Skip to content

Commit

Permalink
Merge pull request #1428 from GSA/dev
Browse files Browse the repository at this point in the history
New Nginx Fixes 2
  • Loading branch information
scottqueen-bixal authored Jun 12, 2024
2 parents 33de67f + bd13183 commit 88b1db0
Show file tree
Hide file tree
Showing 140 changed files with 2,708 additions and 1,977 deletions.
117 changes: 82 additions & 35 deletions .github/workflows/build-and-deploy-dev-waf.yml
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,7 @@ jobs:
CF_PASSWORD: '${{ secrets.CF_PASSWORD }}'
CF_ORG: '${{ secrets.CF_ORG }}'
PROJECT: '${{ secrets.PROJECT }}'
run: |
source ./scripts/pipeline/cloud-gov-login.sh
run: source ./scripts/pipeline/cloud-gov-login.sh
- name: Check version
id: version
env:
Expand All @@ -35,7 +34,7 @@ jobs:
source ./scripts/pipeline/cloud-gov-waf-version.sh
outputs:
current_nginx_version: ${{ steps.version.outputs.current_nginx_version }}
nginx_version: ${{ steps.version.outputs.nginx_version }}
new_nginx_version: ${{ steps.version.outputs.new_nginx_version }}
cloudgov_wf_version: ${{ steps.version.outputs.cloudgov_wf_version }}
cloudgov_bp_version: ${{ steps.version.outputs.cloudgov_bp_version }}
update: ${{ steps.version.outputs.update }}
Expand All @@ -50,81 +49,101 @@ jobs:
- name: Set env.BRANCH
run: echo "BRANCH=dev" >> $GITHUB_ENV
- name: Install basic dependancies
run: |
./scripts/pipeline/deb-basic-deps.sh
run: ./scripts/pipeline/deb-basic-deps.sh
- name: Install Cloudfoundry CLI
run: ./scripts/pipeline/deb-cf-install.sh
- name: Cloud.gov login
id: cglogin
env:
CF_USER: '${{ secrets.CF_USER }}'
CF_PASSWORD: '${{ secrets.CF_PASSWORD }}'
CF_ORG: '${{ secrets.CF_ORG }}'
PROJECT: '${{ secrets.PROJECT }}'
TF_BASTION: '${{ secrets.TF_BASTION }}'
TF_BACKEND_SPACE: '${{ secrets.TF_BACKEND_SPACE }}'
run: |
source ./scripts/pipeline/cloud-gov-login.sh
cf target -s "${TF_BACKEND_SPACE}" >/dev/null 2>&1
- name: Start Bastion
env:
TF_BASTION: '${{ secrets.TF_BASTION }}'
run: |
cf start "${TF_BASTION}" >/dev/null 2>&1
./scripts/pipeline/cloud-gov-wait-for-app-start.sh "${TF_BASTION}"
- name: Cloud.gov bastion git checkout
env:
TF_BASTION: '${{ secrets.TF_BASTION }}'
run: |
declare -a commands=("rm -rf px-benefit-finder" "git clone https://github.com/GSA/px-benefit-finder.git && cd px-benefit-finder && git checkout ${BRANCH}")
for command in "${commands[@]}"; do
./scripts/pipeline/cloud-gov-remote-command.sh "${TF_BASTION}" "${command}" 1
done
- name: Build nginx WAF Plugin
env:
ubuntu_version: '${{ vars.UBUNTU_VERSION }}'
modsecurity_nginx_version: '${{ vars.MODSECURITY_NGINX_VERSION }}'
nginx_version: ${{ needs.checkVersion.outputs.nginx_version }}
new_nginx_version: ${{ needs.checkVersion.outputs.new_nginx_version }}
TF_BASTION: '${{ secrets.TF_BASTION }}'
run: |
CWD=$(pwd)
cd "${CWD}/infra/applications/nginx-waf/.docker" || exit 1
make
cd "${CWD}" || exit 1
- name: Configure Terraform Provider
source ./scripts/pipeline/terraform-build-waf-plugin.sh
- name: Configure Terraform
env:
bucket_name: ${{ secrets.BUCKET_NAME_TERRAFORM }}
CF_USER: '${{ secrets.CF_USER }}'
CF_PASSWORD: '${{ secrets.CF_PASSWORD }}'
CF_ORG: '${{ secrets.CF_ORG }}'
PROJECT: '${{ secrets.PROJECT }}'
TF_BASTION: '${{ secrets.TF_BASTION }}'
run: |
CWD=$(pwd)
cf target -s "${PROJECT}-dev" >/dev/null 2>&1
source ./scripts/local/cloud-gov-s3-creds.sh
cd "${CWD}/infra" || exit 1
echo "cloudgov_password=\"${{ secrets.CF_PASSWORD }}\"" >> terraform.tfvars
echo "cloudgov_username=\"${{ secrets.CF_USER }}\"" >> terraform.tfvars
envsubst < provider.tf.tmpl > provider.tf
cd "${CWD}" || exit 1
- uses: hashicorp/setup-terraform@v3
cd terraform/infra
envsubst < terraform.tfvars.tmpl > terraform.tfvars
