test(ci/cd) testing main.yml for backend #27
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: DevOps Engineer Assignment Workflow | |
| on: | |
| push: | |
| branches: [main, dev] | |
| paths: | |
| - .github/workflows/main.yml | |
| - frontend/* | |
| - backend/* | |
| - k8s/manifests/**/* | |
| pull_request: | |
| branches: [main] | |
| defaults: | |
| run: | |
| shell: bash | |
| permissions: | |
| actions: write | |
| contents: write | |
| jobs: | |
| Build-And-Test: | |
| if: ${{ github.event_name == 'pull_request' }} | |
| runs-on: ubuntu-22.04 | |
| defaults: | |
| run: | |
| shell: bash | |
| working-directory: ./backend | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| with: | |
| refs: ${{ github.refs_name }} | |
| - name: Setup node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '14.21.3' | |
| - name: Install dependencies | |
| run: npm install | |
| - name: Create production build folder | |
| run: npm run build --if-present | |
| - name: Testing API | |
| run: npm test | |
| ################################### FRONTEND ############################################### | |
| Build-And-Push-Frontend: | |
| if: contains(github.event.head_commit.message, 'frontend') | |
| runs-on: ubuntu-24.04 | |
| defaults: | |
| run: | |
| shell: bash | |
| working-directory: frontend/ | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.ref_name }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ vars.DOCKER_USER }} | |
| password: ${{ secrets.DOCKER_TOKEN }} | |
| - name: Building Docker Image | |
| run: docker build . -t ${{ vars.DOCKER_USER }}/eng-frontend:1.${{ github.run_number }}.${{ github.run_attempt}} | |
| - name: Pushing Docker Image | |
| run: docker push ${{ vars.DOCKER_USER }}/eng-frontend:1.${{ github.run_number }}.${{ github.run_attempt}} | |
| Image-Vuln-Check-Frontend: | |
| if: contains(github.event.head_commit.message, 'frontend') | |
| runs-on: ubuntu-24.04 | |
| needs: [Build-And-Push-Frontend] | |
| continue-on-error: true | |
| defaults: | |
| run: | |
| shell: bash | |
| working-directory: frontend/ | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Run Trivy Vulnerability Scanner | |
| uses: aquasecurity/[email protected] | |
| with: | |
| image-ref: "docker.io/${{ vars.DOCKER_USER }}/eng-frontend:1.${{ github.run_number }}.${{ github.run_attempt}}" | |
| format: "table" | |
| exit-code: "1" | |
| ignore-unfixed: true | |
| output: trivy-report-frontend.txt | |
| vuln-type: "os,library" | |
| severity: "CRITICAL,HIGH" | |
| - name: Upload Artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: trivy-report-frontend | |
| path: trivy-report-frontend.txt | |
| Update-ImgTag-Frontend: | |
| runs-on: ubuntu-24.04 | |
| needs: [Image-Vuln-Check-Frontend] | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Update tag in K8s Deployment | |
| run: | | |
| sed -i 's|\(uj5ghare/eng-frontend:\)[^[:space:]]*|\11.${{ github.run_number }}.${{ github.run_attempt}}|' k8s/manifests/frontend/deployment.yml | |
| - name: Commit and push changes | |
| run: | | |
| git pull origin ${{ github.ref_name }} | |
| git config --global user.email "${{ secrets.GH_USER_MAIL }}" | |
| git config --global user.name "${{ vars.GH_USER_NAME }}" | |
| git add . | |
| git commit -m "refactor(k8s) updated k8s deployment image tag" | |
| git push | |
| #NOTE: I understand that following job does not adhere to real-world practices, but it is simply an experiment to showcase that we can use k8s to deploy our apps to github servers to simulate how it will function on our actual server/vm. | |
| # I could have utilized EKS cluster here, but it's a very expensive service, and my AWS credits are ov | |
| Deploy-On-Minikube-Frontend: | |
| if: contains(github.event.head_commit.message, 'frontend') | |
| runs-on: ubuntu-24.04 | |
| needs: [Update-ImgTag-Frontend] | |
| defaults: | |
| run: | |
| shell: bash | |
| working-directory: k8s/manifests/frontend/ | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| refs: ${{ github.refs_name }} | |
| - name: Start minikube | |
| uses: medyagh/setup-minikube@latest | |
| - name: Try the cluster! | |
| run: kubectl get pods -A | |
| - name: Deploy to minikube | |
| run: | | |
| kubectl apply -f namespace.yml | |
| kubectl apply -f . | |
| - name: Watch the changes | |
| run: | | |
| sleep 20 | |
| kubectl get all -n app | |
| sleep 10 | |
| kubectl get all -n app | |
| Slack-Notification-Frontend: | |
| if: contains(github.event.head_commit.message, 'frontend') | |
| runs-on: ubuntu-24.04 | |
| needs: [Deploy-On-Minikube-Frontend] | |
| steps: | |
| - name: Post to a Slack channel | |
| uses: slackapi/[email protected] | |
| with: | |
| method: chat.postMessage | |
| token: ${{ secrets.SLACK_BOT_TOKEN }} | |
| payload: | | |
| channel: ${{ secrets.SLACK_CHANNEL_ID }} | |
| text: "GitHub Action Deployment result: ${{ job.status }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}" | |
| blocks: | |
| - type: "section" | |
| text: | |
| type: "mrkdwn" | |
| text: "GitHub Action Deployment result: ${{ job.status }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}" | |
