spgreenberg · skyloungeio · Sep 27, 2024
diff --git a/.github/skylounge-versions-main.yml b/.github/skylounge-versions-main.yml
@@ -0,0 +1,44 @@
+---
+skylounge-config:
+ id: "skylounge.yml"
+ uri: "spgreenberg/hello-gradlew/skylounge.yml"
+ oid: "ff4987a9c1fda833a506235c7dbc8ad2642cb838"
+ version-url: "/spgreenberg/hello-gradlew/blob/ff4987a9c1fda833a506235c7dbc8ad2642cb838/skylounge.yml"
+blueprint:
+ id: "blueprint"
+ uri: "sky-lounge/skylounge-library/blueprints/gcp/cloud-run/blueprint.yml"
+ oid: "c3b2cb916788b41483e81c95be93ca963a46b89b"
+ version-url: "/sky-lounge/skylounge-library/blob/c3b2cb916788b41483e81c95be93ca963a46b89b/blueprints/gcp/cloud-run/blueprint.yml"
+workflows:
+- id: "development"
+ uri: "sky-lounge/skylounge-library/blueprints/gcp/cloud-run/workflow-templates/development.yml"
+ oid: "95ac1a0a6076ad9cdc74523863e58ea5c0f184ec"
+ version-url: "/sky-lounge/skylounge-library/blob/95ac1a0a6076ad9cdc74523863e58ea5c0f184ec/blueprints/gcp/cloud-run/workflow-templates/development.yml"
+ jobs:
+ - id: "integration-test"
+ uri: "spgreenberg/hello-gradlew/skylounge/integration-test.yml"
+ oid: "50135f52c23cdbe5f0271b548ad04f5035cc8677"
+ version-url: "/spgreenberg/hello-gradlew/blob/50135f52c23cdbe5f0271b548ad04f5035cc8677/skylounge/integration-test.yml"
+ steps:
+ - id: "build-container-image"
+ uri: "sky-lounge/skylounge-library/steps/pack/gradlew/build.yml"
+ oid: "43cb5d9a7f495643816445771a2209e658f30e37"
+ version-url: "/sky-lounge/skylounge-library/blob/43cb5d9a7f495643816445771a2209e658f30e37/steps/pack/gradlew/build.yml"
+- id: "promote"
+ uri: "sky-lounge/skylounge-library/blueprints/gcp/cloud-run/workflow-templates/promote.yml"
+ oid: "45398fc982d28cdca2b2e7902724e26eb814cf47"
+ version-url: "/sky-lounge/skylounge-library/blob/45398fc982d28cdca2b2e7902724e26eb814cf47/blueprints/gcp/cloud-run/workflow-templates/promote.yml"
+ jobs: []
+ steps: []
+- id: "production"
+ uri: "sky-lounge/skylounge-library/blueprints/gcp/cloud-run/workflow-templates/production.yml"
+ oid: "aa8e5c9456300e5b4a20430e6f271b8e08195e4c"
+ version-url: "/sky-lounge/skylounge-library/blob/aa8e5c9456300e5b4a20430e6f271b8e08195e4c/blueprints/gcp/cloud-run/workflow-templates/production.yml"
+ jobs: []
+ steps: []
+- id: "daily-scans"
+ uri: "sky-lounge/skylounge-library/blueprints/gcp/cloud-run/workflow-templates/daily-scans.yml"
+ oid: "2df2fda6203826b60fbff46ab7ce4ff26820a854"
+ version-url: "/sky-lounge/skylounge-library/blob/2df2fda6203826b60fbff46ab7ce4ff26820a854/blueprints/gcp/cloud-run/workflow-templates/daily-scans.yml"
+ jobs: []
+ steps: []
diff --git a/.github/workflows/skylounge-daily-scans.yml b/.github/workflows/skylounge-daily-scans.yml
@@ -0,0 +1,21 @@
+---
+name: Daily Scans
+on:
+ schedule:
+ - cron: 0 2 * * *
+ workflow_dispatch: null
+jobs:
+ owasp-zap-full-scan:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout source
+ uses: actions/checkout@v3
+ - name: Run OWASP Zap full scan
