video-processor/.github/workflows/ci_cd.yml at main · Video2Frames/video-processor · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
name: CI / CD Pipeline
on:
  - push
  - workflow_dispatch

env:
  APP_IMAGE: "public.ecr.aws/w8m5i3n3/video2frames-video-processor:latest"

jobs:
  test:
    name: Test Application
    runs-on: ubuntu-latest

    steps:
      - name: Checkout repository
        uses: actions/checkout@v5

      - name: Set up Docker Compose
        uses: docker/setup-compose-action@v1
        with:
          version: latest

      - name: Build application for testing
        run: docker compose -f docker-compose.test.yml build --no-cache video_uploaded_listener

      - name: Start test services
        run: docker compose -f docker-compose.test.yml up -d

      - name: Run tests
        run: docker compose -f docker-compose.test.yml exec video_uploaded_listener pytest

      - name: Copy coverage report
        run: docker cp video-uploaded-listener:/app/coverage.xml ./coverage.xml

      - name: Destroy test services
        run: docker compose -f docker-compose.test.yml down -v

      - name: Upload coverage reports
        uses: actions/upload-artifact@v4
        with:
          name: coverage-report
          path: ./coverage.xml

  sonarqube:
    name: SonarQube
    needs: test
    runs-on: ubuntu-latest
    if: github.ref == 'refs/heads/main' && github.repository == 'Video2Frames/video-processor'

    steps:
      - name: Checkout repository
        uses: actions/checkout@v5

      - name: Download coverage reports
        uses: actions/download-artifact@v4
        with:
          name: coverage-report
          path: ./

      - name: SonarQube Scan
        uses: SonarSource/sonarqube-scan-action@40f5b61913e891f9d316696628698051136015be
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

      - name: SonarQube Quality Gate check
        uses: SonarSource/sonarqube-quality-gate-action@95b1cc6c02a15c8ecc00c07b1c2a75ed61a14055
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

  build_and_push:
    name: Build and Push Docker Image
    runs-on: ubuntu-latest
    needs: sonarqube

    steps:
      - name: Checkout repository
        uses: actions/checkout@v5

      - name: Login to ECR
        uses: docker/login-action@v3
        with:
          registry: public.ecr.aws
          username: ${{ secrets.AWS_ACCESS_KEY }}
          password: ${{ secrets.AWS_ACCESS_SECRET }}
        env:
          AWS_REGION: ${{ vars.AWS_REGION }}

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2

      - name: Build and push Docker image
        uses: docker/build-push-action@v5
        with:
          context: .
          push: true
          tags: ${{ env.APP_IMAGE }}
          target: production

  deploy_to_production:
    name: Deploy to Production
    runs-on: ubuntu-latest
    needs: build_and_push

    steps:
      - name: Checkout repository
        uses: actions/checkout@v5

      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v5.0.0
        with:
          aws-region: ${{ vars.AWS_REGION }}
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
          aws-secret-access-key: ${{ secrets.AWS_ACCESS_SECRET }}

      - name: Configure kubectl
        run: |
          aws eks update-kubeconfig --name ${{ vars.EKS_CLUSTER_NAME }} --region ${{ vars.AWS_REGION }}

      - name: Apply Namespace
        run: |
          kubectl apply -f k8s/namespace.yml

      - name: Apply ConfigMap
        env:
          AWS_REGION_NAME: ${{ vars.AWS_REGION }}
          S3_INPUT_STORAGE_BUCKET_NAME: ${{ vars.S3_INPUT_STORAGE_BUCKET_NAME }}
          S3_OUTPUT_STORAGE_BUCKET_NAME: ${{ vars.S3_OUTPUT_STORAGE_BUCKET_NAME }}
          SNS_EVENT_PUBLISHER_TOPIC_ARN: ${{ vars.SNS_EVENT_PUBLISHER_TOPIC_ARN }}
          VIDEO_UPLOADED_LISTENER_QUEUE_NAME: ${{ vars.VIDEO_UPLOADED_LISTENER_QUEUE_NAME }}
        run: |
          envsubst < k8s/configmap.yml | kubectl apply -f -

      - name: Apply Secrets
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_ACCESS_SECRET }}
          AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
        run: |
          envsubst < k8s/secrets.yml | kubectl apply -f -

      - name: Apply Deployment
        run: |
          kubectl apply -f k8s/deployment.yml
          kubectl rollout restart deployment/video-uploaded-listener -n video2frames

      - name: Apply HPA
        run: |
          kubectl apply -f k8s/hpa.yml