diff --git a/.github/workflows/cicd-4.yaml b/.github/workflows/cicd-4.yaml new file mode 100644 index 000000000..8926c825a --- /dev/null +++ b/.github/workflows/cicd-4.yaml @@ -0,0 +1,234 @@ +name: cicd-4 +on: + push: + paths: + - 'my-app/**' + tags: + - 'v[0-9]+.[0-9]+.[0-9]+' + pull_request: + types: [opened, synchronize, closed] + branches: [dev, master] + paths: + - 'my-app/**' + +jobs: + test: + if: github.event.action == 'opened' || github.event.action == 'synchronize' + runs-on: ubuntu-latest + steps: + - name: checkout the code + uses: actions/checkout@v4 + - name: setup-node + uses: actions/setup-node@v3 + with: + node-version: 18 + - name: Cache Node.js modules + uses: actions/cache@v3 + with: + path: ~/.npm + key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-node- + - name: Install dependencies + run: | + cd my-app + npm ci + - name: npm build + run: | + cd my-app + npm run build + + set-environment: + if: github.event.pull_request.merged == true || github.ref_type == 'tag' + runs-on: ubuntu-latest + outputs: + environment: ${{ steps.set-env.outputs.environment }} + steps: + - name: set env + id: set-env + run: | + if [[ ${{ github.ref_type }} == "tag" ]]; then + echo "environment=qa" >> $GITHUB_OUTPUT + exit 0 + fi + + if [[ ${{ github.ref_type }} == "branch" ]]; then + echo "environment=dev" >> $GITHUB_OUTPUT + if [[ ${{ github.base_ref }} == "master" ]]; then + echo "environment=staging" >> $GITHUB_OUTPUT + fi + fi + - name: check env + run: echo ${{ steps.set-env.outputs.environment }} + + + image-build: + runs-on: ubuntu-latest + needs: [set-environment] + permissions: + id-token: write + contents: read + strategy: + matrix: + environment: ["${{ needs.set-environment.outputs.environment }}"] + environment: ${{ matrix.environment }} + steps: + - name: checkout the code + uses: actions/checkout@v4 + - name: Configure AWS Credentials + id: credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: ${{ vars.AWS_REGION }} + role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + with: + mask-password: 'true' + - name: docker build & push + run: | + docker build -f Dockerfile --tag ${{ secrets.REGISTRY }}/${{ vars.REPOSITORY }}:${{ github.sha }} . + docker push ${{ secrets.REGISTRY }}/${{ vars.REPOSITORY }}:${{ github.sha }} + + deploy: + runs-on: ubuntu-latest + needs: [ set-environment, image-build ] + permissions: + id-token: write + contents: read + strategy: + matrix: + environment: ["${{ needs.set-environment.outputs.environment }}"] + environment: ${{ matrix.environment }} + steps: + - name: checkout the code + uses: actions/checkout@v4 + - name: Configure AWS Credentials + id: credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: ${{ vars.AWS_REGION }} + role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} + - name: setup kubectl + uses: azure/setup-kubectl@v3 + with: + version: latest + - name: setup helm + uses: azure/setup-helm@v3 + with: + version: v3.11.1 + - name: access kubernetes + run: | + aws eks update-kubeconfig --name ${{ vars.CLUSTER_NAME }} + - name: deploy + id: status + run: | + helm upgrade --install my-app kubernetes/my-app --create-namespace --namespace my-app-${{ vars.SUFFIX }} \ + --set image.tag=${{ github.sha }} \ + --set image.repository=${{ secrets.REGISTRY }}/${{ vars.REPOSITORY }} + - name: notify + if: always() + uses: slackapi/slack-github-action@v1.24.0 + with: + payload: | + { + "text": "message", + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "Environment : ${{ matrix.environment }}, Deploy Result : ${{ steps.status.outcome }}, Repository : ${{ github.repository }}." + } + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + + create-pr: + if: needs.set-environment.outputs.environment == 'qa' + runs-on: ubuntu-latest + needs: [set-environment, deploy] + steps: + - name: checkout + uses: actions/checkout@v4 + - name: gh auth login + run: | + echo ${{ secrets.PERSONAL_ACCESS_TOKEN }} | gh auth login --with-token + - name: create branch + run: | + git checkout -b release/${{ github.ref_name }} + git push origin release/${{ github.ref_name }} + - name: create pr + run: | + gh pr create --base master --head release/${{ github.ref_name }} --title "release/${{ github.ref_name }} -> master" --body "release pr" + + approve: + if: needs.set-environment.outputs.environment == 'staging' + runs-on: ubuntu-latest + environment: approve-process + needs: [set-environment, deploy] + steps: + - name: approve + run: | + echo "Approve Done" + + prod-deploy: + runs-on: ubuntu-latest + needs: [ approve ] + permissions: + id-token: write + contents: read + strategy: + matrix: + environment: ["prod"] + environment: ${{ matrix.environment }} + steps: + - name: checkout the code + uses: actions/checkout@v4 + - name: Configure AWS Credentials + id: credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: ${{ vars.AWS_REGION }} + role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} + - name: setup kubectl + uses: azure/setup-kubectl@v3 + with: + version: latest + - name: setup helm + uses: azure/setup-helm@v3 + with: + version: v3.11.1 + - name: access kubernetes + run: | + aws eks update-kubeconfig --name ${{ vars.CLUSTER_NAME }} + - name: deploy + id: status + run: | + helm upgrade --install my-app kubernetes/my-app --create-namespace --namespace my-app-${{ vars.SUFFIX }} \ + --set image.tag=${{ github.sha }} \ + --set image.repository=${{ secrets.REGISTRY }}/${{ vars.REPOSITORY }} + - name: notify + if: always() + uses: slackapi/slack-github-action@v1.24.0 + with: + payload: | + { + "text": "message", + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "Environment : ${{ matrix.environment }}, Deploy Result : ${{ steps.status.outcome }}, Repository : ${{ github.repository }}." + } + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK \ No newline at end of file diff --git a/README.md b/README.md index ea85d664a..efde2d388 100644 --- a/README.md +++ b/README.md @@ -1 +1 @@ -# github-actions-setting \ No newline at end of file +# github-actions sandy \ No newline at end of file diff --git a/keyword-list.txt b/keyword-list.txt new file mode 100644 index 000000000..3662bab5a --- /dev/null +++ b/keyword-list.txt @@ -0,0 +1,2 @@ +critical +normal diff --git a/my-app/src/App.js b/my-app/src/App.js index 725bc9db5..96807988d 100644 --- a/my-app/src/App.js +++ b/my-app/src/App.js @@ -15,7 +15,7 @@ function App() { target="_blank" rel="noopener noreferrer" > - Learn GithubAction cicd + Learn GithubAction version7