Skip to content
Pipeline Frontend-Service

test start #16

Sign in to view logs

test start

test start #16

Workflow file for this run

.github/workflows/frontend_pipeline.yml at abc3353
name: Pipeline Frontend-Service
on:
push:
paths:
- 'app/frontend-service/**'
- 'app/frontend-service/**.py'
- 'app/frontend-service/templates/**.html'
jobs:
editorconfig:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: check if editorconfig exists
if: ${{ hashFiles('.editorconfig') == '' }}
run: exit 'editorconfig does not exist.'
- name: Add checker
uses: editorconfig-checker/action-editorconfig-checker@main
- name: Run checker
run: editorconfig-checker
linter:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: 3.11
- name: Install dependencies
run: pip install black
- name: Run linter for frontend.py
run: black --check app/frontend-service/frontend.py
unit-tests:
runs-on: ubuntu-latest
needs: [editorconfig, linter]
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: 3.11
- name: Install Requirements
working-directory: ./app/frontend-service
run: |
python -m pip install --upgrade pip
python -m pip install -r requirements.txt
- name: Unit Test
working-directory: ./app/frontend-service
run: python -m unittest test_frontend_service.py
scan:
name: gitleaks
runs-on: ubuntu-latest
needs: [editorconfig, linter, unit-tests]
steps:
- uses: actions/checkout@v4
with:
fetch-depth: '0'
- uses: gitleaks/gitleaks-action@v2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ACTIONS_STEP_DEBUG: true
code-smells:
name: sonarcloud
needs: [editorconfig, linter, unit-tests]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: sonarsource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
build-push:
runs-on: ubuntu-latest
needs: [editorconfig, linter, unit-tests, scan, code-smells]
steps:
- name: Checkout the code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASS }}
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: ./app/frontend-service
file: ./app/frontend-service/Dockerfile
push: true
tags: '${{ secrets.DOCKERHUB_USERNAME }}/frontend-service:${{ github.sha }}'
platforms: linux/amd64
security-scan:
runs-on: ubuntu-latest
needs: [build-push]
steps:
- name: Scan with trivy
id: trivy
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ secrets.DOCKERHUB_USERNAME }}/frontend-service:${{ github.sha }}'
severity: 'CRITICAL'
building-infrastructure:
runs-on: ubuntu-latest
outputs:
server_ip: ${{ steps.terraform_output.outputs.SERVER_IP }}
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: "1.6.6"
- name: Terraform Init
run: terraform init
working-directory: ./terraform
env:
TF_VAR_hcloud_token: ${{ secrets.HCLOUD_TOKEN }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Terraform Apply
run: terraform apply -auto-approve
working-directory: ./terraform
env:
TF_VAR_hcloud_token: ${{ secrets.HCLOUD_TOKEN }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Output Server IP
id: terraform_output
run: |
SERVER_IP=$(terraform output -raw server_ip || echo "")
if [ -n "$SERVER_IP" ]; then
echo "SERVER_IP=$SERVER_IP" >> $GITHUB_ENV
echo "::set-output name=SERVER_IP::$SERVER_IP"
else
echo "Server IP not found."
exit 1
fi
working-directory: ./terraform
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
configure-vm:
runs-on: ubuntu-latest
needs: [building-infrastructure]
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Set up SSH key
run: |
mkdir -p ~/.ssh
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
- name: Add Host Key to Known Hosts
run: |
ssh-keyscan -H ${{ needs.building-infrastructure.outputs.server_ip }} >> ~/.ssh/known_hosts
- name: Test SSH Connection
run: ssh -o StrictHostKeyChecking=no root@${{ needs.building-infrastructure.outputs.server_ip }} "echo SSH connection successful"
- name: Run Ansible Playbook to create user
run: ansible-playbook -i "root@${{ needs.building-infrastructure.outputs.server_ip }}," --private-key ~/.ssh/id_rsa ./ansible/user-create.yml --extra-vars "USERNAME=${{ secrets.USERNAME }} PASSWORD=${{ secrets.PASSWORD }}"
env:
USERNAME: ${{ secrets.USERNAME }}
PASSWORD: ${{ secrets.PASSWORD }}
- name: Run Ansible Playbook to configure kubernetes
run: ansible-playbook -i "${{ secrets.USERNAME }}@${{ needs.building-infrastructure.outputs.server_ip }}," --private-key ~/.ssh/id_rsa ./ansible/kube-conf.yml --extra-vars "new_user=${{ secrets.USERNAME }} password=${{ secrets.PASSWORD }}"
env:
USERNAME: ${{ secrets.USERNAME }}
PASSWORD: ${{ secrets.PASSWORD }}
deploy-app:
runs-on: ubuntu-latest
needs: [building-infrastructure, configure-vm, build-push, security-scan]
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up SSH key
run: |
mkdir -p ~/.ssh
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
- name: Add Host Key to Known hosts
run: |
ssh-keyscan -H ${{ needs.building-infrastructure.outputs.server_ip }} >> ~/.ssh/known_hosts
- name: Test SSH Connection
run: ssh -o StrictHostKeyChecking=no root@${{ needs.building-infrastructure.outputs.server_ip }} "echo SSH connection successful"
- name: Deploy App to Kubernetes
run: ansible-playbook -i "${{ secrets.USERNAME }}@${{ needs.building-infrastructure.outputs.server_ip }}," --private-key ~/.ssh/id_rsa ./ansible/deploy-frontend.yml --extra-vars "image_tag=${{ github.sha }} new_user=${{ secrets.USERNAME }}"