Skip to content
Deploy Flask App to EKS

ci/cd-setup.yml #1

Sign in to view logs

ci/cd-setup.yml

ci/cd-setup.yml #1

Workflow file for this run

.github/workflows/regtech-app.yml at bada0fe
name: Deploy Flask App to EKS
on:
push:
branches:
- main
pull_request:
branches:
- main
env:
AWS_REGION: ${{ secrets.AWS_REGION }}
EKS_CLUSTER_NAME: ${{ secrets.EKS_CLUSTER_NAME }}
jobs:
# Step 1: Source Code Testing (Linting, Static Analysis, Unit Tests, Snyk Scan)
Lint-and-Static-Analysis:
name: Linting and Static Analysis (SonarQube)
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: SonarCloud Scan
uses: sonarsource/sonarcloud-github-action@master
env:
GITHUB_TOKEN: ${{ secrets.GIT_TOKEN }}
#ORGANIZATION_KEY: ${{ secrets.ORGANIZATION_KEY }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
with:
args: >
-Dsonar.organization=${{ secrets.ORGANIZATION_KEY }}
-Dsonar.projectKey=${{ secrets.PROJECT_KEY }}
-Dsonar.c.file.suffixes=-
-Dsonar.cpp.file.suffixes=-
-Dsonar.objc.file.suffixes=-
UnitAndIntegrationTests:
name: Unit and Integration Tests on Source Code
runs-on: ubuntu-latest
needs: Lint-and-Static-Analysis
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3'
- name: Check Python version
run: python --version
- name: Verify venv creation
run: ls -la venv/bin/
- name: Clean up and recreate virtual environment
run: |
rm -rf venv
python3 -m venv venv
- name: Create virtual environment
run: |
python3 -m venv venv
- name: Check Python executable path
run: |
which python3
- name: List directory contents
run: |
cd /home/runner/work/regtech_accessment_cicd
ls -la
- name: Install dependencies
run: |
cd /home/runner/work/regtech_accessment_cicd/regtech_accessment_cicd
source venv/bin/activate
ls -la venv venv
pip3 install -r requirements.txt
- name: Run Unit Tests
run: |
cd /home/runner/work/regtech_accessment_cicd/regtech_accessment_cicd
source venv/bin/activate
pytest test_app.py
- name: Run Integration tests
run: |
cd /home/runner/work/regtech_accessment_cicd/regtech_accessment_cicd
source venv/bin/activate
pytest test_integration.py
SNYK-SCAN:
name: Dependency Scanning (Snyk)
runs-on: ubuntu-latest
needs: UnitAndIntegrationTests
steps:
- name: Checkout repository
uses: actions/checkout@master
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3'
- name: Check Python version
run: python --version
- name: Clean up and recreate virtual environment
run: |
rm -rf venv
python3 -m venv venv
- name: Create virtual environment
run: |
python3 -m venv venv
- name: Check Python executable path
run: |
which python3
- name: List directory contents
run: |
cd /home/runner/work/regtech_accessment_cicd
ls -la
- name: Install dependencies
run: |
cd /home/runner/work/regtech_accessment_cicd/regtech_accessment_cicd
source venv/bin/activate
ls -la venv venv
pip3 install -r requirements.txt
- name: Set up Snyk
uses: snyk/actions/python-3.10@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --severity-threshold=high
# Step 2: Build Docker Image
BuildImage-and-Publish-To-ECR:
name: Build and Push Docker Image
runs-on: ubuntu-latest
needs: SNYK-SCAN
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Login to ECR
uses: docker/login-action@v3
with:
registry: 611512058022.dkr.ecr.us-east-1.amazonaws.com
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
region: ${{ secrets.AWS_REGION }}
- name: Build Image
run: |
docker build -t flask-app .
docker tag regtech-app:latest 611512058022.dkr.ecr.us-east-1.amazonaws.com/regtech-app:${GITHUB_RUN_NUMBER}
docker push 611512058022.dkr.ecr.us-east-1.amazonaws.com/regtech-app:${GITHUB_RUN_NUMBER}
# Step 3: Docker Image Testing (Integration Tests Inside Container)
Integration-Tests:
name: Integration Tests on Docker Image
runs-on: ubuntu-latest
needs: BuildImage-and-Publish-To-ECR
steps:
- name: Login to ECR
uses: docker/login-action@v3
with:
registry: 611512058022.dkr.ecr.us-east-1.amazonaws.com
username: ${{ secrets.AWS_ACCESS_KEY_ID }}
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
region: ${{ secrets.AWS_REGION }}
- name: Pull Docker Image from ECR
run: |
docker pull 611512058022.dkr.ecr.us-east-1.amazonaws.com/regtech-app:${GITHUB_RUN_NUMBER}
- name: Run Integration Tests inside Docker Container
run: |
docker run --rm -v $(pwd):/results 611512058022.dkr.ecr.us-east-1.amazonaws.com/regtech-app:${GITHUB_RUN_NUMBER} pytest --junitxml=integration-test-results.xml
- name: Upload Integration Test Results
uses: actions/upload-artifact@v2
with:
name: integration-test-results
path: integration-test-results.xml
if-no-files-found: warn
# Step 4: Install Kubectl
Install-kubectl:
name: Install Kubectl on The Github Actions Runner
runs-on: ubuntu-latest
needs: Integration-Tests
steps:
- name: Checkout
run: |
curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/OS_DISTRIBUTION/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin/kubectl
# Step 5: Deploy To EKS
Deploy-To-Cluster:
runs-on: ubuntu-latest
needs: Install-kubectl
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Configure credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Download KubeConfig File
env:
KUBECONFIG: ${{ runner.temp }}/kubeconfig
run: |
aws eks update-kubeconfig --region ${{ secrets.AWS_REGION }} --name ${{ secrets.EKS_CLUSTER_NAME }} --kubeconfig $KUBECONFIG
echo "KUBECONFIG=$KUBECONFIG" >> $GITHUB_ENV
echo $KUBECONFIG
- name: Deploy to EKS
run: |
sed -i "s|image: REPOSITORY_TAG|image: 611512058022.dkr.ecr.us-east-1.amazonaws.com/regtech-app:${GITHUB_RUN_NUMBER}|g" ./deploy.yml
kubectl apply -f ./deploy.yml