| ################################### BACKEND ############################################### | |
| Build-And-Push-Backend: | |
| if: contains(github.event.head_commit.message, 'backend') | |
| runs-on: ubuntu-24.04 | |
| defaults: | |
| run: | |
| shell: bash | |
| working-directory: backend/ | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.ref_name }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ vars.DOCKER_USER }} | |
| password: ${{ secrets.DOCKER_TOKEN }} | |
| - name: Building Docker Image | |
| run: docker build . -t ${{ vars.DOCKER_USER }}/eng-backend:1.${{ github.run_number }}.${{ github.run_attempt}} | |
| - name: Pushing Docker Image | |
| run: docker push ${{ vars.DOCKER_USER }}/eng-backend:1.${{ github.run_number }}.${{ github.run_attempt}} | |
| Image-Vuln-Check-Backend: | |
| if: contains(github.event.head_commit.message, 'backend') | |
| runs-on: ubuntu-24.04 | |
| needs: [Build-And-Push-Backend] | |
| continue-on-error: true | |
| defaults: | |
| run: | |
| shell: bash | |
| working-directory: backend/ | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Run Trivy Vulnerability Scanner | |
| uses: aquasecurity/[email protected] | |
| with: | |
| image-ref: "docker.io/${{ vars.DOCKER_USER }}/eng-backend:1.${{ github.run_number }}.${{ github.run_attempt}}" | |
| format: "json" | |
| exit-code: "1" | |
| ignore-unfixed: true | |
| output: trivy-report-backend.txt | |
| vuln-type: "os,library" | |
| severity: "CRITICAL,HIGH" | |
| - name: Upload Artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: trivy-report-backend | |
| path: trivy-report-backend.txt | |
| Update-ImgTag-Backend: | |
| runs-on: ubuntu-24.04 | |
| needs: [Image-Vuln-Check-Backend] | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Update tag in K8s Deployment | |
| run: | | |
| sed -i 's|\(uj5ghare/eng-backend:\)[^[:space:]]*|\11.${{ github.run_number }}.${{ github.run_attempt}}|' k8s/manifests/backend/deployment.yml | |
| - name: Commit and push changes | |
| run: | | |
| git pull origin ${{ github.ref_name }} | |
| git config --global user.email "${{ secrets.GH_USER_MAIL }}" | |
| git config --global user.name "${{ vars.GH_USER_NAME }}" | |
| git add . | |
| git commit -m "refactor(k8s) updated k8s deployment image tag" | |
| git push | |
| #NOTE: I understand that following job does not adhere to real-world practices, but it is simply an experiment to showcase that we can use k8s to deploy our apps to github servers to simulate how it will function on our actual server/vm. | |
| # I could have utilized EKS cluster here, but it's a very expensive service, and my AWS credits are over. | |
| Deploy-On-Minikube-Backend: | |
| if: contains(github.event.head_commit.message, 'backend') | |
| runs-on: ubuntu-24.04 | |
| needs: [Update-ImgTag-Backend] | |
| defaults: | |
| run: | |
| shell: bash | |
| working-directory: k8s/manifests/backend/ | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| refs: ${{ github.refs_name }} | |
| - name: Start minikube | |
| uses: medyagh/setup-minikube@latest | |
| - name: Enable Metrics Server | |
| run: | | |
| minikube addons enable metrics-server | |
| kubectl wait --for=condition=available --timeout=300s deployment/metrics-server -n kube-system | |
| - name: Install Prometheus and Grafana | |
| run: | | |
| helm repo add prometheus-community https://prometheus-community.github.io/helm-charts | |
| helm repo update | |
| helm install prometheus prometheus-community/prometheus --set alertmanager.enabled=true | |
| - name: Deploy to minikube | |
| run: | | |
| kubectl apply -f namespace.yml | |
| kubectl apply -f . | |
| - name: Watch the changes | |
| run: | | |
| sleep 10 | |
| kubectl get all -n kube-system | |
| sleep 15 | |
| kubectl get all -n app | |
| sleep 5 | |
| kubectl port-forward svc/node-svc 8000:80 --address 0.0.0.0 -n app & | |
| # - name: Monitor Resource Usage | |
| # run: | | |
| # sleep 30 | |
| # kubectl top pods -n app | |
| # kubectl get all -n app | |
| - name: Health Check for Backend | |
| run: | | |
| set -e | |
| for i in {1..5}; do | |
| if curl -fsS http://localhost:8000/status; then | |
| echo "Backend is healthy!" | |
| exit 0 | |
| else | |
| echo "Attempt $i: Backend is down!" | |
| sleep 10 | |
| fi | |
| done | |
| echo "ALERT: Backend is down!" >&2 | |
| - name: Expose Grafana | |
| run: | | |
| kubectl port-forward service/grafana 3000:80 & | |
| echo "Grafana dashboard is accessible at http://localhost:3000" | |
| Slack-Notification-Backend: | |
| if: contains(github.event.head_commit.message, 'backend') | |
| runs-on: ubuntu-24.04 | |
| needs: [Deploy-On-Minikube-Backend] | |
| steps: | |
| - name: Post to a Slack channel | |
| uses: slackapi/[email protected] | |
| with: | |
| method: chat.postMessage | |
| token: ${{ secrets.SLACK_BOT_TOKEN }} | |
| payload: | | |
| channel: ${{ secrets.SLACK_CHANNEL_ID }} | |
| text: "GitHub Action Deployment result: ${{ job.status }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}" | |
| blocks: | |
| - type: "section" | |
| text: | |
| type: "mrkdwn" | |
| text: "GitHub Action Deployment result: ${{ job.status }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}" |