sidakphull · sidakphull · May 24, 2023 · May 24, 2023 · May 24, 2023 · May 24, 2023
diff --git a/.github/actions/deploy/action.yml b/.github/actions/deploy/action.yml
@@ -0,0 +1,81 @@
+name: "deploy"
+
+description: "Deploys the application to the required environment."
+
+inputs:
+  env:
+    description: "Deployment Environment"
+    required: true
+  IMAGEREGISTRY:
+    description: "Docker Repository"
+    required: true
+  DOCKER_USERNAME:
+    description: "Docker Username"
+    required: true
+  DOCKER_PASSWORD:
+    description: "Docker Password"
+    required: true
+  KUBE_CONFIG:
+    description: "Kube Config"
+    required: true
+  DOMAIN:
+    description: "Host Domain of the cluster"
+    default: c-36c5653.stage.kyma.ondemand.com
+    required: true
+  IMAGEPULLSECRET:
+    description: "Secret with docker credentials"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+
+    # login to docker
+    - name: Pre Requisites
+      shell: bash
+      run: |
+        docker login ${{inputs.IMAGEREGISTRY}} --username ${{ inputs.DOCKER_USERNAME }} --password ${{ inputs.DOCKER_PASSWORD }}
+
+    # set kubeconfig
+    - name: Installing dependencies
+      shell: bash
+      run: |
+        pwd
+        mkdir -p ${HOME}/kyma-binaries
+        export PATH=${HOME}/kyma-binaries/:$PATH
+        mkdir -p ${HOME}/.kube
+        echo "${{inputs.KUBE_CONFIG}}" | base64 --decode > ${HOME}/.kube/config
+
+
+    - name: Deploying CAP App using helm chart to kyma environment.
+      id: deploy-to-kyma
+      shell: bash
+      run: |
+        npm i -g @sap/cds-dk
+        tag="tag$(date +%s)"
+        kubectl config set-context --current --namespace=${{ inputs.env }}
+
+        hana_image=${{inputs.IMAGEREGISTRY}}/${{ inputs.env }}/bookshop-hana-deployer:$tag
+        srv_image=${{inputs.IMAGEREGISTRY}}/${{ inputs.env }}/bookshop-srv:$tag
+        approuter_image=${{inputs.IMAGEREGISTRY}}/${{ inputs.env }}/bookshop-approuter:$tag
+
+        pack build $approuter_image --path app --buildpack gcr.io/paketo-buildpacks/nodejs --builder paketobuildpacks/builder:base --env BP_NODE_RUN_SCRIPTS=""
+        cds build --production
+        pack build $hana_image --path gen/db --buildpack gcr.io/paketo-buildpacks/nodejs --builder paketobuildpacks/builder:base --env BP_NODE_RUN_SCRIPTS=""
+        pack build $srv_image --path gen/srv --buildpack gcr.io/paketo-buildpacks/nodejs --builder paketobuildpacks/builder:base --env BP_NODE_RUN_SCRIPTS=""
+
+        docker push $approuter_image
+        docker push $hana_image
+        docker push $srv_image
+
+        EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
+        echo "HELM_INSTALL_OUTPUT<<$EOF" >> $GITHUB_ENV
+        helm upgrade --set hana_deployer.image.repository=${{inputs.IMAGEREGISTRY}}/${{ inputs.env }}/bookshop-hana-deployer --set hana_deployer.image.tag=${tag} --set srv.image.repository=${{inputs.IMAGEREGISTRY}}/${{ inputs.env }}/bookshop-srv --set srv.image.tag=${tag} --set approuter.image.repository=${{inputs.IMAGEREGISTRY}}/${{ inputs.env }}/bookshop-approuter --set approuter.image.tag=${tag} --set global.domain=${{inputs.DOMAIN}} --set global.imagePullSecret.name=${{inputs.IMAGEPULLSECRET}} --set xsuaa.parameters.oauth2-configuration.redirect-uris[0]=https://*.${{inputs.DOMAIN}}/**  --set xsuaa.parameters.xsappname=bookshop-${{inputs.env}} bookshop ./chart --install >> $GITHUB_ENV
+        echo "$EOF" >> $GITHUB_ENV
+
+        kubectl rollout status deployment bookshop-srv --timeout=8m
+        kubectl rollout status deployment bookshop-approuter --timeout=8m
+
+        docker rmi $approuter_image
+        docker rmi $hana_image
+        docker rmi $srv_image
diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml
@@ -0,0 +1,88 @@
+name: Testing Mergability
+
+on: 
+  pull_request:
+    branches:
+      - main
+jobs:
+  Test:
+    name: "Testing Builds"
+    runs-on: ubuntu-latest
+    container:
+      image: ubuntu:22.04
+    steps:
+      # This action checks-out your repository under $GITHUB_WORKSPACE, so your workflow can access it.
+      - uses: actions/checkout@v3
+
+      # This action downloads and caches distribution of the requested Node.js version and adds it to the PATH.
