Created
December 5, 2023 14:12
-
-
Save cartorjo/3b6fef835e04042d82dfa53afdd59e27 to your computer and use it in GitHub Desktop.
CI/CD with Code Quality Workflow
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI/CD with Code Quality | |
# Trigger on push to the main branch | |
on: | |
push: | |
branches: | |
- main | |
jobs: | |
# Build Job | |
build: | |
# Matrix for Node.js versions 14 and 16 | |
strategy: | |
matrix: | |
node-version: [14, 16] | |
runs-on: ubuntu-latest | |
steps: | |
# Checkout the source code | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
# Set up Node.js based on matrix version | |
- name: Set up Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node-version }} | |
# Cache dependencies for faster builds | |
- name: Cache dependencies | |
uses: actions/cache@v2 | |
with: | |
path: | | |
~/.npm | |
~/.cache | |
./node_modules | |
key: ${{ runner.os }}-node-${{ hashFiles('**/*.lock') }} | |
if: success() | |
# Install project dependencies | |
- name: Install dependencies | |
run: npm ci | |
# Lint and Test Job | |
lint_and_test: | |
# Depends on the successful completion of the 'build' job | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
# Lint the code | |
- name: Lint code | |
run: npm run lint | |
# Run tests | |
- name: Run tests | |
run: npm test | |
# Code Analysis Job with SonarQube | |
code_analysis: | |
# Depends on the successful completion of the 'build' job | |
needs: build | |
runs-on: ubuntu-latest | |
steps: | |
# Run SonarQube code analysis using Docker | |
- name: Code Analysis with SonarQube | |
run: | | |
docker run \ | |
--rm \ | |
-e SONAR_HOST_URL="${{ secrets.SONAR_HOST_URL }}" \ | |
-e SONAR_LOGIN="${{ secrets.SONAR_TOKEN }}" \ | |
-v "$(pwd):/usr/src" \ | |
sonarsource/sonar-scanner-cli:latest | |
# Publish Job | |
publish: | |
# Depends on the successful completion of 'lint_and_test' and 'code_analysis' jobs | |
needs: [lint_and_test, code_analysis] | |
runs-on: ubuntu-latest | |
steps: | |
# Publish artifact to JFrog Artifactory | |
- name: Publish to JFrog Artifactory | |
run: | | |
curl -u ${{ secrets.JFROG_USERNAME }}:${{ secrets.JFROG_API_KEY }} \ | |
-T ./path/to/artifact.zip \ | |
"https://<artifactory_URL>/path/to/repo/artifact/1.0.0/artifact-1.0.0.zip" | |
# Quality Gate Job | |
quality_gate: | |
# Depends on the successful completion of the 'publish' job | |
needs: publish | |
runs-on: ubuntu-latest | |
steps: | |
# Check SonarQube Quality Gate status | |
- name: Check SonarQube Quality Gate | |
run: | | |
status=$(curl -s -u "${{ secrets.SONAR_TOKEN }}:" "${{ secrets.SONAR_HOST_URL }}/api/qualitygates/project_status?projectKey=<ProjectKey>") | |
echo "SonarQube Quality Gate Status: $status" | |
if [[ $status != *"OK"* ]]; then | |
echo "Quality Gate check failed. Please review SonarQube dashboard for details." | |
exit 1 | |
fi | |
# Deploy Job | |
deploy: | |
# Depends on the successful completion of the 'quality_gate' job | |
needs: quality_gate | |
runs-on: ubuntu-latest | |
steps: | |
# Checkout code and Set up Node.js | |
- name: Checkout code and Set up Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: '16' | |
# Install project dependencies | |
- name: Install dependencies | |
run: npm ci | |
# Deploy to Production | |
- name: Deploy to Production | |
run: npm run deploy:production | |
env: | |
VAULT_ADDR: ${{ secrets.VAULT_ADDR }} | |
VAULT_TOKEN: ${{ secrets.VAULT_TOKEN }} | |
# Terraform Job | |
terraform: | |
# Depends on the successful completion of the 'deploy' job | |
needs: deploy | |
runs-on: ubuntu-latest | |
steps: | |
# Checkout Terraform code | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
# Set up Terraform | |
- name: Set up Terraform | |
uses: hashicorp/setup-terraform@v1 | |
with: | |
terraform_version: '1.0.0' # Adjust to the latest version | |
# Terraform Init, Plan, and Apply | |
- name: Terraform Init, Plan, and Apply | |
run: | | |
terraform init | |
terraform plan -out=tfplan | |
terraform apply -auto-approve tfplan | |
# Docker Job | |
docker: | |
# Depends on the successful completion of the 'terraform' job | |
needs: terraform | |
runs-on: ubuntu-latest | |
steps: | |
# Checkout code | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
# Check changes | |
- name: Check changes | |
id: changes | |
run: echo "::set-output name=changes::$(git diff --name-only ${{ github.sha }}^ ${{ github.sha }})" | |
# Login to Docker Hub | |
- name: Login to Docker Hub | |
run: docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }} | |
if: steps.changes.outputs.changes == '**/Dockerfile' | |
# Build and Push Docker Image | |
- name: Build and Push Docker Image | |
run: | | |
docker build -t image-name . | |
docker push image-name | |
if: steps.changes.outputs.changes == '**/Dockerfile' | |
# Satellite Job | |
satellite: | |
# Depends on the successful completion of the 'docker' job | |
needs: docker | |
runs-on: ubuntu-latest | |
steps: | |
# Checkout code | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
# Set up Red Hat Satellite (Placeholder; Replace with specific tasks) | |
- name: Set up Red Hat Satellite | |
run: | | |
# Red Hat Satellite tasks go here | |
# Use Red Hat Satellite API or CLI to perform actions like host registration, content synchronization, etc. | |
# Example: | |
# satellite-host-register --name=host --organization=org | |
# Configure authentication to Red Hat Satellite (e.g., Satellite credentials or tokens) | |
# Using Satellite CLI: | |
# satellite-cmd all-hosts --user=user --password=password | |
# Using Satellite API with curl: | |
# curl -k -u user:password https://satellite-server/api/v2/hosts | |
# Trivy Job | |
trivy: | |
# Depends on the successful completion of the 'satellite' job | |
needs: satellite | |
runs-on: ubuntu-latest | |
steps: | |
# Checkout code | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
# Pull Trivy image | |
- name: Pull Trivy image | |
run: docker pull aquasec/trivy:latest | |
# Set up Trivy (Placeholder; Trivy setup steps go here if needed) | |
- name: Set up Trivy | |
run: echo "Trivy setup steps go here, if needed" | |
# Scan Docker Image with Trivy | |
- name: Scan Docker Image with Trivy | |
run: docker run --rm -v $(pwd):/work -w /work aquasec/trivy:latest image-name |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Certainly! Here's the provided information formatted in Markdown:
Build Job (
build
):Lint and Test Job (
lint_and_test
):build
job.Code Analysis Job (
code_analysis
):build
job.Publish Job (
publish
):lint_and_test
andcode_analysis
jobs.Quality Gate Job (
quality_gate
):publish
job.Deploy Job (
deploy
):quality_gate
job.Terraform Job (
terraform
):deploy
job.Docker Job (
docker
):terraform
job.Satellite Job (
satellite
):docker
job.Trivy Job (
trivy
):satellite
job.