+ uses: zaproxy/[email protected]
+ id: scan
+ with:
+ target: https://spgreenberg-hello.skylounge.dev
+ rules_file_name: skylounge/owasp/rules.cfg
+ issue_title: "Daily Scans - OWASP Full Scan - ${{ github.run_number }}"
+ token: "${{ github.token }}"
+ fail_action: false
diff --git a/.github/workflows/skylounge-development.yml b/.github/workflows/skylounge-development.yml
@@ -0,0 +1,166 @@
+---
+name: Development
+on:
+ push:
+ branches:
+ - main
+ paths:
+ - src/**
+ - build.gradle
+ - service.yaml
+ ignore_paths:
+ - .github/development-version.txt
+ - .github/production-version.txt
+ workflow_dispatch: null
+jobs:
+ build:
+ name: Build container image
+ permissions:
+ contents: read
+ id-token: write
+ runs-on: ubuntu-latest
+ env:
+ REGISTRY: us-central1-docker.pkg.dev/skylounge-common/skylounge-registry
+ steps:
+ - name: Checkout branch
+ uses: actions/checkout@v3
+ - name: Set image name
+ run: |
+ echo "IMAGE_NAME=${{ env.REGISTRY }}/${{ github.event.repository.name }}:${{ github.sha }}" >> $GITHUB_ENV
+ - id: auth
+ name: Authenticate to Google Cloud
+ uses: google-github-actions/auth@v0
+ with:
+ credentials_json: "${{ secrets.GOOGLE_CREDENTIALS_DEV }}"
+ - name: Set up Java
+ uses: actions/setup-java@v4
+ with:
+ distribution: liberica
+ java-version: 17
+ cache: gradle
+ - name: Build Jar
+ run: ./gradlew clean assemble
+ - name: Setup Pack
+ uses: buildpacks/github-actions/[email protected]
+ - name: Pack build
+ run: |
+ set -x
+ pack build --volume $HOME/.gradle:/home/cnb/.gradle:rw \
+ ${{ env.IMAGE_NAME }} \
+ --builder paketobuildpacks/builder:base \
+ --env BP_JVM_VERSION=${{ env.BP_JVM_VERSION}} \
+ --path ${{ env.JAR_PATH }}
+ env:
+ BP_JVM_VERSION: 17
+ JAR_PATH: build/libs/hello-gradlew.jar
+ - name: Push container image
+ run: |
+ registry_base_url=$(cut -d/ -f 1 <<< $REGISTRY)
+ gcloud auth configure-docker $registry_base_url
+ docker push ${{ env.IMAGE_NAME }}
+ deploy:
+ needs: build
+ name: Deploy to development
+ runs-on: ubuntu-latest
+ env:
+ REGISTRY: us-central1-docker.pkg.dev/skylounge-common/skylounge-registry
+ steps:
+ - name: Checkout branch
+ uses: actions/checkout@v3
+ - name: Set image and service name
+ run: |
+ sed -i -e 's%${IMAGE_NAME}%'"$IMAGE_NAME"'%g' ./service.yaml
+ sed -i -e 's%${GCP_PROJECT}%'"$GCP_PROJECT"'%g' ./service.yaml
+ env:
+ IMAGE_NAME: "${{ env.REGISTRY }}/${{ github.event.repository.name }}:${{ github.sha\
+ \ }}"
+ GCP_PROJECT: skylounge-dev
+ - id: auth
+ name: Authenticate to Google Cloud
+ uses: google-github-actions/auth@v0
+ with:
+ credentials_json: "${{ secrets.GOOGLE_CREDENTIALS_DEV }}"
+ - id: deploy
+ uses: google-github-actions/deploy-cloudrun@v0
+ with:
+ metadata: ./service.yaml
+ configure-access:
+ needs: deploy
+ name: Map Domain
+ runs-on: ubuntu-latest
+ defaults:
+ run:
+ working-directory: public-skylounge-library/terraform/gcp/cloud-run/domain-mapping
+ steps:
+ - name: Checkout terraform
+ uses: actions/checkout@v3
+ with:
