Skip to content

newchange #178

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 36 commits into from
+257 −107
Closed

newchange #178

Show file tree
Hide file tree
Changes from 29 commits
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
0a25770
empty space added
Leninfitfreak Jul 26, 2025
d0f2f56
otel update
Leninfitfreak Jul 26, 2025
d482145
Create lenin
Leninfitfreak Jul 26, 2025
a11c828
dummy
Leninfitfreak Jul 26, 2025
de0807f
new change
Leninfitfreak Jul 26, 2025
1e1f15b
bad change
Leninfitfreak Jul 26, 2025
5a2abac
Merge branch 'iam-veeramalla:main' into main
Leninfitfreak Jul 26, 2025
edd0851
bad
Leninfitfreak Jul 26, 2025
168e1b6
Merge edd0851f299c1bc7691c474c6d07d4d64cc6ce81 into 5a2abac4b8601f683…
Leninfitfreak Jul 26, 2025
ab873d8
[CI]: Update product catalog image tag
Leninfitfreak Jul 26, 2025
9567630
newchange4
Leninfitfreak Jul 26, 2025
a7d0154
Merge pull request #3 from Leninfitfreak/main
Leninfitfreak Jul 26, 2025
23be654
Merge a7d0154169e82c1298a232d03888370463e1f584 into ab873d8ecb3cfc535…
Leninfitfreak Jul 26, 2025
fa20786
[CI]: Update product catalog image tag
Leninfitfreak Jul 26, 2025
c4b7822
new workflow
Leninfitfreak Jul 26, 2025
19cef0a
lenin
Leninfitfreak Jul 26, 2025
c5c7296
Merge branch 'main' of https://github.com/Leninfitfreak/ultimate-devo…
Leninfitfreak Jul 26, 2025
623d513
getting sleep
Leninfitfreak Jul 26, 2025
0353d52
over
Leninfitfreak Jul 26, 2025
bef69d5
game over
Leninfitfreak Jul 26, 2025
c70e1c8
get ready
Leninfitfreak Jul 26, 2025
8d94899
work over
Leninfitfreak Jul 26, 2025
8411602
work over2
Leninfitfreak Jul 26, 2025
ff39902
work over3
Leninfitfreak Jul 26, 2025
76a75a4
work over4
Leninfitfreak Jul 26, 2025
8ef10c7
Update image tag to build-17 [CI SKIP]
Leninfitfreak Jul 26, 2025
3e7b1e0
work over5
Leninfitfreak Jul 26, 2025
bedf4e2
Merge branch 'main' of https://github.com/Leninfitfreak/ultimate-devo…
Leninfitfreak Jul 26, 2025
c312916
Update image tag to build-18 [CI SKIP]
Leninfitfreak Jul 26, 2025
4d00a28
work over7
Leninfitfreak Jul 26, 2025
351e579
Merge branch 'main' of https://github.com/Leninfitfreak/ultimate-devo…
Leninfitfreak Jul 26, 2025
dda7c3d
Update image tag to run-16543167632 [CI SKIP]
Leninfitfreak Jul 26, 2025
842c73b
Update deploy.yaml
Leninfitfreak Jul 27, 2025
ccddb9a
Update image tag to run-16549947340 [CI SKIP]
Leninfitfreak Jul 27, 2025
0e6085c
Create sa-rbac.yaml
Leninfitfreak Jul 27, 2025
fa9985b
Update image tag to run-16550157252 [CI SKIP]
Leninfitfreak Jul 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
332 changes: 226 additions & 106 deletions .github/workflows/ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,108 +1,228 @@
# CI for Product Catalog Service

name: product-catalog-ci

on:
pull_request:
branches:
- main
name: Product Catalog CI-CD

on:
push:
branches:
- main
pull_request:
branches:
- main
workflow_dispatch:

permissions:
contents: write

env:
DOCKER_IMAGE: leninfitfreak/product-catalog
PRODUCT_CATALOG_PORT: 8088
SERVICE_PATH: src/product-catalog
K8S_DEPLOY_FILE: kubernetes/productcatalog/deploy.yaml

jobs:
build:
runs-on: ubuntu-latest

steps:
- name: checkout code
uses: actions/checkout@v4

- name: Setup Go 1.22
uses: actions/setup-go@v2
with:
go-version: 1.22

- name: Build
run: |
cd src/product-catalog
go mod download
go build -o product-catalog-service main.go

- name: unit tests
run: |
cd src/product-catalog
go test ./...

