ditkrg/dit-digital-service-manual
4
0
Fork 0
Code Issues Pull Requests Packages Projects 1 Releases Wiki Activity

Merge branch 'dev' into main

Browse Source
This commit is contained in:
Shkar T. Noori 2022-10-31 15:21:49 +03:00 committed by GitHub
commit bef5c18f55
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 118 additions and 163 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.github/CODEOWNERS vendored
View File

@ -1,2 +1,5 @@
/.github/ @ditkrg/devops /.github/ @ditkrg/devops
/kubernetes/ @ditkrg/devops /kubernetes/ @ditkrg/devops
/.dockerignore @ditkrg/devops
/Dockerfile @ditkrg/devops

16
.github/dependabot.yml vendored Normal file
View File

@ -0,0 +1,16 @@
---
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
target-branch: dev
schedule:
interval: "daily"
reviewers:
- "ditkrg/devops"
- package-ecosystem: "npm"
directory: "/"
target-branch: dev
schedule:
interval: "daily"

11
.github/workflows/deploy-base.yaml vendored
View File

@ -14,8 +14,7 @@ on:
required: true required: true
secrets: secrets:
KUBECONFIG: KUBECONFIG: { required: true }
required: true
env: env:
NAMESPACE: dit-docs NAMESPACE: dit-docs
@ -30,20 +29,18 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v2 uses: actions/checkout@v3
- name: Kubectl tool installer - name: Kubectl tool installer
uses: Azure/setup-kubectl@v1 uses: Azure/setup-kubectl@v3
- uses: azure/k8s-set-context@v1 - uses: azure/k8s-set-context@v3
with: with:
method: kubeconfig method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }} kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Setup Kustomize - name: Setup Kustomize
uses: imranismail/setup-kustomize@v1 uses: imranismail/setup-kustomize@v1
with:
kustomize-version: "4.4.1"
- name: Edit kustomization file - name: Edit kustomization file
working-directory: kubernetes/base working-directory: kubernetes/base

61
.github/workflows/deploy-dev.yaml vendored
View File

@ -1,64 +1,43 @@
---
name: Deploy To Development name: Deploy To Development
on: on:
push: push:
branches: branches:
- dev - dev
paths-ignore: paths-ignore:
- "README.md" - "README.md"
- ".vscode/**" - ".vscode/**"
- ".github/**"
- "!.github/workflows/tests-base.yaml"
- "!.github/workflows/deploy-base.yaml"
- "!.github/workflows/deploy-dev.yaml"
concurrency: concurrency:
group: deploy-dev group: deploy-dev
cancel-in-progress: true cancel-in-progress: true
jobs: jobs:
setup:
name: Setup
runs-on: ubuntu-20.04
env:
IMAGE: "reg.dev.krd/dit-docs/dsm-client:${{ github.ref_name }}"
steps:
- name: Extract image name
run: echo "Using image name $IMAGE"
outputs:
image: ${{ env.IMAGE }}
image-sha: ${{ env.IMAGE }}-${{ github.sha }}
test: test:
uses: ditkrg/dit-digital-service-manual/.github/workflows/tests-base.yaml@dev uses: ./.github/workflows/tests-base.yaml
build-push: build:
name: Build and Push uses: ditkrg/build-image-workflow/.github/workflows/workflow.yaml@v1
needs: [setup, test] needs: test
runs-on: ubuntu-20.04 with:
timeout-minutes: 10 image: dit-docs/dsm-client
steps: runs-on: "['ubuntu-latest']"
- name: Set up Docker Buildx secrets:
uses: docker/setup-buildx-action@v1 username: ${{ secrets.HARBOR_PUBLIC_USER }}
password: ${{ secrets.HARBOR_PUBLIC_TOKEN }}
- name: Login to Registry
uses: docker/login-action@v1
with:
registry: reg.dev.krd
username: ${{ secrets.HARBOR_PUBLIC_USER }}
password: ${{ secrets.HARBOR_PUBLIC_TOKEN }}
- name: Build and push Docker images
uses: docker/build-push-action@v2
with:
push: true
tags: |-
${{ needs.setup.outputs.image }}
${{ needs.setup.outputs.image-sha }}
cache-from: type=registry,ref=${{ needs.setup.outputs.image }}
cache-to: type=inline
deploy: deploy:
uses: ditkrg/dit-digital-service-manual/.github/workflows/deploy-base.yaml@dev uses: ./.github/workflows/deploy-base.yaml
needs: [setup, build-push] needs: build
with: with:
image: ${{ needs.setup.outputs.image-sha }} image: ${{ needs.build.outputs.tag }}
env_url: https://service-manual.docs.dev.krd env_url: https://service-manual.docs.dev.krd
env_name: development env_name: development

61
.github/workflows/deploy-production.yaml vendored
View File

@ -1,64 +1,43 @@
---
name: Deploy To Production name: Deploy To Production
on: on:
push: push:
branches: branches:
- main - main
paths-ignore: paths-ignore:
- "README.md" - "README.md"
- ".vscode/**" - ".vscode/**"
- ".github/**"
- "!.github/workflows/tests-base.yaml"
- "!.github/workflows/deploy-base.yaml"
- "!.github/workflows/deploy-production.yaml"
concurrency: concurrency:
group: deploy-production group: deploy-production
cancel-in-progress: true cancel-in-progress: false
jobs: jobs:
setup:
name: Setup
runs-on: ubuntu-20.04
env:
IMAGE: "reg.dev.krd/dit-docs/dsm-client:${{ github.ref_name }}"
steps:
- name: Extract image name
run: echo "Using image name $IMAGE"
outputs:
image: ${{ env.IMAGE }}
image-sha: ${{ env.IMAGE }}-${{ github.sha }}
test: test:
uses: ditkrg/dit-digital-service-manual/.github/workflows/tests-base.yaml@main uses: ditkrg/dit-digital-service-manual/.github/workflows/tests-base.yaml@main
build-push: build:
name: Build and Push uses: ditkrg/build-image-workflow/.github/workflows/workflow.yaml@v1
needs: [setup, test] needs: test
runs-on: ubuntu-20.04 with:
timeout-minutes: 10 image: dit-docs/dsm-client
steps: runs-on: "['ubuntu-latest']"
- name: Set up Docker Buildx secrets:
uses: docker/setup-buildx-action@v1 username: ${{ secrets.HARBOR_PUBLIC_USER }}
password: ${{ secrets.HARBOR_PUBLIC_TOKEN }}
- name: Login to Registry
uses: docker/login-action@v1
with:
registry: reg.dev.krd
username: ${{ secrets.HARBOR_PUBLIC_USER }}
password: ${{ secrets.HARBOR_PUBLIC_TOKEN }}
- name: Build and push Docker images
uses: docker/build-push-action@v2
with:
push: true
tags: |-
${{ needs.setup.outputs.image }}
${{ needs.setup.outputs.image-sha }}
cache-from: type=registry,ref=${{ needs.setup.outputs.image }}
cache-to: type=inline
deploy: deploy:
uses: ditkrg/dit-digital-service-manual/.github/workflows/deploy-base.yaml@main uses: ./.github/workflows/deploy-base.yaml
needs: [setup, build-push] needs: build
with: with:
image: ${{ needs.setup.outputs.image-sha }} image: ${{ needs.build.outputs.tag }}
env_url: https://docs.digital.gov.krd env_url: https://docs.digital.gov.krd
env_name: production env_name: production

18
.github/workflows/tests-base.yaml vendored
View File

@ -1,6 +1,16 @@
---
name: Run Tests name: Run Tests
on: on:
push:
branches-ignore:
- dev
- main
paths-ignore:
- "README.md"
- ".vscode/**"
workflow_call: workflow_call:
jobs: jobs:
@ -11,15 +21,13 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v2 uses: actions/checkout@v3
- name: Kubectl tool installer - name: Kubectl tool installer
uses: Azure/setup-kubectl@v1 uses: Azure/setup-kubectl@v3
- name: Setup Kustomize - name: Setup Kustomize
uses: imranismail/setup-kustomize@v1 uses: imranismail/setup-kustomize@v1
with:
kustomize-version: "4.4.1"
- name: Build k8s manifests - name: Build k8s manifests
working-directory: kubernetes working-directory: kubernetes
@ -27,6 +35,6 @@ jobs:
envs=( "development" "production" ) envs=( "development" "production" )
for i in "${envs[@]}" for i in "${envs[@]}"
do do
kustomize build "$i" kustomize build "$i"
done done

39
.github/workflows/tests-run.yaml vendored
View File

@ -1,39 +0,0 @@
name: Run Tests
on:
push:
branches-ignore:
- dev
- staging
- main
paths-ignore:
- "README.md"
- ".vscode/**"
jobs:
run-tests:
name: Run Tests
timeout-minutes: 10
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Kubectl tool installer
uses: Azure/setup-kubectl@v1
- name: Setup Kustomize
uses: imranismail/setup-kustomize@v1
with:
kustomize-version: "4.4.1"
- name: Build k8s manifests
working-directory: kubernetes
run: |
envs=( "development" "production" )
for i in "${envs[@]}"
do
kustomize build "$i"
done

19
Dockerfile
View File

@ -1,4 +1,4 @@
FROM node:16 as build-stage FROM node:16 as build
WORKDIR /app WORKDIR /app
@ -13,7 +13,18 @@ COPY *.js ./
RUN npm run build RUN npm run build
FROM nginx:stable-alpine AS production RUN echo "nobody:x:1001:1001:nobody:/:" > /etc_passwd
RUN chown -R 1001:1001 /app/build
COPY --from=build-stage /app/build /usr/share/nginx/html FROM reg.dev.krd/hub.docker/joseluisq/static-web-server:2 AS production
EXPOSE 80
COPY --from=build /app/build /public
COPY --from=build /etc_passwd /etc/passwd
ENV SERVER_PORT=8080
ENV SERVER_LOG_LEVEL=info
ENV SERVER_FALLBACK_PAGE=/public/404.html
USER nobody
EXPOSE 8080

32
kubernetes/base/deployment.yaml
View File

@ -7,6 +7,7 @@ metadata:
app: dsm-client app: dsm-client
spec: spec:
replicas: 2
selector: selector:
matchLabels: matchLabels:
app: dsm-client app: dsm-client
@ -17,33 +18,32 @@ spec:
app: dsm-client app: dsm-client
spec: spec:
securityContext:
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
containers: containers:
- name: dsm-client - name: dsm-client
image: IMAGE image: IMAGE
resources:
limits:
memory: 32Mi
cpu: 500m
requests:
memory: 32Mi
cpu: 5m
ports: ports:
- name: http - name: http
containerPort: 80 containerPort: 8080
resources:
limits:
cpu: 100m
memory: 32Mi
requests:
cpu: 5m
memory: 32Mi
livenessProbe: livenessProbe:
tcpSocket: tcpSocket:
port: http port: http
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
readinessProbe: readinessProbe:
tcpSocket: tcpSocket:
port: http port: http
periodSeconds: 5 periodSeconds: 5
timeoutSeconds: 3
failureThreshold: 3
successThreshold: 1
initialDelaySeconds: 5

5
kubernetes/base/ingress.yaml
View File

@ -6,6 +6,8 @@ metadata:
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
spec: spec:
tls:
- secretName: ingress-cert-dit-docs-dsm-client
rules: rules:
- http: - http:
paths: paths:
@ -14,5 +16,4 @@ spec:
backend: backend:
service: service:
name: service name: service
port: port: { name: http }
number: 80

2
kubernetes/base/service.yaml
View File

@ -10,4 +10,6 @@ spec:
app: dsm-client app: dsm-client
ports: ports:
- port: 80 - port: 80
name: http
targetPort: http
type: ClusterIP type: ClusterIP

7
kubernetes/development/patches/ingress-host.yaml
View File

@ -1,9 +1,8 @@
---
- op: add - op: add
path: /spec/rules/0/host path: /spec/rules/0/host
value: service-manual.docs.dev.krd value: service-manual.docs.dev.krd
- op: add - op: add
path: /spec/tls path: /spec/tls/0/hosts
value: value:
- hosts: - service-manual.docs.dev.krd
- service-manual.docs.dev.krd
secretName: ingress-cert-dit-docs-dsm-client

7
kubernetes/production/patches/ingress-host.yaml
View File

@ -1,9 +1,8 @@
---
- op: add - op: add
path: /spec/rules/0/host path: /spec/rules/0/host
value: docs.digital.gov.krd value: docs.digital.gov.krd
- op: add - op: add
path: /spec/tls path: /spec/tls/0/hosts
value: value:
- hosts: - docs.digital.gov.krd
- docs.digital.gov.krd
secretName: ingress-cert-dit-docs-dsm-client