From 47b7f8b9a2cdc33508d1efd445e856f37e55dbbc Mon Sep 17 00:00:00 2001 From: I524884 Date: Wed, 24 May 2023 09:37:38 +0530 Subject: [PATCH 1/4] add github actions --- .github/actions/deploy/action.yml | 81 ++++++++++++++++++++++++++++ .github/workflows/dev.yml | 87 +++++++++++++++++++++++++++++++ .github/workflows/staging.yml | 76 +++++++++++++++++++++++++++ 3 files changed, 244 insertions(+) create mode 100644 .github/actions/deploy/action.yml create mode 100644 .github/workflows/dev.yml create mode 100644 .github/workflows/staging.yml diff --git a/.github/actions/deploy/action.yml b/.github/actions/deploy/action.yml new file mode 100644 index 0000000..6a47f76 --- /dev/null +++ b/.github/actions/deploy/action.yml @@ -0,0 +1,81 @@ +name: "deploy" + +description: "Deploys the application to the required environment." + +inputs: + env: + description: "Deployment Environment" + required: true + IMAGEREGISTRY: + description: "Docker Repository" + required: true + DOCKER_USERNAME: + description: "Docker Username" + required: true + DOCKER_PASSWORD: + description: "Docker Password" + required: true + KUBE_CONFIG: + description: "Kube Config" + required: true + DOMAIN: + description: "Host Domain of the cluster" + default: c-36c5653.stage.kyma.ondemand.com + required: true + IMAGEPULLSECRET: + description: "Secret with docker credentials" + required: true + +runs: + using: "composite" + steps: + + # login to docker + - name: Pre Requisites + shell: bash + run: | + docker login ${{inputs.IMAGEREGISTRY}} --username ${{ inputs.DOCKER_USERNAME }} --password ${{ inputs.DOCKER_PASSWORD }} + + # set kubeconfig + - name: Installing dependencies + shell: bash + run: | + pwd + mkdir -p ${HOME}/kyma-binaries + export PATH=${HOME}/kyma-binaries/:$PATH + mkdir -p ${HOME}/.kube + echo "${{inputs.KUBE_CONFIG}}" | base64 --decode > ${HOME}/.kube/config + + + - name: Deploying CAP App using helm chart to kyma environment. + id: deploy-to-kyma + shell: bash + run: | + npm i -g @sap/cds-dk + tag="tag$(date +%s)" + kubectl config set-context --current --namespace=${{ inputs.env }} + + hana_image=${{inputs.IMAGEREGISTRY}}/${{ inputs.env }}/bookshop-hana-deployer:$tag + srv_image=${{inputs.IMAGEREGISTRY}}/${{ inputs.env }}/bookshop-srv:$tag + approuter_image=${{inputs.IMAGEREGISTRY}}/${{ inputs.env }}/bookshop-approuter:$tag + + pack build $approuter_image --path app --buildpack gcr.io/paketo-buildpacks/nodejs --builder paketobuildpacks/builder:base --env BP_NODE_RUN_SCRIPTS="" + cds build --production + pack build $hana_image --path gen/db --buildpack gcr.io/paketo-buildpacks/nodejs --builder paketobuildpacks/builder:base --env BP_NODE_RUN_SCRIPTS="" + pack build $srv_image --path gen/srv --buildpack gcr.io/paketo-buildpacks/nodejs --builder paketobuildpacks/builder:base --env BP_NODE_RUN_SCRIPTS="" + + docker push $approuter_image + docker push $hana_image + docker push $srv_image + + EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) + echo "HELM_INSTALL_OUTPUT<<$EOF" >> $GITHUB_ENV + helm upgrade --set hana_deployer.image.repository=${{inputs.IMAGEREGISTRY}}/${{ inputs.env }}/bookshop-hana-deployer --set hana_deployer.image.tag=${tag} --set srv.image.repository=${{inputs.IMAGEREGISTRY}}/${{ inputs.env }}/bookshop-srv --set srv.image.tag=${tag} --set approuter.image.repository=${{inputs.IMAGEREGISTRY}}/${{ inputs.env }}/bookshop-approuter --set approuter.image.tag=${tag} --set global.domain=${{inputs.DOMAIN}} --set global.imagePullSecret.name=${{inputs.IMAGEPULLSECRET}} --set xsuaa.parameters.oauth2-configuration.redirect-uris[0]=https://*.${{inputs.DOMAIN}}/** --set xsuaa.parameters.xsappname=bookshop-${{inputs.env}} bookshop ./chart --install >> $GITHUB_ENV + echo "$EOF" >> $GITHUB_ENV + + kubectl rollout status deployment bookshop-srv --timeout=8m + kubectl rollout status deployment bookshop-approuter --timeout=8m + + docker rmi $approuter_image + docker rmi $hana_image + docker rmi $srv_image \ No newline at end of file diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml new file mode 100644 index 0000000..26518f3 --- /dev/null +++ b/.github/workflows/dev.yml @@ -0,0 +1,87 @@ +name: Testing Mergability + +on: + pull_request: + branches: + - dev +jobs: + Test: + name: "Testing Builds" + runs-on: ubuntu-latest + container: + image: ubuntu:22.04 + steps: + # This action checks-out your