diff --git a/.github/workflows/cicd-1.yaml b/.github/workflows/cicd-1.yaml deleted file mode 100644 index 79cf89a..0000000 --- a/.github/workflows/cicd-1.yaml +++ /dev/null @@ -1,29 +0,0 @@ -name: cicd-1 -on: - pull_request: - types: [opened, synchronize, closed] - branches: [dev] - paths: - - 'my-app/**' - -jobs: - test: - if: github.event.action == 'opened' || github.event.action == 'synchronize' - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - image-build: - if: github.event.pull_request.merged == true - runs-on: ubuntu-latest - steps: - - name: checkout - uses: actions/checkout@v4 - - deploy: - runs-on: ubuntu-latest - needs: [image-build] - steps: - - name: checkout - uses: actions/checkout@v4 diff --git a/.github/workflows/debug.yaml b/.github/workflows/debug.yaml new file mode 100644 index 0000000..e7a58e3 --- /dev/null +++ b/.github/workflows/debug.yaml @@ -0,0 +1,16 @@ +name: debug +on: push + +jobs: + debug: + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v4 + - name: force fail + run: | + cat test.txt + - name: uses tmate + if: always() + uses: mxschmitt/action-tmate@v3 + timeout-minutes: 10 \ No newline at end of file diff --git a/.github/workflows/part4/cicd-1.yaml b/.github/workflows/part4/cicd-1.yaml new file mode 100644 index 0000000..c1ade69 --- /dev/null +++ b/.github/workflows/part4/cicd-1.yaml @@ -0,0 +1,112 @@ +name: cicd-1 +on: + pull_request: + types: [opened, synchronize, closed] + branches: [dev] + paths: + - 'my-app/**' + +jobs: + test: + if: github.event.action == 'opened' || github.event.action == 'synchronize' + runs-on: ubuntu-latest + steps: + - name: checkout the code + uses: actions/checkout@v4 + - name: setup-node + uses: actions/setup-node@v3 + with: + node-version: 18 + - name: Cache Node.js modules + uses: actions/cache@v3 + with: + path: ~/.npm + key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-node- + - name: Install dependencies + run: | + cd my-app + npm ci + - name: npm build + run: | + cd my-app + npm run build + + image-build: + if: github.event.pull_request.merged == true + runs-on: ubuntu-latest + permissions: + id-token: write + contents: read + steps: + - name: checkout the code + uses: actions/checkout@v4 + - name: Configure AWS Credentials + id: credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: ${{ vars.AWS_REGION }} + role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + with: + mask-password: 'true' + - name: docker build & push + run: | + docker build -f Dockerfile --tag ${{ secrets.REGISTRY }}/${{ vars.REPOSITORY }}:${{ github.sha }} . + docker push ${{ secrets.REGISTRY }}/${{ vars.REPOSITORY }}:${{ github.sha }} + + deploy: + runs-on: ubuntu-latest + needs: [ image-build ] + permissions: + id-token: write + contents: read + steps: + - name: checkout the code + uses: actions/checkout@v4 + - name: Configure AWS Credentials + id: credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-region: ${{ vars.AWS_REGION }} + role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} + - name: setup kubectl + uses: azure/setup-kubectl@v3 + with: + version: latest + - name: setup helm + uses: azure/setup-helm@v3 + with: + version: v3.11.1 + - name: access kubernetes + run: | + aws eks update-kubeconfig --name ${{ vars.CLUSTER_NAME }} + - name: deploy + id: status + run: | + helm upgrade --install my-app kubernetes/my-app --create-namespace --namespace my-app-${{ vars.SUFFIX }} \ + --set image.tag=${{ github.sha }} \ + --set image.repository=${{ secrets.REGISTRY }}/${{ vars.REPOSITORY }} + - name: notify + if: always() + uses: slackapi/slack-github-action@v1.24.0 + with: + payload: | + { + "text": "message", + "blocks": [ + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "Environment : dev, Deploy Result : ${{ steps.status.outcome }}, Repository : ${{ github.repository }}." + } + } + ] + } + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK \ No newline at end of file diff --git a/.github/workflows/part4/cicd-2.yaml b/.github/workflows/part4/cicd-2.yaml new file mode 100644 index 0000000..18049fb --- /dev/null +++ b/.github/workflows/part4/cicd-2.yaml @@ -0,0 +1,156 @@ +name: cicd-2 +on: + pull_request: + types: [opened, synchronize, closed] + branches: [dev, master] + paths: + - 'my-app/**' + +jobs: + test: + if: github.event.action == 'opened' || github.event.action == 'synchronize' + runs-on: ubuntu-latest + steps: + - name: checkout the code + uses: actions/checkout@v4 +# - name: setup-node +# uses: actions/setup-node@v3 +# with: +# node-version: 18 +# - name: Cache Node.js modules +# uses: actions/cache@v3 +# with: +# path: ~/.npm +# key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} +# restore-keys: | +# ${{ runner.os }}-node- +# - name: Install dependencies +# run: | +# cd my-app +# npm ci +# - name: npm build +# run: | +# cd my-app +# npm run build + + set-environment: + if: github.event.pull_request.merged == true + runs-on: ubuntu-latest + outputs: + environment: ${{ steps.set-env.outputs.environment }} + steps: + - name: set env + id: set-env + run: | + echo ${{ github.base_ref }} + echo "environment=dev" >> $GITHUB_OUTPUT + + if [[ ${{ github.base_ref }} == "master" ]]; then + echo "environment=prod" >> $GITHUB_OUTPUT + fi + - name: check env + run: echo ${{ steps.set-env.outputs.environment }} + + image-build: + runs-on: ubuntu-latest + needs: [set-environment] + permissions: + id-token: write + contents: read + strategy: + matrix: + environment: ["${{ needs.set-environment.outputs.environment }}"] + environment: ${{ matrix.environment }} + steps: + - name: checkout the code + uses: actions/checkout@v4 +# - name: Configure AWS Credentials +# id: credentials +# uses: aws-actions/configure-aws-credentials@v4 +# with: +# aws-region: ${{ vars.AWS_REGION }} +# role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} +# - name: Login to Amazon ECR +# id: login-ecr +# uses: aws-actions/amazon-ecr-login@v2 +# with: +# mask-password: 'true' +# - name: docker build & push +# run: | +# docker build -f Dockerfile --tag ${{ secrets.REGISTRY }}/${{ vars.REPOSITORY }}:${{ github.sha }} . +# docker push ${{ secrets.REGISTRY }}/${{ vars.REPOSITORY }}:${{ github.sha }} + + deploy: + runs-on: ubuntu-latest + needs: [ set-environment, image-build ] + permissions: + id-token: write + contents: read + strategy: + matrix: + environment: ["${{ needs.set-environment.outputs.environment }}"] + environment: ${{ matrix.environment }} + steps: + - name: checkout the code + uses: actions/checkout@v4 +# - name: Configure AWS Credentials +# id: credentials +# uses: aws-actions/configure-aws-credentials@v4 +# with: +# aws-region: ${{ vars.AWS_REGION }} +# role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} +# - name: setup kubectl +# uses: azure/setup-kubectl@v3 +# with: +# version: latest +# - name: setup helm +# uses: azure/setup-helm@v3 +# with: +# version: v3.11.1 +# - name: access kubernetes +# run: | +# aws eks update-kubeconfig --name ${{ vars.CLUSTER_NAME }} +# - name: deploy +# id: status +# run: | +# helm upgrade --install my-app kubernetes/my-app --create-namespace --namespace my-app-${{ vars.SUFFIX }} \ +# --set image.tag=${{ github.sha }} \ +# --set image.repository=${{ secrets.REGISTRY }}/${{ vars.REPOSITORY }} +# - name: notify +# if: always() +# uses: slackapi/slack-github-action@v1.24.0 +# with: +# payload: | +# { +# "text": "message", +# "blocks": [ +# { +# "type": "section", +# "text": { +# "type": "mrkdwn", +# "text": "Environment : ${{ matrix.environment }}, Deploy Result : ${{ steps.status.outcome }}, Repository : ${{ github.repository }}." +# } +# } +# ] +# } +# env: +# SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} +# SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + + create-pr: + if: needs.set-environment.outputs.environment == 'dev' + runs-on: ubuntu-latest + needs: [set-environment, deploy] + steps: + - name: checkout + uses: actions/checkout@v4 + - name: gh auth login + run: | + echo ${{ secrets.PERSONAL_ACCESS_TOKEN }} | gh auth login --with-token + - name: create branch + run: | + git checkout -b release/${{ github.run_id }} + git push origin release/${{ github.run_id }} + - name: create pr + run: | + gh pr create --base master --head release/${{ github.run_id }} --title "release/${{ github.run_id }} -> master" --body "release pr" \ No newline at end of file diff --git a/.github/workflows/part4/cicd-3.yaml b/.github/workflows/part4/cicd-3.yaml new file mode 100644 index 0000000..b4e757b --- /dev/null +++ b/.github/workflows/part4/cicd-3.yaml @@ -0,0 +1,168 @@ +name: cicd-3 +on: + push: + paths: + - 'my-app/**' + tags: + - 'v[0-9]+.[0-9]+.[0-9]+' + pull_request: + types: [opened, synchronize, closed] + branches: [dev, master] + paths: + - 'my-app/**' + +jobs: + test: + if: github.event.action == 'opened' || github.event.action == 'synchronize' + runs-on: ubuntu-latest + steps: + - name: checkout the code + uses: actions/checkout@v4 +# - name: setup-node +# uses: actions/setup-node@v3 +# with: +# node-version: 18 +# - name: Cache Node.js modules +# uses: actions/cache@v3 +# with: +# path: ~/.npm +# key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} +# restore-keys: | +# ${{ runner.os }}-node- +# - name: Install dependencies +# run: | +# cd my-app +# npm ci +# - name: npm build +# run: | +# cd my-app +# npm run build + + set-environment: + if: github.event.pull_request.merged == true || github.ref_type == 'tag' + runs-on: ubuntu-latest + outputs: + environment: ${{ steps.set-env.outputs.environment }} + steps: + - name: set env + id: set-env + run: | + if [[ ${{ github.ref_type }} == "tag" ]]; then + echo "environment=qa" >> $GITHUB_OUTPUT + exit 0 + fi + + if [[ ${{ github.ref_type }} == "branch" ]]; then + echo "environment=dev" >> $GITHUB_OUTPUT + if [[ ${{ github.base_ref }} == "master" ]]; then + echo "environment=prod" >> $GITHUB_OUTPUT + fi + fi + - name: check env + run: echo ${{ steps.set-env.outputs.environment }} + + + image-build: + runs-on: ubuntu-latest + needs: [set-environment] + permissions: + id-token: write + contents: read + strategy: + matrix: + environment: ["${{ needs.set-environment.outputs.environment }}"] + environment: ${{ matrix.environment }} + steps: + - name: checkout the code + uses: actions/checkout@v4 +# - name: Configure AWS Credentials +# id: credentials +# uses: aws-actions/configure-aws-credentials@v4 +# with: +# aws-region: ${{ vars.AWS_REGION }} +# role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} +# - name: Login to Amazon ECR +# id: login-ecr +# uses: aws-actions/amazon-ecr-login@v2 +# with: +# mask-password: 'true' +# - name: docker build & push +# run: | +# docker build -f Dockerfile --tag ${{ secrets.REGISTRY }}/${{ vars.REPOSITORY }}:${{ github.sha }} . +# docker push ${{ secrets.REGISTRY }}/${{ vars.REPOSITORY }}:${{ github.sha }} + + deploy: + runs-on: ubuntu-latest + needs: [ set-environment, image-build ] + permissions: + id-token: write + contents: read + strategy: + matrix: + environment: ["${{ needs.set-environment.outputs.environment }}"] + environment: ${{ matrix.environment }} + steps: + - name: checkout the code + uses: actions/checkout@v4 +# - name: Configure AWS Credentials +# id: credentials +# uses: aws-actions/configure-aws-credentials@v4 +# with: +# aws-region: ${{ vars.AWS_REGION }} +# role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} +# - name: setup kubectl +# uses: