From 70786198b27b1411889838a3397b9c39fe6d33c2 Mon Sep 17 00:00:00 2001 From: karthiknaveene <144783628+karthiknaveene@users.noreply.github.com> Date: Fri, 7 Feb 2025 11:09:47 +0530 Subject: [PATCH 1/7] Update and rename workflow.yaml to test-workflow.yaml --- .cloudbees/workflows/{workflow.yaml => test-workflow.yaml} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename .cloudbees/workflows/{workflow.yaml => test-workflow.yaml} (92%) diff --git a/.cloudbees/workflows/workflow.yaml b/.cloudbees/workflows/test-workflow.yaml similarity index 92% rename from .cloudbees/workflows/workflow.yaml rename to .cloudbees/workflows/test-workflow.yaml index f8c5356..362553d 100644 --- a/.cloudbees/workflows/workflow.yaml +++ b/.cloudbees/workflows/test-workflow.yaml @@ -1,11 +1,11 @@ apiVersion: automation.cloudbees.io/v1alpha1 kind: workflow -name: workflow +name: test-workflow on: push: branches: - - 'main' + - 'test' jobs: jenkins-run-job-without-output: From 0f48cc07dfbd0723b7661fdc1c65e15b512ad714 Mon Sep 17 00:00:00 2001 From: karthiknaveene <144783628+karthiknaveene@users.noreply.github.com> Date: Mon, 26 May 2025 19:59:52 +0530 Subject: [PATCH 2/7] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 660bb3a..31a4c62 100644 --- a/README.md +++ b/README.md @@ -1 +1 @@ -# test3 \ No newline at end of file +# test3 From 3d2cd118cd13e8ebbd8567d08670725e63faaf6c Mon Sep 17 00:00:00 2001 From: karthiknaveene <144783628+karthiknaveene@users.noreply.github.com> Date: Mon, 26 May 2025 20:02:52 +0530 Subject: [PATCH 3/7] Create workflow.yaml --- .github/workflows/workflow.yaml | 42 +++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 .github/workflows/workflow.yaml diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml new file mode 100644 index 0000000..5bbfad8 --- /dev/null +++ b/.github/workflows/workflow.yaml @@ -0,0 +1,42 @@ +name: Create Check Run + +on: + push: + +jobs: + create-check-run: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Create check run via GitHub API + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + echo "Creating a check run..." + + PAYLOAD=$(jq -n \ + --arg name "Example Check" \ + --arg head_sha "${{ github.sha }}" \ + --arg status "completed" \ + --arg conclusion "success" \ + --arg output_title "Check Passed" \ + --arg output_summary "All good!" \ + '{ + name: $name, + head_sha: $head_sha, + status: $status, + conclusion: $conclusion, + output: { + title: $output_title, + summary: $output_summary + } + }') + + curl -X POST \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer $GITHUB_TOKEN" \ + https://api.github.com/repos/${{ github.repository }}/check-runs \ + -d "$PAYLOAD" From 9ad2421b0344d0f8e9ab3edddf510674e3ddc6e2 Mon Sep 17 00:00:00 2001 From: karthiknaveene <144783628+karthiknaveene@users.noreply.github.com> Date: Mon, 26 May 2025 20:04:43 +0530 Subject: [PATCH 4/7] Create workflow.yaml --- .cloudbees/workflows/workflow.yaml | 169 +++++++++++++++++++++++++++++ 1 file changed, 169 insertions(+) create mode 100644 .cloudbees/workflows/workflow.yaml diff --git a/.cloudbees/workflows/workflow.yaml b/.cloudbees/workflows/workflow.yaml new file mode 100644 index 0000000..6fc5754 --- /dev/null +++ b/.cloudbees/workflows/workflow.yaml @@ -0,0 +1,169 @@ +apiVersion: automation.cloudbees.io/v1alpha1 +kind: workflow +name: Build and deploy + +on: + push: + branches: + - "**" + + +permissions: + scm-token-own: read + scm-token-org: read + id-token: write + +jobs: + build-publish: + outputs: + chart: ${{ steps.package.outputs.chart }} + version: ${{ steps.package.outputs.version }} + steps: + - name: Get source