From bada0febc3e0ac305d7b3d5fd34a3ca0646a4bde Mon Sep 17 00:00:00 2001
From: Oloruntobi Olurombi
 <40290711+OloruntobiOlurombi@users.noreply.github.com>
Date: Wed, 11 Sep 2024 18:47:01 +0100
Subject: [PATCH] ci/cd-setup.yml

---
 .github/workflows/regtech-app.yml | 236 ++++++++++++++++++++++++++++++
 1 file changed, 236 insertions(+)
 create mode 100644 .github/workflows/regtech-app.yml

diff --git a/.github/workflows/regtech-app.yml b/.github/workflows/regtech-app.yml
new file mode 100644
index 0000000..bc3d683
--- /dev/null
+++ b/.github/workflows/regtech-app.yml
@@ -0,0 +1,236 @@
+name: Deploy Flask App to EKS  
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+env:
+  AWS_REGION: ${{ secrets.AWS_REGION }}
+  EKS_CLUSTER_NAME: ${{ secrets.EKS_CLUSTER_NAME }}
+
+jobs:
+  # Step 1: Source Code Testing (Linting, Static Analysis, Unit Tests, Snyk Scan)
+  Lint-and-Static-Analysis:
+    name: Linting and Static Analysis (SonarQube) 
+    runs-on: ubuntu-latest 
+    steps:
+      - name: Checkout repository 
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: SonarCloud Scan
+        uses: sonarsource/sonarcloud-github-action@master  
+        env:
+          GITHUB_TOKEN: ${{ secrets.GIT_TOKEN }} 
+          #ORGANIZATION_KEY: ${{ secrets.ORGANIZATION_KEY }} 
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} 
+        with:
+          args: >
+            -Dsonar.organization=${{ secrets.ORGANIZATION_KEY }}
+            -Dsonar.projectKey=${{ secrets.PROJECT_KEY }} 
+            -Dsonar.c.file.suffixes=-
+            -Dsonar.cpp.file.suffixes=-
+            -Dsonar.objc.file.suffixes=-
+
+  UnitAndIntegrationTests:
+    name: Unit and Integration Tests on Source Code
+    runs-on: ubuntu-latest
+    needs: Lint-and-Static-Analysis
+    steps:
+      - name: Checkout repository 
+        uses: actions/checkout@v3
+
+      - name: Set up Python 
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3'
+
+      - name: Check Python version
+        run: python --version
+
+      - name: Verify venv creation
+        run: ls -la venv/bin/
+
+      - name: Clean up and recreate virtual environment
+        run: |
+          rm -rf venv
+          python3 -m venv venv
+
+      - name: Create virtual environment
+        run: |
+          python3 -m venv venv
+
+      - name: Check Python executable path
+        run: |
+          which python3
+
+      - name: List directory contents
+        run: |
+          cd /home/runner/work/regtech_accessment_cicd
+          ls -la
+
+      - name: Install dependencies 
+        run: |
+          cd /home/runner/work/regtech_accessment_cicd/regtech_accessment_cicd
+          source venv/bin/activate
+          ls -la venv venv
+          pip3 install -r requirements.txt
+
+      - name: Run Unit Tests 
+        run: |
+          cd /home/runner/work/regtech_accessment_cicd/regtech_accessment_cicd
+          source venv/bin/activate 
+          pytest test_app.py  
+
+      - name: Run Integration tests
+        run: |
+          cd /home/runner/work/regtech_accessment_cicd/regtech_accessment_cicd
+          source venv/bin/activate
+          pytest test_integration.py   
+
+  SNYK-SCAN:
+    name: Dependency Scanning (Snyk)
+    runs-on: ubuntu-latest 
+    needs: UnitAndIntegrationTests
+    steps:
+      - name: Checkout repository 
+        uses: actions/checkout@master
+
+      - name: Set up Python 
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3'
+
+      - name: Check Python version
+        run: python --version
+
+      - name: Clean up and recreate virtual environment
+        run: |
+          rm -rf venv
+          python3 -m venv venv
+
+      - name: Create virtual environment
+        run: |
+          python3 -m venv venv
+
+      - name: Check Python executable path
+        run: |
+          which python3
+
+      - name: List directory contents
+        run: |
+          cd /home/runner/work/regtech_accessment_cicd
+          ls -la
+
+      - name: Install dependencies 
+        run: |
+          cd /home/runner/work/regtech_accessment_cicd/regtech_accessment_cicd
+          source venv/bin/activate
+          ls -la venv venv
+          pip3 install -r requirements.txt
+
+      - name: Set up Snyk
+        uses: snyk/actions/python-3.10@master
+        env:
+          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --severity-threshold=high 
+     
+# Step 2: Build Docker Image 
+  BuildImage-and-Publish-To-ECR:
+    name: Build and Push Docker Image
+    runs-on: ubuntu-latest 
+    needs: SNYK-SCAN 
+    steps:
+    - name: Checkout 
+      uses: actions/checkout@v4 
+
+    - name: Login to ECR 
+      uses: docker/login-action@v3 
+      with:
+        registry: 611512058022.dkr.ecr.us-east-1.amazonaws.com
+        username: ${{ secrets.AWS_ACCESS_KEY_ID }}  
+        password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        region: ${{ secrets.AWS_REGION }}
+
+    - name: Build Image 
+      run: | 
+        docker build -t flask-app .