repository under $GITHUB_WORKSPACE, so your workflow can access it. + - uses: actions/checkout@v3 + + # This action downloads and caches distribution of the requested Node.js version and adds it to the PATH. + - uses: actions/setup-node@v3 + with: + node-version: 16 + + # CI Stage + - name: Pre Requisites + run: | + npm i + npm i -g @sap/cds-dk + cds build --production + + Deploy: + name: Deploy to Kyma + runs-on: ubuntu-latest + container: + image: ubuntu:22.04 + steps: + - uses: actions/checkout@v3 + + # install dependencies required for deployment + - run: apt-get update -y + - run: apt-get install software-properties-common -y + - run: apt-get install curl ca-certificates -y + - run: apt install sudo + + # kubectl + - run: curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /etc/apt/keyrings/kubernetes-archive-keyring.gpg add - + - run: echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list + - run: sudo apt-get install kubectl -y + + # pack + - run: sudo add-apt-repository ppa:cncf-buildpacks/pack-cli -y + - run: sudo apt-get update -y + - run: sudo apt-get install pack-cli -y + + # docker + - run: sudo apt-get install docker.io -y + + # helm + - run: curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash + + - uses: actions/setup-node@v3 + with: + node-version: 16 + + # reusable action to deploy on kyma + - uses: ./.github/actions/deploy + with: + env: dev + IMAGEREGISTRY: ${{ secrets.IMAGEREGISTRY }} + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }} + IMAGEPULLSECRET: ${{ secrets.IMAGEPULLSECRET }} + + + # to print the deployment urls on the PR + - name: Comment Result on PR + uses: actions/github-script@v6 + with: + github-token: ${{secrets.GITHUB_TOKEN}} + script: | + const body = `${{ env.HELM_INSTALL_OUTPUT }}` + + await github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: body + }) diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml new file mode 100644 index 0000000..29b70cb --- /dev/null +++ b/.github/workflows/staging.yml @@ -0,0 +1,76 @@ +name: Staging + +on: + workflow_dispatch: + push: + branches: [dev] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + # cancel-in-progress: true + +jobs: + Build: + name: "Building Project" + runs-on: ubuntu-latest + container: + image: ubuntu:22.04 + steps: + # This action checks-out your repository under $GITHUB_WORKSPACE, so your workflow can access it. + - uses: actions/checkout@v3 + + # This action downloads and caches distribution of the requested Node.js version and adds it to the PATH. + - uses: actions/setup-node@v3 + with: + node-version: 16 + + # CI Stage + - name: Pre Requisites + run: | + npm i + npm i -g @sap/cds-dk + cds build --production + + Deploy: + name: Deploy to Kyma + runs-on: ubuntu-latest + container: + image: ubuntu:22.04 + steps: + - uses: actions/checkout@v3 + + # install dependencies required for deployment + - run: apt-get update -y + - run: apt-get install software-properties-common -y + - run: apt-get install curl ca-certificates -y + - run: apt install sudo + + # kubectl + - run: curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /etc/apt/keyrings/kubernetes-archive-keyring.gpg add - + - run: echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list + - run: sudo apt-get install kubectl -y + + # pack + - run: sudo add-apt-repository ppa:cncf-buildpacks/pack-cli -y + - run: sudo apt-get update -y + - run: sudo apt-get install pack-cli -y + + # docker + - run: sudo apt-get install docker.io -y + + # helm + - run: curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash + + - uses: actions/setup-node@v3 + with: + node-version: 16 + + # reusable action to deploy on kyma + - uses: ./.github/actions/deploy + with: + env: staging + IMAGEREGISTRY: ${{ secrets.IMAGEREGISTRY }} + DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} + DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} + KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }} + IMAGEPULLSECRET: ${{ secrets.IMAGEPULLSECRET }} From a5487faa2c36961c382353a4f6a44aa44fd31f97 Mon Sep 17 00:00:00 2001 From: I524884 Date: Wed, 24 May 2023 09:38:40 +0530 Subject: [PATCH 2/4] update branch --- .github/workflows/dev.yml | 2 +- .github/workflows/staging.