test pipeline with main chart from explorer-charts

.github/dependabot.yml

@@ -5,4 +5,9 @@ updates:
  schedule:
  interval: monthly
  time: "15:00"
+- package-ecosystem: docker
+ directory: "/"
+ schedule:
+ interval: monthly
+ time: "15:00"
  open-pull-requests-limit: 10

.github/workflows/build.yaml

@@ -0,0 +1,98 @@
+name: Maven build and Docker push
+on:
+ workflow_call:
+ inputs:
+ dockerfile_path:
+ description: 'Path to the Dockerfile to build'
+ type: string
+ required: false
+ default: "."
+ docker_image_name:
+ description: 'Name of the component to build'
+ type: string
+ required: false
+ default: "cbdc-backend"
+ docker_image_registry:
+ description: 'Docker image registry to push to'
+ type: string
+ required: false
+ default: "428571310775.dkr.ecr.us-east-1.amazonaws.com"
+ version:
+ type: string
+ required: true
+
+jobs:
+ build_and_publish:
+ name: Run Maven build for application and publish Docker image to GCR
+ runs-on: cbdc-actions-runner-ubuntu-large
+ permissions:
+ id-token: write
+ contents: read
+ env:
+ MAVEN_GITHUB_USERNAME: ripplex-xsre-cbdc-npm-packages
+ MAVEN_GITHUB_TOKEN: ${{ secrets.DOCKER_BUILD_GITHUB_TOKEN }}
+ PUSH_PACKAGES: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
+ AUTH0_TEST_AUTH_CLIENT_ID: 9NQx850kEjEgtVYpOQmbHxaEmQWahfCp
+ AUTH0_TEST_AUTH_CLIENT_SECRET: ${{ secrets.AUTH0_TEST_AUTH_CLIENT_SECRET }}
+ AUTH0_TEST_MGMT_CLIENT_ID: JhMTotuteD8Y8VlQI9FNefYR76BZAkML
+ AUTH0_TEST_MGMT_CLIENT_SECRET: ${{ secrets.AUTH0_TEST_MGMT_CLIENT_SECRET }}
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - id: gcp-maven-build-docker-setup
+ name: "Set up GCR access for maven build"
+ uses: xpring-eng/ripplex-github-actions/actions/gcp-docker-setup@v3
+ with:
+ credentials_json: ${{ secrets.GCR_KEY_RIPPLEX_SA }}
+ project_id: cbdc-helm-repo
+ artifact_repository_domain: us-central1-docker.pkg.dev
+ - name: Setup Java for Maven build
+ uses: actions/setup-java@v3
+ with:
+ distribution: 'zulu'
+ java-version: '17'
+ cache: 'maven'
+ - name: Maven build
+ run: |
+ mvn -s settings.xml --batch-mode clean install \
+ -Dauth0.authentication.client-id=$AUTH0_TEST_AUTH_CLIENT_ID \
+ -Dauth0.authentication.client-secret=$AUTH0_TEST_AUTH_CLIENT_SECRET \
+ -Dauth0.management.client-id=$AUTH0_TEST_MGMT_CLIENT_ID \
+ -Dauth0.management.client-secret=$AUTH0_TEST_MGMT_CLIENT_SECRET \
+ -DskipTests
+ env:
+ GITHUB_USERNAME: ${MAVEN_GITHUB_USERNAME}
+ GITHUB_TOKEN: ${MAVEN_GITHUB_TOKEN}
+ - name: Upload to Codecov
+ uses: codecov/[email protected]
+ with:
+ token: ${{ secrets.CODECOV_TOKEN }}
+ fail_ci_if_error: false
+ - name: Configure AWS Credentials ecr
+ id: auth-aws-ecr
+ uses: aws-actions/configure-aws-credentials@v4
+ with:
+ role-to-assume: arn:aws:iam::428571310775:role/ECRGithubActionsRole
+ aws-region: us-east-1
+ output-credentials: true
+ - name: Build and Push Docker Image AWS CBDC-Backend
+ uses: xpring-eng/[email protected]
+ with:
+ docker_image_registry: ${{ inputs.docker_image_registry }}
+ docker_image_version: ${{ inputs.version }}
+ docker_image_name: ${{ inputs.docker_image_name }}
+ dockerfile_path: "${{ github.workspace }}/cbdc-server/Dockerfile"
+ build_args: |
+ GITHUB_SHA="${{ github.sha }}
+ GITHUB_REF="${{ github.ref }}
+ - name: Build and Push Docker Image AWS CBDC-Teardown
+ uses: xpring-eng/[email protected]
+ with:
+ docker_image_registry: ${{ inputs.docker_image_registry }}
+ docker_image_version: ${{ inputs.version }}
+ docker_image_name: cbdc-teardown
+ dockerfile_path: "${{ github.workspace }}/cbdc-teardown/teardown.Dockerfile"
+ build_args: |
+ GITHUB_SHA="${{ github.sha }}
+ GITHUB_REF="${{ github.ref }} 
+

