Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release v1.3.0 candidate to staging #9

Merged
merged 34 commits into from
Sep 5, 2020
Merged

Release v1.3.0 candidate to staging #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
824b242
CBA-104: added global /api context path, removed mgmt port (block by …
ddewaele Jul 29, 2020
656d1b2
CBA-104: merged develop changes (DE), updated global /verification-api
ddewaele Jul 29, 2020
174afc6
CBA-104: updated test server result context path
ddewaele Jul 29, 2020
473c3c1
CBA-91: added mobiletest controller + domain
ddewaele Jul 29, 2020
8ccffea
Merge branch 'feature/CBA-104-add-healthchecks' into feature/CBA-91-m…
ddewaele Jul 29, 2020
1d205e6
CBA-91: hooked up verification server to new test server, using R1,t0…
ddewaele Jul 30, 2020
2ec9b3c
CBA-91: custom objectmapper for enum handling , fixed typo
ddewaele Jul 30, 2020
33f7a8d
CBA-91: custom objectmapper for enum handling , fixed typo
ddewaele Jul 30, 2020
d3e46c8
CBA-91: do not serialize null values
ddewaele Jul 30, 2020
c5e2c60
CBA-91: checkstyle order import
ddewaele Jul 30, 2020
493473b
Merge pull request #1 from covid-be-app/feature/CBA-104-add-healthchecks
ddewaele Aug 3, 2020
6549a94
Merge branch 'development' into feature/CBA-91-mobile-testid-endpoint
ddewaele Aug 3, 2020
cd6d673
Merge pull request #2 from covid-be-app/feature/CBA-91-mobile-testid-…
ddewaele Aug 3, 2020
293ba6f
CBA-115 : added ack endpoint
ddewaele Aug 3, 2020
bae464a
Add action for push to develop
rik2803 Aug 3, 2020
1eb7e02
Fix workflow name
rik2803 Aug 3, 2020
f29cb8a
Force action start
rik2803 Aug 3, 2020
8f7c0e1
Develop branch is called development, not develop
rik2803 Aug 4, 2020
c34c8e0
Add AWS_DEFAULT_REGION global envvar
rik2803 Aug 4, 2020
ba69af8
Add repo host to docker login command
rik2803 Aug 4, 2020
8fe2e5a
CBA-95: initial implementation
ddewaele Aug 4, 2020
6ef343f
CBA-95: initial implementation
ddewaele Aug 4, 2020
5f2da1f
CBA-115: javadocs
ddewaele Aug 4, 2020
2b45461
Merge pull request #3 from covid-be-app/feature/CBA-115-add-ack-endpoint
ddewaele Aug 4, 2020
39ca4a2
Merge branch 'development' into feature/CBA-95-handle-dummy-requests
ddewaele Aug 4, 2020
c523820
CBA-95: added random delays / jitter for fake responses
ddewaele Aug 4, 2020
4e334fc
Merge pull request #4 from covid-be-app/feature/CBA-95-handle-dummy-r…
ddewaele Aug 4, 2020
e49e608
CBA-112: integrated spring-cloud-starter-aws-parameter-store
ddewaele Aug 4, 2020
e51d691
Merge pull request #5 from covid-be-app/feature/CBA-112--integrate-aw…
ddewaele Aug 5, 2020
512405e
CBA-112: disabled cloudformation stack detection in spring boot
ddewaele Aug 5, 2020
136594f
Merge pull request #6 from covid-be-app/feature/CBA-112--integrate-aw…
ddewaele Aug 5, 2020
654d900
CBA-247: added e2e-tls by default / option to disable it for local dev
ddewaele Aug 27, 2020
ba97df6
Merge pull request #7 from covid-be-app/feature/CBA-247-e2e-tls
rik2803 Aug 27, 2020
3e24fec
Feature/cba 155 cicd (#8)
rik2803 Sep 5, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
246 changes: 246 additions & 0 deletions .github/workflows/ci-develop.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,246 @@
name: ci-develop
on:
pull_request:
branches:
- development
types:
- opened
- reopened
- closed

