Skip to content

Commit

Permalink
Release v1.3.0 candidate to staging (#9)
Browse files Browse the repository at this point in the history 
* CBA-104: added global /api context path, removed mgmt port (block by LB), added TODOs

* CBA-104: updated test server result context path

* CBA-91: added mobiletest controller + domain

* CBA-91: hooked up verification server to new test server, using R1,t0 format and support for various result dates

* CBA-91: custom objectmapper for enum handling , fixed typo

* CBA-91: custom objectmapper for enum handling , fixed typo

* CBA-91: do not serialize null values

* CBA-91: checkstyle order import

* CBA-115 : added ack endpoint

* Add action for push to develop

* Fix workflow name

* Force action start

* Develop branch is called development, not develop

* Add AWS_DEFAULT_REGION global envvar

* Add repo host to docker login command

* CBA-95: initial implementation

* CBA-95: initial implementation

* CBA-115: javadocs

* CBA-95: added random delays / jitter for fake responses

* CBA-112: integrated spring-cloud-starter-aws-parameter-store

* CBA-112: disabled cloudformation stack detection in spring boot

* CBA-247: added e2e-tls by default / option to disable it for local dev

* Feature/cba 155 cicd (#8)

* CBA-155: cicd

* CBA-155: Fix misleading step names

* CBA-155: Fix search and replace side effect

* CBA-367: Missing runs-on: in workflow jobs

* CBA-367: Remove obsolete if: in workflow jobs

* CBA-155: Remove opened and reopend types from workflow

Co-authored-by: Davy De Waele <ddewaele@gmail.com>
  • Loading branch information
@rik2803 @ddewaele
rik2803 and ddewaele authored Sep 5, 2020
1 parent 9faea01 commit 76d3712
Show file tree
Hide file tree
Showing 28 changed files with 1,148 additions and 182 deletions.
246 changes: 246 additions & 0 deletions .github/workflows/ci-develop.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,246 @@
name: ci-develop
on:
pull_request:
branches:
- development
types:
- opened
- reopened
- closed

