Skip to content
React.js CI

modify ci #36

Sign in to view logs

modify ci

modify ci #36

Workflow file for this run

.github/workflows/ci.yaml at 4a07c6d
#
name: React.js CI
on:
push:
branches: "main"
jobs:
# frontend-test:
# runs-on: ubuntu-latest
# defaults:
# run:
# working-directory: ./quiz-app
# strategy:
# matrix:
# node-version: [20.x]
# architecture: [x64]
# steps:
# - name: Check-out git repository
# uses: actions/checkout@v4
# - name: USE NODEJS ${{ matrix.node-version }} - ${{ matrix.architecture }}
# uses: actions/setup-node@v4
# - name: Install project dependencies
# working-directory: ./quiz-app
# run: |
# npm i
# npm run lint
# npm install --save-dev --save-exact prettier
# npm run prettier
# npm test
# env:
# CI: true
# - name: Build
# run: npm run build
# working-directory: ./quiz-app
# # Setup sonar-scanner
# - name: Setup SonarQube
# uses: warchant/setup-sonar-scanner@v8
# - name: Analyze with SonarCloud
# uses: sonarsource/sonarcloud-github-action@master
# env:
# GITHUB_TOKEN: ${{ secrets._GITHUB_TOKEN }}
# SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
# with:
# projectBaseDir: quiz-app
# args: >
# -Dsonar.organization=${{ secrets.SONAR_ORGANIZATION }}
# -Dsonar.projectKey=${{ secrets.SONAR_PROJECT_KEY }}
# -Dsonar.host.url=${{ secrets.SONAR_URL }}
# -Dsonar.login=${{ secrets.SONAR_TOKEN }}
# -Dsonar.sources=src/
# -Dsonar.verbose=true
# backend-test:
# runs-on: ubuntu-latest
# defaults:
# run:
# working-directory: ./backend
# strategy:
# matrix:
# node-version: [20.x]
# architecture: [x64]
# steps:
# - name: Check-out git repository
# uses: actions/checkout@v4
# - name: USE NODEJS ${{ matrix.node-version }} - ${{ matrix.architecture }}
# uses: actions/setup-node@v4
# - name: Install project dependencies
# working-directory: ./backend
# run: |
# npm i
# npm run lint
# npm install --save-dev --save-exact prettier
# npm run prettier
# npm test
# env:
# CI: true
# # Setup sonar-scanner
# - name: Setup SonarQube
# uses: warchant/setup-sonar-scanner@v8
# - name: Analyze with SonarCloud
# uses: sonarsource/sonarcloud-github-action@master
# env:
# GITHUB_TOKEN: ${{ secrets._GITHUB_TOKEN }}
# SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
# with:
# projectBaseDir: backend
# args: >
# -Dsonar.organization=${{ secrets.SONAR_ORGANIZATION }}
# -Dsonar.projectKey=${{ secrets.SONAR_PROJECT_KEY }}
# -Dsonar.host.url=${{ secrets.SONAR_URL }}
# -Dsonar.login=${{ secrets.SONAR_TOKEN }}
# -Dsonar.sources=.
# -Dsonar.verbose=true
# frontend-security:
# needs: frontend-test
# runs-on: ubuntu-latest
# defaults:
# run:
# working-directory: ./quiz-app
# steps:
# - uses: actions/checkout@master
# - name: Run Snyk to check for vulnerabilities
# uses: snyk/actions/node@master
# continue-on-error: true # To make sure that SARIF upload gets called
# env:
# SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
# - name: Install Snyk CLI
# uses: snyk/actions/setup@master
# with:
# version: latest
# env:
# SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
# - name: Snyk Authenticate
# run: snyk auth ${{ secrets.SNYK_TOKEN }}
# - name: Snyk Code Test
# run: snyk code test --all-projects
# continue-on-error: true
# backend-security:
# needs: backend-test
# runs-on: ubuntu-latest
# defaults:
# run:
# working-directory: ./backend
# steps:
# - uses: actions/checkout@master
# - name: Run Snyk to check for vulnerabilities
# uses: snyk/actions/node@master
# continue-on-error: true # To make sure that SARIF upload gets called
# env:
# SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
# - name: Install Snyk CLI
# uses: snyk/actions/setup@master
# with:
# version: latest
# env:
# SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
# - name: Snyk Authenticate
# run: snyk auth ${{ secrets.SNYK_TOKEN }}
# - name: Snyk Code Test
# run: snyk code test --all-projects
# continue-on-error: true
frontend-image:
# needs: frontend-security
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