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml index 26518f3..6905f05 100644 --- a/.github/workflows/dev.yml +++ b/.github/workflows/dev.yml @@ -3,7 +3,7 @@ name: Testing Mergability on: pull_request: branches: - - dev + - main jobs: Test: name: "Testing Builds" diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml index 29b70cb..c57fcd6 100644 --- a/.github/workflows/staging.yml +++ b/.github/workflows/staging.yml @@ -3,7 +3,7 @@ name: Staging on: workflow_dispatch: push: - branches: [dev] + branches: [main] concurrency: group: ${{ github.workflow }}-${{ github.ref }} From 70d3fd33d05ef88d9fdb34213379b91f151f43fb Mon Sep 17 00:00:00 2001 From: I524884 Date: Wed, 24 May 2023 09:40:41 +0530 Subject: [PATCH 3/4] fix --- .github/workflows/dev.yml | 1 + .github/workflows/staging.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml index 6905f05..d5261c2 100644 --- a/.github/workflows/dev.yml +++ b/.github/workflows/dev.yml @@ -43,6 +43,7 @@ jobs: # kubectl - run: curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /etc/apt/keyrings/kubernetes-archive-keyring.gpg add - - run: echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list + - run: sudo apt-get update -y - run: sudo apt-get install kubectl -y # pack diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml index c57fcd6..861b367 100644 --- a/.github/workflows/staging.yml +++ b/.github/workflows/staging.yml @@ -48,6 +48,7 @@ jobs: # kubectl - run: curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /etc/apt/keyrings/kubernetes-archive-keyring.gpg add - - run: echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list + - run: sudo apt-get update -y - run: sudo apt-get install kubectl -y # pack From 076dae75a305914ba3dcc87b892f9960888c3f01 Mon Sep 17 00:00:00 2001 From: I524884 Date: Wed, 24 May 2023 10:36:40 +0530 Subject: [PATCH 4/4] add script to create technical user --- kubeconfig/create-kubeconfig.sh | 27 +++++++++++++ kubeconfig/service-account.yaml | 70 +++++++++++++++++++++++++++++++++ 2 files changed, 97 insertions(+) create mode 100755 kubeconfig/create-kubeconfig.sh create mode 100644 kubeconfig/service-account.yaml diff --git a/kubeconfig/create-kubeconfig.sh b/kubeconfig/create-kubeconfig.sh new file mode 100755 index 0000000..6fc6885 --- /dev/null +++ b/kubeconfig/create-kubeconfig.sh @@ -0,0 +1,27 @@ +# API server URL is api.KYMA_CLUSTER_DOMAIN +ns=sidak +API_SERVER_URL=$(kubectl config view -o=jsonpath='{.clusters[].cluster.server}') + +SECRET_NAME=cicd-tutorial-service-account + +CA=$(kubectl get secret/${SECRET_NAME} -n $ns -o jsonpath='{.data.ca\.crt}') +TOKEN=$(kubectl get secret/${SECRET_NAME} -n $ns -o jsonpath='{.data.token}' | base64 --decode) + +echo "apiVersion: v1 +kind: Config +clusters: + - name: default-cluster + cluster: + certificate-authority-data: ${CA} + server: ${API_SERVER_URL} +users: + - name: default-user + user: + token: ${TOKEN} +contexts: + - name: default-context + context: + cluster: default-cluster + namespace: $ns + user: default-user +current-context: default-context" diff --git a/kubeconfig/service-account.yaml b/kubeconfig/service-account.yaml new file mode 100644 index 0000000..eefb03f --- /dev/null +++ b/kubeconfig/service-account.yaml @@ -0,0 +1,70 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: cicd-tutorial-service-account +--- +apiVersion: v1 +kind: Secret +metadata: + name: cicd-tutorial-service-account + annotations: + kubernetes.io/service-account.name: cicd-tutorial-service-account +type: kubernetes.io/service-account-token +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: cicd-tutorial-role +rules: + - apiGroups: + - "" + - extensions + - batch + - apps + - gateway.kyma-project.io + - servicecatalog.k8s.io + - networking.k8s.io + - policy + - services.cloud.sap.com + resources: + - deployments + - replicasets + - pods + - jobs + - configmaps + - apirules + - serviceinstances + - servicebindings + - services + - secrets + - networkpolicies + - poddisruptionbudgets + - servicebindings/status + - serviceaccounts + verbs: + - create + - update + - patch + - delete + - get + - list +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: cicd-tutorial-role-binding +subjects: + - kind: ServiceAccount + name: cicd-tutorial-service-account + namespace: sidak +roleRef: + kind: ClusterRole + name: cicd-tutorial-role + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: cicd-tutorial-config-map +data: + out: "Congrats, you completed the cicd-tutorial successfully!"