Skip to content

Commit

Permalink
Merge pull request #168 from sky-lounge/skylounge-update-main-ed71248…
Browse files Browse the repository at this point in the history 
…2-71ec-11ef-9a9b-b4839ff4f57a

SkyLounge Update
  • Loading branch information
@spgreenberg
spgreenberg authored Sep 13, 2024
2 parents 4570993 + 094708f commit dd1a334
Show file tree
Hide file tree
Showing 5 changed files with 409 additions and 0 deletions.
52 changes: 52 additions & 0 deletions .github/skylounge-versions-main.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
---
skylounge-config:
id: "skylounge.yml"
uri: "sky-lounge/hello-gradlew/skylounge.yml"
oid: "b754fba11d8c051d48645657a3e023e281ff8a27"
version-url: "/sky-lounge/hello-gradlew/blob/b754fba11d8c051d48645657a3e023e281ff8a27/skylounge.yml"
blueprint:
id: "blueprint"
uri: "sky-lounge/skylounge-library/blueprints/gcp/cloud-run/blueprint.yml"
oid: "c3b2cb916788b41483e81c95be93ca963a46b89b"
version-url: "/sky-lounge/skylounge-library/blob/c3b2cb916788b41483e81c95be93ca963a46b89b/blueprints/gcp/cloud-run/blueprint.yml"
workflows:
- id: "development"
uri: "sky-lounge/skylounge-library/blueprints/gcp/cloud-run/workflow-templates/development.yml"
oid: "8a3b17edaf6607da659bacad5fd2cf54ef38a30f"
version-url: "/sky-lounge/skylounge-library/blob/8a3b17edaf6607da659bacad5fd2cf54ef38a30f/blueprints/gcp/cloud-run/workflow-templates/development.yml"
jobs:
- id: "integration-test"
uri: "sky-lounge/hello-gradlew/skylounge/integration-test.yml"
oid: "50135f52c23cdbe5f0271b548ad04f5035cc8677"
version-url: "/sky-lounge/hello-gradlew/blob/50135f52c23cdbe5f0271b548ad04f5035cc8677/skylounge/integration-test.yml"
steps:
- id: "build-container-image"
uri: "sky-lounge/skylounge-library/steps/pack/gradlew/build.yml"
oid: "21c11dafcf2767022ad7976b6e271885d4cb5ed2"
version-url: "/sky-lounge/skylounge-library/blob/21c11dafcf2767022ad7976b6e271885d4cb5ed2/steps/pack/gradlew/build.yml"
- id: "unit-test"
uri: "sky-lounge/skylounge-library/steps/unit-test/gradlew/step.yml"
oid: "6cf7fc008df323e2ddf2296e6a112428c5d8fbb5"
version-url: "/sky-lounge/skylounge-library/blob/6cf7fc008df323e2ddf2296e6a112428c5d8fbb5/steps/unit-test/gradlew/step.yml"
- id: "build"
uri: "sky-lounge/skylounge-library/steps/github/security/codeql/auto-build/step.yml"
oid: "e8a79174548c906ffacefe97fdc6af4b39470eb2"
version-url: "/sky-lounge/skylounge-library/blob/e8a79174548c906ffacefe97fdc6af4b39470eb2/steps/github/security/codeql/auto-build/step.yml"
- id: "promote"
uri: "sky-lounge/skylounge-library/blueprints/gcp/cloud-run/workflow-templates/promote.yml"
oid: "45398fc982d28cdca2b2e7902724e26eb814cf47"
version-url: "/sky-lounge/skylounge-library/blob/45398fc982d28cdca2b2e7902724e26eb814cf47/blueprints/gcp/cloud-run/workflow-templates/promote.yml"
jobs: []
steps: []
- id: "production"
uri: "sky-lounge/skylounge-library/blueprints/gcp/cloud-run/workflow-templates/production.yml"
oid: "aa8e5c9456300e5b4a20430e6f271b8e08195e4c"
version-url: "/sky-lounge/skylounge-library/blob/aa8e5c9456300e5b4a20430e6f271b8e08195e4c/blueprints/gcp/cloud-run/workflow-templates/production.yml"
jobs: []
steps: []
- id: "daily-scans"
uri: "sky-lounge/skylounge-library/blueprints/gcp/cloud-run/workflow-templates/daily-scans.yml"
