diff --git a/.github/actions/deploy/action.yml b/.github/actions/deploy/action.yml new file mode 100644 index 0000000..6a47f76 --- /dev/null +++ b/.github/actions/deploy/action.yml @@ -0,0 +1,81 @@ +name: "deploy" + +description: "Deploys the application to the required environment." + +inputs: + env: + description: "Deployment Environment" + required: true + IMAGEREGISTRY: + description: "Docker Repository" + required: true + DOCKER_USERNAME: + description: "Docker Username" + required: true + DOCKER_PASSWORD: + description: "Docker Password" + required: true + KUBE_CONFIG: + description: "Kube Config" + required: true + DOMAIN: + description: "Host Domain of the cluster" + default: c-36c5653.stage.kyma.ondemand.com + required: true + IMAGEPULLSECRET: + description: "Secret with docker credentials" + required: true + +runs: + using: "composite" + steps: + + # login to docker + - name: Pre Requisites + shell: bash + run: | + docker login ${{inputs.IMAGEREGISTRY}} --username ${{ inputs.DOCKER_USERNAME }} --password ${{ inputs.DOCKER_PASSWORD }} + + # set kubeconfig + - name: Installing dependencies + shell: bash + run: | + pwd + mkdir -p ${HOME}/kyma-binaries + export PATH=${HOME}/kyma-binaries/:$PATH + mkdir -p ${HOME}/.kube + echo "${{inputs.KUBE_CONFIG}}" | base64 --decode > ${HOME}/.kube/config + + + - name: Deploying CAP App using helm chart to kyma environment. + id: deploy-to-kyma + shell: bash + run: | + npm i -g @sap/cds-dk + tag="tag$(date +%s)" + kubectl config set-context --current --namespace=${{ inputs.env }} + + hana_image=${{inputs.IMAGEREGISTRY}}/${{ inputs.env }}/bookshop-hana-deployer:$tag + srv_image=${{inputs.IMAGEREGISTRY}}/${{ inputs.env }}/bookshop-srv:$tag + approuter_image=${{inputs.IMAGEREGISTRY}}/${{ inputs.env }}/bookshop-approuter:$tag + + pack build $approuter_image --path app --buildpack gcr.io/paketo-buildpacks/nodejs --builder paketobuildpacks/builder:base --env BP_NODE_RUN_SCRIPTS="" + cds build --production + pack build $hana_image --path gen/db --buildpack gcr.io/paketo-buildpacks/nodejs --builder paketobuildpacks/builder:base --env BP_NODE_RUN_SCRIPTS="" + pack build $srv_image --path gen/srv --buildpack gcr.io/paketo-buildpacks/nodejs --builder paketobuildpacks/builder:base --env BP_NODE_RUN_SCRIPTS="" + + docker push $approuter_image + docker push $hana_image + docker push $srv_image + + EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) + echo "HELM_INSTALL_OUTPUT<<$EOF" >> $GITHUB_ENV + helm upgrade --set hana_deployer.image.repository=${{inputs.IMAGEREGISTRY}}/${{ inputs.env }}/bookshop-hana-deployer --set hana_deployer.image.tag=${tag} --set srv.image.repository=${{inputs.IMAGEREGISTRY}}/${{ inputs.env }}/bookshop-srv --set srv.image.tag=${tag} --set approuter.image.repository=${{inputs.IMAGEREGISTRY}}/${{ inputs.env }}/bookshop-approuter --set approuter.image.tag=${tag} --set global.domain=${{inputs.DOMAIN}} --set global.imagePullSecret.name=${{inputs.IMAGEPULLSECRET}} --set xsuaa.parameters.oauth2-configuration.redirect-uris[0]=https://*.${{inputs.DOMAIN}}/** --set xsuaa.parameters.xsappname=bookshop-${{inputs.env}} bookshop ./chart --install >> $GITHUB_ENV + echo "$EOF" >> $GITHUB_ENV + + kubectl rollout status deployment bookshop-srv --timeout=8m + kubectl rollout status deployment bookshop-approuter --timeout=8m + + docker rmi $approuter_image + docker rmi $hana_image + docker rmi $srv_image \ No newline at end of file diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml new file mode 100644 index 0000000..d5261c2 --- /dev/null +++ b/.github/workflows/dev.yml @@ -0,0 +1,88 @@ +name: Testing Mergability + +on: + pull_request: + branches: + - main +jobs: + Test: + name: "Testing Builds" + runs-on: ubuntu-latest + container: + image: ubuntu:22.04 + steps: + # This action checks-out your repository under $GITHUB_WORKSPACE, so your workflow can access it. + - uses: actions/checkout@v3 + + # This action downloads and caches distribution of the requested Node.js version and adds it to the PATH. + - uses: actions/setup-node@v3 + with: + node-version: 16 + + # CI Stage + - name: Pre Requisites + run: | + npm i + npm i -g @sap/cds-dk + cds build --production + + Deploy: + name: Deploy to Kyma + runs-on: ubuntu-latest + container: + image: ubuntu:22.04 + steps: + - uses: actions/checkout@v3 + + # install dependencies required for deployment + - run: apt-get update -y + - run: apt-get install software-properties-common -y + - run: apt-get install curl ca-certificates -y + - run: apt install sudo + + # kubectl + - run: curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /etc/apt/keyrings/kubernetes-archive-keyring.gpg add - + - run: echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list + - run: sudo apt-get update -y + - run: sudo apt-get install kubectl -y + + # pack + - run: sudo add-apt-repository ppa:cncf-buildpacks/pack-cli -y + - run: sudo apt-get update -y + - run: sudo apt-get install pack-cli -y + + # docker + - run: sudo apt-get install docker.io -y + + # helm + - run: curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash + + - uses: actions/setup-node@v3 + with: + node-version: 16 + + # reusable action to deploy on kyma + - uses: ./.github/actions/deploy + with: + env: dev + IMAGEREGISTRY: ${{ secrets.IMAGEREGISTRY }} + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }} + IMAGEPULLSECRET: ${{ secrets.IMAGEPULLSECRET }} + + + # to print the deployment urls on the PR + - name: Comment Result on PR + uses: actions/github-script@v6 + with: + github-token: ${{secrets.GITHUB_TOKEN}} + script: | + const body = `${{ env.HELM_INSTALL_OUTPUT }}` + + await github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: body + }) diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml new file mode 100644 index 0000000..861b367 --- /dev/null +++ b/.github/workflows/staging.yml @@ -0,0 +1,77 @@ +name: Staging + +on: + workflow_dispatch: + push: + branches: [main] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + # cancel-in-progress: true + +jobs: + Build: + name: "Building Project" + runs-on: ubuntu-latest + container: + image: ubuntu:22.04 + steps: + # This action checks-out your repository under $GITHUB_WORKSPACE, so your workflow can access it. + - uses: actions/checkout@v3 + + # This action downloads and caches distribution of the requested Node.js version and adds it to the PATH. + - uses: actions/setup-node@v3 + with: + node-version: 16 + + # CI Stage + - name: Pre Requisites + run: | + npm i + npm i -g @sap/cds-dk + cds build --production + + Deploy: + name: Deploy to Kyma + runs-on: ubuntu-latest + container: + image: ubuntu:22.04 + steps: + - uses: actions/checkout@v3 + + # install dependencies required for deployment + - run: apt-get update -y + - run: apt-get install software-properties-common -y + - run: apt-get install curl ca-certificates -y + - run: apt install sudo + + # kubectl + - run: curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /etc/apt/keyrings/kubernetes-archive-keyring.gpg add - + - run: echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list + - run: sudo apt-get update -y + - run: sudo apt-get install kubectl -y + + # pack + - run: sudo add-apt-repository ppa:cncf-buildpacks/pack-cli -y + - run: sudo apt-get update -y + - run: sudo apt-get install pack-cli -y + + # docker + - run: sudo apt-get install docker.io -y + + # helm + - run: curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash + + - uses: actions/setup-node@v3 + with: + node-version: 16 + + # reusable action to deploy on kyma + - uses: ./.github/actions/deploy + with: + env: staging + IMAGEREGISTRY: ${{ secrets.IMAGEREGISTRY }} + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }} + IMAGEPULLSECRET: ${{ secrets.IMAGEPULLSECRET }} diff --git a/kubeconfig/create-kubeconfig.sh b/kubeconfig/create-kubeconfig.sh new file mode 100755 index 0000000..6fc6885 --- /dev/null +++ b/kubeconfig/create-kubeconfig.sh @@ -0,0 +1,27 @@ +# API server URL is api.KYMA_CLUSTER_DOMAIN +ns=sidak +API_SERVER_URL=$(kubectl config view -o=jsonpath='{.clusters[].cluster.server}') + +SECRET_NAME=cicd-tutorial-service-account + +CA=$(kubectl get secret/${SECRET_NAME} -n $ns -o jsonpath='{.data.ca\.crt}') +TOKEN=$(kubectl get secret/${SECRET_NAME} -n $ns -o jsonpath='{.data.token}' | base64 --decode) + +echo "apiVersion: v1 +kind: Config +clusters: + - name: default-cluster + cluster: + certificate-authority-data: ${CA} + server: ${API_SERVER_URL} +users: + - name: default-user + user: + token: ${TOKEN} +contexts: + - name: default-context + context: + cluster: default-cluster + namespace: $ns + user: default-user +current-context: default-context" diff --git a/kubeconfig/service-account.yaml b/kubeconfig/service-account.yaml new file mode 100644 index 0000000..eefb03f --- /dev/null +++ b/kubeconfig/service-account.yaml @@ -0,0 +1,70 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cicd-tutorial-service-account +--- +apiVersion: v1 +kind: Secret +metadata: + name: cicd-tutorial-service-account + annotations: + kubernetes.io/service-account.name: cicd-tutorial-service-account +type: kubernetes.io/service-account-token +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: cicd-tutorial-role +rules: + - apiGroups: + - "" + - extensions + - batch + - apps + - gateway.kyma-project.io + - servicecatalog.k8s.io + - networking.k8s.io + - policy + - services.cloud.sap.com + resources: + - deployments + - replicasets + - pods + - jobs + - configmaps + - apirules + - serviceinstances + - servicebindings + - services + - secrets + - networkpolicies + - poddisruptionbudgets + - servicebindings/status + - serviceaccounts + verbs: + - create + - update + - patch + - delete + - get + - list +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: cicd-tutorial-role-binding +subjects: + - kind: ServiceAccount + name: cicd-tutorial-service-account + namespace: sidak +roleRef: + kind: ClusterRole + name: cicd-tutorial-role + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: cicd-tutorial-config-map +data: + out: "Congrats, you completed the cicd-tutorial successfully!"