shared-digitalgarage/lifesub
1
0
Fork 0
mirror of https://github.com/cna-bootcamp/lifesub.git synced 2026-01-21 11:06:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

add github aciton

Browse Source
This commit is contained in:
hiondal 2025-03-03 22:51:39 +09:00
parent 04195047d1
commit 88ec08f7c1
1 changed files with 180 additions and 165 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

333
.github/workflows/cicd.yaml vendored
View File

@ -1,21 +1,28 @@
name: Backend CI/CD Pipeline name: Backend CI/CD
on: on:
push: push:
branches: branches:
- cicd - cicd
paths: paths:
- 'member/**' - '**/*.java'
- 'mysub/**' - '**/*.gradle'
- 'recommend/**' - '**/build.gradle'
- 'common/**' - '**/settings.gradle'
- '**/gradle.properties'
- 'deployment/**' - 'deployment/**'
- '.github/workflows/**' - '.github/workflows/cicd.yaml'
env:
REGISTRY: ghcr.io
RESOURCE_GROUP: ictcoe-edu
jobs: jobs:
build: build:
name: Build and Test name: Build and Test
runs-on: ubuntu-latest runs-on: ubuntu-latest
outputs:
image_tag: ${{ steps.set_outputs.outputs.image_tag }}
steps: steps:
- name: Checkout code - name: Checkout code
@ -28,76 +35,85 @@ jobs:
distribution: 'temurin' distribution: 'temurin'
cache: gradle cache: gradle
- name: Load environment variables
id: env_vars
run: |
# Load environment variables from file
while IFS= read -r line; do
# Skip comments and empty lines
[[ "$line" =~ ^#.*$ ]] && continue
[[ -z "$line" ]] && continue
# Extract key and value
key=$(echo "$line" | cut -d= -f1)
value=$(echo "$line" | cut -d= -f2-)
echo "$key=$value" >> $GITHUB_ENV
done < deployment/deploy_env_vars
echo "teamid=$teamid" >> $GITHUB_OUTPUT
- name: Grant execute permission for gradlew - name: Grant execute permission for gradlew
run: chmod +x ./gradlew run: chmod +x ./gradlew
- name: Build with Gradle - name: Build with Gradle
run: ./gradlew :member:build :mysub-infra:build :recommend:build -x test run: |
./gradlew :member:build :mysub-infra:build :recommend:build -x test
- name: Run tests - name: Run tests
run: | run: |
./gradlew :member:test :member:jacocoTestReport ./gradlew :member:test :mysub-infra:test :recommend:test
./gradlew :mysub-infra:test :mysub-infra:jacocoTestReport
./gradlew :recommend:test :recommend:jacocoTestReport
- name: SonarQube Analysis - Member - name: Run SonarQube Analysis
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
run: | run: |
./gradlew :member:sonar \ ./gradlew :member:jacocoTestReport :member:sonar \
-Dsonar.projectKey=lifesub-member \ -Dsonar.projectKey=lifesub-member \
-Dsonar.projectName=lifesub-member \ -Dsonar.host.url=${{ secrets.SONAR_HOST_URL }} \
-Dsonar.host.url=$SONAR_HOST_URL \ -Dsonar.login=${{ secrets.SONAR_TOKEN }} \
-Dsonar.token=$SONAR_TOKEN \
-Dsonar.java.binaries=build/classes/java/main \ -Dsonar.java.binaries=build/classes/java/main \
-Dsonar.coverage.jacoco.xmlReportPaths=build/reports/jacoco/test/jacocoTestReport.xml \ -Dsonar.coverage.jacoco.xmlReportPaths=build/reports/jacoco/test/jacocoTestReport.xml \
-Dsonar.exclusions=**/config/**,**/entity/**,**/dto/**,**/*Application.class,**/exception/** -Dsonar.exclusions=**/config/**,**/entity/**,**/dto/**,**/*Application.class,**/exception/**
- name: SonarQube Analysis - Recommend ./gradlew :recommend:jacocoTestReport :recommend:sonar \
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
run: |
./gradlew :recommend:sonar \
-Dsonar.projectKey=lifesub-recommend \ -Dsonar.projectKey=lifesub-recommend \
-Dsonar.projectName=lifesub-recommend \ -Dsonar.host.url=${{ secrets.SONAR_HOST_URL }} \
-Dsonar.host.url=$SONAR_HOST_URL \ -Dsonar.login=${{ secrets.SONAR_TOKEN }} \
-Dsonar.token=$SONAR_TOKEN \
-Dsonar.java.binaries=build/classes/java/main \ -Dsonar.java.binaries=build/classes/java/main \
-Dsonar.coverage.jacoco.xmlReportPaths=build/reports/jacoco/test/jacocoTestReport.xml \ -Dsonar.coverage.jacoco.xmlReportPaths=build/reports/jacoco/test/jacocoTestReport.xml \