+ repository: sky-lounge/public-skylounge-library
+ ref: main
+ path: public-skylounge-library
+ - uses: hashicorp/setup-terraform@v2
+ - id: auth
+ name: Authenticate to Google Cloud
+ uses: google-github-actions/auth@v0
+ with:
+ credentials_json: "${{ secrets.GOOGLE_CREDENTIALS_DEV }}"
+ - name: Prepare Backend Config
+ run: |
+ cat << EOF > config.gcs.tfbackend
+ bucket = "$TF_STATE_BUCKET"
+ prefix = "${REPO_NAME}"
+ EOF
+ env:
+ TF_STATE_BUCKET: tfstate.skylounge.dev
+ REPO_NAME: "${{ github.event.repository.name }}"
+ - name: Terraform Init
+ run: terraform init -backend-config=config.gcs.tfbackend
+ - name: Prepare Terraform Vars File
+ run: |
+ echo "gcp_project = \"$GCP_PROJECT\"" > terraform.tfvars
+ echo "dns_zone_name = \"$DNS_ZONE_NAME\"" >> terraform.tfvars
+ echo "cloud_run_domain = \"$CLOUD_RUN_DOMAIN\"" >> terraform.tfvars
+ echo "cloud_run_location = \"$CLOUD_RUN_LOCATION\"" >> terraform.tfvars
+ echo "cloud_run_service_name = \"$CLOUD_RUN_SERVICE_NAME\"" >> terraform.tfvars
+ if [ -n "$CLOUD_RUN_INVOKER" ]; then
+ echo "cloud_run_invoker = \"$CLOUD_RUN_INVOKER\"" >> terraform.tfvars
+ fi
+ env:
+ GCP_PROJECT: skylounge-dev
+ DNS_ZONE_NAME: skyloungedev
+ CLOUD_RUN_DOMAIN: spgreenberg-hello.skylounge.dev
+ CLOUD_RUN_LOCATION: us-central1
+ CLOUD_RUN_SERVICE_NAME: "${{ github.event.repository.name }}"
+ CLOUD_RUN_INVOKER: allUsers
+ - name: Terraform Apply
+ run: terraform apply -auto-approve
+ integration-test:
+ needs: configure-access
+ name: Integration Test
+ runs-on: ubuntu-latest
+ steps:
+ - name: Verify index page
+ run: |
+ set -ex
+ status_code=$(curl -L -o /dev/null -s -w "%{http_code}" https://${APP_ROUTE})
+ [[ 200 -eq $status_code ]] || (echo "CURL FAILED to return 200 status" && exit 1)
+ response=$(curl -L https://${APP_ROUTE})
+ [[ $response == *"Better Automation for Software Organizations"* ]] || (echo "CURL FAILED to return result containing substring: Better Automation for Software Organizations" && exit 1)
+ env:
+ APP_ROUTE: spgreenberg-hello.skylounge.dev
+ artifact-version:
+ needs: integration-test
+ name: Update artifact version
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout branch
+ uses: actions/checkout@v3
+ - name: Update Artifact Version
+ run: |
+ git config user.name "GitHub Actions Bot"
+ git config user.email "<>"
+ echo "${{ github.sha }}" > .github/development-version.txt
+ git add .github/development-version.txt
+ git commit -m "update development version: ${{ github.sha }}"
+ git pull --rebase
+ git push
diff --git a/.github/workflows/skylounge-production.yml b/.github/workflows/skylounge-production.yml
@@ -0,0 +1,91 @@
+---
+name: Production
+on:
+ push:
+ branches:
+ - main
+ paths:
+ - production-version.txt
+ workflow_run:
+ workflows:
+ - Promote
+ types:
+ - completed
+ workflow_dispatch: null
+jobs:
+ deploy:
+ name: Deploy to production
+ runs-on: ubuntu-latest
+ env:
+ REGISTRY: us-central1-docker.pkg.dev/skylounge-common/skylounge-registry
+ steps:
