-
Notifications
You must be signed in to change notification settings - Fork 68
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
test pipeline with main chart from explorer-charts
- Loading branch information
1 parent
8c6fab2
commit f194837
Showing
11 changed files
with
431 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,98 @@ | ||
name: Maven build and Docker push | ||
on: | ||
workflow_call: | ||
inputs: | ||
dockerfile_path: | ||
description: 'Path to the Dockerfile to build' | ||
type: string | ||
required: false | ||
default: "." | ||
docker_image_name: | ||
description: 'Name of the component to build' | ||
type: string | ||
required: false | ||
default: "cbdc-backend" | ||
docker_image_registry: | ||
description: 'Docker image registry to push to' | ||
type: string | ||
required: false | ||
default: "428571310775.dkr.ecr.us-east-1.amazonaws.com" | ||
version: | ||
type: string | ||
required: true | ||
|
||
jobs: | ||
build_and_publish: | ||
name: Run Maven build for application and publish Docker image to GCR | ||
runs-on: cbdc-actions-runner-ubuntu-large | ||
permissions: | ||
id-token: write | ||
contents: read | ||
env: | ||
MAVEN_GITHUB_USERNAME: ripplex-xsre-cbdc-npm-packages | ||
MAVEN_GITHUB_TOKEN: ${{ secrets.DOCKER_BUILD_GITHUB_TOKEN }} | ||
PUSH_PACKAGES: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} | ||
AUTH0_TEST_AUTH_CLIENT_ID: 9NQx850kEjEgtVYpOQmbHxaEmQWahfCp | ||
AUTH0_TEST_AUTH_CLIENT_SECRET: ${{ secrets.AUTH0_TEST_AUTH_CLIENT_SECRET }} | ||
AUTH0_TEST_MGMT_CLIENT_ID: JhMTotuteD8Y8VlQI9FNefYR76BZAkML | ||
AUTH0_TEST_MGMT_CLIENT_SECRET: ${{ secrets.AUTH0_TEST_MGMT_CLIENT_SECRET }} | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
- id: gcp-maven-build-docker-setup | ||
name: "Set up GCR access for maven build" | ||
uses: xpring-eng/ripplex-github-actions/actions/gcp-docker-setup@v3 | ||
with: | ||
credentials_json: ${{ secrets.GCR_KEY_RIPPLEX_SA }} | ||
project_id: cbdc-helm-repo | ||
artifact_repository_domain: us-central1-docker.pkg.dev | ||
- name: Setup Java for Maven build | ||
uses: actions/setup-java@v3 | ||
with: | ||
distribution: 'zulu' | ||
java-version: '17' | ||
cache: 'maven' | ||
- name: Maven build | ||
run: | | ||
mvn -s settings.xml --batch-mode clean install \ | ||
-Dauth0.authentication.client-id=$AUTH0_TEST_AUTH_CLIENT_ID \ | ||
-Dauth0.authentication.client-secret=$AUTH0_TEST_AUTH_CLIENT_SECRET \ | ||
-Dauth0.management.client-id=$AUTH0_TEST_MGMT_CLIENT_ID \ | ||
-Dauth0.management.client-secret=$AUTH0_TEST_MGMT_CLIENT_SECRET \ | ||
-DskipTests | ||
env: | ||
GITHUB_USERNAME: ${MAVEN_GITHUB_USERNAME} | ||
GITHUB_TOKEN: ${MAVEN_GITHUB_TOKEN} | ||
- name: Upload to Codecov | ||
uses: codecov/[email protected] | ||
with: | ||
token: ${{ secrets.CODECOV_TOKEN }} | ||
fail_ci_if_error: false | ||
- name: Configure AWS Credentials ecr | ||
id: auth-aws-ecr | ||
uses: aws-actions/configure-aws-credentials@v4 | ||
with: | ||
role-to-assume: arn:aws:iam::428571310775:role/ECRGithubActionsRole | ||
aws-region: us-east-1 | ||
output-credentials: true | ||
- name: Build and Push Docker Image AWS CBDC-Backend | ||
uses: xpring-eng/[email protected] | ||
with: | ||
docker_image_registry: ${{ inputs.docker_image_registry }} | ||
docker_image_version: ${{ inputs.version }} | ||
docker_image_name: ${{ inputs.docker_image_name }} | ||
dockerfile_path: "${{ github.workspace }}/cbdc-server/Dockerfile" | ||
build_args: | | ||
GITHUB_SHA="${{ github.sha }} | ||
GITHUB_REF="${{ github.ref }} | ||
- name: Build and Push Docker Image AWS CBDC-Teardown | ||
uses: xpring-eng/[email protected] | ||
with: | ||
docker_image_registry: ${{ inputs.docker_image_registry }} | ||