-Dsonar.exclusions=**/config/**,**/entity/**,**/dto/**,**/*Application.class,**/exception/** -Dsonar.exclusions=**/config/**,**/entity/**,**/dto/**,**/*Application.class,**/exception/**
- name: SonarQube Analysis - Mysub ./gradlew :mysub-infra:jacocoTestReport :mysub-infra:sonar \
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
run: |
./gradlew :mysub-infra:sonar \
-Dsonar.projectKey=lifesub-mysub \ -Dsonar.projectKey=lifesub-mysub \
-Dsonar.projectName=lifesub-mysub \ -Dsonar.host.url=${{ secrets.SONAR_HOST_URL }} \
-Dsonar.host.url=$SONAR_HOST_URL \ -Dsonar.login=${{ secrets.SONAR_TOKEN }} \
-Dsonar.token=$SONAR_TOKEN \
-Dsonar.java.binaries=build/classes/java/main \ -Dsonar.java.binaries=build/classes/java/main \
-Dsonar.coverage.jacoco.xmlReportPaths=build/reports/jacoco/test/jacocoTestReport.xml \ -Dsonar.coverage.jacoco.xmlReportPaths=build/reports/jacoco/test/jacocoTestReport.xml \
-Dsonar.exclusions=**/config/**,**/entity/**,**/dto/**,**/*Application.class,**/exception/** -Dsonar.exclusions=**/config/**,**/entity/**,**/dto/**,**/*Application.class,**/exception/**
- name: Upload artifacts - name: Generate timestamp for image tag
id: set_outputs
run: |
echo "image_tag=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_OUTPUT
- name: Upload build artifacts
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@v4
with: with:
name: build-artifacts name: backend-builds
path: | path: |
member/build/libs member/build/libs/
mysub-infra/build/libs mysub-infra/build/libs/
recommend/build/libs recommend/build/libs/
deployment/ deployment/
retention-days: 1
release: release:
name: Build and Push Container Images name: Build and Push Docker Images
runs-on: ubuntu-latest
needs: build needs: build
runs-on: ubuntu-latest
outputs: outputs:
image_tag: ${{ steps.set-image-tag.outputs.image_tag }} member_image: ${{ steps.push_images.outputs.member_image }}
mysub_image: ${{ steps.push_images.outputs.mysub_image }}
recommend_image: ${{ steps.push_images.outputs.recommend_image }}
steps: steps:
- name: Checkout code - name: Checkout code
@ -106,70 +122,74 @@ jobs:
- name: Download build artifacts - name: Download build artifacts
uses: actions/download-artifact@v4 uses: actions/download-artifact@v4
with: with:
name: build-artifacts name: backend-builds
path: .
- name: Read deployment variables - name: Load environment variables
run: | run: |
source deployment/deploy_env_vars # Load environment variables from file
echo "REGISTRY=$registry" >> $GITHUB_ENV while IFS= read -r line; do
echo "IMAGE_ORG=$image_org" >> $GITHUB_ENV # Skip comments and empty lines
echo "NAMESPACE=$namespace" >> $GITHUB_ENV [[ "$line" =~ ^#.*$ ]] && continue
[[ -z "$line" ]] && continue
# Extract key and value
key=$(echo "$line" | cut -d= -f1)
value=$(echo "$line" | cut -d= -f2-)
echo "$key=$value" >> $GITHUB_ENV
done < deployment/deploy_env_vars
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx - name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3 uses: docker/setup-buildx-action@v3
- name: Log in to Azure Container Registry - name: Build and push Docker images
uses: docker/login-action@v3 id: push_images
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.ACR_USERNAME }}
password: ${{ secrets.ACR_PASSWORD }}
- name: Generate image tag
id: set-image-tag
run: | run: |
IMAGE_TAG=$(date +'%Y%m%d%H%M%S') IMAGE_TAG=${{ needs.build.outputs.image_tag }}
echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT
echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV
- name: Build and push Member image # Member service
uses: docker/build-push-action@v5 docker build \
with: --build-arg BUILD_LIB_DIR="member/build/libs" \
context: . --build-arg ARTIFACTORY_FILE="member.jar" \
push: true -f deployment/Dockerfile \
file: deployment/Dockerfile -t ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ env.image_org }}/member:${IMAGE_TAG} .
