Merge branch 'dev' into main
This commit is contained in:
GitHub
commit
bef5c18f55
3
.github/CODEOWNERS
vendored
3
.github/CODEOWNERS
vendored
@ -1,2 +1,5 @@
|
||||
/.github/ @ditkrg/devops
|
||||
/kubernetes/ @ditkrg/devops
|
||||
|
||||
/.dockerignore @ditkrg/devops
|
||||
/Dockerfile @ditkrg/devops
|
||||
|
||||
16
.github/dependabot.yml
vendored
Normal file
16
.github/dependabot.yml
vendored
Normal file
@ -0,0 +1,16 @@
|
||||
---
|
||||
version: 2
|
||||
updates:
|
||||
- package-ecosystem: "github-actions"
|
||||
directory: "/"
|
||||
target-branch: dev
|
||||
schedule:
|
||||
interval: "daily"
|
||||
reviewers:
|
||||
- "ditkrg/devops"
|
||||
|
||||
- package-ecosystem: "npm"
|
||||
directory: "/"
|
||||
target-branch: dev
|
||||
schedule:
|
||||
interval: "daily"
|
||||
11
.github/workflows/deploy-base.yaml
vendored
11
.github/workflows/deploy-base.yaml
vendored
@ -14,8 +14,7 @@ on:
|
||||
required: true
|
||||
|
||||
secrets:
|
||||
KUBECONFIG:
|
||||
required: true
|
||||
KUBECONFIG: { required: true }
|
||||
|
||||
env:
|
||||
NAMESPACE: dit-docs
|
||||
@ -30,20 +29,18 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Kubectl tool installer
|
||||
uses: Azure/setup-kubectl@v1
|
||||
uses: Azure/setup-kubectl@v3
|
||||
|
||||
- uses: azure/k8s-set-context@v1
|
||||
- uses: azure/k8s-set-context@v3
|
||||
with:
|
||||
method: kubeconfig
|
||||
kubeconfig: ${{ secrets.KUBECONFIG }}
|
||||
|
||||
- name: Setup Kustomize
|
||||
uses: imranismail/setup-kustomize@v1
|
||||
with:
|
||||
kustomize-version: "4.4.1"
|
||||
|
||||
- name: Edit kustomization file
|
||||
working-directory: kubernetes/base
|
||||
|
||||
55
.github/workflows/deploy-dev.yaml
vendored
55
.github/workflows/deploy-dev.yaml
vendored
@ -1,64 +1,43 @@
|
||||
---
|
||||
name: Deploy To Development
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- dev
|
||||
|
||||
paths-ignore:
|
||||
- "README.md"
|
||||
- ".vscode/**"
|
||||
|
||||
- ".github/**"
|
||||
- "!.github/workflows/tests-base.yaml"
|
||||
- "!.github/workflows/deploy-base.yaml"
|
||||
- "!.github/workflows/deploy-dev.yaml"
|
||||
|
||||
concurrency:
|
||||
group: deploy-dev
|
||||
cancel-in-progress: true
|
||||
|
||||
jobs:
|
||||
setup:
|
||||
name: Setup
|
||||
runs-on: ubuntu-20.04
|
||||
env:
|
||||
IMAGE: "reg.dev.krd/dit-docs/dsm-client:${{ github.ref_name }}"
|
||||
steps:
|
||||
- name: Extract image name
|
||||
run: echo "Using image name $IMAGE"
|
||||
outputs:
|
||||
image: ${{ env.IMAGE }}
|
||||
image-sha: ${{ env.IMAGE }}-${{ github.sha }}
|
||||
|
||||
test:
|
||||
uses: ditkrg/dit-digital-service-manual/.github/workflows/tests-base.yaml@dev
|
||||
uses: ./.github/workflows/tests-base.yaml
|
||||
|
||||
build-push:
|
||||
name: Build and Push
|
||||
needs: [setup, test]
|
||||
runs-on: ubuntu-20.04
|
||||
timeout-minutes: 10
|
||||
steps:
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
|
||||
- name: Login to Registry
|
||||
uses: docker/login-action@v1
|
||||