oid: "2df2fda6203826b60fbff46ab7ce4ff26820a854"
version-url: "/sky-lounge/skylounge-library/blob/2df2fda6203826b60fbff46ab7ce4ff26820a854/blueprints/gcp/cloud-run/workflow-templates/daily-scans.yml"
jobs: []
steps: []
21 changes: 21 additions & 0 deletions .github/workflows/skylounge-daily-scans.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
---
name: Daily Scans
on:
schedule:
- cron: 0 2 * * *
workflow_dispatch: null
jobs:
owasp-zap-full-scan:
runs-on: ubuntu-latest
steps:
- name: Checkout source
uses: actions/checkout@v3
- name: Run OWASP Zap full scan
uses: zaproxy/action-full-scan@v0.4.0
id: scan
with:
target: https://hello-gradlew.skylounge.io
rules_file_name: skylounge/owasp/rules.cfg
issue_title: "Daily Scans - OWASP Full Scan - ${{ github.run_number }}"
token: "${{ github.token }}"
fail_action: false
226 changes: 226 additions & 0 deletions .github/workflows/skylounge-development.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,226 @@
---
name: Development
on:
push:
branches:
- main
paths:
- src/**
- build.gradle
- service.yaml
ignore_paths:
- .github/development-version.txt
- .github/production-version.txt
workflow_dispatch: null
jobs:
unit-test:
name: Unit Test
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Set up Java
uses: actions/setup-java@v3
with:
distribution: liberica
java-version: 17
cache: gradle
- name: Unit test
run: ./gradlew clean test
dependency-review:
name: GitHub Dependency Review
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Dependency Review
uses: actions/dependency-review-action@v3
with:
config-file: "${{ env.CONFIG_FILE }}"
external-repo-token: "${{ secrets.LIBRARY_TOKEN }}"
base-ref: main
head-ref: main
env:
CONFIG_FILE: sky-lounge/skylounge-library/jobs/github/security/dependency-review/config/skylounge.yml@main
codeql:
name: GitHub CodeQL
runs-on: "${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest'\
\ }}"
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language:
- Java
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: "${{ matrix.language }}"
queries: security-and-quality
- name: Autobuild
uses: github/codeql-action/autobuild@v2
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
category: "/language:${{matrix.language}}"
build:
name: Build container image
permissions:
contents: read
id-token: write
runs-on: ubuntu-latest
env:
REGISTRY: us-central1-docker.pkg.dev/skylounge-common/skylounge-registry
needs:
- unit-test
- dependency-review
- codeql
steps:
- name: Checkout branch
uses: actions/checkout@v3
- name: Set image name
run: |
echo "IMAGE_NAME=${{ env.REGISTRY }}/${{ github.event.repository.name }}:${{ github.sha }}" >> $GITHUB_ENV
- id: auth
name: Authenticate to Google Cloud
uses: google-github-actions/auth@v0
with:
credentials_json: "${{ secrets.GOOGLE_CREDENTIALS_DEV }}"
- name: Set up Java
uses: actions/setup-java@v3
with:
distribution: liberica
java-version: 17
cache: gradle
- name: Build Jar
run: ./gradlew clean assemble
- name: Setup Pack
uses: buildpacks/github-actions/setup-pack@v4.8.0
- name: Pack build
run: |
set -x
pack build --volume $HOME/.gradle:/home/cnb/.gradle:rw \
${{ env.IMAGE_NAME }} \