jobs:
build-verification:
name: "Build the verification service"
runs-on: ubuntu-latest
if: github.base_ref == 'development'
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- uses: actions/cache@v1
env:
cache-name: m2
with:
path: ~/.m2/repository
key: ${{ env.cache-name }}-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ env.cache-name }}-
- name: Lint Dockerfile
run: |
docker pull hadolint/hadolint
docker run --rm --interactive hadolint/hadolint < ./Dockerfile
- name: Setup Java 11
uses: actions/setup-java@v1
with:
java-version: 11
- name: mvn package
run: mvn --batch-mode package
- name: docker build
run: |
docker build \
--tag ${{ secrets.ECR_REPO_HOST }}/${{ secrets.ECR_REPO_NAME }}:${GITHUB_SHA} \
.
- name: Run a vulnerability scan on the docker image
run: |
docker pull arminc/clair-db:latest
docker run -d --name db arminc/clair-db:latest
docker run -p 6060:6060 --link db:postgres -d --name clair --restart on-failure arminc/clair-local-scan:v2.0.1
sudo apt-get update
sudo apt-get install -y wget ca-certificates nc || true
wget https://github.com/arminc/clair-scanner/releases/download/v12/clair-scanner_linux_amd64
mv clair-scanner_linux_amd64 clair-scanner
chmod +x clair-scanner
touch clair-whitelist.yml
while( ! wget -O /dev/null http://localhost:6060/v1/namespaces ) ; do sleep 1; docker ps; docker logs clair; docker logs db; nc -v localhost 6060; done
retries=0
echo "Waiting for clair daemon to start"
while( ! wget -T 10 -q -O /dev/null http://localhost:6060/v1/namespaces ) ; do sleep 1 ; echo -n "." ; if [ $retries -eq 10 ] ; then echo " Timeout, aborting." ; exit 1 ; fi ; retries=$(($retries+1)) ; done
./clair-scanner -c http://localhost:6060 --ip $(hostname -i) -r gl-container-scanning-report.json -l clair.log -w clair-whitelist.yml ${{ secrets.ECR_REPO_HOST }}/${{ secrets.ECR_REPO_NAME }}:${GITHUB_SHA} || true
cat gl-container-scanning-report.json
- name: Configure AWS Credentials if this is a PR close
if: github.event.action == 'closed' && github.event.pull_request.merged
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_TOOLING_PUSHECR }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_TOOLING_PUSHECR }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
- name: Push Docker image to ECR if this is a PR close
if: github.event.action == 'closed' && github.event.pull_request.merged
run: |
aws ecr get-login-password | docker login --username AWS --password-stdin ${{ secrets.ECR_REPO_HOST }}
docker push ${{ secrets.ECR_REPO_HOST }}/${{ secrets.ECR_REPO_NAME }}:${GITHUB_SHA}

deploy-dev-verification:
name: "Deploy the external verification service to the dev environment"
runs-on: ubuntu-latest
if: github.base_ref == 'development' && github.event.action == 'closed' && github.event.pull_request.merged
needs:
- build-verification
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_DEV_PUSHECR }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_DEV_PUSHECR }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
- name: Retrieve Task Definition for external service on DEV
run: |
aws ecs describe-task-definition --task-definition ${{ secrets.ECS_TASK_FAMILY_DEV }} --query taskDefinition > task-definition.json
- name: Show task definition
run: |
cat task-definition.json
- name: Set image name as output
id: set-image-output
run: |
echo "::set-output name=image::${{ secrets.ECR_REPO_HOST }}/${{ secrets.ECR_REPO_NAME }}:${GITHUB_SHA}"
- name: Update Task Definition for DEV with new image
id: render-task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: "${{ secrets.ECS_CONTAINER_NAME_DEV }}"
image: "${{ steps.set-image-output.outputs.image }}"
env:
IMAGE: "${{ secrets.ECR_REPO_HOST }}/${{ secrets.ECR_REPO_NAME }}:${GITHUB_SHA}"
- name: Get service to update
id: set-service-output
run: |
echo "::set-output name=service::$(aws ecs list-services --cluster ${{ secrets.CLUSTER_NAME_DEV }} --output text | grep Verification | grep -v Int | awk -F'/' '{print $2}')"
- name: Deploy services with new task definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.render-task-def.outputs.task-definition }}
service: ${{ steps.set-service-output.outputs.service }}
cluster: ${{ secrets.CLUSTER_NAME_DEV }}
wait-for-service-stability: false

