Skip to content
CI/CD:BUILD:AND:DEPLOY

Automation #1

Sign in to view logs

Automation

Automation #1

Workflow file for this run

.github/workflows/build.yml at 689684a
name: "CI/CD:BUILD:AND:DEPLOY"
on:
push:
branches: [ "main", "production" ]
pull_request:
branches: [ "main", "production" ]
jobs:
build_prod:
if: github.ref == 'refs/heads/production'
env:
docker_org: "osmolabs"
docker_repo: "sqs"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: "SET:ENV:VARS"
run: |
echo "docker_tag=${GITHUB_SHA::7}" >> ${GITHUB_ENV}
echo "app_name=sqs" >> ${GITHUB_ENV}
echo "kubernetes_namespace=sqs" >> ${GITHUB_ENV}
echo "redis_docker_image=bitnami/redis:latest" >> ${GITHUB_ENV}
echo "redis_port=6379" >> ${GITHUB_ENV}
echo "redis_user=default" >> ${GITHUB_ENV}
echo "redis_password=${{ secrets.PROD_SQS_REDIS_PASSWORD }}" >> ${GITHUB_ENV}
echo "redis_name=article" >> ${GITHUB_ENV}
echo "redis_initial_delay_seconds=10" >> ${GITHUB_ENV}
echo "redis_period_seconds=10" >> ${GITHUB_ENV}
echo "replicas=1" >> ${GITHUB_ENV}
echo "min_ready_seconds=30" >> ${GITHUB_ENV}
echo "max_unavailable=0" >> ${GITHUB_ENV}
echo "max_surge=2" >> ${GITHUB_ENV}
echo "image_pull_secret=sqs" >> ${GITHUB_ENV}
echo "container_port=9092" >> ${GITHUB_ENV}
echo "service_port=80" >> ${GITHUB_ENV}
echo "initial_delay_seconds=30" >> ${GITHUB_ENV}
echo "period_seconds=10" >> ${GITHUB_ENV}
echo "debug=true" >> ${GITHUB_ENV}
echo "chain_id=osmosis-1" >> ${GITHUB_ENV}
echo "node_rpc=https://rpc.osmosis.zone:443" >> ${GITHUB_ENV}
echo "node_grpc=grpc.osmosis.zone:9090" >> ${GITHUB_ENV}
echo "domain_name=sqs.osmosis.zone" >> ${GITHUB_ENV}
echo "path=/" >> ${GITHUB_ENV}
echo "${{ secrets.PROD_KUBECONFIG }}" > temp_config.yaml
echo "KUBECONFIG=$(pwd)/temp_config.yaml" >> ${GITHUB_ENV}
- name: "DOCKER:BUILD:CHECK:PUSH"
uses: iDevOps-io/idevops-git-actions/docker_build_check_tag_and_push@main
with:
docker_username: "${{ secrets.DOCKER_USERNAME }}"
docker_password: "${{ secrets.DOCKER_PASSWORD }}"
docker_org: "${{ env.docker_org }}"
docker_image: "${{ env.docker_repo }}"
docker_tag: "${{ env.docker_tag }}"
docker_file_location: "./"
- name: "DOCKER:IMAGE:SCAN:ANCHORE"
if: contains(github.event.head_commit.message, '[docker scan]')
uses: iDevOps-io/idevops-git-actions/execute_docker_scan_grype@main
with:
docker_image_name: "${{ env.docker_org }}/${{ env.docker_repo }}:${{ env.docker_tag }}"
- name: "CREATE:DOCKER:SECRET:NAMESPACE"
run: |
echo "Create namespace if it doesn't exist."
kubectl create namespace ${kubernetes_namespace} || echo "Namespace Exists"
echo "Delete the image pull secret, and re-create to ensure it gets updated"
kubectl delete secret ${image_pull_secret} -n ${kubernetes_namespace} --ignore-not-found=true
kubectl create secret docker-registry ${image_pull_secret} \
--docker-server="${docker_server_url}" \
--docker-username="${{ secrets.DOCKER_USERNAME }}" \
--docker-password="${{ secrets.DOCKER_PASSWORD }}" \
--namespace ${kubernetes_namespace}
- name: "EXECUTE:TEMPLATE:REPLACEMENT:ON:FILE"
uses: iDevOps-io/idevops-git-actions/template_replace_file@main
with:
input_file: "manifests/deployment.yaml.template"
output_file: "manifests/deployment.yaml"
- name: "APPLY:KUBECONFIG"
run: |
echo "Apply the manifest and deploy the application and redis updates to the cluster"
kubectl apply -f manifests/deployment.yaml -n ${kubernetes_namespace}
- name: "CHECK:DEPLOYMENT:STATUS"
run: |
echo "Check the rollout status of redis. This will force pipeline to wait until its serving"
kubectl rollout status deployment/${app_name}-redis -n ${kubernetes_namespace}
echo "Check the rollout status of the deployment to prevent pipeline from continuing until new release is rolled out."
kubectl rollout status deployment/${app_name} -n ${kubernetes_namespace}
- name: "ZAProxy Scan Active/Passive OWASP TOP 10 Security"
if: contains(github.event.head_commit.message, '[zap scan]')