+        docker tag regtech-app:latest 611512058022.dkr.ecr.us-east-1.amazonaws.com/regtech-app:${GITHUB_RUN_NUMBER}
+        docker push 611512058022.dkr.ecr.us-east-1.amazonaws.com/regtech-app:${GITHUB_RUN_NUMBER}
+
+# Step 3: Docker Image Testing (Integration Tests Inside Container)
+  Integration-Tests:
+    name: Integration Tests on Docker Image
+    runs-on: ubuntu-latest 
+    needs: BuildImage-and-Publish-To-ECR
+    steps:
+
+      - name: Login to ECR 
+        uses: docker/login-action@v3 
+        with:
+          registry: 611512058022.dkr.ecr.us-east-1.amazonaws.com
+          username: ${{ secrets.AWS_ACCESS_KEY_ID }}  
+          password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          region: ${{ secrets.AWS_REGION }}
+
+      - name: Pull Docker Image from ECR 
+        run: |
+          docker pull 611512058022.dkr.ecr.us-east-1.amazonaws.com/regtech-app:${GITHUB_RUN_NUMBER}
+
+      - name: Run Integration Tests inside Docker Container 
+        run: |
+          docker run --rm -v $(pwd):/results 611512058022.dkr.ecr.us-east-1.amazonaws.com/regtech-app:${GITHUB_RUN_NUMBER} pytest --junitxml=integration-test-results.xml
+
+      - name: Upload Integration Test Results 
+        uses: actions/upload-artifact@v2 
+        with: 
+          name: integration-test-results
+          path: integration-test-results.xml
+          if-no-files-found: warn
+
+# Step 4: Install Kubectl
+  Install-kubectl:
+    name: Install Kubectl on The Github Actions Runner
+    runs-on: ubuntu-latest
+    needs: Integration-Tests
+    steps:
+    - name: Checkout 
+      run: |
+        curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/OS_DISTRIBUTION/amd64/kubectl
+        chmod +x ./kubectl
+        sudo mv ./kubectl /usr/local/bin/kubectl
+
+# Step 5: Deploy To EKS
+  Deploy-To-Cluster:
+    runs-on: ubuntu-latest
+    needs: Install-kubectl 
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Configure credentials
+      uses: aws-actions/configure-aws-credentials@v4
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: ${{ secrets.AWS_REGION }}
+
+    - name: Download KubeConfig File 
+      env:
+        KUBECONFIG: ${{ runner.temp }}/kubeconfig
+
+      run: | 
+        aws eks update-kubeconfig --region ${{ secrets.AWS_REGION }} --name ${{ secrets.EKS_CLUSTER_NAME }} --kubeconfig $KUBECONFIG
+        echo "KUBECONFIG=$KUBECONFIG" >> $GITHUB_ENV 
+        echo $KUBECONFIG 
+
+    - name: Deploy to EKS 
+      run: |
+        sed -i "s|image: REPOSITORY_TAG|image: 611512058022.dkr.ecr.us-east-1.amazonaws.com/regtech-app:${GITHUB_RUN_NUMBER}|g" ./deploy.yml
+        kubectl apply -f ./deploy.yml