actions: read
steps:
- uses: actions/checkout@v4
- name: Build and push backend Docker image
working-directory: ./quiz-app
run: |
docker build . -t ${{ secrets.DOCKER_USERNAME }}/frontend-js:${{ github.run_number }}
echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
docker push ${{ secrets.DOCKER_USERNAME }}/frontend-js:${{ github.run_number }}
# - name: Run Trivy vulnerability scanner
# uses: aquasecurity/trivy-action@master
# with:
# image-ref: 'docker.io/${{ secrets.DOCKER_USERNAME }}/frontend-js:${{ github.run_number }}'
# format: 'sarif'
# output: 'trivy-results.sarif'
# severity: 'CRITICAL,HIGH'
# - name: Install Snyk CLI
# uses: snyk/actions/setup@master
# with:
# snyk-token: ${{ secrets.SNYK_TOKEN }}
# - name: Snyk Authenticate
# run: snyk auth ${{ secrets.SNYK_TOKEN }}
# - name: Snyk Container monitor
# run: snyk container monitor ${{ secrets.DOCKER_USERNAME }}/frontend-js --file=Dockerfile
# working-directory: ./quiz-app
# - name: Run Snyk to check for vulnerabilities in the Docker image
# uses: snyk/actions/docker@master
# with:
# image: ${{ secrets.DOCKER_USERNAME }}/frontend-js
# args: --file=quiz-app/Dockerfile --severity-threshold=high
# env:
# SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
# continue-on-error: true
backend-image:
# needs: backend-security
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
actions: read
steps:
- uses: actions/checkout@v4
- name: Build and push backend Docker image
working-directory: ./backend
run: |
docker build . -t ${{ secrets.DOCKER_USERNAME }}/backend-api:${{ github.run_number }}
echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
docker push ${{ secrets.DOCKER_USERNAME }}/backend-api:${{ github.run_number }}
# - name: Run Trivy vulnerability scanner
# uses: aquasecurity/trivy-action@master
# with:
# image-ref: 'docker.io/${{ secrets.DOCKER_USERNAME }}/backend-api:${{ github.run_number }}'
# format: 'sarif'
# output: 'trivy-results.sarif'
# severity: 'CRITICAL,HIGH'
# - name: Install Snyk CLI
# uses: snyk/actions/setup@master
# with:
# snyk-token: ${{ secrets.SNYK_TOKEN }}
# - name: Snyk Authenticate
# run: snyk auth ${{ secrets.SNYK_TOKEN }}
# - name: Snyk Container monitor
# run: snyk container monitor ${{ secrets.DOCKER_USERNAME }}/backend-api --file=Dockerfile
# working-directory: ./backend
# - name: Run Snyk to check for vulnerabilities in the Docker image
# uses: snyk/actions/docker@master
# with:
# image: ${{ secrets.DOCKER_USERNAME }}/backend-api
# args: --file=backend/Dockerfile --severity-threshold=high
# env:
# SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
# continue-on-error: true
# k8s-manifest-scan:
# needs: [backend-security, frontend-security]
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v4
# - name: Run Snyk to check Kubernetes manifest file for issues
# uses: snyk/actions/iac@master
# env:
# SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
# with:
# file: kubernetes-manifest/
# args: --severity-threshold=high
update-images-at-manifest-files:
# needs: [k8s-manifest-scan, backend-image, frontend-image]
needs: [backend-image, frontend-image]
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up Git
run: |
git config user.email "[email protected]"
git config user.name "ibrahimzaghloul"
- name: Change image version in frontend and backend deployment files
run: |
echo "change image version .."
sed -i "s|image:.*frontend-js:.*|image: ${{ secrets.DOCKER_USERNAME }}/frontend-js:${{ github.run_number }}|g" kubernetes-manifest/frontend.yaml
sed -i "s|image:.*backend-api:.*|image: ${{ secrets.DOCKER_USERNAME }}/backend-api:${{ github.run_number }}|g" kubernetes-manifest/backend.yaml
- name: Commit changes
run: |
git add .
git commit -m "Update deployment image to version ${{ github.run_number }}"
- name: Push changes
uses: ad-m/[email protected]
with:
github_token: ${{ secrets._GITHUB_TOKEN }}
branch: main # Update the branch name to 'main'