uses: iDevOps-io/idevops-git-actions/execute_zaproxy_owasp_security_can_on_endpoint@main
with:
web_url: "https://${{ env.domain_name }}"
build_dev:
if: github.ref == 'refs/heads/main'
env:
docker_org: "osmolabs"
docker_repo: "sqs-dev"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: "SET:ENV:VARS"
run: |
echo "docker_tag=${GITHUB_SHA::7}" >> ${GITHUB_ENV}
echo "app_name=sqs" >> ${GITHUB_ENV}
echo "kubernetes_namespace=sqs" >> ${GITHUB_ENV}
echo "redis_docker_image=bitnami/redis:latest" >> ${GITHUB_ENV}
echo "redis_port=6379" >> ${GITHUB_ENV}
echo "redis_user=default" >> ${GITHUB_ENV}
echo "redis_password=${{ secrets.DEV_SQS_REDIS_PASSWORD }}" >> ${GITHUB_ENV}
echo "redis_name=article" >> ${GITHUB_ENV}
echo "redis_initial_delay_seconds=10" >> ${GITHUB_ENV}
echo "redis_period_seconds=10" >> ${GITHUB_ENV}
echo "replicas=1" >> ${GITHUB_ENV}
echo "min_ready_seconds=30" >> ${GITHUB_ENV}
echo "max_unavailable=0" >> ${GITHUB_ENV}
echo "max_surge=2" >> ${GITHUB_ENV}
echo "image_pull_secret=sqs" >> ${GITHUB_ENV}
echo "container_port=9092" >> ${GITHUB_ENV}
echo "service_port=80" >> ${GITHUB_ENV}
echo "initial_delay_seconds=30" >> ${GITHUB_ENV}
echo "period_seconds=10" >> ${GITHUB_ENV}
echo "debug=true" >> ${GITHUB_ENV}
echo "chain_id=osmosis-1" >> ${GITHUB_ENV}
echo "node_rpc=https://rpc.testnet.osmosis.zone:443" >> ${GITHUB_ENV}
echo "node_grpc=grpc.testnet.osmosis.zone:9090" >> ${GITHUB_ENV}
echo "domain_name=sqs.dev-osmosis.zone" >> ${GITHUB_ENV}
echo "path=/" >> ${GITHUB_ENV}
echo "docker_server_url=https://index.docker.io/v1/" >> ${GITHUB_ENV}
echo "${{ secrets.DEV_KUBECONFIG }}" > temp_config.yaml
echo "KUBECONFIG=$(pwd)/temp_config.yaml" >> ${GITHUB_ENV}
- name: "DOCKER:BUILD:CHECK:PUSH"
uses: iDevOps-io/idevops-git-actions/docker_build_check_tag_and_push@main
with:
docker_username: "${{ secrets.DOCKER_USERNAME }}"
docker_password: "${{ secrets.DOCKER_PASSWORD }}"
docker_org: "${{ env.docker_org }}"
docker_image: "${{ env.docker_repo }}"
docker_tag: "${{ env.docker_tag }}"
docker_file_location: "./"
- name: "DOCKER:IMAGE:SCAN:ANCHORE"
if: contains(github.event.head_commit.message, '[docker scan]')
uses: iDevOps-io/idevops-git-actions/execute_docker_scan_grype@main
with:
docker_image_name: "${{ env.docker_org }}/${{ env.docker_repo }}:${{ env.docker_tag }}"
- name: "CREATE:DOCKER:SECRET:NAMESPACE"
run: |
echo "Create namespace if it doesn't exist."
kubectl create namespace ${kubernetes_namespace} || echo "Namespace Exists"
echo "Delete the image pull secret, and re-create to ensure it gets updated"
kubectl delete secret ${image_pull_secret} -n ${kubernetes_namespace} --ignore-not-found=true
kubectl create secret docker-registry ${image_pull_secret} \
--docker-server="${docker_server_url}" \
--docker-username="${{ secrets.DOCKER_USERNAME }}" \
--docker-password="${{ secrets.DOCKER_PASSWORD }}" \
--namespace ${kubernetes_namespace}
- name: "EXECUTE:TEMPLATE:REPLACEMENT:ON:FILE"
uses: iDevOps-io/idevops-git-actions/template_replace_file@main
with:
input_file: "manifests/deployment.yaml.template"
output_file: "manifests/deployment.yaml"
- name: "APPLY:KUBECONFIG"
run: |
echo "Apply the manifest and deploy the application and redis updates to the cluster"
kubectl apply -f manifests/deployment.yaml -n ${kubernetes_namespace}
- name: "CHECK:DEPLOYMENT:STATUS"
run: |
echo "Check the rollout status of redis. This will force pipeline to wait until its serving"
kubectl rollout status deployment/${app_name}-redis -n ${kubernetes_namespace}
echo "Check the rollout status of the deployment to prevent pipeline from continuing until new release is rolled out."
kubectl rollout status deployment/${app_name} -n ${kubernetes_namespace}
- name: "ZAProxy Scan Active/Passive OWASP TOP 10 Security"
if: contains(github.event.head_commit.message, '[zap scan]')
uses: iDevOps-io/idevops-git-actions/execute_zaproxy_owasp_security_can_on_endpoint@main
with:
web_url: "https://${{ env.domain_name }}"