.github/workflows/dependabot-slack.yml

@@ -0,0 +1,16 @@
+
+name: 'Check for Vulnerabilities'
+
+on:
+ schedule:
+ - cron: '0 */6 * * *' # every 6 hours
+
+jobs:
+ main:
+ runs-on: ubuntu-latest
+ steps:
+ # X.X.X - Latest version available at: https://github.com/kunalnagarco/action-cve/releases
+ - uses: kunalnagarco/[email protected]
+ with:
+ token: ${{ secrets.SA_PAT_PUSH }}
+ slack_webhook: ${{ secrets.SLACK_WEBHOOK_DEPENDABOT }}

.github/workflows/deploy-via-gitops.yaml

@@ -0,0 +1,52 @@
+name: Deployment via GitOps
+on:
+ workflow_call:
+ inputs:
+ deployment_environment:
+ required: true
+ type: string
+ version:
+ required: true
+ type: string
+ docker_image_location:
+ required: false
+ type: string
+ default: "428571310775.dkr.ecr.us-east-1.amazonaws.com"
+ gitops_repository:
+ required: false
+ type: string
+ default: "xpring-eng/ripplex-cbdc-gitops"
+ gitops_path:
+ required: true
+ type: string
+ gitops_appname_name:
+ required: true
+ type: string
+ gitops_repo_token_secret_name:
+ required: false
+ type: string
+ default: "GITOPS_REPO_RW_TOKEN"
+
+jobs:
+ deploy-dcm:
+ name: Deploy DCM application
+ environment:
+ name: ${{ inputs.deployment_environment }}
+ runs-on: ubuntu-20.04
+ steps:
+ - name: 'Check if gitops repo token secret is set'
+ uses: xpring-eng/ripplex-github-actions/actions/assert-not-empty@v4
+ with:
+ name: "secrets[${{ inputs.gitops_repo_token_secret_name }}]"
+ value: ${{ secrets[inputs.gitops_repo_token_secret_name] }}
+
+ - name: "Update gitops repo with new versions"
+ uses: xpring-eng/ripplex-github-actions/actions/modify-gitops-repo-for-docker-image@v4
+ with:
+ version: ${{ inputs.version }}
+ gitops_repository: ${{ inputs.gitops_repository }}
+ gitops_repo_token: ${{ secrets[inputs.gitops_repo_token_secret_name] }}
+ gitops_path: "./${{ inputs.gitops_path }}"
+ gitops_dependency_name: "${{ inputs.gitops_appname_name }}"
+ docker_image_location: ${{ inputs.docker_image_location }}
+ branch_unique_name_token: ${{ inputs.gitops_appname_name }}_${{ inputs.deployment_environment }}

.github/workflows/pipeline.yaml

@@ -0,0 +1,44 @@
+name: Build and deploy pipeline
+on:
+ push:
+ branches:
+ - '**'
+ # don't run this pipeline on tags; those should be reserved for releases
+ tags-ignore:
+ - '**'
+concurrency:
+ group: ${{ github.ref }}
+jobs:
+ pre-build:
+ name: "Pre-build steps"
+ uses: ./.github/workflows/pre-build.yaml
+
+ build:
+ name: 'Docker build and push'
+ needs: [ pre-build ]
+ uses: ./.github/workflows/build.yaml
+ secrets: inherit
+ with:
+ version: ${{ needs.pre-build.outputs.version }}
+
+ pre-deploy-explorer:
+ name: "Pre-deploy steps"
+ needs: [ pre-build, build ]
+ if: ${{ needs.pre-build.outputs.deployable == 'true' }}
+ uses: ./.github/workflows/pre-deploy.yaml
+ secrets: inherit
+ with:
+ version: ${{ needs.pre-build.outputs.version }}
+ helm_chart_dir: "./charts"
+
+ # deploy-sandbox-dev-gcp-cbdc-explorer:
+ # name: 'Deploy to Sandbox Dev GCP CBDC Explorer'
+ # if: ${{ needs.pre-build.outputs.deployable == 'true' }}
+ # needs: [ pre-build, pre-deploy-explorer ]
+ # uses: ./.github/workflows/deploy-via-gitops.yaml
+ # secrets: inherit
+ # with:
+ # version: ${{ needs.pre-build.outputs.version }}
+ # deployment_environment: 'sandbox-dev-experimental'
+ # gitops_appname_name: 'cbdc-explorer'
+ # gitops_path: 'gcp/dev/cbdc-explorer/'