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 16
+
+      # CI Stage
+      - name: Pre Requisites
+        run: |
+          npm i
+          npm i -g @sap/cds-dk
+          cds build --production
+
+  Deploy:
+    name: Deploy to Kyma
+    runs-on: ubuntu-latest
+    container:
+      image: ubuntu:22.04
+    steps:
+      - uses: actions/checkout@v3
+
+      # install dependencies required for deployment
+      - run: apt-get update -y
+      - run: apt-get install software-properties-common -y
+      - run: apt-get install curl ca-certificates -y
+      - run: apt install sudo
+
+      # kubectl
+      - run: curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /etc/apt/keyrings/kubernetes-archive-keyring.gpg add -
+      - run: echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
+      - run: sudo apt-get update -y
+      - run: sudo apt-get install kubectl -y
+
+      # pack
+      - run: sudo add-apt-repository ppa:cncf-buildpacks/pack-cli -y
+      - run: sudo apt-get update -y
+      - run: sudo apt-get install pack-cli -y
+
+      # docker
+      - run: sudo apt-get install docker.io -y
+
+      # helm
+      - run: curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
+
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 16
+
+      # reusable action to deploy on kyma
+      - uses: ./.github/actions/deploy
+        with:
+          env: dev
+          IMAGEREGISTRY: ${{ secrets.IMAGEREGISTRY }}
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+          KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
+          IMAGEPULLSECRET: ${{ secrets.IMAGEPULLSECRET }}
+
+
+      # to print the deployment urls on the PR
+      - name: Comment Result on PR
+        uses: actions/github-script@v6
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          script: |
+            const body = `${{ env.HELM_INSTALL_OUTPUT }}`
+
+            await github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: body
+            })
diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml
@@ -0,0 +1,77 @@
+name: Staging
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [main]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  # cancel-in-progress: true
+
+jobs:
+  Build:
+    name: "Building Project"
+    runs-on: ubuntu-latest
+    container:
+      image: ubuntu:22.04
+    steps:
+      # This action checks-out your repository under $GITHUB_WORKSPACE, so your workflow can access it.
+      - uses: actions/checkout@v3
+
+      # This action downloads and caches distribution of the requested Node.js version and adds it to the PATH.
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 16
+
+      # CI Stage
+      - name: Pre Requisites
+        run: |
+          npm i
+          npm i -g @sap/cds-dk
+          cds build --production
+
+  Deploy:
+    name: Deploy to Kyma
+    runs-on: ubuntu-latest
+    container:
+      image: ubuntu:22.04
+    steps:
+      - uses: actions/checkout@v3
+
+      # install dependencies required for deployment
+      - run: apt-get update -y
+      - run: apt-get install software-properties-common -y
+      - run: apt-get install curl ca-certificates -y
+      - run: apt install sudo
+
+      # kubectl
+      - run: curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /etc/apt/keyrings/kubernetes-archive-keyring.gpg add -
+      - run: echo "deb [signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
+      - run: sudo apt-get update -y
+      - run: sudo apt-get install kubectl -y
+
+      # pack
+      - run: sudo add-apt-repository ppa:cncf-buildpacks/pack-cli -y
+      - run: sudo apt-get update -y
+      - run: sudo apt-get install pack-cli -y
+
+      # docker
+      - run: sudo apt-get install docker.io -y
+
+      # helm
+      - run: curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
+
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 16
+
+      # reusable action to deploy on kyma
+      - uses: ./.github/actions/deploy
+        with:
+          env: staging
+          IMAGEREGISTRY: ${{ secrets.IMAGEREGISTRY }}
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+          KUBE_CONFIG: ${{ secrets.KUBE_CONFIG }}
+          IMAGEPULLSECRET: ${{ secrets.IMAGEPULLSECRET }}
diff --git a/kubeconfig/create-kubeconfig.sh b/kubeconfig/create-kubeconfig.sh
@@ -0,0 +1,27 @@
+# API server URL is api.KYMA_CLUSTER_DOMAIN
+ns=sidak
+API_SERVER_URL=$(kubectl config view -o=jsonpath='{.clusters[].cluster.server}')
+
+SECRET_NAME=cicd-tutorial-service-account
+
+CA=$(kubectl get secret/${SECRET_NAME} -n $ns -o jsonpath='{.data.ca\.crt}')
+TOKEN=$(kubectl get secret/${SECRET_NAME} -n $ns -o jsonpath='{.data.token}' | base64 --decode)
+
+echo "apiVersion: v1
+kind: Config
+clusters:
+  - name: default-cluster
+    cluster:
+      certificate-authority-data: ${CA}
+      server: ${API_SERVER_URL}
+users:
+  - name: default-user
+    user:
+      token: ${TOKEN}
+contexts:
+  - name: default-context
+    context:
+      cluster: default-cluster
+      namespace: $ns
+      user: default-user
+current-context: default-context"
diff --git a/kubeconfig/service-account.yaml b/kubeconfig/service-account.yaml
@@ -0,0 +1,70 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: cicd-tutorial-service-account
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cicd-tutorial-service-account
+  annotations:
+    kubernetes.io/service-account.name: cicd-tutorial-service-account
+type: kubernetes.io/service-account-token
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: cicd-tutorial-role
+rules:
+  - apiGroups:
+      - ""
+      - extensions
+      - batch
+      - apps
+      - gateway.kyma-project.io
+      - servicecatalog.k8s.io
+      - networking.k8s.io
+      - policy
+      - services.cloud.sap.com
+    resources:
+      - deployments
+      - replicasets
+      - pods
+      - jobs
+      - configmaps
+      - apirules
+      - serviceinstances
+      - servicebindings
+      - services
+      - secrets
+      - networkpolicies
+      - poddisruptionbudgets
+      - servicebindings/status
+      - serviceaccounts
+    verbs:
+      - create
+      - update
+      - patch
+      - delete
+      - get
+      - list
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: cicd-tutorial-role-binding
+subjects:
+  - kind: ServiceAccount
+    name: cicd-tutorial-service-account
+    namespace: sidak
+roleRef:
+  kind: ClusterRole
+  name: cicd-tutorial-role
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cicd-tutorial-config-map
+data:
+  out: "Congrats, you completed the cicd-tutorial successfully!"