code + uses: cloudbees-io/checkout@v1 + + - id: build + name: Build and scan + uses: https://github.com/calculi-corp/cb-internal-shared-actions/build@v3 + with: + run-unit-test: "true" + unit-test-percent: "70" + snyk-sast-scan-code: "true" + go-binary-build: "true" + kaniko-build: "true" + trivy-scan-container: "false" + bundled-sonar-scan: "true" + registry-type: "ECR" + snyk-org-name: ${{ vars.SNYK_SAAS_ORG_NAME }} + snyk-saas-token: ${{ secrets.SNYK_SAAS_TOKEN }} + go-binary-name: ${{ env.application_name }} + registry-url: ${{ vars.STAGING_ECR_REGISTRY }} + registry-image-name: ${{ vars.workflow_execution_env == 'production' && format('services/{0}', env.application_name) || format('throwaway/services/{0}', env.application_name) }} + oidc-iam-role: ${{ vars.oidc_staging_iam_role }} + dockerfile-path: Dockerfile + sonarqube-threshold-critical: 0 + sonarqube-threshold-very-high: 1 + sonarqube-threshold-high: 1 + sonarqube-threshold-medium: 2 + sonarqube-threshold-low: 0 + + + - id: package + name: Package the helm chart + uses: https://github.com/calculi-corp/cb-internal-shared-actions/package@v3 + with: + helm-lint: "true" + registry-url: ${{ vars.STAGING_ECR_REGISTRY }} + registry-image-name: ${{ vars.workflow_execution_env == 'production' && 'service-charts' || 'throwaway/service-charts' }} + helm-package-folder-path: ./charts/${{ env.application_name }} + values: | + base: + image: + tag: ${{ steps.build.outputs.tag-digest }} + + publish-consul: + if: ${{ vars.workflow_execution_env == 'production' }} + outputs: + name: ${{ steps.consulservicename.outputs.name }} + steps: + - id: consulservicename + name: Generate consul service name for the application + uses: docker://alpine:3.18 + run: | + if [ '${{ cloudbees.scm.branch }}' = main ]; then + printf %s ${{ env.application_name }} > $CLOUDBEES_OUTPUTS/name + else + name=$(printf %s-%s ${{ env.application_name }} ${{ cloudbees.scm.sha }}) + printf %s "$name" | tr '[:upper:]' '[:lower:]' | sed -E 's/[^a-z0-9]+/-/' > $CLOUDBEES_OUTPUTS/name + fi + + # splitting db-service dependency to its own action, which saves about 2 mins + deploy-db-dependencies: + if: ${{ vars.workflow_execution_env == 'production' && cloudbees.scm.branch != 'main'}} + steps: + - id: install-dependencies + name: Install $application_name dependencies helm charts + uses: ./actions/dependencies/db + with: + registry: ${{ vars.staging_image_registry }} + chart-registry: ${{ vars.staging_chart_registry }} + oidc-iam-role: ${{ vars.oidc_staging_iam_role }} + cluster-name: ${{ vars.staging_east_cluster_name }} + + deploy-nats-dependencies: + if: ${{ vars.workflow_execution_env == 'production' && cloudbees.scm.branch != 'main'}} + steps: + - id: install-dependencies + name: Install $application_name dependencies helm charts + uses: ./actions/dependencies/nats + with: + chart-registry: ${{ vars.staging_chart_registry }} + oidc-iam-role: ${{ vars.oidc_staging_iam_role }} + cluster-name: ${{ vars.staging_east_cluster_name }} + + deploy-us-east-1: + if: ${{ vars.workflow_execution_env == 'production' }} + needs: [build-publish, deploy-nats-dependencies, deploy-db-dependencies, publish-consul] + steps: + - id: install-chart + name: Install $application_name helm chart us-east-1 + uses: ./actions/deploy + with: + chart-location: ${{ needs.build-publish.outputs.chart }} + version: ${{ needs.build-publish.outputs.version }} + release-name: ${{ env.application_name }} + chart-registry: ${{ vars.staging_chart_registry }} + oidc-iam-role: ${{ vars.oidc_staging_iam_role }} + cluster-name: ${{ vars.staging_east_cluster_name }} + aws-region: "us-east-1" + nats-username: ${{ secrets.NATS_USERNAME }} + nats-password: ${{ secrets.NATS_PASSWORD }} + registry: ${{ vars.staging_image_registry }} + consul-name: ${{ needs.publish-consul.outputs.name }} + insights-plugin-secret-key: ${{ secrets.INSIGHTS_PLUGIN_SECRET_KEY }} + datadog-env: ${{ vars.dd_target_env }} + service-name: ${{ env.application_name }} + enable-datadog-labels: ${{ cloudbees.scm.branch == 'main' && 'true' || 'false' }} + + - id: uninstall-chart + name: Uninstall $application_name helm chart us-east-1 + if: ${{ cloudbees.scm.branch != 'main' }} + uses: ./actions/cleanup + with: + release-name: ${{ env.application_name }} + namespace: ${{ steps.install-chart.outputs.namespace }} + + deploy-us-west-2: + if: ${{ vars.workflow_execution_env == 'production' && cloudbees.scm.branch == 'main' }} + needs: [ build-publish, publish-consul ] + steps: + - name: Login to AWS us-east-1 ECR registry + uses: cloudbees-io/configure-aws-credentials@v1 + id: aws-login + with: + aws-region: us-east-1 + role-to-assume: ${{ vars.oidc_staging_iam_role }} + role-duration-seconds: "3600" # optionally set the duration of the login token + + - name: Configure container registry for Staging ECR us-east-1 + uses: cloudbees-io/configure-ecr-credentials@v1 + + - id: install-chart + name: Install $application_name helm chart in us-west-2 + uses: ./actions/deploy + with: + chart-location: ${{ needs.build-publish.outputs.chart }} + version: ${{ needs.build-publish.outputs.version }} + release-name: ${{ env.application_name }} + chart-registry: ${{ vars.staging_chart_registry }} + oidc-iam-role: ${{ vars.oidc_staging_iam_role }} + cluster-name: ${{ vars.staging_west_cluster_name }} + aws-region: "us-west-2" + nats-username: ${{ secrets.NATS_USERNAME }} + nats-password: ${{ secrets.NATS_PASSWORD }} + registry: ${{ vars.staging_image_registry }} + consul-name: ${{ needs.publish-consul.outputs.name }} + insights-plugin-secret-key: ${{ secrets.INSIGHTS_PLUGIN_SECRET_KEY }} + datadog-env: ${{ vars.dd_target_env }} + service-name: ${{ env.application_name }} + enable-datadog-labels: ${{ cloudbees.scm.branch == 'main' && 'true' || 'false' }} From a6b42dda69675775008eed97f1ced2eb6f2c5765 Mon Sep 17 00:00:00 2001 From: karthiknaveene <144783628+karthiknaveene@users.noreply.github.com> Date: Mon, 26 May 2025 20:05:41 +0530 Subject: [PATCH 5/7] Delete .cloudbees/workflows/workflow.yaml --- .cloudbees/workflows/workflow.yaml | 169 ----------------------------- 1 file changed, 169 deletions(-) delete mode 100644 .cloudbees/workflows/workflow.yaml diff --git a/.cloudbees/workflows/workflow.yaml b/.cloudbees/workflows/workflow.yaml deleted file mode 100644 index 6fc5754..0000000 --- a/.cloudbees/workflows/workflow.yaml +++ /dev/null @@ -1,169 +0,0 @@ -apiVersion: automation.cloudbees.io/v1alpha1 -kind: workflow -name: Build and deploy - -on: - push: - branches: - - "**" - - -permissions: - scm-token-own: read - scm-token-org: read - id-token: write - -jobs: - build-publish: - outputs: - chart: ${{ steps.package.outputs.chart }} - version: ${{ steps.package.outputs.version }} - steps: - - name: Get source code - uses: cloudbees-io/checkout@v1 - - - id: build - name: Build and scan - uses: https://github.com/calculi-corp/cb-internal-shared-actions/build@v3 - with: - run-unit-test: "true" - unit-test-percent: "70" - snyk-sast-scan-code: "true" - go-binary-build: "true" - kaniko-build: "true" - trivy-scan-container: "false" - bundled-sonar-scan: "true" - registry-type: "ECR" - snyk-org-name: ${{ vars.SNYK_SAAS_ORG_NAME }} - snyk-saas-token: ${{ secrets.SNYK_SAAS_TOKEN }} - go-binary-name: ${{ env.application_name }} - registry-url: ${{ vars.STAGING_ECR_REGISTRY }} - registry-image-name: ${{ vars.workflow_execution_env == 'production' && format('services/{0}', env.application_name) || format('throwaway/services/{0}', env.application_name) }} - oidc-iam-role: ${{ vars.oidc_staging_iam_role }} - dockerfile-path: Dockerfile - sonarqube-threshold-critical: 0 - sonarqube-threshold-very-high: 1 - sonarqube-threshold-high: 1 - sonarqube-threshold-medium: 2 - sonarqube-threshold-low: 0 - - - - id: package - name: Package the helm chart - uses: https://github.com/calculi-corp/cb-internal-shared-actions/package@v3 - with: - helm-lint: "true" - registry-url: ${{ vars.STAGING_ECR_REGISTRY }} - registry-image-name: ${{ vars.workflow_execution_env == 'production' && 'service-charts' || 'throwaway/service-charts' }} - helm-package-folder-path: ./charts/${{ env.application_name }} - values: | - base: - image: - tag: ${{ steps.build.outputs.tag-digest }} - - publish-consul: - if: ${{ vars.workflow_execution_env == 'production' }} - outputs: - name: ${{ steps.consulservicename.outputs.name }} - steps: - - id: consulservicename - name: Generate consul service name for the application - uses: docker://alpine:3.18 - run: | - if [ '${{ cloudbees.scm.branch }}' = main ]; then - printf %s ${{ env.application_name }} > $CLOUDBEES_OUTPUTS/name - else - name=$(printf %s-%s ${{ env.application_name }} ${{ cloudbees.scm.sha }}) - printf %s "$name" | tr '[:upper:]' '[:lower:]' | sed -E 's/[^a-z0-9]+/-/' > $CLOUDBEES_OUTPUTS/name - fi - - # splitting db-service dependency to its own action, which saves about 2 mins - deploy-db-dependencies: - if: ${{ vars.workflow_execution_env == 'production' && cloudbees.scm.branch != 'main'}} - steps: - - id: install-dependencies - name: Install $application_name dependencies helm charts - uses: ./actions/dependencies/db - with: - registry: ${{ vars.staging_image_registry }} - chart-registry: ${{ vars.staging_chart_registry }} - oidc-iam-role: ${{ vars.oidc_staging_iam_role }} - cluster-name: ${{ vars.staging_east_cluster_name }} - - deploy-nats-dependencies: - if: ${{ vars.workflow_execution_env == 'production' && cloudbees.scm.branch != 'main'}} - steps: - - id: install-dependencies - name: Install $application_name dependencies helm charts - uses: ./actions/dependencies/nats - with: - chart-registry: ${{ vars.staging_chart_registry }} - oidc-iam-role: ${{ vars.oidc_staging_iam_role }} - cluster-name: ${{ vars.staging_east_cluster_name }} - - deploy-us-east-1: - if: ${{ vars.workflow_execution_env == 'production' }} - needs: [build-publish, deploy-nats-dependencies, deploy-db-dependencies, publish-consul] - steps: - - id: install-chart - name: Install $application_name helm chart us-east-1 - uses: ./actions/deploy - with: - chart-location: ${{ needs.build-publish.outputs.chart }} - version: ${{ needs.build-publish.outputs.version }} - release-name: ${{ env.application_name }} - chart-registry: ${{ vars.staging_chart_registry }} - oidc-iam-role: ${{ vars.oidc_staging_iam_role }} - cluster-name: ${{ vars.staging_east_cluster_name }} - aws-region: "us-east-1" - nats-username: ${{ secrets.NATS_USERNAME }} - nats-password: ${{ secrets.NATS_PASSWORD }} - registry: ${{ vars.staging_image_registry }} - consul-name: ${{ needs.publish-consul.outputs.name }} - insights-plugin-secret-key: ${{ secrets.INSIGHTS_PLUGIN_SECRET_KEY }} - datadog-env: ${{ vars.dd_target_env }} - service-name: ${{ env.application_name }} - enable-datadog-labels: ${{ cloudbees.scm.branch == 'main' && 'true' || 'false' }} - - - id: uninstall-chart - name: Uninstall $application_name helm chart us-east-1 - if: ${{ cloudbees.scm.branch != 'main' }} - uses: ./actions/cleanup - with: - release-name: ${{ env.application_name }} - namespace: ${{ steps.install-chart.outputs.namespace }} - - deploy-us-west-2: - if: ${{ vars.workflow_execution_env == 'production' && cloudbees.scm.branch == 'main' }} - needs: [ build-publish, publish-consul ] - steps: - - name: Login to AWS us-east-1 ECR registry - uses: cloudbees-io/configure-aws-credentials@v1 - id: aws-login - with: - aws-region: us-east-1 - role-to-assume: ${{ vars.oidc_staging_iam_role }} - role-duration-seconds: "3600" # optionally set the duration of the login token - - - name: Configure container registry for Staging ECR us-east-1 - uses: cloudbees-io/configure-ecr-credentials@v1 - - - id: install-chart - name: Install $application_name helm chart in us-west-2 - uses: ./actions/deploy - with: - chart-location: ${{ needs.build-publish.outputs.chart }} - version: ${{ needs.build-publish.outputs.version }} - release-name: ${{ env.application_name }} - chart-registry: ${{ vars.staging_chart_registry }} - oidc-iam-role: ${{ vars.oidc_staging_iam_role }} - cluster-name: ${{ vars.staging_west_cluster_name }} - aws-region: "us-west-2" - nats-username: ${{ secrets.NATS_USERNAME }} - nats-password: ${{ secrets.NATS_PASSWORD }} - registry: ${{ vars.staging_image_registry }} - consul-name: ${{ needs.publish-consul.outputs.name }} - insights-plugin-secret-key: ${{ secrets.INSIGHTS_PLUGIN_SECRET_KEY }} - datadog-env: ${{ vars.dd_target_env }} - service-name: ${{ env.application_name }} - enable-datadog-labels: ${{ cloudbees.scm.branch == 'main' && 'true' || 'false' }} From fe0472e7ba1fcb9061214ba95b6c4f5ea3dee6f2 Mon Sep 17 00:00:00 2001 From: karthiknaveene <144783628+karthiknaveene@users.noreply.github.com> Date: Mon, 26 May 2025 20:09:44 +0530 Subject: [PATCH 6/7] Update workflow.yaml --- .github/workflows/workflow.yaml | 54 +++++++++++++-------------------- 1 file changed, 21 insertions(+), 33 deletions(-) diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index 5bbfad8..4ead81d 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -1,42 +1,30 @@ -name: Create Check Run +name: CI Checks on: push: + pull_request: jobs: - create-check-run: + lint: + name: Lint runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Create check run via GitHub API - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - echo "Creating a check run..." + - uses: actions/checkout@v3 + - name: Run Linter + run: echo "✅ Lint passed!" - PAYLOAD=$(jq -n \ - --arg name "Example Check" \ - --arg head_sha "${{ github.sha }}" \ - --arg status "completed" \ - --arg conclusion "success" \ - --arg output_title "Check Passed" \ - --arg output_summary "All good!" \ - '{ - name: $name, - head_sha: $head_sha, - status: $status, - conclusion: $conclusion, - output: { - title: $output_title, - summary: $output_summary - } - }') + tests: + name: Tests + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Run Tests + run: echo "✅ All tests passed!" - curl -X POST \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer $GITHUB_TOKEN" \ - https://api.github.com/repos/${{ github.repository }}/check-runs \ - -d "$PAYLOAD" + security: + name: Security Scan + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Run Security Check + run: echo "✅ No security issues found!" From 0145fb9b0e9ceeb6e3bb909e61a229e10ecf3615 Mon Sep 17 00:00:00 2001 From: karthiknaveene <144783628+karthiknaveene@users.noreply.github.com> Date: Mon, 26 May 2025 21:32:23 +0530 Subject: [PATCH 7/7] Update test-workflow.yaml