From 10f055f6881ed4d9a58219c06ab428c954fb8b7d Mon Sep 17 00:00:00 2001 From: Sabith KS Date: Mon, 20 May 2024 15:22:09 +0530 Subject: [PATCH 1/2] trigger pipeline --- .appcd.yml | 5 +- .github/workflows/appcd-iac-pr-diff.yml | 91 +++++++++++++++++++------ .github/workflows/docker-publish.yml | 14 ++-- .gitignore | 2 + 4 files changed, 88 insertions(+), 24 deletions(-) diff --git a/.appcd.yml b/.appcd.yml index 987d72d..9ce2f92 100644 --- a/.appcd.yml +++ b/.appcd.yml @@ -1,6 +1,9 @@ version: 0.0.1 +name: DogeApi services: dogeapi: dtr: ghcr.io/appcd-dev/dogeapi/dogeapi + path: / tag: latest - dockerFile: Dockerfile \ No newline at end of file + language: Python + dockerFile: ./Dockerfile diff --git a/.github/workflows/appcd-iac-pr-diff.yml b/.github/workflows/appcd-iac-pr-diff.yml index 8f2b059..8a7ea1d 100644 --- a/.github/workflows/appcd-iac-pr-diff.yml +++ b/.github/workflows/appcd-iac-pr-diff.yml @@ -1,59 +1,99 @@ name: APPCD Diff check on: + push: + branches: + - feature/sks-test pull_request: branches: - main jobs: compare-artifacts: + permissions: + contents: write + pull-requests: write runs-on: ubuntu-latest steps: - name: Checkout Main Branch - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: ref: main path: main_branch - - name: Login to docker - run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "${{ github.actor }}" --password-stdin - + fetch-depth: 1 - name: Generate IaC from Main Branch + env: + APPCD_TOKEN: ${{ secrets.APPCD_TOKEN }} + APPCD_URL: ${{ secrets.APPCD_URL }} run: | - mkdir -p artifact/main/ + docker pull ghcr.io/appcd-dev/appcd-dist/appcd-cli:cli + mkdir -p artifact/main/ ./artifact/tmp docker run --rm \ - --workdir=/code \ - -v ./main_branch:/code -v ./artifact/main:/artifact/main ghcr.io/appcd-dev/appcd-dist/appcd@sha256:a38ade31e60f3f7f76b1135a388db158eed3c90816d5b5c09e33dd806efb67d5 \ - generate --mode ci --output=/artifact/main/.appcd/charts + --workdir=/app/scan \ + -e APPCD_TOKEN=$APPCD_TOKEN \ + -e APPCD_URL=$APPCD_URL \ + -v ./main_branch:/app/scan \ + -v ./artifact/tmp:/tmp \ + -v ./artifact/main:/artifact/main \ + --entrypoint=appcd \ + ghcr.io/appcd-dev/appcd-dist/appcd-cli:cli \ + generate --log 2 --output=/artifact/main/.appcd/charts + cd artifact/main/.appcd/charts + unzip scan.zip && rm scan.zip && ls -latr && pwd + - name: Upload logs + uses: actions/upload-artifact@v2 + with: + name: analyzer_logs_1 + path: artifact - name: Checkout PR Branch - uses: actions/checkout@v2 + uses: actions/checkout@v4 with: ref: ${{ github.head_ref }} path: pr_branch + fetch-depth: 1 - name: Extract branch name id: extract_branch run: echo "branch=$(basename ${{ github.head_ref}})" >> $GITHUB_OUTPUT - name: echo branch name run: echo ${{ steps.extract_branch.outputs.branch }} - name: Generate IaC from PR branch + env: + APPCD_TOKEN: ${{ secrets.APPCD_TOKEN }} + APPCD_URL: ${{ secrets.APPCD_URL }} run: | - mkdir -p artifact/${{ steps.extract_branch.outputs.branch }}/ + docker pull ghcr.io/appcd-dev/appcd-dist/appcd-cli:cli + mkdir -p artifact/${{ steps.extract_branch.outputs.branch }}/ ./artifact/tmp docker run --rm \ - --workdir=/code \ - -v ./pr_branch/:/code -v ./artifact/${{ steps.extract_branch.outputs.branch }}:/artifact/${{ steps.extract_branch.outputs.branch }} ghcr.io/appcd-dev/appcd-dist/appcd@sha256:a38ade31e60f3f7f76b1135a388db158eed3c90816d5b5c09e33dd806efb67d5 \ - generate --mode ci --output=/artifact/${{ steps.extract_branch.outputs.branch }}/.appcd/charts + --workdir=/app/scan \ + -v ./pr_branch/:/app/scan \ + -v ./artifact/${{ steps.extract_branch.outputs.branch }}:/artifact/${{ steps.extract_branch.outputs.branch }} \ + -v ./artifact/tmp:/tmp \ + -e APPCD_TOKEN=$APPCD_TOKEN \ + -e APPCD_URL=$APPCD_URL \ + --entrypoint=appcd \ + ghcr.io/appcd-dev/appcd-dist/appcd-cli:cli \ + generate --mode ci --log 2 --output=/artifact/${{ steps.extract_branch.outputs.branch }}/.appcd/charts + cd artifact/${{ steps.extract_branch.outputs.branch }}/.appcd/charts + unzip scan.zip && rm scan.zip && ls -latr + - name: Upload logs + uses: actions/upload-artifact@v2 + with: + name: analyzer_logs_2 + path: artifact - name: Generate diff between Main and PR branch run: | mkdir -p pr_branch/deployment_files - mv ./artifact/main/.appcd pr_branch/deployment_files/ + mv ./artifact/main/.appcd/charts/helm/scan_*/* pr_branch/deployment_files/ cd pr_branch git config --local user.email "action@github.com" git config --local user.name "GitHub Action" git add deployment_files git commit -m "staging deployment files from main to compare them" - rm -rf deploment_files/* - rm -rf deployment_files/.appcd + rm -rf deploment_files cd .. - mv artifact/${{ steps.extract_branch.outputs.branch }}/.appcd pr_branch/deployment_files/ + mkdir -p pr_branch/deployment_files/ + cp -R artifact/${{ steps.extract_branch.outputs.branch }}/.appcd/charts/helm/scan_*/* pr_branch/deployment_files/ cd pr_branch - git diff --output=../diff.txt deployment_files/ | cat + git add . + git diff --staged --output=../diff.txt deployment_files/ | cat cat ../diff.txt - name: Comment PR with IaC Changes uses: actions/github-script@v6 @@ -62,7 +102,20 @@ jobs: script: | const fs = require('fs'); const diff = fs.readFileSync('diff.txt', 'utf-8'); - const body = `### AppCD AppStack: http://demo.dev.appcd.io/appstacks/DogeAPI/\n ### IaC Diff:\n\`\`\`${diff}\`\`\``; + const body = `### AppCD Diff:\n\`\`\`${diff}\`\`\``; + await github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: body + }) + - name: Trigger atlantis plan + uses: actions/github-script@v6 + with: + github-token: ${{secrets.GITHUB_TOKEN}} + script: | + const fs = require('fs'); + const body = `atlantis plan`; await github.rest.issues.createComment({ issue_number: context.issue.number, owner: context.repo.owner, diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml index 48024c7..e44e2cd 100644 --- a/.github/workflows/docker-publish.yml +++ b/.github/workflows/docker-publish.yml @@ -24,7 +24,9 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 + with: + fetch-depth: 1 - name: Run tests run: | @@ -50,6 +52,8 @@ jobs: steps: - uses: actions/checkout@v4 + with: + fetch-depth: 1 - name: Build image run: docker build . --file Dockerfile --tag $IMAGE_NAME @@ -91,9 +95,11 @@ jobs: - name: run appCD run: | docker run --rm \ - --workdir=/code \ - -v $PWD:/code ghcr.io/appcd-dev/appcd-dist/appcd@sha256:a38ade31e60f3f7f76b1135a388db158eed3c90816d5b5c09e33dd806efb67d5 \ - generate --mode ci --output=/code/.appcd/charts + --workdir=/app/scan \ + -v $PWD:/app/scan ghcr.io/appcd-dev/appcd-dist/appcd-cli:cli \ + generate --lang Python --output=/code/.appcd/charts + cd .appcd/charts && ls + unzip DogeAPI.zip && rm DogeAPI.zip - name: Inflate helm chart in gitops/ run: | diff --git a/.gitignore b/.gitignore index e6ae712..17ba64a 100644 --- a/.gitignore +++ b/.gitignore @@ -174,3 +174,5 @@ dev.pem .appcd/charts/ cpg.bin analyzer.log +helm +terraform From 1ade290413e252b157097d71ac60aff04cec907f Mon Sep 17 00:00:00 2001 From: Sabith KS Date: Mon, 20 May 2024 19:19:21 +0530 Subject: [PATCH 2/2] build --- .github/workflows/build.yml | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 66d2e9d..4d020f7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -11,9 +11,18 @@ jobs: timeout-minutes: 10 steps: - uses: actions/checkout@v1 + with: + fetch-depth: 1 - name: pull latest run: make pull - name: Build image run: make build - #- name: Test code format -- pre-commit - # run: make lint + - name: run appCD + run: | + docker pull ghcr.io/appcd-dev/appcd-dist/appcd-cli:cli + docker run --rm \ + --workdir=/app/scan \ + -v $PWD:/app/scan ghcr.io/appcd-dev/appcd-dist/appcd-cli:cli \ + generate --lang Python --output=/code/.appcd/charts + cd .appcd/charts && ls + unzip code.zip && rm code.zip