build-args: |
BUILD_LIB_DIR=member/build/libs
ARTIFACTORY_FILE=member.jar
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/member:${{ env.IMAGE_TAG }}
- name: Build and push Mysub image docker push ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ env.image_org }}/member:${IMAGE_TAG}
uses: docker/build-push-action@v5
with:
context: .
push: true
file: deployment/Dockerfile
build-args: |
BUILD_LIB_DIR=mysub-infra/build/libs
ARTIFACTORY_FILE=mysub.jar
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/mysub:${{ env.IMAGE_TAG }}
- name: Build and push Recommend image # Mysub service
uses: docker/build-push-action@v5 docker build \
with: --build-arg BUILD_LIB_DIR="mysub-infra/build/libs" \
context: . --build-arg ARTIFACTORY_FILE="mysub.jar" \
push: true -f deployment/Dockerfile \
file: deployment/Dockerfile -t ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ env.image_org }}/mysub:${IMAGE_TAG} .
build-args: |
BUILD_LIB_DIR=recommend/build/libs docker push ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ env.image_org }}/mysub:${IMAGE_TAG}
ARTIFACTORY_FILE=recommend.jar
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/recommend:${{ env.IMAGE_TAG }} # Recommend service
docker build \
--build-arg BUILD_LIB_DIR="recommend/build/libs" \
--build-arg ARTIFACTORY_FILE="recommend.jar" \
-f deployment/Dockerfile \
-t ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ env.image_org }}/recommend:${IMAGE_TAG} .
docker push ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ env.image_org }}/recommend:${IMAGE_TAG}
# Set outputs for next job
echo "member_image=${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ env.image_org }}/member:${IMAGE_TAG}" >> $GITHUB_OUTPUT
echo "mysub_image=${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ env.image_org }}/mysub:${IMAGE_TAG}" >> $GITHUB_OUTPUT
echo "recommend_image=${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ env.image_org }}/recommend:${IMAGE_TAG}" >> $GITHUB_OUTPUT
deploy: deploy:
name: Deploy to Kubernetes name: Deploy to AKS
needs: [build, release]
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: release
steps: steps:
- name: Checkout code - name: Checkout code
@ -178,86 +198,81 @@ jobs:
- name: Download build artifacts - name: Download build artifacts
uses: actions/download-artifact@v4 uses: actions/download-artifact@v4
with: with:
name: build-artifacts name: backend-builds
path: .
- name: Setup envsubst - name: Load environment variables
run: sudo apt-get install gettext-base
- name: Read deployment variables
run: | run: |
source deployment/deploy_env_vars # Load environment variables from file
echo "TEAMID=$teamid" >> $TEAMID while IFS= read -r line; do
echo "NAMESPACE=$namespace" >> $GITHUB_ENV # Skip comments and empty lines
echo "REGISTRY=$registry" >> $GITHUB_ENV [[ "$line" =~ ^#.*$ ]] && continue
echo "IMAGE_ORG=$image_org" >> $GITHUB_ENV [[ -z "$line" ]] && continue
echo "ALLOWED_ORIGINS=$allowed_origins" >> $GITHUB_ENV
echo "JWT_SECRET_KEY=$jwt_secret_key" >> $GITHUB_ENV
echo "POSTGRES_USER=$postgres_user" >> $GITHUB_ENV
echo "POSTGRES_PASSWORD=$postgres_password" >> $GITHUB_ENV
echo "REPLICAS=$replicas" >> $GITHUB_ENV
echo "RESOURCES_REQUESTS_CPU=$resources_requests_cpu" >> $GITHUB_ENV
echo "RESOURCES_REQUESTS_MEMORY=$resources_requests_memory" >> $GITHUB_ENV
echo "RESOURCES_LIMITS_CPU=$resources_limits_cpu" >> $GITHUB_ENV
echo "RESOURCES_LIMITS_MEMORY=$resources_limits_memory" >> $GITHUB_ENV
- name: Generate deployment manifest # Extract key and value
env: key=$(echo "$line" | cut -d= -f1)
IMAGE_TAG: ${{ needs.release.outputs.image_tag }} value=$(echo "$line" | cut -d= -f2-)
echo "$key=$value" >> $GITHUB_ENV
done < deployment/deploy_env_vars
- name: Install envsubst
run: | run: |
export namespace=${{ env.NAMESPACE }} sudo apt-get update
export allowed_origins=${{ env.ALLOWED_ORIGINS }} sudo apt-get install -y gettext-base
export jwt_secret_key=${{ env.JWT_SECRET_KEY }}
export postgres_user=${{ env.POSTGRES_USER }}
export postgres_password=${{ env.POSTGRES_PASSWORD }}
