needs: [editorconfig, linter, scan, code-smells]

	steps:
	- name: Checkout the code
	uses: actions/checkout@v4

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Login to DockerHub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_PASS }}

	- name: Build and push Docker image
	uses: docker/build-push-action@v5
	with:
	context: ./app/data-service
	file: ./app/data-service/Dockerfile
	push: true
	tags: '${{ secrets.DOCKERHUB_USERNAME }}/data-service:${{ github.sha }}'
	platforms: linux/amd64

	- name: Scan with trivy
	id: trivy
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: '${{ secrets.DOCKERHUB_USERNAME }}/data-service:${{ github.sha }}'
	severity: 'CRITICAL'

	building-infrastructure:
	runs-on: ubuntu-latest
	outputs:
	server_ip: ${{ steps.terraform_output.outputs.SERVER_IP }}

	steps:
	- uses: actions/checkout@v4

	- uses: hashicorp/setup-terraform@v3
	with:
	terraform_version: "1.6.6"

	- name: Terraform Init
	run: terraform init
	working-directory: ./terraform
	env:
	TF_VAR_hcloud_token: ${{ secrets.HCLOUD_TOKEN }}
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

	- name: Terraform Apply
	run: terraform apply -auto-approve
	working-directory: ./terraform
	env:
	TF_VAR_hcloud_token: ${{ secrets.HCLOUD_TOKEN }}
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

	- name: Output Server IP
	id: terraform_output
	run: \|
	SERVER_IP=$(terraform output -raw server_ip \|\| echo "")
	if [ -n "$SERVER_IP" ]; then
	echo "SERVER_IP=$SERVER_IP" >> $GITHUB_ENV
	echo "::set-output name=SERVER_IP::$SERVER_IP"
	else
	echo "Server IP not found."
	exit 1
	fi
	working-directory: ./terraform
	env:
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

	configure-vm:
	runs-on: ubuntu-latest
	needs: [building-infrastructure]
	steps:
	- name: Checkout Repository
	uses: actions/checkout@v4

	- name: Set up SSH key
	run: \|
	mkdir -p ~/.ssh
	echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
	chmod 600 ~/.ssh/id_rsa

	- name: Add Host Key to Known Hosts
	run: \|
	ssh-keyscan -H ${{ needs.building-infrastructure.outputs.server_ip }} >> ~/.ssh/known_hosts

	- name: Test SSH Connection
	run: ssh -o StrictHostKeyChecking=no root@${{ needs.building-infrastructure.outputs.server_ip }} "echo SSH connection successful"

	- name: Run Ansible Playbook to create user
	run: ansible-playbook -i "root@${{ needs.building-infrastructure.outputs.server_ip }}," --private-key ~/.ssh/id_rsa ./ansible/user-create.yml --extra-vars "USERNAME=${{ secrets.USERNAME }} PASSWORD=${{ secrets.PASSWORD }}"
	env:
	USERNAME: ${{ secrets.USERNAME }}
	PASSWORD: ${{ secrets.PASSWORD }}

	- name: Run Ansible Playbook to configure kubernetes
	run: ansible-playbook -i "${{ secrets.USERNAME }}@${{ needs.building-infrastructure.outputs.server_ip }}," --private-key ~/.ssh/id_rsa ./ansible/kube-conf.yml --extra-vars "new_user=${{ secrets.USERNAME }} password=${{ secrets.PASSWORD }}"
	env:
	USERNAME: ${{ secrets.USERNAME }}
	PASSWORD: ${{ secrets.PASSWORD }}

	deploy-app:
	runs-on: ubuntu-latest
	needs: [building-infrastructure, configure-vm, build-push-test]
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Set up SSH key
	run: \|
	mkdir -p ~/.ssh
	echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
	chmod 600 ~/.ssh/id_rsa

	- name: Add Host Key to Known hosts
	run: \|
	ssh-keyscan -H ${{ needs.building-infrastructure.outputs.server_ip }} >> ~/.ssh/known_hosts

	- name: Test SSH Connection
	run: ssh -o StrictHostKeyChecking=no root@${{ needs.building-infrastructure.outputs.server_ip }} "echo SSH connection successful"

	- name: Deploy App to Kubernetes
	run: ansible-playbook -i "${{ secrets.USERNAME }}@${{ needs.building-infrastructure.outputs.server_ip }}," --private-key ~/.ssh/id_rsa ./ansible/deploy-data.yml --extra-vars "image_tag=${{ github.sha }} new_user=${{ secrets.USERNAME }}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Changed paths to folders, files. Added checks for folder create job a… #15

Workflow file

Changed paths to folders, files. Added checks for folder create job a… #15

Jobs

Run details

Workflow file for this run