code-quality:
runs-on: ubuntu-latest

steps:
- name: checkout code
uses: actions/checkout@v4

- name: Setup Go 1.22
uses: actions/setup-go@v2
with:
go-version: 1.22

- name: Run golangci-lint
uses: golangci/golangci-lint-action@v6
with:
version: v1.55.2
run: golangci-lint run
working-directory: src/product-catalog

docker:
runs-on: ubuntu-latest

needs: build

steps:
- name: checkout code
uses: actions/checkout@v4

- name: Install Docker
uses: docker/setup-buildx-action@v1

- name: Login to Docker
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}

- name: Docker Push
uses: docker/build-push-action@v6
with:
context: src/product-catalog
file: src/product-catalog/Dockerfile
push: true
tags: ${{ secrets.DOCKER_USERNAME }}/product-catalog:${{github.run_id}}


updatek8s:
runs-on: ubuntu-latest

needs: docker

steps:
- name: checkout code
uses: actions/checkout@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}

- name: Update tag in kubernetes deployment manifest
run: |
sed -i "s|image: .*|image: ${{ secrets.DOCKER_USERNAME }}/product-catalog:${{github.run_id}}|" kubernetes/productcatalog/deploy.yaml

- name: Commit and push changes
run: |
git config --global user.email "[email protected]"
git config --global user.name "Abhishek Veeramalla"
git add kubernetes/productcatalog/deploy.yaml
git commit -m "[CI]: Update product catalog image tag"
git push origin HEAD:main -f







# ---------------------
# 1. Unit Tests
# ---------------------
unit-tests:
runs-on: ubuntu-latest
continue-on-error: true
steps:
Comment on lines +26 to +28
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Unit tests must fail the pipeline, not be ignored
continue-on-error: true disables the safety net that unit-tests provide—builds will look green even when tests are red. Remove this line unless there is a very strong justification.

-    continue-on-error: true
+#   continue-on-error: true        # ← delete or comment-out
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
runs-on: ubuntu-latest
continue-on-error: true
steps:
runs-on: ubuntu-latest
# continue-on-error: true # ← delete or comment-out
steps:
🤖 Prompt for AI Agents 
In .github/workflows/ci.yaml around lines 26 to 28, the `continue-on-error:
true` setting causes the pipeline to ignore unit test failures, allowing builds
to pass even if tests fail. Remove the `continue-on-error: true` line to ensure
that the pipeline fails when unit tests fail, maintaining proper test
enforcement.

- uses: actions/checkout@v4

- uses: actions/setup-go@v5
with:
go-version: "1.24.x"
check-latest: true

- name: Check Go Version
run: go version

- name: Ensure go.sum
working-directory: ${{ env.SERVICE_PATH }}
run: go mod tidy

- name: Cache Go Modules
uses: actions/cache@v3
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
Comment on lines +44 to +49
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Update actions/cache to v4 to avoid runtime failures
actionlint flags v3 as “runner too old”. GitHub now ships v4; staying on v3 will eventually break the cache step.

-      - name: Cache Go Modules
-        uses: actions/cache@v3
+      - name: Cache Go Modules
+        uses: actions/cache@v4
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
uses: actions/cache@v3
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
- name: Cache Go Modules
uses: actions/cache@v4
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
restore-keys: |
${{ runner.os }}-go-
🧰 Tools
🪛 actionlint (1.7.7)

44-44: the runner of "actions/cache@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents 
In .github/workflows/ci.yaml around lines 44 to 49, the actions/cache version is
set to v3, which is flagged as outdated and may cause runtime failures. Update
the version from actions/cache@v3 to actions/cache@v4 to ensure compatibility
with the current GitHub runner environment and prevent cache step failures.


- name: Install Dependencies
working-directory: ${{ env.SERVICE_PATH }}
run: go get -u -t ./...
Comment on lines +51 to +53
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Don’t use go get -u in CI – it mutates go.mod unpredictably
-u upgrades all dependencies to the latest versions, causing non-deterministic builds and dirty diffs. Fetch test deps only:

-        run: go get -u -t ./...
+        run: go test -run=^$ -v ./...         # forces module download without upgrades
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Install Dependencies
working-directory: ${{ env.SERVICE_PATH }}
run: go get -u -t ./...
- name: Install Dependencies
working-directory: ${{ env.SERVICE_PATH }}
- run: go get -u -t ./...
+ run: go test -run=^$ -v ./... # forces module download without upgrades
🤖 Prompt for AI Agents 
In .github/workflows/ci.yaml around lines 51 to 53, the use of `go get -u -t
./...` in the CI workflow causes non-deterministic builds by upgrading all
dependencies and mutating go.mod. Remove the `-u` flag to avoid upgrading
dependencies and only fetch the test dependencies without modifying go.mod.
Update the run command to `go get -t ./...` to ensure deterministic builds.


