From bdba4643c5d38958a59675d5a120364daf295a81 Mon Sep 17 00:00:00 2001 From: yavuzdemir Date: Mon, 25 Dec 2023 20:46:02 +0300 Subject: [PATCH 1/3] test opa gateway --- .github/workflows/scala.yml | 57 ++++++++++++++++++++++++++++++++++++- 1 file changed, 56 insertions(+), 1 deletion(-) diff --git a/.github/workflows/scala.yml b/.github/workflows/scala.yml index 177606c..89bda51 100644 --- a/.github/workflows/scala.yml +++ b/.github/workflows/scala.yml @@ -44,4 +44,59 @@ jobs: args: > -Dsonar.projectKey=yavuzDemir21_DevSecOpsPipeline -Dsonar.organization=yavuzdemir21 - -Dsonar.sources=src/main/scala,src/test/scala \ No newline at end of file + -Dsonar.sources=src/main/scala,src/test/scala + + - name: Build an image from Dockerfile + run: | + docker build -t docker.io/cmpe58e/testing-repo:${{ github.sha }} . + + - name: Run Trivy vulnerability scanner + uses: aquasecurity/trivy-action@master + with: + image-ref: 'docker.io/cmpe58e/testing-repo:${{ github.sha }}' + format: 'sarif' + output: 'trivy-results.sarif' + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: 'trivy-results.sarif' + + - name: Set up Google Cloud SDK + uses: google-github-actions/setup-gcloud@v2 + with: + version: 'latest' + project_id: ${{ secrets.GCP_PROJECT }} + + - name: Authenticate to Google Cloud + uses: google-github-actions/auth@v1 + with: + credentials_json: ${{ secrets.GCP_SA_KEY }} + + - name: Configure Docker to use the gcloud command-line tool as a credential helper + run: gcloud auth configure-docker europe-west4-docker.pkg.dev + + - name: Push Docker Image to Google Cloud Artifact Registry + run: | + docker tag docker.io/cmpe58e/testing-repo:${{ github.sha }} europe-west4-docker.pkg.dev/cmpe58e-407111/testing-repo/docker.io/cmpe58e/testing-repo:${{ github.sha }} + docker push europe-west4-docker.pkg.dev/cmpe58e-407111/testing-repo/docker.io/cmpe58e/testing-repo:${{ github.sha }} + + - name: Update gcloud components + run: | + gcloud components update + + - name: Install gke-gcloud-auth-plugin + run: | + gcloud components install gke-gcloud-auth-plugin + + - name: Get GKE credentials + run: | + gcloud container clusters get-credentials dev-sec-ops-pipeline --region europe-west3 --project cmpe58e-407111 + + - name: Deploy to Kubernetes + run: | + kubectl set image deployment/devsecopspipeline-deployment dev-sec-ops-pipeline=europe-west4-docker.pkg.dev/cmpe58e-407111/testing-repo/docker.io/cmpe58e/testing-repo:${{ github.sha }} --record + + - name: Check deployment + run: | + kubectl rollout status deployment/devsecopspipeline-deployment \ No newline at end of file From 39f1621c573205c3dbb0b63f168bea0301cf5564 Mon Sep 17 00:00:00 2001 From: yavuzdemir Date: Mon, 25 Dec 2023 21:12:35 +0300 Subject: [PATCH 2/3] Add timeout --- .github/workflows/scala.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scala.yml b/.github/workflows/scala.yml index 89bda51..f3f3282 100644 --- a/.github/workflows/scala.yml +++ b/.github/workflows/scala.yml @@ -99,4 +99,4 @@ jobs: - name: Check deployment run: | - kubectl rollout status deployment/devsecopspipeline-deployment \ No newline at end of file + kubectl rollout status deployment/devsecopspipeline-deployment --timeout=180s \ No newline at end of file From 8a1b03be299b640ad84c95506d1c898dfaa9d9e4 Mon Sep 17 00:00:00 2001 From: yavuzdemir Date: Mon, 25 Dec 2023 21:59:29 +0300 Subject: [PATCH 3/3] fix rebase --- .github/workflows/deploy.yml | 16 ++++++---- .github/workflows/scala.yml | 57 +----------------------------------- 2 files changed, 11 insertions(+), 62 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 3241019..097dde2 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -23,10 +23,14 @@ jobs: run: | docker build -t docker.io/cmpe58e/devsecopspipeline:latest . + - name: Build an image from Dockerfile + run: | + docker build -t docker.io/cmpe58e/testing-repo:${{ github.sha }} . + - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: - image-ref: 'docker.io/cmpe58e/devsecopspipeline:latest' + image-ref: 