diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml new file mode 100644 index 00000000..5c511d60 --- /dev/null +++ b/.github/workflows/cd.yml @@ -0,0 +1,75 @@ +name: CD Pipeline + +on: + workflow_dispatch: + inputs: + docker_tag: + description: 'Docker tag from CI job' + required: true + type: string + +jobs: + deploy: + runs-on: ubuntu-latest + + steps: + - name: Checkout Code + uses: actions/checkout@v4 + with: + ref: DevOps + token: ${{ secrets.GH_PAT }} + + - name: Verify Docker Tag + run: | + echo "DOCKER TAG RECEIVED: ${{ github.event.inputs.docker_tag }}" + + - name: Update Kubernetes Manifest + run: | + cd kubernetes + sed -i -e 's|trainwithshubham/bankapp-eks:.*|trainwithshubham/bankapp-eks:${{ github.event.inputs.docker_tag }}|g' bankapp-deployment.yaml + cat bankapp-deployment.yaml + + - name: Configure Git + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + + - name: Commit and Push Changes + run: | + echo "Checking repository status:" + git status + + echo "Adding changes to git:" + git add . + + echo "Committing changes:" + git commit -m "Updated K8s Deployment Docker Image Version" + + echo "Pushing changes to github:" + git push origin DevOps + + - name: Send Email Notification + uses: dawidd6/action-send-mail@v3 + if: always() + with: + server_address: smtp.gmail.com + server_port: 465 + username: ${{ secrets.EMAIL_USERNAME }} + password: ${{ secrets.EMAIL_PASSWORD }} + subject: "BankApp Application has been updated and deployed - ${{ job.status }}" + to: trainwithshubham@gmail.com + from: ${{ secrets.EMAIL_USERNAME }} + html_body: | + + +
+

Project: ${{ github.repository }}

+
+
+

Build Number: ${{ github.run_number }}

+
+
+

URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}

+
+ + diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 00000000..fbac1308 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,92 @@ +name: CI Pipeline + +on: + push: + branches: + - DevOps + workflow_dispatch: + inputs: + docker_tag: + description: 'Docker image tag' + required: true + type: string + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: Checkout Code + uses: actions/checkout@v4 + with: + ref: DevOps + + - name: Trivy Filesystem Scan + uses: aquasecurity/trivy-action@master + with: + scan-type: 'fs' + scan-ref: '.' + format: 'sarif' + output: 'trivy-results.sarif' + + - name: OWASP Dependency Check + uses: dependency-check/Dependency-Check_Action@main + with: + project: 'bankapp' + path: '.' + format: 'XML' + + - name: SonarQube Analysis + uses: SonarSource/sonarqube-scan-action@master + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} + with: + args: > + -Dsonar.projectKey=bankapp + -Dsonar.projectName=bankapp + + - name: SonarQube Quality Gate + uses: sonarsource/sonarqube-quality-gate-action@master + timeout-minutes: 5 + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to DockerHub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Build and Push Docker Image + uses: docker/build-push-action@v5 + with: + context: . + push: true + tags: madhupdevops/bankapp:${{ github.event.inputs.docker_tag || github.sha }} + + - name: Upload OWASP Artifacts + uses: actions/upload-artifact@v4 + if: always() + with: + name: owasp-reports + path: '*.xml' + + - name: Trigger CD Workflow + if: success() + uses: actions/github-script@v7 + with: + github-token: ${{ secrets.GH_PAT }} + script: | + await github.rest.actions.createWorkflowDispatch({ + owner: context.repo.owner, + repo: context.repo.repo, + workflow_id: 'cd.yml', + ref: 'DevOps', + inputs: { + docker_tag: '${{ github.event.inputs.docker_tag || github.sha }}' + } + })