docker_image_version: ${{ inputs.version }} | ||
docker_image_name: cbdc-teardown | ||
dockerfile_path: "${{ github.workspace }}/cbdc-teardown/teardown.Dockerfile" | ||
build_args: | | ||
GITHUB_SHA="${{ github.sha }} | ||
GITHUB_REF="${{ github.ref }} | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
|
||
name: 'Check for Vulnerabilities' | ||
|
||
on: | ||
schedule: | ||
- cron: '0 */6 * * *' # every 6 hours | ||
|
||
jobs: | ||
main: | ||
runs-on: ubuntu-latest | ||
steps: | ||
# X.X.X - Latest version available at: https://github.com/kunalnagarco/action-cve/releases | ||
- uses: kunalnagarco/[email protected] | ||
with: | ||
token: ${{ secrets.SA_PAT_PUSH }} | ||
slack_webhook: ${{ secrets.SLACK_WEBHOOK_DEPENDABOT }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
name: Deployment via GitOps | ||
on: | ||
workflow_call: | ||
inputs: | ||
deployment_environment: | ||
required: true | ||
type: string | ||
version: | ||
required: true | ||
type: string | ||
docker_image_location: | ||
required: false | ||
type: string | ||
default: "428571310775.dkr.ecr.us-east-1.amazonaws.com" | ||
gitops_repository: | ||
required: false | ||
type: string | ||
default: "xpring-eng/ripplex-cbdc-gitops" | ||
gitops_path: | ||
required: true | ||
type: string | ||
gitops_appname_name: | ||
required: true | ||
type: string | ||
gitops_repo_token_secret_name: | ||
required: false | ||
type: string | ||
default: "GITOPS_REPO_RW_TOKEN" | ||
|
||
jobs: | ||
deploy-dcm: | ||
name: Deploy DCM application | ||
environment: | ||
name: ${{ inputs.deployment_environment }} | ||
runs-on: ubuntu-20.04 | ||
steps: | ||
- name: 'Check if gitops repo token secret is set' | ||
uses: xpring-eng/ripplex-github-actions/actions/assert-not-empty@v4 | ||
with: | ||
name: "secrets[${{ inputs.gitops_repo_token_secret_name }}]" | ||
value: ${{ secrets[inputs.gitops_repo_token_secret_name] }} | ||
|
||
- name: "Update gitops repo with new versions" | ||
uses: xpring-eng/ripplex-github-actions/actions/modify-gitops-repo-for-docker-image@v4 | ||
with: | ||
version: ${{ inputs.version }} | ||
gitops_repository: ${{ inputs.gitops_repository }} | ||
gitops_repo_token: ${{ secrets[inputs.gitops_repo_token_secret_name] }} | ||
gitops_path: "./${{ inputs.gitops_path }}" | ||
gitops_dependency_name: "${{ inputs.gitops_appname_name }}" | ||
docker_image_location: ${{ inputs.docker_image_location }} | ||
branch_unique_name_token: ${{ inputs.gitops_appname_name }}_${{ inputs.deployment_environment }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
name: Build and deploy pipeline | ||
on: | ||
push: | ||
branches: | ||
- '**' | ||
# don't run this pipeline on tags; those should be reserved for releases | ||
tags-ignore: | ||
- '**' | ||
concurrency: | ||
group: ${{ github.ref }} | ||
jobs: | ||
pre-build: | ||
name: "Pre-build steps" | ||
uses: ./.github/workflows/pre-build.yaml | ||
|
||
build: | ||
name: 'Docker build and push' | ||
needs: [ pre-build ] | ||
uses: ./.github/workflows/build.yaml | ||
secrets: inherit | ||
with: | ||
version: ${{ needs.pre-build.outputs.version }} | ||
|
||
pre-deploy-explorer: | ||
name: "Pre-deploy steps" | ||
needs: [ pre-build, build ] | ||
if: ${{ needs.pre-build.outputs.deployable == 'true' }} | ||
uses: ./.github/workflows/pre-deploy.yaml | ||
secrets: inherit | ||
with: | ||
version: ${{ needs.pre-build.outputs.version }} | ||
helm_chart_dir: "./charts" | ||
|
||
