stephen/harbor-ci-cd-demo
1
0
Fork 0
Code Issues Pull Requests Actions Releases Wiki Activity

Debug smaller section
Some checks failed
CI/CD Pipeline - Build, Test, and Deploy / 🏗️ Build & Push Image (push) Has been cancelled
Details
CI/CD Pipeline - Build, Test, and Deploy / 🧹 Cleanup (push) Has been cancelled
Details

Browse Source
This commit is contained in:
stephenminakian
2025-07-03 08:47:00 -06:00
parent 5bdd6b2d29
commit 95e6532ada
1 changed files with 132 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

258
.gitea/workflows/ci-cd.yml
View File

@ -14,64 +14,64 @@ env:
jobs: jobs:
# Job 1: Lint and Test # Job 1: Lint and Test
test: # test:
name: 🧪 Test & Lint # name: 🧪 Test & Lint
runs-on: ubuntu-latest # runs-on: ubuntu-latest
steps: # steps:
- name: Checkout code # - name: Checkout code
uses: actions/checkout@v4 # uses: actions/checkout@v4
- name: Setup Node.js # - name: Setup Node.js
uses: actions/setup-node@v4 # uses: actions/setup-node@v4
with: # with:
node-version: ${{ env.NODE_VERSION }} # node-version: ${{ env.NODE_VERSION }}
cache: 'npm' # cache: 'npm'
- name: Install dependencies # - name: Install dependencies
run: npm ci # run: npm ci
- name: Run linting # - name: Run linting
run: npm run lint # run: npm run lint
- name: Run tests # - name: Run tests
run: npm run test:coverage # run: npm run test:coverage
- name: Upload test results # - name: Upload test results
uses: actions/upload-artifact@v3 # uses: actions/upload-artifact@v3
if: always() # if: always()
with: # with:
name: test-results # name: test-results
path: | # path: |
coverage/ # coverage/
test-results.xml # test-results.xml
# Job 2: Security Scan # # Job 2: Security Scan
security: # security:
name: 🔒 Security Scan # name: 🔒 Security Scan
runs-on: ubuntu-latest # runs-on: ubuntu-latest
steps: # steps:
- name: Checkout code # - name: Checkout code
uses: actions/checkout@v4 # uses: actions/checkout@v4
- name: Setup Node.js # - name: Setup Node.js
uses: actions/setup-node@v4 # uses: actions/setup-node@v4
with: # with:
node-version: ${{ env.NODE_VERSION }} # node-version: ${{ env.NODE_VERSION }}
cache: 'npm' # cache: 'npm'
- name: Install dependencies # - name: Install dependencies
run: npm ci # run: npm ci
- name: Run security audit # - name: Run security audit
run: npm audit --audit-level=high # run: npm audit --audit-level=high
- name: Check for vulnerabilities # - name: Check for vulnerabilities
run: | # run: |
if npm audit --audit-level=moderate --json | jq '.vulnerabilities | length' | grep -v '^0$'; then # if npm audit --audit-level=moderate --json | jq '.vulnerabilities | length' | grep -v '^0$'; then
echo "Vulnerabilities found!" # echo "Vulnerabilities found!"
npm audit --audit-level=moderate # npm audit --audit-level=moderate
exit 1 # exit 1
fi # fi
# Job 3: Build and Push Docker Image # Job 3: Build and Push Docker Image
build: build:
@ -124,8 +124,12 @@ jobs:
run: | run: |
# Install syft # Install syft
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
echo "${{ secrets.HARBOR_TOKEN }}"
echo "${{ env.REGISTRY }}"
echo "${{ secrets.HARBOR_USERNAME }}"
echo "${{ env.IMAGE_NAME }}"
# Login to registry (if needed) # Login to registry - use the REGISTRY variable for the URL
echo "${{ secrets.HARBOR_TOKEN }}" | docker login ${{ env.REGISTRY }} -u ${{ secrets.HARBOR_USERNAME }} --password-stdin echo "${{ secrets.HARBOR_TOKEN }}" | docker login ${{ env.REGISTRY }} -u ${{ secrets.HARBOR_USERNAME }} --password-stdin
# Generate SBOM using latest tag # Generate SBOM using latest tag
@ -146,93 +150,93 @@ jobs:
path: sbom.spdx.json path: sbom.spdx.json
# Job 4: Image Security Scan # Job 4: Image Security Scan
scan: # scan:
name: 🛡️ Image Security Scan # name: 🛡️ Image Security Scan
runs-on: ubuntu-latest # runs-on: ubuntu-latest
needs: build # needs: build
if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' # if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
steps: # steps:
- name: Login to Harbor Registry # - name: Login to Harbor Registry
uses: docker/login-action@v3 # uses: docker/login-action@v3
with: # with:
registry: ${{ env.REGISTRY }} # registry: ${{ env.REGISTRY }}
username: ${{ secrets.HARBOR_USERNAME }} # username: ${{ secrets.HARBOR_USERNAME }}
password: ${{ secrets.HARBOR_TOKEN }} # password: ${{ secrets.HARBOR_TOKEN }}