build:
|
||||
uses: ditkrg/build-image-workflow/.github/workflows/workflow.yaml@v1
|
||||
needs: test
|
||||
with:
|
||||
registry: reg.dev.krd
|
||||
image: dit-docs/dsm-client
|
||||
runs-on: "['ubuntu-latest']"
|
||||
secrets:
|
||||
username: ${{ secrets.HARBOR_PUBLIC_USER }}
|
||||
password: ${{ secrets.HARBOR_PUBLIC_TOKEN }}
|
||||
|
||||
- name: Build and push Docker images
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
push: true
|
||||
tags: |-
|
||||
${{ needs.setup.outputs.image }}
|
||||
${{ needs.setup.outputs.image-sha }}
|
||||
cache-from: type=registry,ref=${{ needs.setup.outputs.image }}
|
||||
cache-to: type=inline
|
||||
|
||||
deploy:
|
||||
uses: ditkrg/dit-digital-service-manual/.github/workflows/deploy-base.yaml@dev
|
||||
needs: [setup, build-push]
|
||||
uses: ./.github/workflows/deploy-base.yaml
|
||||
needs: build
|
||||
with:
|
||||
image: ${{ needs.setup.outputs.image-sha }}
|
||||
image: ${{ needs.build.outputs.tag }}
|
||||
env_url: https://service-manual.docs.dev.krd
|
||||
env_name: development
|
||||
|
||||
|
||||
55
.github/workflows/deploy-production.yaml
vendored
55
.github/workflows/deploy-production.yaml
vendored
@ -1,64 +1,43 @@
|
||||
---
|
||||
name: Deploy To Production
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
|
||||
paths-ignore:
|
||||
- "README.md"
|
||||
- ".vscode/**"
|
||||
|
||||
- ".github/**"
|
||||
- "!.github/workflows/tests-base.yaml"
|
||||
- "!.github/workflows/deploy-base.yaml"
|
||||
- "!.github/workflows/deploy-production.yaml"
|
||||
|
||||
concurrency:
|
||||
group: deploy-production
|
||||
cancel-in-progress: true
|
||||
cancel-in-progress: false
|
||||
|
||||
jobs:
|
||||
setup:
|
||||
name: Setup
|
||||
runs-on: ubuntu-20.04
|
||||
env:
|
||||
IMAGE: "reg.dev.krd/dit-docs/dsm-client:${{ github.ref_name }}"
|
||||
steps:
|
||||
- name: Extract image name
|
||||
run: echo "Using image name $IMAGE"
|
||||
outputs:
|
||||
image: ${{ env.IMAGE }}
|
||||
image-sha: ${{ env.IMAGE }}-${{ github.sha }}
|
||||
|
||||
test:
|
||||
uses: ditkrg/dit-digital-service-manual/.github/workflows/tests-base.yaml@main
|
||||
|
||||
build-push:
|
||||
name: Build and Push
|
||||
needs: [setup, test]
|
||||
runs-on: ubuntu-20.04
|
||||
timeout-minutes: 10
|
||||
steps:
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v1
|
||||
|
||||
- name: Login to Registry
|
||||
uses: docker/login-action@v1
|
||||
build:
|
||||
uses: ditkrg/build-image-workflow/.github/workflows/workflow.yaml@v1
|
||||
needs: test
|
||||
with:
|
||||
registry: reg.dev.krd
|
||||
image: dit-docs/dsm-client
|
||||
runs-on: "['ubuntu-latest']"
|
||||
secrets:
|
||||
username: ${{ secrets.HARBOR_PUBLIC_USER }}
|
||||
password: ${{ secrets.HARBOR_PUBLIC_TOKEN }}
|
||||
|
||||
- name: Build and push Docker images
|
||||
uses: docker/build-push-action@v2
|
||||
with:
|
||||
push: true
|
||||
tags: |-
|
||||
${{ needs.setup.outputs.image }}
|
||||
${{ needs.setup.outputs.image-sha }}
|
||||