.github/workflows/pre-build.yaml

@@ -0,0 +1,38 @@
+name: Pre-build Steps
+on:
+ workflow_call:
+ outputs:
+ maven_project_version:
+ description: 'The Maven project version'
+ value: ${{ jobs.pre-build.outputs.maven_project_version }}
+ deployable:
+ description: "Boolean indicating if the build is deployable"
+ value: ${{ jobs.pre-build.outputs.deployable }}
+ version:
+ description: "The version of the build"
+ value: ${{ jobs.pre-build.outputs.version }}
+
+jobs:
+ pre-build:
+ name: "Pre-build steps"
+ runs-on: ubuntu-latest
+ outputs:
+ maven_project_version: ${{ steps.compute-maven-version-info.outputs.maven_project_version }}
+ deployable: ${{ steps.check_deployability.outputs.deployable }}
+ version: ${{ steps.compute_next_semver_version.outputs.version }}
+ steps:
+ - name: 'Compute SemVer version'
+ id: compute_next_semver_version
+ uses: xpring-eng/ripplex-actions-compute-semver-version@feature/xpe-2125-fix-error-when-no-tags
+ - name: Check if build is deployable
+ id: check_deployability
+ uses: actions/github-script@v7
+ with:
+ script: |
+ const branchName = '${{ github.ref_name }}';
+ const refType = '${{ github.ref_type }}';
+ const version = '${{ steps.compute_next_semver_version.outputs.version }}';
+ const deployable = branchName === 'main' || branchName.startsWith('release') || branchName.startsWith('feature') || refType === 'tag';
+ core.setOutput('deployable', deployable);
+ console.log(`Deployable: ${deployable}`);
+ result-encoding: string

.github/workflows/pre-deploy.yaml

@@ -0,0 +1,52 @@
+name: Pre-deployment steps
+
+on:
+ workflow_call:
+ inputs:
+ aws_region:
+ required: false
+ type: string
+ default: "us-east-1"
+ helm_chart_name:
+ required: false
+ type: string
+ default: "cbdc-backend-helm"
+ helm_repo_url:
+ required: false
+ type: string
+ default: "428571310775.dkr.ecr.us-east-1.amazonaws.com/cbdc-backend"
+ helm_chart_dir:
+ required: false
+ type: string
+ default: "./.github/charts"
+ version:
+ required: true
+ type: string
+jobs:
+ pre-deploy:
+ permissions:
+ id-token: write
+ contents: read
+ packages: read
+ name: Pre-deploy steps
+ environment:
+ name: ${{ inputs.deployment_environment }}
+ runs-on: ubuntu-20.04
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+ - name: Assume AWS Role
+ id: assume_role
+ uses: aws-actions/configure-aws-credentials@v4
+ with:
+ role-to-assume: arn:aws:iam::428571310775:role/ECRGithubActionsRole
+ aws-region: ${{ inputs.aws_region }}
+ output-credentials: true
+ - name: "Helm package AWS cbdc-backend-helm"
+ id: "helm_package_aws_backend"
+ uses: xpring-eng/[email protected]
+ with:
+ helm_chart_dir: ${{ inputs.helm_chart_dir }}
+ helm_chart_version: ${{ inputs.version }}
+ # Optional
+ # ecr_registry: ${{ inputs.helm_repo_url }}

charts/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+description: Explorer
+name: explorer
+version: 1.0.0

charts/requirements.yaml

@@ -0,0 +1,6 @@
+dependencies:
+- name: xpringnginx
+ version: 0.0.1
+ repository: "file://dependency_charts/xpring_nginx/helm/xpringnginx"
+ condition: proxyng.install
+ alias: proxyng