-
Notifications
You must be signed in to change notification settings - Fork 13
Setup CI Pipeline
Rahul Kumar edited this page Sep 17, 2023
·
14 revisions
- Get the VM details from hosts,
- VM Hostname
- PEM file
- Open
Command Promptterminal and navigate to the directory where PEM file is located. Then run the below commandssh -i "<pem-file>" ubuntu@<hostname>
This is the runner where your CI pipeline will run on.
- Go to the GitHub repo page in a browser
- Navigate to the
Settingstab ->Actions->Runners - Click on the
New self-hosted runner - Select
Linuxon theRunner imagesection - Go to the Ubuntu VM terminal and perform the below steps
cd /opt sudo mkdir actions-runner/ sudo chown ubuntu actions-runner/ - Now, follow the steps from GitHub
Add new self-hosted runnerpage - Confirm that the runner is added in GitHub (Settings -> Actions -> Runners)
Now you can start creating Job for your CI pipeline.
- Open the GitHub checked-out folder in VSCode on the Windows VM
- Create a file,
.github\workflows\development.yml - Copy the below code and add to the above created file,
name: Development run-name: ${{ github.actor }} is compiling our Sample App 🚀 on: [push] jobs: compile: name: OpenEdge Compile Job permissions: write-all runs-on: self-hosted defaults: run: working-directory: ${{ github.workspace }}/Sports steps: - uses: actions/checkout@v3 - name: Running Gradle build run: sh gradlew clean build - name: Setup Python - needed by publish step uses: actions/setup-python@v4 with: python-version: 3.8 - name: Publish ABL Unit Test Results uses: EnricoMi/publish-unit-test-result-action/composite@v2 if: always() with: files: ${{ github.workspace }}/Sports/build/test-results/test/*.xml check_name: ABL Unit Test Results for Sports App - Commit and push to remote GitHub repo
Notice that this Job will get triggered. You can check the logs for the progress and what all is happening as part of this Job
- In the GitHub UI, add Nexus repo credentials as variables that are used in order to hide password to be visible
- add secret, Name =
DOCKER_PWD - add var, Name =
NEXUS_URLand Value =https://ec2-54-80-142-101.compute-1.amazonaws.com:8443/repository/PugChallengeMaven
- add secret, Name =
- From local VSCode, add the below code in the
deployment.ymlfilebuild: name: Build Docker Image for Sports App needs: compile permissions: write-all runs-on: self-hosted defaults: run: working-directory: ${{ github.workspace }}/Sports/docker steps: - name: Copy ABLApp archive ('.oear') run: cp -rf ./../build/distributions/ablapps/*.oear ./ablapps - name: Docker build run: sh build.sh - name: Test Docker Image state - Goss run: sh test.sh - name: Setup Python - needed by publish step uses: actions/setup-python@v4 with: python-version: 3.8 - name: Publish Goss Test Results uses: EnricoMi/publish-unit-test-result-action/composite@v2 with: files: ${{ github.workspace }}/Sports/docker/tests/*.xml check_name: Goss Test Results for Sports App - name: Push Docker Image to Develop Docker Registry run: | docker tag sports:latest ec2-54-80-142-101.compute-1.amazonaws.com:9443/sports:latest docker login ec2-54-80-142-101.compute-1.amazonaws.com:9443 -u admin -p ${{ secrets.DOCKER_PWD }} docker push ec2-54-80-142-101.compute-1.amazonaws.com:9443/sports:latest - Commit changes and push to remote
- Code
buildwebui: name: Build Docker Image for Web UI App permissions: write-all runs-on: self-hosted defaults: run: working-directory: ${{ github.workspace }}/webui steps: - name: Docker build run: sh build.sh - name: Test Docker Image state - Goss run: sh test.sh - name: Setup Python - needed by publish step uses: actions/setup-python@v4 with: python-version: 3.8 - name: Publish Goss Test Results uses: EnricoMi/publish-unit-test-result-action/composite@v2 with: files: ${{ github.workspace }}/webui/tests/*.xml check_name: Goss Test Results for Web UI App - name: Push Docker Image to Develop Docker Registry run: | docker tag webui:latest ec2-54-80-142-101.compute-1.amazonaws.com:9443/webui:latest docker login ec2-54-80-142-101.compute-1.amazonaws.com:9443 -u admin -p ${{ secrets.DOCKER_PWD }} docker push ec2-54-80-142-101.compute-1.amazonaws.com:9443/webui:latest
- Code
deploy: name: Test Sample App Deploy needs: [build, buildwebui] permissions: write-all runs-on: self-hosted defaults: run: working-directory: ${{ github.workspace }}/deploy steps: - run: mkdir -p ./license - name: Download the OpenEdge License file run: wget -cO - ${{vars.NEXUS_URL}}/OpenEdge/linux/12.8.0/linux-12.8.0-license.cfg > ./license/progress.cfg --no-check-certificate - name: Undeploy previous version of Sample App run: sudo sh undeploy.sh - name: Deploy new version of Sample App run: sudo sh deploy.sh - name: Test the app run: echo "TODO" - name: Undeploy the app and clean up resources run: echo "TODO"
- Code
securityscans: name: Scan Docker Images for Security Vulnerabilities needs: [build, buildwebui] permissions: write-all runs-on: self-hosted steps: - name: Run security scan for Sports App docker image uses: aquasecurity/trivy-action@master with: image-ref: 'ec2-54-80-142-101.compute-1.amazonaws.com:9443/sports:latest' format: 'sarif' output: 'trivy-results-sports.sarif' - name: Upload security scan report of Sports App docker image to GitHub Security tab uses: github/codeql-action/upload-sarif@v2 with: sarif_file: 'trivy-results-sports.sarif' category: sports-app-scan - name: Run security scan for Web UI App docker image uses: aquasecurity/trivy-action@master with: image-ref: 'ec2-54-80-142-101.compute-1.amazonaws.com:9443/webui:latest' format: 'sarif' output: 'trivy-results-webui.sarif' - name: Upload security scan report of Web UI App docker image to GitHub Security tab uses: github/codeql-action/upload-sarif@v2 with: sarif_file: 'trivy-results-webui.sarif' category: webui-app-scan
- Code
stage: name: Stage Artifacts and Docker Images for Release needs: [deploy, securityscans] runs-on: self-hosted steps: - name: Publish Docker Images to Release Docker Registry run: echo "TODO"