jobs:
build-verification:
name: "Build the verification service"
runs-on: ubuntu-latest
if: github.base_ref == 'development'
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- uses: actions/cache@v1
env:
cache-name: m2
with:
path: ~/.m2/repository
key: ${{ env.cache-name }}-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ env.cache-name }}-
- name: Lint Dockerfile
run: |
docker pull hadolint/hadolint
docker run --rm --interactive hadolint/hadolint < ./Dockerfile
- name: Setup Java 11
uses: actions/setup-java@v1
with:
java-version: 11
- name: mvn package
run: mvn --batch-mode package
- name: docker build
run: |
docker build \
--tag ${{ secrets.ECR_REPO_HOST }}/${{ secrets.ECR_REPO_NAME }}:${GITHUB_SHA} \
.
- name: Run a vulnerability scan on the docker image
run: |
docker pull arminc/clair-db:latest
docker run -d --name db arminc/clair-db:latest
docker run -p 6060:6060 --link db:postgres -d --name clair --restart on-failure arminc/clair-local-scan:v2.0.1
sudo apt-get update
sudo apt-get install -y wget ca-certificates nc || true
wget https://github.com/arminc/clair-scanner/releases/download/v12/clair-scanner_linux_amd64
mv clair-scanner_linux_amd64 clair-scanner
chmod +x clair-scanner
touch clair-whitelist.yml
while( ! wget -O /dev/null http://localhost:6060/v1/namespaces ) ; do sleep 1; docker ps; docker logs clair; docker logs db; nc -v localhost 6060; done
retries=0
echo "Waiting for clair daemon to start"
while( ! wget -T 10 -q -O /dev/null http://localhost:6060/v1/namespaces ) ; do sleep 1 ; echo -n "." ; if [ $retries -eq 10 ] ; then echo " Timeout, aborting." ; exit 1 ; fi ; retries=$(($retries+1)) ; done
./clair-scanner -c http://localhost:6060 --ip $(hostname -i) -r gl-container-scanning-report.json -l clair.log -w clair-whitelist.yml ${{ secrets.ECR_REPO_HOST }}/${{ secrets.ECR_REPO_NAME }}:${GITHUB_SHA} || true
cat gl-container-scanning-report.json
- name: Configure AWS Credentials if this is a PR close
if: github.event.action == 'closed' && github.event.pull_request.merged
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_TOOLING_PUSHECR }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_TOOLING_PUSHECR }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
- name: Push Docker image to ECR if this is a PR close
if: github.event.action == 'closed' && github.event.pull_request.merged
run: |
aws ecr get-login-password | docker login --username AWS --password-stdin ${{ secrets.ECR_REPO_HOST }}
docker push ${{ secrets.ECR_REPO_HOST }}/${{ secrets.ECR_REPO_NAME }}:${GITHUB_SHA}
deploy-dev-verification:
name: "Deploy the external verification service to the dev environment"
runs-on: ubuntu-latest
if: github.base_ref == 'development' && github.event.action == 'closed' && github.event.pull_request.merged
needs:
- build-verification
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_DEV_PUSHECR }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_DEV_PUSHECR }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
- name: Retrieve Task Definition for external service on DEV
run: |
aws ecs describe-task-definition --task-definition ${{ secrets.ECS_TASK_FAMILY_DEV }} --query taskDefinition > task-definition.json
- name: Show task definition
run: |
cat task-definition.json
- name: Set image name as output
id: set-image-output
run: |
echo "::set-output name=image::${{ secrets.ECR_REPO_HOST }}/${{ secrets.ECR_REPO_NAME }}:${GITHUB_SHA}"
- name: Update Task Definition for DEV with new image
id: render-task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: "${{ secrets.ECS_CONTAINER_NAME_DEV }}"
image: "${{ steps.set-image-output.outputs.image }}"
env:
IMAGE: "${{ secrets.ECR_REPO_HOST }}/${{ secrets.ECR_REPO_NAME }}:${GITHUB_SHA}"
- name: Get service to update
id: set-service-output
run: |
echo "::set-output name=service::$(aws ecs list-services --cluster ${{ secrets.CLUSTER_NAME_DEV }} --output text | grep Verification | grep -v Int | awk -F'/' '{print $2}')"
- name: Deploy services with new task definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.render-task-def.outputs.task-definition }}
service: ${{ steps.set-service-output.outputs.service }}
cluster: ${{ secrets.CLUSTER_NAME_DEV }}
wait-for-service-stability: false

deploy-dev-verification-int:
name: "Deploy the internal verification service to the dev environment"
runs-on: ubuntu-latest
if: github.base_ref == 'development' && github.event.action == 'closed' && github.event.pull_request.merged
needs:
- build-verification
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_DEV_PUSHECR }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_DEV_PUSHECR }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
- name: Retrieve Task Definition for internal service on DEV
run: |
aws ecs describe-task-definition --task-definition ${{ secrets.ECS_TASK_FAMILY_DEV }}-int --query taskDefinition > task-definition.json
- name: Show task definition
run: |
cat task-definition.json
- name: Set image name as output
id: set-image-output
run: |
echo "::set-output name=image::${{ secrets.ECR_REPO_HOST }}/${{ secrets.ECR_REPO_NAME }}:${GITHUB_SHA}"
- name: Update Task Definition for DEV with new image
id: render-task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: "${{ secrets.ECS_CONTAINER_NAME_DEV }}-int"
image: "${{ steps.set-image-output.outputs.image }}"
env:
IMAGE: "${{ secrets.ECR_REPO_HOST }}/${{ secrets.ECR_REPO_NAME }}:${GITHUB_SHA}"
- name: Get service to update
id: set-service-output
run: |
echo "::set-output name=service::$(aws ecs list-services --cluster ${{ secrets.CLUSTER_NAME_DEV }} --output text | grep VerificationInt | awk -F'/' '{print $2}')"
- name: Deploy services with new task definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.render-task-def.outputs.task-definition }}
service: ${{ steps.set-service-output.outputs.service }}
cluster: ${{ secrets.CLUSTER_NAME_DEV }}
wait-for-service-stability: false