deploy-dev-verification-int:
name: "Deploy the internal verification service to the dev environment"
runs-on: ubuntu-latest
if: github.base_ref == 'development' && github.event.action == 'closed' && github.event.pull_request.merged
needs:
- build-verification
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_DEV_PUSHECR }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_DEV_PUSHECR }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
- name: Retrieve Task Definition for internal service on DEV
run: |
aws ecs describe-task-definition --task-definition ${{ secrets.ECS_TASK_FAMILY_DEV }}-int --query taskDefinition > task-definition.json
- name: Show task definition
run: |
cat task-definition.json
- name: Set image name as output
id: set-image-output
run: |
echo "::set-output name=image::${{ secrets.ECR_REPO_HOST }}/${{ secrets.ECR_REPO_NAME }}:${GITHUB_SHA}"
- name: Update Task Definition for DEV with new image
id: render-task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: "${{ secrets.ECS_CONTAINER_NAME_DEV }}-int"
image: "${{ steps.set-image-output.outputs.image }}"
env:
IMAGE: "${{ secrets.ECR_REPO_HOST }}/${{ secrets.ECR_REPO_NAME }}:${GITHUB_SHA}"
- name: Get service to update
id: set-service-output
run: |
echo "::set-output name=service::$(aws ecs list-services --cluster ${{ secrets.CLUSTER_NAME_DEV }} --output text | grep VerificationInt | awk -F'/' '{print $2}')"
- name: Deploy services with new task definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.render-task-def.outputs.task-definition }}
service: ${{ steps.set-service-output.outputs.service }}
cluster: ${{ secrets.CLUSTER_NAME_DEV }}
wait-for-service-stability: false

deploy-tst-verification:
name: "Deploy the external verification service to the tst environment"
runs-on: ubuntu-latest
if: github.base_ref == 'development' && github.event.action == 'closed' && github.event.pull_request.merged
needs:
- build-verification
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_TST_PUSHECR }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_TST_PUSHECR }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
- name: Retrieve Task Definition for external service on TST
run: |
aws ecs describe-task-definition --task-definition ${{ secrets.ECS_TASK_FAMILY_TST }} --query taskDefinition > task-definition.json
- name: Show task definition
run: |
cat task-definition.json
- name: Set image name as output
id: set-image-output
run: |
echo "::set-output name=image::${{ secrets.ECR_REPO_HOST }}/${{ secrets.ECR_REPO_NAME }}:${GITHUB_SHA}"
- name: Update Task Definition for TST with new image
id: render-task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: "${{ secrets.ECS_CONTAINER_NAME_TST }}"
image: "${{ steps.set-image-output.outputs.image }}"
env:
IMAGE: "${{ secrets.ECR_REPO_HOST }}/${{ secrets.ECR_REPO_NAME }}:${GITHUB_SHA}"
- name: Get service to update
id: set-service-output
run: |
echo "::set-output name=service::$(aws ecs list-services --cluster ${{ secrets.CLUSTER_NAME_TST }} --output text | grep Verification | grep -v Int | awk -F'/' '{print $2}')"
- name: Deploy services with new task definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.render-task-def.outputs.task-definition }}
service: ${{ steps.set-service-output.outputs.service }}
cluster: ${{ secrets.CLUSTER_NAME_TST }}
wait-for-service-stability: false

deploy-tst-verification-int:
name: "Deploy the internal verification service to the tst environment"
runs-on: ubuntu-latest
if: github.base_ref == 'development' && github.event.action == 'closed' && github.event.pull_request.merged
needs:
- build-verification
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_TST_PUSHECR }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_TST_PUSHECR }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
- name: Retrieve Task Definition for internal service on TST
run: |
aws ecs describe-task-definition --task-definition ${{ secrets.ECS_TASK_FAMILY_TST }}-int --query taskDefinition > task-definition.json
- name: Show task definition
run: |
cat task-definition.json
- name: Set image name as output
id: set-image-output
run: |
echo "::set-output name=image::${{ secrets.ECR_REPO_HOST }}/${{ secrets.ECR_REPO_NAME }}:${GITHUB_SHA}"
- name: Update Task Definition for TST with new image
id: render-task-def
uses: aws-actions/amazon-ecs-render-task-definition@v1
with:
task-definition: task-definition.json
container-name: "${{ secrets.ECS_CONTAINER_NAME_TST }}-int"
image: "${{ steps.set-image-output.outputs.image }}"
env:
IMAGE: "${{ secrets.ECR_REPO_HOST }}/${{ secrets.ECR_REPO_NAME }}:${GITHUB_SHA}"
- name: Get service to update
id: set-service-output
run: |
echo "::set-output name=service::$(aws ecs list-services --cluster ${{ secrets.CLUSTER_NAME_TST }} --output text | grep VerificationInt | awk -F'/' '{print $2}')"
- name: Deploy services with new task definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v1
with:
task-definition: ${{ steps.render-task-def.outputs.task-definition }}
service: ${{ steps.set-service-output.outputs.service }}
cluster: ${{ secrets.CLUSTER_NAME_TST }}
wait-for-service-stability: false
21 changes: 0 additions & 21 deletions .github/workflows/ci-dockerfile.yml
View file
Open in desktop

This file was deleted.

Loading