- name: Run Trivy vulnerability scanner # - name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master # uses: aquasecurity/trivy-action@master
with: # with:
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} # image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
format: 'sarif' # format: 'sarif'
output: 'trivy-results.sarif' # output: 'trivy-results.sarif'
- name: Upload Trivy scan results # - name: Upload Trivy scan results
uses: actions/upload-artifact@v3 # uses: actions/upload-artifact@v3
with: # with:
name: trivy-scan-results # name: trivy-scan-results
path: trivy-results.sarif # path: trivy-results.sarif
- name: Check for HIGH/CRITICAL vulnerabilities # - name: Check for HIGH/CRITICAL vulnerabilities
uses: aquasecurity/trivy-action@master # uses: aquasecurity/trivy-action@master
with: # with:
image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }} # image-ref: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
format: 'json' # format: 'json'
output: 'trivy-results.json' # output: 'trivy-results.json'
exit-code: '1' # exit-code: '1'
severity: 'HIGH,CRITICAL' # severity: 'HIGH,CRITICAL'
# Job 5: Deploy to Development # # Job 5: Deploy to Development
deploy-dev: # deploy-dev:
name: 🚀 Deploy to Development # name: 🚀 Deploy to Development
runs-on: ubuntu-latest # runs-on: ubuntu-latest
needs: [build, scan] # needs: [build, scan]
if: github.ref == 'refs/heads/develop' # if: github.ref == 'refs/heads/develop'
environment: development # environment: development
steps: # steps:
- name: Deploy to development environment # - name: Deploy to development environment
run: | # run: |
echo "🚀 Deploying to development environment" # echo "🚀 Deploying to development environment"
echo "Image: ${{ needs.build.outputs.image-tag }}" # echo "Image: ${{ needs.build.outputs.image-tag }}"
echo "Digest: ${{ needs.build.outputs.image-digest }}" # echo "Digest: ${{ needs.build.outputs.image-digest }}"
# Add actual deployment commands here # # Add actual deployment commands here
# For example: kubectl, docker-compose, or API calls # # For example: kubectl, docker-compose, or API calls
# Job 6: Deploy to Production # # Job 6: Deploy to Production
deploy-prod: # deploy-prod:
name: 🏭 Deploy to Production # name: 🏭 Deploy to Production
runs-on: ubuntu-latest # runs-on: ubuntu-latest
needs: [build, scan] # needs: [build, scan]
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master' # if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master'
environment: production # environment: production
steps: # steps:
- name: Checkout code # - name: Checkout code
uses: actions/checkout@v4 # uses: actions/checkout@v4
- name: Deploy to production # - name: Deploy to production
run: | # run: |
echo "🏭 Deploying to production environment" # echo "🏭 Deploying to production environment"
echo "Image: ${{ needs.build.outputs.image-tag }}" # echo "Image: ${{ needs.build.outputs.image-tag }}"
echo "Digest: ${{ needs.build.outputs.image-digest }}" # echo "Digest: ${{ needs.build.outputs.image-digest }}"
# Example deployment script # # Example deployment script
# In a real scenario, you might: # # In a real scenario, you might:
# 1. SSH to your server # # 1. SSH to your server
# 2. Pull the new image # # 2. Pull the new image
# 3. Update docker-compose.yml # # 3. Update docker-compose.yml
# 4. Restart the service # # 4. Restart the service
# 5. Run health checks # # 5. Run health checks
- name: Health check after deployment # - name: Health check after deployment
run: | # run: |
echo "🔍 Running post-deployment health checks" # echo "🔍 Running post-deployment health checks"
# Add health check commands here # # Add health check commands here
# curl -f http://your-app-url/health || exit 1 # # curl -f http://your-app-url/health || exit 1
- name: Notify deployment success # - name: Notify deployment success
run: | # run: |
echo "✅ Deployment completed successfully!" # echo "✅ Deployment completed successfully!"
echo "🌐 Application URL: https://your-domain.com" # echo "🌐 Application URL: https://your-domain.com"
echo "📊 Monitoring: https://your-domain.com/health/detailed" # echo "📊 Monitoring: https://your-domain.com/health/detailed"
# Job 7: Cleanup # Job 7: Cleanup
cleanup: cleanup: