Update README and Writerside docs #146
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| permissions: | |
| issues: write | |
| contents: read | |
| jobs: | |
| setup: | |
| name: Setup | |
| runs-on: ubuntu-latest | |
| outputs: | |
| cache-hit: ${{ steps.node-with-cache.outputs.cache-hit }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Setup node.js with node_modules cache | |
| id: node-with-cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Install npm packages | |
| run: npm ci | |
| linting: | |
| name: Linting | |
| runs-on: ubuntu-latest | |
| needs: setup | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Setup node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 18.x | |
| - name: Use cached node_modules | |
| run: npm ci --cache ~/.npm | |
| - name: Run linting and generate report | |
| run: npm run lint | |
| - name: Annotate code linting results | |
| uses: ataylorme/eslint-annotate-action@v3 | |
| with: | |
| report-json: 'lint_report.json' | |
| - name: Upload linting report | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: lint_report.json | |
| path: lint_report.json | |
| retention-days: 5 | |
| e2e-testing: | |
| name: E2E Testing | |
| runs-on: ubuntu-latest | |
| needs: linting | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Setup node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 18.x | |
| - name: Use cached node_modules | |
| run: npm ci --cache ~/.npm | |
| - name: Build application | |
| run: npm run build | |
| - name: Start server | |
| run: npm run start & | |
| - name: Wait for server to start | |
| run: npx wait-on http://localhost:3000 | |
| - name: Run e2e tests | |
| run: npx cypress run --reporter junit --reporter-options mochaFile=reports/TEST-[hash].xml | |
| - name: Upload e2e testing report | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: e2e_testing_report | |
| path: reports | |
| retention-days: 5 | |
| - name: Python setup | |
| if: always() | |
| uses: actions/setup-python@v3 | |
| with: | |
| python-version: '3.x' | |
| - name: Upload e2e testing results to TestRail | |
| env: | |
| TESTRAIL_EMAIL: ${{ secrets.TESTRAIL_EMAIL }} | |
| TESTRAIL_PASS: ${{ secrets.TESTRAIL_PASS }} | |
| if: always() | |
| run: | | |
| pip install trcli | |
| junitparser merge --glob "reports/TEST-*" "reports/junit-report.xml" | |
| trcli -y \ | |
| -h https://lukamlinaric.testrail.io/ \ | |
| --project "TestOps PoC" \ | |
| -u "$TESTRAIL_EMAIL" \ | |
| -p "$TESTRAIL_PASS" \ | |
| parse_junit \ | |
| --title "E2E Tests from CI/CD Pipeline" \ | |
| --run-description ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} \ | |
| -f "reports/junit-report.xml" | |
| performance-testing: | |
| name: Performance Testing | |
| runs-on: ubuntu-latest | |
| needs: e2e-testing | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Setup node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 18.x | |
| - name: Use cached node_modules | |
| run: npm ci --cache ~/.npm | |
| - name: Build application | |
| run: npm run build | |
| - name: Install k6 | |
| run: | | |
| curl https://github.com/grafana/k6/releases/download/v0.47.0/k6-v0.47.0-linux-amd64.tar.gz -L | tar xvz --strip-components 1 | |
| - name: Start server and run performance tests | |
| run: | | |
| npm start & npx wait-on http://localhost:3000 | |
| ./k6 run __tests__/performance/test.js --vus 50 --duration 15s --out json=performance-testing-report.json | |
| - name: Upload performance report | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: performance-testing-report | |
| path: performance-testing-report.json | |
| containerize-and-publish-image: | |
| name: Containerize and Publish Image | |
| runs-on: ubuntu-latest | |
| needs: performance-testing | |
| outputs: | |
| image-tag: ${{ steps.build-and-push.outputs.IMAGE_TAG }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Log in to dockerHub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - id: build-and-push | |
| name: Build and push docker image | |
| run: | | |
| IMAGE_TAG=${{ secrets.DOCKERHUB_USERNAME }}/nowted-app:${{ github.sha }} | |
| echo $IMAGE_TAG > image-tag.txt | |
| docker build -t $IMAGE_TAG . | |
| docker push $IMAGE_TAG | |
| - name: Upload IMAGE_TAG file | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: image-tag | |
| path: image-tag.txt | |
| security-testing: | |
| name: Security Testing | |
| runs-on: ubuntu-latest | |
| needs: containerize-and-publish-image | |
| outputs: | |
| full_scan_result: ${{ steps.store_full_scan_result.outputs.full_scan_result }} | |
| services: | |
| app: | |
| image: ${{ needs.containerize-and-publish-image.outputs.image-tag }} | |
| ports: | |
| - 3000:3000 | |
| steps: | |
| - name: Run ZAP full scan | |
| id: full_scan | |
| uses: zaproxy/action-full-scan@v0.10.0 | |
| with: | |
| target: 'http://app:3000' | |
| - name: Store security testing results | |
| id: store_full_scan_result | |
| run: | | |
| mkdir -p full_scan_results | |
| mv *.html full_scan_results/ || true | |
| FULL_RESULT_FILE=$(find full_scan_results -name "*.html" -type f) | |
| echo "::set-output name=full_scan_result::$FULL_RESULT_FILE" | |
| - name: Upload security testing report | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: security_testing_report | |
| path: ${{ steps.store_full_scan_result.outputs.full_scan_result }} | |
| retention-days: 5 | |
| deployment: | |
| name: Deploy to GKE Cluster | |
| runs-on: ubuntu-latest | |
| needs: security-testing | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - id: auth | |
| name: Authenticate with google cloud | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| credentials_json: '${{ secrets.GCP_CREDENTIALS }}' | |
| - name: Set up google cloud SDK | |
| uses: google-github-actions/setup-gcloud@v2 | |
| with: | |
| install_components: 'gke-gcloud-auth-plugin' | |
| - name: Configure kubectl | |
| run: | | |
| gcloud container clusters get-credentials autopilot-cluster-1 --region europe-central2 | |
| kubectl config current-context | |
| - name: Download IMAGE_TAG file | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: image-tag | |
| - name: Apply kubernetes manifests | |
| run: | | |
| IMAGE_TAG=$(cat image-tag.txt) | |
| echo "Using image tag: $IMAGE_TAG" | |
| sed -i "s|quiirex/nowted-app:latest|$IMAGE_TAG|g" k8s/resources.yaml | |
| cat k8s/resources.yaml | |
| kubectl apply -f k8s/resources.yaml | |
| - name: Verify deployment | |
| run: | | |
| echo "Checking deployment status..." | |
| kubectl rollout status deployment/testopspoc | |
| echo "Listing pods..." | |
| kubectl get pods |