azure/setup-kubectl@v3 +# with: +# version: latest +# - name: setup helm +# uses: azure/setup-helm@v3 +# with: +# version: v3.11.1 +# - name: access kubernetes +# run: | +# aws eks update-kubeconfig --name ${{ vars.CLUSTER_NAME }} +# - name: deploy +# id: status +# run: | +# helm upgrade --install my-app kubernetes/my-app --create-namespace --namespace my-app-${{ vars.SUFFIX }} \ +# --set image.tag=${{ github.sha }} \ +# --set image.repository=${{ secrets.REGISTRY }}/${{ vars.REPOSITORY }} +# - name: notify +# if: always() +# uses: slackapi/slack-github-action@v1.24.0 +# with: +# payload: | +# { +# "text": "message", +# "blocks": [ +# { +# "type": "section", +# "text": { +# "type": "mrkdwn", +# "text": "Environment : ${{ matrix.environment }}, Deploy Result : ${{ steps.status.outcome }}, Repository : ${{ github.repository }}." +# } +# } +# ] +# } +# env: +# SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} +# SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + + create-pr: + if: needs.set-environment.outputs.environment == 'qa' + runs-on: ubuntu-latest + needs: [set-environment, deploy] + steps: + - name: checkout + uses: actions/checkout@v4 + - name: gh auth login + run: | + echo ${{ secrets.PERSONAL_ACCESS_TOKEN }} | gh auth login --with-token + - name: create branch + run: | + git checkout -b release/${{ github.ref_name }} + git push origin release/${{ github.ref_name }} + - name: create pr + run: | + gh pr create --base master --head release/${{ github.ref_name }} --title "release/${{ github.ref_name }} -> master" --body "release pr" + diff --git a/.github/workflows/part4/cicd-4.yaml b/.github/workflows/part4/cicd-4.yaml new file mode 100644 index 0000000..fb54d6b --- /dev/null +++ b/.github/workflows/part4/cicd-4.yaml @@ -0,0 +1,234 @@ +name: cicd-4 +on: + push: + paths: + - 'my-app/**' + tags: + - 'v[0-9]+.[0-9]+.[0-9]+' + pull_request: + types: [opened, synchronize, closed] + branches: [dev, master] + paths: + - 'my-app/**' + +jobs: + test: + if: github.event.action == 'opened' || github.event.action == 'synchronize' + runs-on: ubuntu-latest + steps: + - name: checkout the code + uses: actions/checkout@v4 +# - name: setup-node +# uses: actions/setup-node@v3 +# with: +# node-version: 18 +# - name: Cache Node.js modules +# uses: actions/cache@v3 +# with: +# path: ~/.npm +# key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} +# restore-keys: | +# ${{ runner.os }}-node- +# - name: Install dependencies +# run: | +# cd my-app +# npm ci +# - name: npm build +# run: | +# cd my-app +# npm run build + + set-environment: + if: github.event.pull_request.merged == true || github.ref_type == 'tag' + runs-on: ubuntu-latest + outputs: + environment: ${{ steps.set-env.outputs.environment }} + steps: + - name: set env + id: set-env + run: | + if [[ ${{ github.ref_type }} == "tag" ]]; then + echo "environment=qa" >> $GITHUB_OUTPUT + exit 0 + fi + + if [[ ${{ github.ref_type }} == "branch" ]]; then + echo "environment=dev" >> $GITHUB_OUTPUT + if [[ ${{ github.base_ref }} == "master" ]]; then + echo "environment=staging" >> $GITHUB_OUTPUT + fi + fi + - name: check env + run: echo ${{ steps.set-env.outputs.environment }} + + + image-build: + runs-on: ubuntu-latest + needs: [set-environment] + permissions: + id-token: write + contents: read + strategy: + matrix: + environment: ["${{ needs.set-environment.outputs.environment }}"] + environment: ${{ matrix.environment }} + steps: + - name: checkout the code + uses: actions/checkout@v4 +# - name: Configure AWS Credentials +# id: credentials +# uses: aws-actions/configure-aws-credentials@v4 +# with: +# aws-region: ${{ vars.AWS_REGION }} +# role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} +# - name: Login to Amazon ECR +# id: login-ecr +# uses: aws-actions/amazon-ecr-login@v2 +# with: +# mask-password: 'true' +# - name: docker build & push +# run: | +# docker build -f Dockerfile --tag ${{ secrets.REGISTRY }}/${{ vars.REPOSITORY }}:${{ github.sha }} . +# docker push ${{ secrets.REGISTRY }}/${{ vars.REPOSITORY }}:${{ github.sha }} + + deploy: + runs-on: ubuntu-latest + needs: [ set-environment, image-build ] + permissions: + id-token: write + contents: read + strategy: + matrix: + environment: ["${{ needs.set-environment.outputs.environment }}"] + environment: ${{ matrix.environment }} + steps: + - name: checkout the code + uses: actions/checkout@v4 +# - name: Configure AWS Credentials +# id: credentials +# uses: aws-actions/configure-aws-credentials@v4 +# with: +# aws-region: ${{ vars.AWS_REGION }} +# role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} +# - name: setup kubectl +# uses: azure/setup-kubectl@v3 +# with: +# version: latest +# - name: setup helm +# uses: azure/setup-helm@v3 +# with: +# version: v3.11.1 +# - name: access kubernetes +# run: | +# aws eks update-kubeconfig --name ${{ vars.CLUSTER_NAME }} +# - name: deploy +# id: status +# run: | +# helm upgrade --install my-app kubernetes/my-app --create-namespace --namespace my-app-${{ vars.SUFFIX }} \ +# --set image.tag=${{ github.sha }} \ +# --set image.repository=${{ secrets.REGISTRY }}/${{ vars.REPOSITORY }} +# - name: notify +# if: always() +# uses: slackapi/slack-github-action@v1.24.0 +# with: +# payload: | +# { +# "text": "message", +# "blocks": [ +# { +# "type": "section", +# "text": { +# "type": "mrkdwn", +# "text": "Environment : ${{ matrix.environment }}, Deploy Result : ${{ steps.status.outcome }}, Repository : ${{ github.repository }}." +# } +# } +# ] +# } +# env: +# SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} +# SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + + create-pr: + if: needs.set-environment.outputs.environment == 'qa' + runs-on: ubuntu-latest + needs: [set-environment, deploy] + steps: + - name: checkout + uses: actions/checkout@v4 + - name: gh auth login + run: | + echo ${{ secrets.PERSONAL_ACCESS_TOKEN }} | gh auth login --with-token + - name: create branch + run: | + git checkout -b release/${{ github.ref_name }} + git push origin release/${{ github.ref_name }} + - name: create pr + run: | + gh pr create --base master --head release/${{ github.ref_name }} --title "release/${{ github.ref_name }} -> master" --body "release pr" + + approve: + if: needs.set-environment.outputs.environment == 'staging' + runs-on: ubuntu-latest + environment: approve-process + needs: [set-environment, deploy] + steps: + - name: approve + run: | + echo "Approve Done" + + prod-deploy: + runs-on: ubuntu-latest + needs: [ approve ] + permissions: + id-token: write + contents: read + strategy: + matrix: + environment: ["prod"] + environment: ${{ matrix.environment }} + steps: + - name: checkout the code + uses: actions/checkout@v4 +# - name: Configure AWS Credentials +# id: credentials +# uses: aws-actions/configure-aws-credentials@v4 +# with: +# aws-region: ${{ vars.AWS_REGION }} +# role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} +# - name: setup kubectl +# uses: azure/setup-kubectl@v3 +# with: +# version: latest +# - name: setup helm +# uses: azure/setup-helm@v3 +# with: +# version: v3.11.1 +# - name: access kubernetes +# run: | +# aws eks update-kubeconfig --name ${{ vars.CLUSTER_NAME }} +# - name: deploy +# id: status +# run: | +# helm upgrade --install my-app kubernetes/my-app --create-namespace --namespace my-app-${{ vars.SUFFIX }} \ +# --set image.tag=${{ github.sha }} \ +# --set image.repository=${{ secrets.REGISTRY }}/${{ vars.REPOSITORY }} +# - name: notify +# if: always() +# uses: slackapi/slack-github-action@v1.24.0 +# with: +# payload: | +# { +# "text": "message", +# "blocks": [ +# { +# "type": "section", +# "text": { +# "type": "mrkdwn", +# "text": "Environment : ${{ matrix.environment }}, Deploy Result : ${{ steps.status.outcome }}, Repository : ${{ github.repository }}." +# } +# } +# ] +# } +# env: +# SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} +# SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK diff --git a/.github/workflows/part5/cicd-5.yaml b/.github/workflows/part5/cicd-5.yaml new file mode 100644 index 0000000..a149ed5 --- /dev/null +++ b/.github/workflows/part5/cicd-5.yaml @@ -0,0 +1,193 @@ +name: cicd-5 +on: + push: + paths: + - 'my-app/**' + tags: + - 'v[0-9]+.[0-9]+.[0-9]+' + pull_request: + types: [opened, synchronize, closed] + branches: [dev, master] + paths: + - 'my-app/**' + +jobs: + test: + if: github.event.action == 'opened' || github.event.action == 'synchronize' + runs-on: ubuntu-latest + steps: + - name: checkout the code + uses: actions/checkout@v4 + - name: checkout the module code + uses: actions/checkout@v4 + with: + repository: "yj-devsec/github-actions-module" + path: ./actions-module + - name: use test module + uses: ./actions-module/common/test + with: + NODE_VERSION: '18' + WORKING_DIRECTORY: 'my-app' + + set-environment: + if: github.event.pull_request.merged == true || github.ref_type == 'tag' + runs-on: ubuntu-latest + outputs: + environment: ${{ steps.set-env.outputs.environment }} + steps: + - name: checkout the module code + uses: actions/checkout@v4 + with: + repository: "yj-devsec/github-actions-module" + path: ./actions-module + - name: use set-environment module + uses: ./actions-module/common/set-environment + id: set-env + with: + REF_TYPE: ${{ github.ref_type }} + BASE_REF: ${{ github.base_ref }} + + + image-build: + runs-on: ubuntu-latest + needs: [set-environment] + permissions: + id-token: write + contents: read + strategy: + matrix: + environment: ["${{ needs.set-environment.outputs.environment }}"] + environment: ${{ matrix.environment }} + steps: + - name: checkout the code + uses: actions/checkout@v4 + - name: checkout the module code + uses: actions/checkout@v4 + with: + repository: "yj-devsec/github-actions-module" + path: ./actions-module + - name: use aws module + uses: ./actions-module/common/aws + with: + AWS_REGION: ${{ vars.AWS_REGION }} + AWS_ROLE_TO_ASSUME: ${{ secrets.AWS_ROLE_TO_ASSUME }} + - name: use image-build module + uses: ./actions-module/common/image-build + with: + REPOSITORY: ${{ vars.REPOSITORY }} + REGISTRY: ${{ secrets.REGISTRY }} + + + + deploy: + runs-on: ubuntu-latest + needs: [ set-environment, image-build ] + permissions: + id-token: write + contents: read + strategy: + matrix: + environment: ["${{ needs.set-environment.outputs.environment }}"] + environment: ${{ matrix.environment }} + steps: + - name: checkout the code + uses: actions/checkout@v4 + - name: checkout the module code + uses: actions/checkout@v4 + with: + repository: "yj-devsec/github-actions-module" + path: ./actions-module + - name: use aws module + uses: ./actions-module/common/aws + with: + AWS_REGION: ${{ vars.AWS_REGION }} + AWS_ROLE_TO_ASSUME: ${{ secrets.AWS_ROLE_TO_ASSUME }} + - name: use deploy module + id: status + uses: ./actions-module/common/deploy + with: + CLUSTER_NAME: ${{ vars.CLUSTER_NAME }} + RELEASE_NAME: my-app + HELM_CHART_PATH: kubernetes/my-app + NAMESPACE: my-app-${{ vars.SUFFIX }} + REPOSITORY: ${{ secrets.REGISTRY }}/${{ vars.REPOSITORY }} + - name: use slack module + if: always() + uses: ./actions-module/common/slack + with: + DEPLOY_STEP_STATUS: ${{ steps.status.outcome }} + ENVIRONMENT: ${{ matrix.environment }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + + + + create-pr: + if: needs.set-environment.outputs.environment == 'qa' + runs-on: ubuntu-latest + needs: [set-environment, deploy] + steps: + - name: checkout + uses: actions/checkout@v4 + - name: checkout the module code + uses: actions/checkout@v4 + with: + repository: "yj-devsec/github-actions-module" + path: ./actions-module + - name: use create-pr module + uses: ./actions-module/common/create-pr + with: + PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} + HEAD: release/${{ github.ref_name }} + BASE: master + + + + approve: + if: needs.set-environment.outputs.environment == 'staging' + runs-on: ubuntu-latest + environment: approve-process + needs: [set-environment, deploy] + steps: + - name: approve + run: | + echo "Approve Done" + + prod-deploy: + runs-on: ubuntu-latest + needs: [ approve ] + permissions: + id-token: write + contents: read + strategy: + matrix: + environment: ["prod"] + environment: ${{ matrix.environment }} + steps: + - name: checkout the code + uses: actions/checkout@v4 + - name: checkout the module code + uses: actions/checkout@v4 + with: + repository: "yj-devsec/github-actions-module" + path: ./actions-module + - name: use aws module + uses: ./actions-module/common/aws + with: + AWS_REGION: ${{ vars.AWS_REGION }} + AWS_ROLE_TO_ASSUME: ${{ secrets.AWS_ROLE_TO_ASSUME }} + - name: use deploy module + id: status + uses: ./actions-module/common/deploy + with: + CLUSTER_NAME: ${{ vars.CLUSTER_NAME }} + RELEASE_NAME: my-app + HELM_CHART_PATH: kubernetes/my-app + NAMESPACE: my-app-${{ vars.SUFFIX }} + REPOSITORY: ${{ secrets.REGISTRY }}/${{ vars.REPOSITORY }} + - name: use slack module + if: always() + uses: ./actions-module/common/slack + with: + DEPLOY_STEP_STATUS: ${{ steps.status.outcome }} + ENVIRONMENT: ${{ matrix.environment }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} \ No newline at end of file diff --git a/.github/workflows/part5/cicd-6.yaml b/.github/workflows/part5/cicd-6.yaml new file mode 100644 index 0000000..d8988cd --- /dev/null +++ b/.github/workflows/part5/cicd-6.yaml @@ -0,0 +1,199 @@ +name: cicd-6 +on: + push: + paths: + - 'my-app/**' + tags: + - 'v[0-9]+.[0-9]+.[0-9]+' + pull_request: + types: [opened, synchronize, closed] + branches: [dev, master] + paths: + - 'my-app/**' + +jobs: + test: + if: github.event.action == 'opened' || github.event.action == 'synchronize' + runs-on: ubuntu-latest + steps: + - name: checkout the code + uses: actions/checkout@v4 + - name: checkout the module code + uses: actions/checkout@v4 + with: + repository: "yj-devsec/github-actions-module" + path: ./actions-module + ref: ${{ vars.VERSION }} + - name: use test module + uses: ./actions-module/common/test + with: + NODE_VERSION: '18' + WORKING_DIRECTORY: 'my-app' + + set-environment: + if: github.event.pull_request.merged == true || github.ref_type == 'tag' + runs-on: ubuntu-latest + outputs: + environment: ${{ steps.set-env.outputs.environment }} + steps: + - name: checkout the module code + uses: actions/checkout@v4 + with: + repository: "yj-devsec/github-actions-module" + path: ./actions-module + ref: ${{ vars.VERSION }} + - name: use set-environment module + uses: ./actions-module/common/set-environment + id: set-env + with: + REF_TYPE: ${{ github.ref_type }} + BASE_REF: ${{ github.base_ref }} + + + image-build: + runs-on: ubuntu-latest + needs: [set-environment] + permissions: + id-token: write + contents: read + strategy: + matrix: + environment: ["${{ needs.set-environment.outputs.environment }}"] + environment: ${{ matrix.environment }} + steps: + - name: checkout the code + uses: actions/checkout@v4 + - name: checkout the module code + uses: actions/checkout@v4 + with: + repository: "yj-devsec/github-actions-module" + path: ./actions-module + ref: ${{ vars.VERSION }} + - name: use aws module + uses: ./actions-module/common/aws + with: + AWS_REGION: ${{ vars.AWS_REGION }} + AWS_ROLE_TO_ASSUME: ${{ secrets.AWS_ROLE_TO_ASSUME }} + - name: use image-build