--builder paketobuildpacks/builder:base \
--env BP_JVM_VERSION=${{ env.BP_JVM_VERSION}} \
--path ${{ env.JAR_PATH }}
env:
BP_JVM_VERSION: 17
JAR_PATH: build/libs/hello-gradlew.jar
- name: Push container image
run: |
registry_base_url=$(cut -d/ -f 1 <<< $REGISTRY)
gcloud auth configure-docker $registry_base_url
docker push ${{ env.IMAGE_NAME }}
deploy:
needs: build
name: Deploy to development
runs-on: ubuntu-latest
env:
REGISTRY: us-central1-docker.pkg.dev/skylounge-common/skylounge-registry
steps:
- name: Checkout branch
uses: actions/checkout@v3
- name: Set image and service name
run: |
sed -i -e 's%${IMAGE_NAME}%'"$IMAGE_NAME"'%g' ./service.yaml
sed -i -e 's%${GCP_PROJECT}%'"$GCP_PROJECT"'%g' ./service.yaml
env:
IMAGE_NAME: "${{ env.REGISTRY }}/${{ github.event.repository.name }}:${{ github.sha\
\ }}"
GCP_PROJECT: skylounge-dev
- id: auth
name: Authenticate to Google Cloud
uses: google-github-actions/auth@v0
with:
credentials_json: "${{ secrets.GOOGLE_CREDENTIALS_DEV }}"
- id: deploy
uses: google-github-actions/deploy-cloudrun@v0
with:
metadata: ./service.yaml
configure-access:
needs: deploy
name: Map Domain
runs-on: ubuntu-latest
defaults:
run:
working-directory: public-skylounge-library/terraform/gcp/cloud-run/domain-mapping
steps:
- name: Checkout terraform
uses: actions/checkout@v3
with:
repository: sky-lounge/public-skylounge-library
ref: main
path: public-skylounge-library
- uses: hashicorp/setup-terraform@v2
- id: auth
name: Authenticate to Google Cloud
uses: google-github-actions/auth@v0
with:
credentials_json: "${{ secrets.GOOGLE_CREDENTIALS_DEV }}"
- name: Prepare Backend Config
run: |
cat << EOF > config.gcs.tfbackend
bucket = "$TF_STATE_BUCKET"
prefix = "${REPO_NAME}"
EOF
env:
TF_STATE_BUCKET: tfstate.skylounge.dev
REPO_NAME: "${{ github.event.repository.name }}"
- name: Terraform Init
run: terraform init -backend-config=config.gcs.tfbackend
- name: Prepare Terraform Vars File
run: |
echo "gcp_project = \"$GCP_PROJECT\"" > terraform.tfvars
echo "dns_zone_name = \"$DNS_ZONE_NAME\"" >> terraform.tfvars
echo "cloud_run_domain = \"$CLOUD_RUN_DOMAIN\"" >> terraform.tfvars
echo "cloud_run_location = \"$CLOUD_RUN_LOCATION\"" >> terraform.tfvars
echo "cloud_run_service_name = \"$CLOUD_RUN_SERVICE_NAME\"" >> terraform.tfvars
if [ -n "$CLOUD_RUN_INVOKER" ]; then
echo "cloud_run_invoker = \"$CLOUD_RUN_INVOKER\"" >> terraform.tfvars
fi
env:
GCP_PROJECT: skylounge-dev
DNS_ZONE_NAME: skyloungedev
CLOUD_RUN_DOMAIN: hello-gradlew.skylounge.dev
CLOUD_RUN_LOCATION: us-central1
CLOUD_RUN_SERVICE_NAME: "${{ github.event.repository.name }}"
CLOUD_RUN_INVOKER: allUsers
- name: Terraform Apply
run: terraform apply -auto-approve
integration-test:
needs: configure-access
name: Integration Test
runs-on: ubuntu-latest
steps:
- name: Verify index page
run: |
set -ex
status_code=$(curl -L -o /dev/null -s -w "%{http_code}" https://${APP_ROUTE})
[[ 200 -eq $status_code ]] || (echo "CURL FAILED to return 200 status" && exit 1)
response=$(curl -L https://${APP_ROUTE})
[[ $response == *"Better Automation for Software Organizations"* ]] || (echo "CURL FAILED to return result containing substring: Better Automation for Software Organizations" && exit 1)
env:
APP_ROUTE: hello-gradlew.skylounge.dev
