diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml new file mode 100644 index 00000000..31af99a9 --- /dev/null +++ b/.github/workflows/cd.yml @@ -0,0 +1,63 @@ +name: CD Pipeline + +on: + workflow_dispatch: + inputs: + DOCKER_TAG: + description: "Docker tag of the image built by the CI job" + required: true + type: string + repository_dispatch: + types: [trigger-cd] + +jobs: + cd: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + ref: DevOps + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Verify Docker Image Tag + run: echo "DOCKER TAG RECEIVED: ${{ inputs.DOCKER_TAG || github.event.client_payload.DOCKER_TAG }}" + + - name: Update Kubernetes manifest + run: | + sed -i -e 's|trainwithshubham/bankapp-eks:.*|trainwithshubham/bankapp-eks:${{ inputs.DOCKER_TAG || github.event.client_payload.DOCKER_TAG }}|g' kubernetes/bankapp-deployment.yml + + - name: Git commit and push + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add . + git commit -m "Updated K8s Deployment Docker Image Version" + git push origin DevOps + + - name: Send email notification + if: always() + uses: dawidd6/action-send-mail@v3 + with: + server_address: smtp.gmail.com + server_port: 587 + username: ${{ secrets.MAIL_USERNAME }} + password: ${{ secrets.MAIL_PASSWORD }} + subject: "BankApp Application has been updated and deployed - ${{ job.status }}" + to: trainwithshubham@gmail.com + from: trainwithshubham@gmail.com + html_body: | + + +
+

Project: ${{ github.job }}

+
+
+

Build Number: ${{ github.run_number }}

+
+
+

URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}

+
+ + diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 00000000..f1f75aa1 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,77 @@ +name: CI Pipeline + +on: + workflow_dispatch: + inputs: + DOCKER_TAG: + description: "Setting docker image for latest push" + required: true + type: string + push: + branches: + - DevOps + +jobs: + ci: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + ref: DevOps + + - name: Trivy filesystem scan + uses: aquasecurity/trivy-action@master + with: + scan-type: "fs" + scan-ref: "." + + - name: OWASP Dependency Check + uses: dependency-check/Dependency-Check_Action@main + with: + project: "bankapp" + path: "." + format: "XML" + out: "reports" + + - name: Upload OWASP Dependency Check report + uses: actions/upload-artifact@v4 + with: + name: dependency-check-report + path: reports/ + + - name: SonarQube Analysis + uses: SonarSource/sonarqube-scan-action@master + with: + args: > + -Dsonar.projectKey=bankapp + -Dsonar.projectName=bankapp + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} + + - name: SonarQube Quality Gate + uses: SonarSource/sonarqube-quality-gate-action@master + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + + - name: Docker Login + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Docker Build & Push + uses: docker/build-push-action@v5 + with: + push: true + tags: madhupdevops/bankapp:${{ inputs.DOCKER_TAG }} + + - name: Trigger CD workflow + run: | + gh workflow run cd.yml \ + -r DevOps \ + -f DOCKER_TAG="${{ inputs.DOCKER_TAG }}" + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}