- name: Run Unit Tests
working-directory: ${{ env.SERVICE_PATH }}
run: go test ./... -v

# ---------------------
# 2. Code Quality
# ---------------------
code-quality:
runs-on: ubuntu-latest
needs: [unit-tests]
if: always()
continue-on-error: true
steps:
Comment on lines +66 to +67
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Let code-quality failures fail the pipeline

Static-analysis findings are only useful when they block merges. Remove continue-on-error: true so problems surface early.

-    continue-on-error: true
+#   continue-on-error: true   # delete or comment-out

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents 
In .github/workflows/ci.yaml at lines 66 to 67, remove the line
`continue-on-error: true` from the static analysis step configuration to ensure
that code-quality failures cause the pipeline to fail and prevent merges until
issues are resolved.

- uses: actions/checkout@v4

- uses: actions/setup-go@v5
with:
go-version: "1.24.x"
check-latest: true

- name: Check Go Version
run: go version

- name: Install Staticcheck
run: go install honnef.co/go/tools/cmd/staticcheck@latest

- name: Run Staticcheck
working-directory: ${{ env.SERVICE_PATH }}
run: staticcheck ./...

# ---------------------
# 3. Vulnerability Scan
# ---------------------
vulnerability-scan:
runs-on: ubuntu-latest
needs: [code-quality]
if: always()
continue-on-error: true
steps:
Comment on lines +92 to +93
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Same for the vulnerability scan – do not ignore GoSec results

Security scans that never fail defeat their purpose. Drop the flag here as well.

🤖 Prompt for AI Agents 
In .github/workflows/ci.yaml at lines 92 to 93, the continue-on-error flag is
set to true for the GoSec vulnerability scan step, which causes the scan results
to be ignored. Remove or set continue-on-error to false for this step to ensure
that the workflow fails if GoSec detects vulnerabilities, thereby enforcing
security checks properly.

- uses: actions/checkout@v4

- uses: actions/setup-go@v5
with:
go-version: "1.24.x"
check-latest: true

- name: Check Go Version
run: go version

- name: Install GoSec
run: go install github.com/securego/gosec/v2/cmd/gosec@latest

- name: Run GoSec Security Scan
working-directory: ${{ env.SERVICE_PATH }}
run: gosec ./...

# ---------------------
# 4. Build Binary
# ---------------------
build-binary:
runs-on: ubuntu-latest
needs: [vulnerability-scan]
if: always()
steps:
- uses: actions/checkout@v4

- uses: actions/setup-go@v5
with:
go-version: "1.24.x"
check-latest: true

- name: Check Go Version
run: go version

- name: Build Binary
working-directory: ${{ env.SERVICE_PATH }}
run: |
export PRODUCT_CATALOG_PORT=${{ env.PRODUCT_CATALOG_PORT }}
go build -o product-catalog .

- uses: actions/upload-artifact@v4
with:
name: product-catalog-binary
path: ${{ env.SERVICE_PATH }}/product-catalog

# ---------------------
# 5. Docker Build & Push
# ---------------------
docker-build-push:
runs-on: ubuntu-latest
needs: [build-binary]
if: always()
steps:
- uses: actions/checkout@v4

- uses: actions/download-artifact@v4
with:
name: product-catalog-binary
path: ${{ env.SERVICE_PATH }}

- name: Get Build Version
id: vars
run: |
VERSION=build-${GITHUB_RUN_NUMBER}
RUN_ID_TAG=run-${GITHUB_RUN_ID}
echo "VERSION=$VERSION" >> $GITHUB_ENV
echo "RUN_ID_TAG=$RUN_ID_TAG" >> $GITHUB_ENV
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "runid=$RUN_ID_TAG" >> $GITHUB_OUTPUT

- name: Docker Login
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
Comment on lines +163 to +166
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Update outdated Docker login action.

The docker/login-action@v2 is outdated and may not run properly on current GitHub Actions runners.

-      - name: Docker Login
-        uses: docker/login-action@v2
+      - name: Docker Login
+        uses: docker/login-action@v3

Committable suggestion skipped: line range outside the PR's diff.