'docker.io/cmpe58e/testing-repo:${{ github.sha }}' format: 'sarif' output: 'trivy-results.sarif' @@ -47,12 +51,12 @@ jobs: credentials_json: ${{ secrets.GCP_SA_KEY }} - name: Configure Docker to use the gcloud command-line tool as a credential helper - run: gcloud auth configure-docker europe-west3-docker.pkg.dev + run: gcloud auth configure-docker europe-west4-docker.pkg.dev - name: Push Docker Image to Google Cloud Artifact Registry run: | - docker tag docker.io/cmpe58e/devsecopspipeline:latest europe-west3-docker.pkg.dev/cmpe58e-407111/devsecopspipeline/docker.io/cmpe58e/devsecopspipeline:latest - docker push europe-west3-docker.pkg.dev/cmpe58e-407111/devsecopspipeline/docker.io/cmpe58e/devsecopspipeline:latest + docker tag docker.io/cmpe58e/testing-repo:${{ github.sha }} europe-west4-docker.pkg.dev/cmpe58e-407111/testing-repo/docker.io/cmpe58e/testing-repo:${{ github.sha }} + docker push europe-west4-docker.pkg.dev/cmpe58e-407111/testing-repo/docker.io/cmpe58e/testing-repo:${{ github.sha }} - name: Update gcloud components run: | @@ -65,10 +69,10 @@ jobs: - name: Get GKE credentials run: | gcloud container clusters get-credentials dev-sec-ops-pipeline --region europe-west3 --project cmpe58e-407111 - + - name: Deploy to Kubernetes run: | - kubectl set image deployment/devsecopspipeline-deployment dev-sec-ops-pipeline=europe-west3-docker.pkg.dev/cmpe58e-407111/devsecopspipeline/docker.io/cmpe58e/devsecopspipeline:latest --record + kubectl set image deployment/devsecopspipeline-deployment dev-sec-ops-pipeline=europe-west4-docker.pkg.dev/cmpe58e-407111/testing-repo/docker.io/cmpe58e/testing-repo:${{ github.sha }} --record - name: Check deployment run: | diff --git a/.github/workflows/scala.yml b/.github/workflows/scala.yml index f3f3282..177606c 100644 --- a/.github/workflows/scala.yml +++ b/.github/workflows/scala.yml @@ -44,59 +44,4 @@ jobs: args: > -Dsonar.projectKey=yavuzDemir21_DevSecOpsPipeline -Dsonar.organization=yavuzdemir21 - -Dsonar.sources=src/main/scala,src/test/scala - - - name: Build an image from Dockerfile - run: | - docker build -t docker.io/cmpe58e/testing-repo:${{ github.sha }} . - - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: 'docker.io/cmpe58e/testing-repo:${{ github.sha }}' - format: 'sarif' - output: 'trivy-results.sarif' - - - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: 'trivy-results.sarif' - - - name: Set up Google Cloud SDK - uses: google-github-actions/setup-gcloud@v2 - with: - version: 'latest' - project_id: ${{ secrets.GCP_PROJECT }} - - - name: Authenticate to Google Cloud - uses: google-github-actions/auth@v1 - with: - credentials_json: ${{ secrets.GCP_SA_KEY }} - - - name: Configure Docker to use the gcloud command-line tool as a credential helper - run: gcloud auth configure-docker europe-west4-docker.pkg.dev - - - name: Push Docker Image to Google Cloud Artifact Registry - run: | - docker tag docker.io/cmpe58e/testing-repo:${{ github.sha }} europe-west4-docker.pkg.dev/cmpe58e-407111/testing-repo/docker.io/cmpe58e/testing-repo:${{ github.sha }} - docker push europe-west4-docker.pkg.dev/cmpe58e-407111/testing-repo/docker.io/cmpe58e/testing-repo:${{ github.sha }} - - - name: Update gcloud components - run: | - gcloud components update - - - name: Install gke-gcloud-auth-plugin - run: | - gcloud components install gke-gcloud-auth-plugin - - - name: Get GKE credentials - run: | - gcloud container clusters get-credentials dev-sec-ops-pipeline --region europe-west3 --project cmpe58e-407111 - - - name: Deploy to Kubernetes - run: | - kubectl set image deployment/devsecopspipeline-deployment dev-sec-ops-pipeline=europe-west4-docker.pkg.dev/cmpe58e-407111/testing-repo/docker.io/cmpe58e/testing-repo:${{ github.sha }} --record - - - name: Check deployment - run: | - kubectl rollout status deployment/devsecopspipeline-deployment --timeout=180s \ No newline at end of file + -Dsonar.sources=src/main/scala,src/test/scala \ No newline at end of file