From 8bae55a408fec3d18181806a9a8b243e935ac2e1 Mon Sep 17 00:00:00 2001
From: ujwal pachghare <131592212+Uj5Ghare@users.noreply.github.com>
Date: Sun, 8 Dec 2024 17:59:09 +0530
Subject: [PATCH] refactor(ci/cd) Update main.yml with trivy and k8s stages

---
 .github/workflows/main.yml | 157 +++++++++++++++++++++++++++++++------
 1 file changed, 131 insertions(+), 26 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index c92cdd8..f9a831b 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -30,29 +30,134 @@ jobs:
   #   - name: Create production build folder
   #     run: npm run build --if-present
 
-    Docker:
-      runs-on: ubuntu-24.04
-      defaults:
-        run:
-          shell: bash 
-          working-directory: ./frontend
-      steps:
-        - name: Checkout Code
-          uses: actions/checkout@v4
-          with:
-            refs: ${{ github.refs_name }}
-        - name: Login to Docker Hub
-          uses: docker/login-action@v3
-          with:
-            username: ${{ vars.DOCKER_USER }}
-            password: ${{ secrets.DOCKER_TOKEN }}
-        - name: Set up QEMU
-          uses: docker/setup-qemu-action@v3
-        - name: Set up Docker Buildx
-          uses: docker/setup-buildx-action@v3
-        - name: Build and push
-          uses: docker/build-push-action@v6
-          with:
-            context: fronted/
-            push: true
-            tags: ${{ vars.DOCKER_USER }}/eng-frontend:${{ github.run_number }} 
+  Image-Vuln-Check-Frontend:
+    runs-on: ubuntu-24.04
+    continue-on-error: true
+    defaults:
+      run:
+        shell: bash
+        working-directory: frontend/
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Build Docker Image
+        run: docker build -t docker.io/${{ vars.DOCKER_USER }}/eng-frontend:${{ github.sha }} .
+      - name: Run Trivy Vulnerability Scanner
+        uses: aquasecurity/trivy-action@0.20.0
+        with:
+          image-ref: "docker.io/${{ vars.DOCKER_USER }}/eng-frontend:${{ github.sha }}"
+          format: "table"
+          exit-code: "1"
+          ignore-unfixed: true
+          output: trivy-report-frontend.txt
+          vuln-type: "os,library"
+          severity: "CRITICAL,HIGH"
+      - name: Upload Artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: trivy-report-frontend
+          path: trivy-report-frontend.txt
+
+  Image-Vuln-Check-Backend:
+    runs-on: ubuntu-24.04
+    continue-on-error: true
+    defaults:
+      run:
+        shell: bash
+        working-directory: backend/
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Build Docker Image
+        run: docker build -t docker.io/${{ vars.DOCKER_USER }}/eng-backend:${{ github.sha }} .
+      - name: Run Trivy Vulnerability Scanner
+        uses: aquasecurity/trivy-action@0.20.0
+        with:
+          image-ref: "docker.io/${{ vars.DOCKER_USER }}/eng-backend:${{ github.sha }}"
+          format: "table"
+          exit-code: "1"
+          ignore-unfixed: true
+          output: trivy-report-backend.txt
+          vuln-type: "os,library"
+          severity: "CRITICAL,HIGH"
+      - name: Upload Artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: trivy-report-backend
+          path: trivy-report-backend.txt
+
+  Push-To-DockerHub-Frontend:
+    runs-on: ubuntu-24.04
+    needs: [Image-Vuln-Check-Frontend]
+    defaults:
+      run:
+        shell: bash
+        working-directory: frontend/
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref_name }}
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to Docker Registry
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+      - name: Building Docker Image
+        run: docker build . -t ${{ vars.DOCKER_USER }}/eng-frontend:1.${{ github.run_number }}.${{ github.run_attempt}}
+      - name: Pushing Docker Image
+        run: docker push ${{ vars.DOCKER_USER }}/eng-frontend:1.${{ github.run_number }}.${{ github.run_attempt}}
+  
+  Push-To-DockerHub-Backend:
+    runs-on: ubuntu-24.04
+    needs: [Image-Vuln-Check-Backend]
+    defaults:
+      run:
+        shell: bash
+        working-directory: backend/
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.ref_name }}
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to Docker Registry
+        uses: docker/login-action@v3
+        with:
+          username: ${{ vars.DOCKER_USER }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+      - name: Building Docker Image
+        run: docker build . -t ${{ vars.DOCKER_USER }}/eng-backend:1.${{ github.run_number }}.${{ github.run_attempt}}
+      - name: Pushing Docker Image
+        run: docker push ${{ vars.DOCKER_USER }}/eng-backend:1.${{ github.run_number }}.${{ github.run_attempt}}
+
+  Deploy-On-Minikube:
+    runs-on: ubuntu-24.04
+    needs: [Push-To-DockerHub-Frontend, Push-To-DockerHub-Backend]
+    defaults:
+      run: 
+        shell: bash
+        working-directory: k8s/manifests/
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        refs: ${{ github.refs_name }}
+    - name: Start minikube
+      uses: medyagh/setup-minikube@latest
+    - name: Try the cluster!
+      run: kubectl get pods -A       
+    - name: Deploy to minikube
+      run:
+        kubectl apply -f frontend/namespace.yml
+        kubectl apply -f frontend/.
+    - name: Watch the changes
+      run: | 
+        sleep 20
+        kubectl get all -n app