${CWD}/scripts/pipeline/cloud-gov-scp-file.sh "${TF_BASTION}" "terraform.tfvars" "px-benefit-finder/terraform/infra"
cd "${CWD}"
- name: Terraform Init
env:
GITHUB_TOKEN: ${{ secrets.CR_PAT }}
TF_BASTION: '${{ secrets.TF_BASTION }}'
id: init
run: terraform init
working-directory: 'infra'
run : ./scripts/pipeline/cloud-gov-remote-command.sh "${TF_BASTION}" "tofu -chdir=px-benefit-finder/terraform/infra init" 1
- name: Terraform Validate
env:
TF_BASTION: '${{ secrets.TF_BASTION }}'
id: validate
run: TF_WORKSPACE=${BRANCH} terraform validate -no-color
run : |
stdout=$(./scripts/pipeline/cloud-gov-remote-command.sh ${TF_BASTION} "TF_WORKSPACE=${BRANCH} tofu -chdir=px-benefit-finder/terraform/infra validate -no-color" 1))
stdout=$(echo $stdout | sed '$ d')
echo ${stdout}
echo "stdout=${stdout}" >> $GITHUB_OUTPUT
- name: Terraform Plan
env:
GITHUB_TOKEN: ${{ secrets.CR_PAT }}
TF_BASTION: '${{ secrets.TF_BASTION }}'
id: plan
run: TF_WORKSPACE=${BRANCH} terraform plan -no-color
working-directory: 'infra'
run : |
stdout=$(./scripts/pipeline/cloud-gov-remote-command.sh "${TF_BASTION}" "TF_WORKSPACE=${BRANCH} tofu -chdir=px-benefit-finder/terraform/infra plan -no-color" 1)
stdout=$(echo $stdout | sed '$ d')
echo ${stdout}
echo "stdout=${stdout}" >> $GITHUB_OUTPUT
- name: Terraform Apply
id: apply
env:
GITHUB_TOKEN: ${{ secrets.CR_PAT }}
run: TF_WORKSPACE=${BRANCH} terraform apply -auto-approve
working-directory: 'infra'
TF_BASTION: '${{ secrets.TF_BASTION }}'
id: apply
run : |
stdout=$(./scripts/pipeline/cloud-gov-remote-command.sh "${TF_BASTION}" "TF_WORKSPACE=${BRANCH} tofu -chdir=px-benefit-finder/terraform/infra apply -auto-approve" 1)
stdout=$(echo $stdout | sed '$ d')
echo ${stdout}
echo "stdout=${stdout}" >> $GITHUB_OUTPUT
- name: Create Issue For Review
id: issue
uses: dacbd/create-issue-action@main
with:
token: ${{ secrets.ADD_TO_PROJECT_PAT }}
assignees: ${{ vars.TECH_LEAD }}
title: "Update to NGINX v${{ needs.checkVersion.outputs.nginx_version }} (dev)"
title: "Update to NGINX v${{ needs.checkVersion.outputs.new_nginx_version }} (dev)"
body: |
## Automated update of NGINX WAF
This is an automated build and deploy of the NGINX WAF application in dev.
Build pack: ${{ needs.checkVersion.outputs.cloudgov_wf_version }} => ${{ needs.checkVersion.outputs.cloudgov_bp_version }}
NGINX: ${{ needs.checkVersion.outputs.current_nginx_version }} => ${{ needs.checkVersion.outputs.nginx_version }}
NGINX: ${{ needs.checkVersion.outputs.current_nginx_version }} => ${{ needs.checkVersion.outputs.new_nginx_version }}
#### Terraform Initialization &#x2699;`${{ steps.init.outcome }}`
#### Terraform Validation &#x1F916;`${{ steps.validate.outcome }}`
Expand Down Expand Up @@ -154,4 +173,32 @@ jobs:
GH_TOKEN: ${{ secrets.ADD_TO_PROJECT_PAT }}
ISSUE_NUMBER: ${{ steps.issue.outputs.number }}
run: source ./scripts/pipeline/github-update-issue-status.sh

stopBastion:
name: Stop Bastion
runs-on: ubuntu-latest
needs: updateWAF
if: ${{ always() }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set env.BRANCH
run: echo "BRANCH=dev" >> $GITHUB_ENV
- name: Install basic dependancies
run: ./scripts/pipeline/deb-basic-deps.sh
- name: Install Cloudfoundry CLI
run: ./scripts/pipeline/deb-cf-install.sh
- name: Cloud.gov login
env:
CF_USER: '${{ secrets.CF_USER }}'
CF_PASSWORD: '${{ secrets.CF_PASSWORD }}'
CF_ORG: '${{ secrets.CF_ORG }}'
PROJECT: '${{ secrets.PROJECT }}'
TF_BASTION: '${{ secrets.TF_BASTION }}'
TF_BACKEND_SPACE: '${{ secrets.TF_BACKEND_SPACE }}'
run: |
source ./scripts/pipeline/cloud-gov-login.sh
cf target -s "${TF_BACKEND_SPACE}" >/dev/null 2>&1
- name: Stop Bastion
env:
TF_BASTION: '${{ secrets.TF_BASTION }}'
run: cf stop "${TF_BASTION}" >/dev/null 2>&1
Loading

0 comments on commit 88b1db0

Please sign in to comment.