export replicas=${{ env.REPLICAS }}
export resources_requests_cpu=${{ env.RESOURCES_REQUESTS_CPU }}
export resources_requests_memory=${{ env.RESOURCES_REQUESTS_MEMORY }}
export resources_limits_cpu=${{ env.RESOURCES_LIMITS_CPU }}
export resources_limits_memory=${{ env.RESOURCES_LIMITS_MEMORY }}
# Set image paths with the released tag - name: Azure Login
export member_image_path=${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/member:${{ env.IMAGE_TAG }} uses: azure/login@v1
export mysub_image_path=${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/mysub:${{ env.IMAGE_TAG }} with:
export recommend_image_path=${{ env.REGISTRY }}/${{ env.IMAGE_ORG }}/recommend:${{ env.IMAGE_TAG }} creds: ${{ secrets.AZURE_CREDENTIALS }}
# Generate manifest
envsubst < deployment/deploy.yaml.template > deployment/deploy.yaml
# Print manifest for debugging
echo "Generated Kubernetes manifest:"
cat deployment/deploy.yaml
- name: Set up kubectl - name: Set up kubectl
uses: azure/setup-kubectl@v3 uses: azure/setup-kubectl@v3
- name: Set up AKS context - name: Get AKS Credentials
uses: azure/aks-set-context@v3 run: |
with: az aks get-credentials --resource-group ${{ env.RESOURCE_GROUP }} --name ${{ env.teamid }}-aks --overwrite-existing
resource-group: ictcoe-edu
cluster-name: ${{ env.TEAMID }}-aks
admin: false
use-kubelogin: true
env:
AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
- name: Create namespace if not exists - name: Create namespace if not exists
run: | run: |
kubectl create namespace ${{ env.NAMESPACE }} --dry-run=client -o yaml | kubectl apply -f - kubectl create namespace ${{ env.namespace }} --dry-run=client -o yaml | kubectl apply -f -
- name: Deploy to Kubernetes - name: Generate Kubernetes manifests
run: |
# Set environment variables for the template
export namespace=${{ env.namespace }}
export allowed_origins=${{ env.allowed_origins }}
export jwt_secret_key=${{ env.jwt_secret_key }}
export postgres_user=${{ env.postgres_user }}
export postgres_password=${{ env.postgres_password }}
export replicas=${{ env.replicas }}
export resources_requests_cpu=${{ env.resources_requests_cpu }}
export resources_requests_memory=${{ env.resources_requests_memory }}
export resources_limits_cpu=${{ env.resources_limits_cpu }}
export resources_limits_memory=${{ env.resources_limits_memory }}
# Set image paths from previous job outputs
export member_image_path="${{ needs.release.outputs.member_image }}"
export mysub_image_path="${{ needs.release.outputs.mysub_image }}"
export recommend_image_path="${{ needs.release.outputs.recommend_image }}"
# Generate manifest from template
envsubst < deployment/deploy.yaml.template > deployment/deploy.yaml
# Debug: Print the generated manifest
echo "===== Generated Kubernetes Manifest ====="
cat deployment/deploy.yaml
echo "========================================="
- name: Apply Kubernetes manifests
run: | run: |
kubectl apply -f deployment/deploy.yaml kubectl apply -f deployment/deploy.yaml
echo "Waiting for deployments to be ready..." echo "Waiting for deployments to be ready..."
kubectl -n ${{ env.NAMESPACE }} wait --for=condition=available deployment/member --timeout=300s kubectl -n ${{ env.namespace }} wait --for=condition=available deployment/member --timeout=300s
kubectl -n ${{ env.NAMESPACE }} wait --for=condition=available deployment/mysub --timeout=300s kubectl -n ${{ env.namespace }} wait --for=condition=available deployment/mysub --timeout=300s
kubectl -n ${{ env.NAMESPACE }} wait --for=condition=available deployment/recommend --timeout=300s kubectl -n ${{ env.namespace }} wait --for=condition=available deployment/recommend --timeout=300s
- name: Verify deployment echo "Deployment completed successfully."
run: |
echo "Getting services:"
kubectl get svc -n ${{ env.NAMESPACE }}
echo "Getting ingress:" # Get service IP for ingress
kubectl get ingress -n ${{ env.NAMESPACE }} echo "Ingress IP: $(kubectl -n ${{ env.namespace }} get ingress lifesub -o jsonpath='{.status.loadBalancer.ingress[0].ip}')"