forked from badtuxx/giropops-senhas
-
Notifications
You must be signed in to change notification settings - Fork 28
163 lines (159 loc) · 5.07 KB
/
pipeline.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
---
name: CI/CD - Integração e Entrega Contínuas
on:
push:
branches:
- "main"
- "development"
- "feature/cicd"
- "feature/ci-trivy-scan"
jobs:
linters:
runs-on: ubuntu-latest
steps:
-
name: Checkout do repositório
uses: actions/checkout@v4
-
name: Análise de código com yamllint
uses: karancode/yamllint-github-action@master
with:
yamllint_file_or_dir: ${{ github.workspace }}
yamllint_config_filepath: ${{ github.workspace }}/.yamllint
yamllint_strict: false
yamllint_comment: true
env:
GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
name: Análise de código com kube-linter
uses: stackrox/[email protected]
with:
directory: ${{ github.workspace }}/k8s
format: sarif
output-file: kube-linter.log
build:
needs: linters
runs-on: ubuntu-latest
steps:
-
name: Checkout do repositório
uses: actions/checkout@v4
-
name: Login no Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
-
name: Configurando o Docker Buildx
uses: docker/setup-buildx-action@v3
-
name: Build e push do giropops-senhas
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile.app
push: true
tags: ${{ secrets.DOCKERHUB_USERNAME }}/giropops-senhas:1.0
-
name: Build e push do giropops-redis
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile.redis
push: true
tags: ${{ secrets.DOCKERHUB_USERNAME }}/giropops-redis:7.2.3
-
name: Trivy vulnerability scanner para giropops-senhas
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/${{ secrets.DOCKERHUB_USERNAME }}/giropops-senhas:1.0'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'
-
name: Trivy vulnerability scanner para giropops-redis
uses: aquasecurity/trivy-action@master
with:
image-ref: 'docker.io/${{ secrets.DOCKERHUB_USERNAME }}/giropops-redis:7.2.3'
format: 'table'
exit-code: '1'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL'
deploy:
needs: build
runs-on: ubuntu-latest
steps:
-
name: Checkout do repositório
uses: actions/checkout@v4
-
name: Criação do cluster giropops com 1 node control-plane e 3 nodes workers
uses: helm/[email protected]
with:
version: "v0.20.0"
config: "${{ github.workspace }}/k8s/cluster.yaml"
node_image: "kindest/node:v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72"
cluster_name: "giropops"
kubectl_version: "v1.28.2"
-
name: Sleep de 30 segundos aguardando status READY para worker nodes
run: |
sleep 30
-
name: Verificando informações do cluster
run: |
kubectl cluster-info
kubectl get nodes -o wide
kubectl describe nodes
-
name: Criação do Namespace dev
run: |
kubectl apply -f ${{ github.workspace }}/k8s/dev-namespace.yaml
-
name: Criação do ConfigMap para o redis
run: |
kubectl apply -f ${{ github.workspace }}/k8s/redis-configmap.yaml -n dev
-
name: Criação do StatefulSet para o redis
run: |
kubectl apply -f ${{ github.workspace }}/k8s/redis-statefulset.yaml -n dev
-
name: Criação do Service para o redis
run: |
kubectl apply -f ${{ github.workspace }}/k8s/redis-headless-svc.yaml -n dev
-
name: Criação do Deployment para a aplicação giropops-senhas
run: |
kubectl apply -f ${{ github.workspace }}/k8s/giropops-senhas-deployment.yaml -n dev
-
name: Criação do Service para a aplicação giropops-senhas
run: |
kubectl apply -f ${{ github.workspace }}/k8s/giropops-senhas-svc.yaml -n dev
-
name: Sleep de 60 segundos aguardando status READY para os pods
run: |
sleep 60
-
name: Listagem dos Pods
run: |
kubectl get pods -n dev
-
name: Listagem dos Services
run: |
kubectl get services -n dev
-
name: Listagem do Persistent Volume Claim
run: |
kubectl get pvc -n dev
-
name: Listagem do Persistent Volume
run: |
kubectl get pv -n dev
-
name: Teste via curl na aplicação
run: |
curl 172.18.0.5:32000