test terraform fix #43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pipeline For Client Deployment | |
| on: | |
| push: | |
| branches: [main] | |
| env: | |
| KUBE_NAMESPACE: client-app | |
| RELEASE_NAME: team-divops-client | |
| HELM_CHART_PATH: ./helm/divops | |
| IMAGE_REPOSITORY: ghcr.io/aet-devops25/team-divops-client | |
| AWS_REGION: us-east-1 | |
| jobs: | |
| linting: | |
| name: Code Linting | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup Biome | |
| uses: biomejs/setup-biome@v2 | |
| with: | |
| version: latest | |
| - name: Run Biome | |
| working-directory: ./client | |
| run: biome ci . | |
| testing: | |
| name: Testing | |
| runs-on: ubuntu-latest | |
| needs: linting | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 20 # or your required version | |
| - name: Install dependencies | |
| run: npm ci | |
| working-directory: ./client # if your React app is in /client | |
| - name: Run tests | |
| run: npm test | |
| working-directory: ./client | |
| build-and-push-client-app: | |
| name: Build and Push Client Docker Image | |
| runs-on: ubuntu-latest | |
| needs: testing | |
| permissions: | |
| contents: read | |
| packages: write | |
| outputs: | |
| image_tag: ${{ steps.set-tag.outputs.image_tag }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set IMAGE_TAG to short SHA | |
| id: set-tag | |
| run: echo "IMAGE_TAG=$(echo $GITHUB_SHA | cut -c1-7)" >> $GITHUB_OUTPUT | |
| - name: Build client Docker image with both tags | |
| run: docker build -f ./client/Dockerfile.prod -t ${{ env.IMAGE_REPOSITORY }}:latest -t ${{ env.IMAGE_REPOSITORY }}:${{ steps.set-tag.outputs.image_tag }} ./client | |
| - name: Push latest tag | |
| run: docker push ${{ env.IMAGE_REPOSITORY }}:latest | |
| - name: Push SHA tag | |
| run: docker push ${{ env.IMAGE_REPOSITORY }}:${{ steps.set-tag.outputs.image_tag }} | |
| deploy-helm: | |
| name: Deploy Helm Chart | |
| runs-on: ubuntu-latest | |
| needs: build-and-push-client-app | |
| env: | |
| IMAGE_TAG: ${{ needs.build-and-push-client-app.outputs.IMAGE_TAG }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up kubectl | |
| uses: azure/setup-kubectl@v3 | |
| with: | |
| version: 'latest' | |
| - name: Set up Helm | |
| uses: azure/setup-helm@v3 | |
| with: | |
| version: 'latest' | |
| - name: Create .kube directory | |
| run: mkdir -p $HOME/.kube | |
| - name: Configure kubeconfig | |
| run: echo "${{ secrets.KUBECONFIG }}" > $HOME/.kube/config | |
| - name: Deploy Helm Chart with SHA tag | |
| run: helm upgrade --install $RELEASE_NAME $HELM_CHART_PATH --namespace $KUBE_NAMESPACE --set client.image.repository=$IMAGE_REPOSITORY --set client.image.tag=$IMAGE_TAG --force --wait | |
| deploy-aws: | |
| name: Deploy To AWS EC2 | |
| needs: build-and-push-client-app | |
| runs-on: ubuntu-latest | |
| if: ${{ vars.RUN_AWS_DEPLOYMENT == 'true' }} | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_SESSION_TOKEN: ${{ secrets.AWS_SESSION_TOKEN }} | |
| AWS_REGION: us-east-1 | |
| steps: | |
| - name: Checkout repo | |
| uses: actions/checkout@v4 | |
| - name: Install SSH tools | |
| run: sudo apt-get install -y openssh-client | |
| - name: Write private key to file | |
| run: | | |
| echo "${{ secrets.AWS_EC2_SSH_PRIVATE_KEY }}" > private-key.pem | |
| chmod 600 private-key.pem | |
| - name: Generate public key | |
| run: | | |
| ssh-keygen -y -f private-key.pem > public-key.pub | |
| cat public-key.pub # optional, for debug | |
| # - name: Setup SSH private key | |
| # run: | | |
| # mkdir -p ~/.ssh | |
| # echo "${{ secrets.AWS_EC2_SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa | |
| # chmod 600 ~/.ssh/id_rsa | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v2 | |
| with: | |
| terraform_version: 1.5.6 | |
| - name: Terraform Init | |
| working-directory: ./terraform | |
| run: terraform init | |
| - name: Terraform Validate | |
| working-directory: ./terraform | |
| run: terraform validate | |
| - name: Terraform Plan | |
| working-directory: ./terraform | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_REGION: us-east-1 | |
| run: terraform plan -var="public_key=$(cat public-key.pub)" -out=tfplan | |
| - name: Terraform Apply | |
| working-directory: ./terraform | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| run: terraform apply -auto-approve tfplan | |
| - name: Output EC2 public IP | |
| working-directory: ./terraform | |
| id: ec2-ip | |
| run: | | |
| terraform output -raw ec2_public_ip > ec2_ip.txt | |
| echo "::set-output name=ec2_ip::$(cat ec2_ip.txt)" | |
| - name: Show EC2 Public IP | |
| run: echo "EC2 Public IP is ${{ steps.ec2-ip.outputs.ec2_ip }}" | |
| - name: Setup Ansible and run playbook | |
| working-directory: ./ansible | |
| run: | | |
| sudo apt-get update && sudo apt-get install -y ansible | |
| mkdir -p ~/.ssh | |
| echo "${{ secrets.AWS_EC2_SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa | |
| chmod 600 ~/.ssh/id_rsa | |
| echo "[ec2]" > inventory.ini | |
| echo "${{ steps.ec2-ip.outputs.ec2_ip }}" >> inventory.ini | |
| ansible-playbook -i inventory.ini playbook.yml --private-key ~/.ssh/id_rsa -u ec2-user -o |