# deploy-sandbox-dev-gcp-cbdc-explorer: | ||
# name: 'Deploy to Sandbox Dev GCP CBDC Explorer' | ||
# if: ${{ needs.pre-build.outputs.deployable == 'true' }} | ||
# needs: [ pre-build, pre-deploy-explorer ] | ||
# uses: ./.github/workflows/deploy-via-gitops.yaml | ||
# secrets: inherit | ||
# with: | ||
# version: ${{ needs.pre-build.outputs.version }} | ||
# deployment_environment: 'sandbox-dev-experimental' | ||
# gitops_appname_name: 'cbdc-explorer' | ||
# gitops_path: 'gcp/dev/cbdc-explorer/' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
name: Pre-build Steps | ||
on: | ||
workflow_call: | ||
outputs: | ||
maven_project_version: | ||
description: 'The Maven project version' | ||
value: ${{ jobs.pre-build.outputs.maven_project_version }} | ||
deployable: | ||
description: "Boolean indicating if the build is deployable" | ||
value: ${{ jobs.pre-build.outputs.deployable }} | ||
version: | ||
description: "The version of the build" | ||
value: ${{ jobs.pre-build.outputs.version }} | ||
|
||
jobs: | ||
pre-build: | ||
name: "Pre-build steps" | ||
runs-on: ubuntu-latest | ||
outputs: | ||
maven_project_version: ${{ steps.compute-maven-version-info.outputs.maven_project_version }} | ||
deployable: ${{ steps.check_deployability.outputs.deployable }} | ||
version: ${{ steps.compute_next_semver_version.outputs.version }} | ||
steps: | ||
- name: 'Compute SemVer version' | ||
id: compute_next_semver_version | ||
uses: xpring-eng/ripplex-actions-compute-semver-version@feature/xpe-2125-fix-error-when-no-tags | ||
- name: Check if build is deployable | ||
id: check_deployability | ||
uses: actions/github-script@v7 | ||
with: | ||
script: | | ||
const branchName = '${{ github.ref_name }}'; | ||
const refType = '${{ github.ref_type }}'; | ||
const version = '${{ steps.compute_next_semver_version.outputs.version }}'; | ||
const deployable = branchName === 'main' || branchName.startsWith('release') || branchName.startsWith('feature') || refType === 'tag'; | ||
core.setOutput('deployable', deployable); | ||
console.log(`Deployable: ${deployable}`); | ||
result-encoding: string |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
name: Pre-deployment steps | ||
|
||
on: | ||
workflow_call: | ||
inputs: | ||
aws_region: | ||
required: false | ||
type: string | ||
default: "us-east-1" | ||
helm_chart_name: | ||
required: false | ||
type: string | ||
default: "cbdc-backend-helm" | ||
helm_repo_url: | ||
required: false | ||
type: string | ||
default: "428571310775.dkr.ecr.us-east-1.amazonaws.com/cbdc-backend" | ||
helm_chart_dir: | ||
required: false | ||
type: string | ||
default: "./.github/charts" | ||
version: | ||
required: true | ||
type: string | ||
jobs: | ||
pre-deploy: | ||
permissions: | ||
id-token: write | ||
contents: read | ||
packages: read | ||
name: Pre-deploy steps | ||
environment: | ||
name: ${{ inputs.deployment_environment }} | ||
runs-on: ubuntu-20.04 | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v4 | ||
- name: Assume AWS Role | ||
id: assume_role | ||
uses: aws-actions/configure-aws-credentials@v4 | ||
with: | ||
role-to-assume: arn:aws:iam::428571310775:role/ECRGithubActionsRole | ||
aws-region: ${{ inputs.aws_region }} | ||
output-credentials: true | ||
- name: "Helm package AWS cbdc-backend-helm" | ||
id: "helm_package_aws_backend" | ||
uses: xpring-eng/[email protected] | ||
with: | ||
helm_chart_dir: ${{ inputs.helm_chart_dir }} | ||
helm_chart_version: ${{ inputs.version }} | ||
# Optional | ||
# ecr_registry: ${{ inputs.helm_repo_url }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
apiVersion: v1 | ||
description: Explorer | ||
name: explorer | ||
version: 1.0.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
dependencies: | ||
- name: xpringnginx | ||
version: 0.0.1 | ||
repository: "file://dependency_charts/xpring_nginx/helm/xpringnginx" | ||
condition: proxyng.install | ||
alias: proxyng |
Oops, something went wrong.