module + uses: ./actions-module/common/image-build + with: + REPOSITORY: ${{ vars.REPOSITORY }} + REGISTRY: ${{ secrets.REGISTRY }} + + + + deploy: + runs-on: ubuntu-latest + needs: [ set-environment, image-build ] + permissions: + id-token: write + contents: read + strategy: + matrix: + environment: ["${{ needs.set-environment.outputs.environment }}"] + environment: ${{ matrix.environment }} + steps: + - name: checkout the code + uses: actions/checkout@v4 + - name: checkout the module code + uses: actions/checkout@v4 + with: + repository: "yj-devsec/github-actions-module" + path: ./actions-module + ref: ${{ vars.VERSION }} + - name: use aws module + uses: ./actions-module/common/aws + with: + AWS_REGION: ${{ vars.AWS_REGION }} + AWS_ROLE_TO_ASSUME: ${{ secrets.AWS_ROLE_TO_ASSUME }} + - name: use deploy module + id: status + uses: ./actions-module/common/deploy + with: + CLUSTER_NAME: ${{ vars.CLUSTER_NAME }} + RELEASE_NAME: my-app + HELM_CHART_PATH: kubernetes/my-app + NAMESPACE: my-app-${{ vars.SUFFIX }} + REPOSITORY: ${{ secrets.REGISTRY }}/${{ vars.REPOSITORY }} + - name: use slack module + if: always() + uses: ./actions-module/common/slack + with: + DEPLOY_STEP_STATUS: ${{ steps.status.outcome }} + ENVIRONMENT: ${{ matrix.environment }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + + + + create-pr: + if: needs.set-environment.outputs.environment == 'qa' + runs-on: ubuntu-latest + needs: [set-environment, deploy] + steps: + - name: checkout + uses: actions/checkout@v4 + - name: checkout the module code + uses: actions/checkout@v4 + with: + repository: "yj-devsec/github-actions-module" + path: ./actions-module + ref: ${{ vars.VERSION }} + - name: use create-pr module + uses: ./actions-module/common/create-pr + with: + PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} + HEAD: release/${{ github.ref_name }} + BASE: master + + + + approve: + if: needs.set-environment.outputs.environment == 'staging' + runs-on: ubuntu-latest + environment: approve-process + needs: [set-environment, deploy] + steps: + - name: approve + run: | + echo "Approve Done" + + prod-deploy: + runs-on: ubuntu-latest + needs: [ approve ] + permissions: + id-token: write + contents: read + strategy: + matrix: + environment: ["prod"] + environment: ${{ matrix.environment }} + steps: + - name: checkout the code + uses: actions/checkout@v4 + - name: checkout the module code + uses: actions/checkout@v4 + with: + repository: "yj-devsec/github-actions-module" + path: ./actions-module + ref: ${{ vars.VERSION }} + - name: use aws module + uses: ./actions-module/common/aws + with: + AWS_REGION: ${{ vars.AWS_REGION }} + AWS_ROLE_TO_ASSUME: ${{ secrets.AWS_ROLE_TO_ASSUME }} + - name: use deploy module + id: status + uses: ./actions-module/common/deploy + with: + CLUSTER_NAME: ${{ vars.CLUSTER_NAME }} + RELEASE_NAME: my-app + HELM_CHART_PATH: kubernetes/my-app + NAMESPACE: my-app-${{ vars.SUFFIX }} + REPOSITORY: ${{ secrets.REGISTRY }}/${{ vars.REPOSITORY }} + - name: use slack module + if: always() + uses: ./actions-module/common/slack + with: + DEPLOY_STEP_STATUS: ${{ steps.status.outcome }} + ENVIRONMENT: ${{ matrix.environment }} + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} \ No newline at end of file diff --git a/github-actions-module b/github-actions-module new file mode 160000 index 0000000..6eaf075 --- /dev/null +++ b/github-actions-module @@ -0,0 +1 @@ +Subproject commit 6eaf075c82a7d967730991a82b57afbafcd5293e diff --git a/my-app/src/App.js b/my-app/src/App.js index 09c0956..e765570 100644 --- a/my-app/src/App.js +++ b/my-app/src/App.js @@ -15,7 +15,7 @@ function App() { target="_blank" rel="noopener noreferrer" > - Learn GithubAction 2 + Learn GithubAction cicd4 @@ -23,3 +23,12 @@ function App() { } export default App; + + + + + + + + +