artifact-version:
needs: integration-test
name: Update artifact version
runs-on: ubuntu-latest
steps:
- name: Checkout branch
uses: actions/checkout@v3
- name: Update Artifact Version
run: |
git config user.name "GitHub Actions Bot"
git config user.email "<>"
echo "${{ github.sha }}" > .github/development-version.txt
git add .github/development-version.txt
git commit -m "update development version: ${{ github.sha }}"
git pull --rebase
git push
91 changes: 91 additions & 0 deletions .github/workflows/skylounge-production.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
---
name: Production
on:
push:
branches:
- main
paths:
- production-version.txt
workflow_run:
workflows:
- Promote
types:
- completed
workflow_dispatch: null
jobs:
deploy:
name: Deploy to production
runs-on: ubuntu-latest
env:
REGISTRY: us-central1-docker.pkg.dev/skylounge-common/skylounge-registry
steps:
- name: Checkout branch
uses: actions/checkout@v3
- name: Set image and service name
run: |
deploy_sha=$(cat production-version.txt | xargs)
image_name="${IMAGE_NAME}:${deploy_sha}"
sed -i -e 's%${IMAGE_NAME}%'"$image_name"'%g' ./service.yaml
sed -i -e 's%${GCP_PROJECT}%'"$GCP_PROJECT"'%g' ./service.yaml
env:
IMAGE_NAME: "${{env.REGISTRY}}/${{github.event.repository.name}}"
GCP_PROJECT: skylounge-io
- id: auth
name: Authenticate to Google Cloud
uses: google-github-actions/auth@v0
with:
credentials_json: "${{ secrets.GOOGLE_CREDENTIALS_PROD }}"
- id: deploy
uses: google-github-actions/deploy-cloudrun@v0
with:
metadata: ./service.yaml
configure-access:
needs: deploy
name: Map Domain
runs-on: ubuntu-latest
defaults:
run:
working-directory: public-skylounge-library/terraform/gcp/cloud-run/domain-mapping
steps:
- name: Checkout terraform
uses: actions/checkout@v3
with:
repository: sky-lounge/public-skylounge-library
ref: main
path: public-skylounge-library
- uses: hashicorp/setup-terraform@v2
- id: auth
name: Authenticate to Google Cloud
uses: google-github-actions/auth@v0
with:
credentials_json: "${{ secrets.GOOGLE_CREDENTIALS_PROD }}"
- name: Prepare Backend Config
run: |
cat << EOF > config.gcs.tfbackend
bucket = "$TF_STATE_BUCKET"
prefix = "${REPO_NAME}"
EOF
env:
TF_STATE_BUCKET: tfstate.skylounge.io
REPO_NAME: "${{ github.event.repository.name }}"
- name: Terraform Init
run: terraform init -backend-config=config.gcs.tfbackend
- name: Prepare Terraform Vars File
run: |
echo "gcp_project = \"$GCP_PROJECT\"" > terraform.tfvars
echo "dns_zone_name = \"$DNS_ZONE_NAME\"" >> terraform.tfvars
echo "cloud_run_domain = \"$CLOUD_RUN_DOMAIN\"" >> terraform.tfvars
echo "cloud_run_location = \"$CLOUD_RUN_LOCATION\"" >> terraform.tfvars
echo "cloud_run_service_name = \"$CLOUD_RUN_SERVICE_NAME\"" >> terraform.tfvars
if [ -n "$CLOUD_RUN_INVOKER" ]; then
echo "cloud_run_invoker = \"$CLOUD_RUN_INVOKER\"" >> terraform.tfvars
fi
env:
GCP_PROJECT: skylounge-io
DNS_ZONE_NAME: skyloungeprod
CLOUD_RUN_DOMAIN: hello-gradlew.dashboard.skylounge.io
CLOUD_RUN_LOCATION: us-central1
CLOUD_RUN_SERVICE_NAME: "${{ github.event.repository.name }}"
CLOUD_RUN_INVOKER: allUsers
- name: Terraform Apply
run: terraform apply -auto-approve
Loading

0 comments on commit dd1a334

Please sign in to comment.