+ - name: Checkout branch
+ uses: actions/checkout@v3
+ - name: Set image and service name
+ run: |
+ deploy_sha=$(cat production-version.txt | xargs)
+ image_name="${IMAGE_NAME}:${deploy_sha}"
+ sed -i -e 's%${IMAGE_NAME}%'"$image_name"'%g' ./service.yaml
+ sed -i -e 's%${GCP_PROJECT}%'"$GCP_PROJECT"'%g' ./service.yaml
+ env:
+ IMAGE_NAME: "${{env.REGISTRY}}/${{github.event.repository.name}}"
+ GCP_PROJECT: skylounge-io
+ - id: auth
+ name: Authenticate to Google Cloud
+ uses: google-github-actions/auth@v0
+ with:
+ credentials_json: "${{ secrets.GOOGLE_CREDENTIALS_PROD }}"
+ - id: deploy
+ uses: google-github-actions/deploy-cloudrun@v0
+ with:
+ metadata: ./service.yaml
+ configure-access:
+ needs: deploy
+ name: Map Domain
+ runs-on: ubuntu-latest
+ defaults:
+ run:
+ working-directory: public-skylounge-library/terraform/gcp/cloud-run/domain-mapping
+ steps:
+ - name: Checkout terraform
+ uses: actions/checkout@v3
+ with:
+ repository: sky-lounge/public-skylounge-library
+ ref: main
+ path: public-skylounge-library
+ - uses: hashicorp/setup-terraform@v2
+ - id: auth
+ name: Authenticate to Google Cloud
+ uses: google-github-actions/auth@v0
+ with:
+ credentials_json: "${{ secrets.GOOGLE_CREDENTIALS_PROD }}"
+ - name: Prepare Backend Config
+ run: |
+ cat << EOF > config.gcs.tfbackend
+ bucket = "$TF_STATE_BUCKET"
+ prefix = "${REPO_NAME}"
+ EOF
+ env:
+ TF_STATE_BUCKET: tfstate.skylounge.io
+ REPO_NAME: "${{ github.event.repository.name }}"
+ - name: Terraform Init
+ run: terraform init -backend-config=config.gcs.tfbackend
+ - name: Prepare Terraform Vars File
+ run: |
+ echo "gcp_project = \"$GCP_PROJECT\"" > terraform.tfvars
+ echo "dns_zone_name = \"$DNS_ZONE_NAME\"" >> terraform.tfvars
+ echo "cloud_run_domain = \"$CLOUD_RUN_DOMAIN\"" >> terraform.tfvars
+ echo "cloud_run_location = \"$CLOUD_RUN_LOCATION\"" >> terraform.tfvars
+ echo "cloud_run_service_name = \"$CLOUD_RUN_SERVICE_NAME\"" >> terraform.tfvars
+ if [ -n "$CLOUD_RUN_INVOKER" ]; then
+ echo "cloud_run_invoker = \"$CLOUD_RUN_INVOKER\"" >> terraform.tfvars
+ fi
+ env:
+ GCP_PROJECT: skylounge-io
+ DNS_ZONE_NAME: skyloungeio
+ CLOUD_RUN_DOMAIN: spgreenberg-hello.skylounge.io
+ CLOUD_RUN_LOCATION: us-central1
+ CLOUD_RUN_SERVICE_NAME: "${{ github.event.repository.name }}"
+ CLOUD_RUN_INVOKER: allUsers
+ - name: Terraform Apply
+ run: terraform apply -auto-approve
diff --git a/.github/workflows/skylounge-promote.yml b/.github/workflows/skylounge-promote.yml
@@ -0,0 +1,19 @@
+---
+name: Promote
+on: workflow_dispatch
+jobs:
+ promote:
+ name: Promote container image
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v3
+ - name: Update Production Version
+ run: |
+ git config user.name "GitHub Actions Bot"
+ git config user.email "<>"
+ cp .github/development-version.txt .github/production-version.txt
+ git add .github/production-version.txt
+ git commit -m "update production version: $(cat .github/production-version.txt)"
+ git pull --rebase
+ git push