deploy-tst-verification:
name: "Deploy the external verification service to the tst environment"
runs-on: ubuntu-latest
if: github.base_ref == 'development' && github.event.action == 'closed' && github.event.pull_request.merged
needs:
- build-verification
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_TST_PUSHECR }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_TST_PUSHECR }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
- name: Retrieve Task Definition for external service on TST
run: |
aws ecs describe-task-definition --task-definition ${{ secrets.ECS_TASK_FAMILY_TST }} --query taskDefinition > task-definition.json
- name: Show task definition
run: |
cat task-definition.json
- name: Set image name as output
id: set-image-output
run: |
echo "::set-output name=image::${{ secrets.ECR_REPO_HOST }}/${{ secrets.ECR_REPO_NAME }}:${GITHUB_SHA}"
- name: Update Task Definition for TST with new image
id: render-task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: "${{ secrets.ECS_CONTAINER_NAME_TST }}"
image: "${{ steps.set-image-output.outputs.image }}"
env:
IMAGE: "${{ secrets.ECR_REPO_HOST }}/${{ secrets.ECR_REPO_NAME }}:${GITHUB_SHA}"
- name: Get service to update
id: set-service-output
run: |
echo "::set-output name=service::$(aws ecs list-services --cluster ${{ secrets.CLUSTER_NAME_TST }} --output text | grep Verification | grep -v Int | awk -F'/' '{print $2}')"
- name: Deploy services with new task definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.render-task-def.outputs.task-definition }}
service: ${{ steps.set-service-output.outputs.service }}
cluster: ${{ secrets.CLUSTER_NAME_TST }}
wait-for-service-stability: false

deploy-tst-verification-int:
name: "Deploy the internal verification service to the tst environment"
runs-on: ubuntu-latest
if: github.base_ref == 'development' && github.event.action == 'closed' && github.event.pull_request.merged
needs:
- build-verification
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_TST_PUSHECR }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_TST_PUSHECR }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
- name: Retrieve Task Definition for internal service on TST
run: |
aws ecs describe-task-definition --task-definition ${{ secrets.ECS_TASK_FAMILY_TST }}-int --query taskDefinition > task-definition.json
- name: Show task definition
run: |
cat task-definition.json
- name: Set image name as output
id: set-image-output
run: |
echo "::set-output name=image::${{ secrets.ECR_REPO_HOST }}/${{ secrets.ECR_REPO_NAME }}:${GITHUB_SHA}"
- name: Update Task Definition for TST with new image
id: render-task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: "${{ secrets.ECS_CONTAINER_NAME_TST }}-int"
image: "${{ steps.set-image-output.outputs.image }}"
env:
IMAGE: "${{ secrets.ECR_REPO_HOST }}/${{ secrets.ECR_REPO_NAME }}:${GITHUB_SHA}"
- name: Get service to update
id: set-service-output
run: |
echo "::set-output name=service::$(aws ecs list-services --cluster ${{ secrets.CLUSTER_NAME_TST }} --output text | grep VerificationInt | awk -F'/' '{print $2}')"
- name: Deploy services with new task definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.render-task-def.outputs.task-definition }}
service: ${{ steps.set-service-output.outputs.service }}
cluster: ${{ secrets.CLUSTER_NAME_TST }}
wait-for-service-stability: false
21 changes: 0 additions & 21 deletions .github/workflows/ci-dockerfile.yml
View file

This file was deleted.

Loading

0 comments on commit 76d3712

Please sign in to comment.