🧰 Tools
🪛 actionlint (1.7.7)

100-100: the runner of "docker/login-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents 
In .github/workflows/ci.yaml around lines 100 to 103, the Docker login action
uses an outdated version docker/login-action@v2. Update the action to the latest
stable version, such as docker/[email protected] or the current recommended
version, to ensure compatibility and proper execution on current GitHub Actions
runners.


- name: Build and Tag Docker Image
working-directory: ${{ env.SERVICE_PATH }}
run: |
docker build -t ${{ env.DOCKER_IMAGE }}:${{ steps.vars.outputs.version }} .
docker tag ${{ env.DOCKER_IMAGE }}:${{ steps.vars.outputs.version }} ${{ env.DOCKER_IMAGE }}:${{ steps.vars.outputs.runid }}
docker tag ${{ env.DOCKER_IMAGE }}:${{ steps.vars.outputs.version }} ${{ env.DOCKER_IMAGE }}:latest

- name: Push Docker Image
run: |
docker push ${{ env.DOCKER_IMAGE }}:${{ steps.vars.outputs.version }}
docker push ${{ env.DOCKER_IMAGE }}:${{ steps.vars.outputs.runid }}
docker push ${{ env.DOCKER_IMAGE }}:latest

- name: Save Build Version
run: echo "${{ steps.vars.outputs.version }}" > build-version.txt

- uses: actions/upload-artifact@v4
with:
name: build-version
path: build-version.txt

# ---------------------
# 6. Update Kubernetes Manifest
# ---------------------
update-k8s:
runs-on: ubuntu-latest
needs: [docker-build-push]
if: always()
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0

- uses: actions/download-artifact@v4
with:
name: build-version
path: .

- name: Load Build Version
run: |
VERSION=$(cat build-version.txt)
echo "VERSION=$VERSION" >> $GITHUB_ENV
echo "Using VERSION=$VERSION"

- name: Update Kubernetes Manifest
run: |
sed -i "s|image: .*|image: ${{ env.DOCKER_IMAGE }}:${VERSION}|" ${{ env.K8S_DEPLOY_FILE }}
echo "Updated image in ${{ env.K8S_DEPLOY_FILE }} to ${{ env.DOCKER_IMAGE }}:${VERSION}"

- name: Commit and Push Updated Manifest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
git config user.name "lenin"
git config user.email "[email protected]"
Comment on lines +214 to +215
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Remove hardcoded user credentials from git config.

The workflow uses hardcoded personal user details which should not be committed to the repository. Use generic bot credentials or GitHub Actions bot instead.

-          git config user.name "lenin"
-          git config user.email "[email protected]"
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
git config user.name "lenin"
git config user.email "leninfitfreak@gmail.com"
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
🤖 Prompt for AI Agents 
In .github/workflows/ci.yaml at lines 141 to 142, remove the hardcoded personal
user name and email from the git config commands. Replace them with generic bot
credentials or use the default GitHub Actions bot identity to avoid exposing
personal information in the workflow.

git add ${{ env.K8S_DEPLOY_FILE }}
git commit -m "Update image tag to ${VERSION} [CI SKIP]" || echo "No changes to commit"
git push origin main
2 changes: 1 addition & 1 deletion kubernetes/productcatalog/deploy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ spec:
serviceAccountName: opentelemetry-demo
containers:
- name: productcatalogservice
image: abhishekf5/product-catalog:13134113508
image: leninfitfreak/product-catalog:build-18
imagePullPolicy: IfNotPresent
ports:

Expand Down
2 changes: 2 additions & 0 deletions src/ad/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,3 +26,5 @@ ENV AD_PORT 9099

ENTRYPOINT ["./build/install/opentelemetry-demo-ad/bin/Ad"]



9 changes: 9 additions & 0 deletions src/product-catalog/lenin
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
lenin
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Stray placeholder file – remove unless required

The file contains only the word “lenin” and is not referenced anywhere.
Keeping unused artefacts bloats the image context and creates maintenance noise.

-lenin
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
lenin
🤖 Prompt for AI Agents 
In src/product-catalog/lenin at line 1, the file contains only the word "lenin"
and is not used or referenced anywhere. Remove this stray placeholder file
entirely to avoid unnecessary clutter and reduce maintenance overhead.

<<<<<<< HEAD
jdsiGJERWIO'GJRW
=======
dsvdfbgsnjet

efger;gjiewluh wEI NU9
vgergr
>>>>>>> ab873d8ecb3cfc535669eee68c1db2abd43f995c