fix/deployment error #17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy Flask App to EKS | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
env: | |
AWS_REGION: ${{ secrets.AWS_REGION }} | |
EKS_CLUSTER_NAME: ${{ secrets.EKS_CLUSTER_NAME }} | |
jobs: | |
# Step 1: Source Code Testing (Linting, Static Analysis, Unit Tests, Snyk Scan) | |
Lint-and-Static-Analysis: | |
name: Linting and Static Analysis (SonarQube) | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: SonarCloud Scan | |
uses: sonarsource/sonarcloud-github-action@master | |
env: | |
GITHUB_TOKEN: ${{ secrets.NEW_GITHUB_TOKEN }} | |
#ORGANIZATION_KEY: ${{ secrets.ORGANIZATION_KEY }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
with: | |
args: > | |
-Dsonar.organization=${{ secrets.ORGANIZATION_KEY }} | |
-Dsonar.projectKey=${{ secrets.PROJECT_KEY }} | |
-Dsonar.exclusions=venv/** | |
-Dsonar.c.file.suffixes=- | |
-Dsonar.cpp.file.suffixes=- | |
-Dsonar.objc.file.suffixes=- | |
- name: Check SonarCloud Quality Gate | |
run: | | |
curl -u ${{ secrets.SONAR_TOKEN }} "https://sonarcloud.io/api/qualitygates/project_status?projectKey=${{ secrets.PROJECT_KEY }}" | grep '"status":"OK"' || exit 1 | |
UnitAndIntegrationTests: | |
name: Unit and Integration Tests on Source Code | |
runs-on: ubuntu-latest | |
needs: Lint-and-Static-Analysis | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3' | |
- name: Check Python version | |
run: python --version | |
- name: Verify venv creation | |
run: ls -la venv/bin/ | |
- name: Clean up and recreate virtual environment | |
run: | | |
rm -rf venv | |
python3 -m venv venv | |
- name: Create virtual environment | |
run: | | |
python3 -m venv venv | |
- name: Check Python executable path | |
run: | | |
which python3 | |
- name: List directory contents | |
run: | | |
cd /home/runner/work/regtech_accessment_cicd | |
ls -la | |
- name: Install dependencies | |
run: | | |
cd /home/runner/work/regtech_accessment_cicd/regtech_accessment_cicd | |
source venv/bin/activate | |
ls -la venv venv | |
pip3 install -r requirements.txt | |
- name: Run Unit Tests | |
run: | | |
cd /home/runner/work/regtech_accessment_cicd/regtech_accessment_cicd | |
source venv/bin/activate | |
pytest test_app.py | |
- name: Run Integration tests | |
run: | | |
cd /home/runner/work/regtech_accessment_cicd/regtech_accessment_cicd | |
source venv/bin/activate | |
pytest test_integration.py | |
SNYK-SCAN: | |
name: Dependency Scanning (Snyk) | |
runs-on: ubuntu-latest | |
needs: UnitAndIntegrationTests | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@master | |
- name: Set up Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3' | |
- name: Check Python version | |
run: python --version | |
- name: Clean up and recreate virtual environment | |
run: | | |
rm -rf venv | |
python3 -m venv venv | |
- name: Create virtual environment | |
run: | | |
python3 -m venv venv | |
- name: Check Python executable path | |
run: | | |
which python3 | |
- name: List directory contents | |
run: | | |
cd /home/runner/work/regtech_accessment_cicd | |
ls -la | |
- name: Install dependencies | |
run: | | |
cd /home/runner/work/regtech_accessment_cicd/regtech_accessment_cicd | |
source venv/bin/activate | |
ls -la venv venv | |
pip3 install -r requirements.txt | |
- name: Set up Snyk | |
uses: snyk/actions/python-3.10@master | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
args: --severity-threshold=high | |
# Step 2: Build Docker Image | |
BuildImage-and-Publish-To-ECR: | |
name: Build and Push Docker Image | |
runs-on: ubuntu-latest | |
needs: SNYK-SCAN | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Login to ECR | |
uses: docker/login-action@v3 | |
with: | |
registry: 611512058022.dkr.ecr.us-east-1.amazonaws.com | |
username: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
region: ${{ secrets.AWS_REGION }} | |
- name: Build Image | |
run: | | |
docker build -t regtech-app . | |
docker tag regtech-app:latest 611512058022.dkr.ecr.us-east-1.amazonaws.com/regtech-app:${GITHUB_RUN_NUMBER} | |
docker push 611512058022.dkr.ecr.us-east-1.amazonaws.com/regtech-app:${GITHUB_RUN_NUMBER} | |
# Step 3: Docker Image Testing (Integration Tests Inside Container) | |
Integration-Tests: | |
name: Integration Tests on Docker Image | |
runs-on: ubuntu-latest | |
needs: BuildImage-and-Publish-To-ECR | |
steps: | |
- name: Login to ECR | |
uses: docker/login-action@v3 | |
with: | |
registry: 611512058022.dkr.ecr.us-east-1.amazonaws.com | |
username: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
region: ${{ secrets.AWS_REGION }} | |
- name: Pull Docker Image from ECR | |
run: | | |
docker pull 611512058022.dkr.ecr.us-east-1.amazonaws.com/regtech-app:${GITHUB_RUN_NUMBER} | |
- name: Run Integration Tests inside Docker Container | |
run: | | |
docker run --rm -v $(pwd):/results 611512058022.dkr.ecr.us-east-1.amazonaws.com/regtech-app:${GITHUB_RUN_NUMBER} pytest --junitxml=/results/integration-test-results.xml | |
- name: List Files in Current Directory | |
run: | | |
ls -l | |
- name: Upload Integration Test Results | |
uses: actions/upload-artifact@v3 | |
with: | |
name: integration-test-results | |
path: integration-test-results.xml | |
if-no-files-found: warn | |
# Step 4: Install Kubectl | |
Install-kubectl: | |
name: Install Kubectl on The Github Actions Runner | |
runs-on: ubuntu-latest | |
needs: Integration-Tests | |
steps: | |
- name: Checkout | |
run: | | |
curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/OS_DISTRIBUTION/amd64/kubectl | |
chmod +x ./kubectl | |
sudo mv ./kubectl /usr/local/bin/kubectl | |
# Step 5: Deploy To EKS | |
Deploy-To-Cluster: | |
runs-on: ubuntu-latest | |
needs: Install-kubectl | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Configure credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_REGION }} | |
- name: Download KubeConfig File | |
env: | |
KUBECONFIG: ${{ runner.temp }}/kubeconfig | |
run: | | |
aws eks update-kubeconfig --region ${{ secrets.AWS_REGION }} --name ${{ secrets.EKS_CLUSTER_NAME }} --kubeconfig $KUBECONFIG | |
echo "KUBECONFIG=$KUBECONFIG" >> $GITHUB_ENV | |
echo $KUBECONFIG | |
- name: Deploy to EKS | |
run: | | |
sed -i "s|image: REPOSITORY_TAG|image: 611512058022.dkr.ecr.us-east-1.amazonaws.com/regtech-app:${GITHUB_RUN_NUMBER}|g" ./deploy.yml | |
kubectl apply -f ./deploy.yml | |
- name: Check Deployment Status | |
id: check-status | |
run: | | |
kubectl rollout status deployment.apps/regtech-app-deployment || exit | |
- name: Rollback Deployment | |
if: failure() | |
run: | | |
echo "Deployment failed. Rolling back..." | |
kubectl rollout undo deployment.apps/regtech-app-deployment |