cache-from: type=registry,ref=${{ needs.setup.outputs.image }}
|
||||
cache-to: type=inline
|
||||
|
||||
deploy:
|
||||
uses: ditkrg/dit-digital-service-manual/.github/workflows/deploy-base.yaml@main
|
||||
needs: [setup, build-push]
|
||||
uses: ./.github/workflows/deploy-base.yaml
|
||||
needs: build
|
||||
with:
|
||||
image: ${{ needs.setup.outputs.image-sha }}
|
||||
image: ${{ needs.build.outputs.tag }}
|
||||
env_url: https://docs.digital.gov.krd
|
||||
env_name: production
|
||||
|
||||
|
||||
16
.github/workflows/tests-base.yaml
vendored
16
.github/workflows/tests-base.yaml
vendored
@ -1,6 +1,16 @@
|
||||
---
|
||||
name: Run Tests
|
||||
|
||||
on:
|
||||
push:
|
||||
branches-ignore:
|
||||
- dev
|
||||
- main
|
||||
|
||||
paths-ignore:
|
||||
- "README.md"
|
||||
- ".vscode/**"
|
||||
|
||||
workflow_call:
|
||||
|
||||
jobs:
|
||||
@ -11,15 +21,13 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Kubectl tool installer
|
||||
uses: Azure/setup-kubectl@v1
|
||||
uses: Azure/setup-kubectl@v3
|
||||
|
||||
- name: Setup Kustomize
|
||||
uses: imranismail/setup-kustomize@v1
|
||||
with:
|
||||
kustomize-version: "4.4.1"
|
||||
|
||||
- name: Build k8s manifests
|
||||
working-directory: kubernetes
|
||||
|
||||
39
.github/workflows/tests-run.yaml
vendored
39
.github/workflows/tests-run.yaml
vendored
@ -1,39 +0,0 @@
|
||||
name: Run Tests
|
||||
|
||||
on:
|
||||
push:
|
||||
branches-ignore:
|
||||
- dev
|
||||
- staging
|
||||
- main
|
||||
paths-ignore:
|
||||
- "README.md"
|
||||
- ".vscode/**"
|
||||
|
||||
jobs:
|
||||
run-tests:
|
||||
name: Run Tests
|
||||
timeout-minutes: 10
|
||||
runs-on: ubuntu-20.04
|
||||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v2
|
||||
|
||||
- name: Kubectl tool installer
|
||||
uses: Azure/setup-kubectl@v1
|
||||
|
||||
- name: Setup Kustomize
|
||||
uses: imranismail/setup-kustomize@v1
|
||||
with:
|
||||
kustomize-version: "4.4.1"
|
||||
|
||||
- name: Build k8s manifests
|
||||
working-directory: kubernetes
|
||||
run: |
|
||||
envs=( "development" "production" )
|
||||
|
||||
for i in "${envs[@]}"
|
||||
do
|
||||
kustomize build "$i"
|
||||
done
|
||||
19
Dockerfile
19
Dockerfile
@ -1,4 +1,4 @@
|
||||
FROM node:16 as build-stage
|
||||
FROM node:16 as build
|
||||
|
||||
WORKDIR /app
|
||||
|
||||
@ -13,7 +13,18 @@ COPY *.js ./
|
||||
|
||||
RUN npm run build
|
||||
|
||||
FROM nginx:stable-alpine AS production
|
||||
RUN echo "nobody:x:1001:1001:nobody:/:" > /etc_passwd
|
||||
RUN chown -R 1001:1001 /app/build
|
||||
|
||||
COPY --from=build-stage /app/build /usr/share/nginx/html
|
||||
EXPOSE 80
|
||||
FROM reg.dev.krd/hub.docker/joseluisq/static-web-server:2 AS production
|
||||
|
||||
COPY --from=build /app/build /public
|
||||
COPY --from=build /etc_passwd /etc/passwd
|
||||
|
||||
ENV SERVER_PORT=8080
|
||||
ENV SERVER_LOG_LEVEL=info
|
||||
ENV SERVER_FALLBACK_PAGE=/public/404.html
|
||||
|
||||
USER nobody
|
||||
|
||||
EXPOSE 8080
|
||||
|
||||
@ -7,6 +7,7 @@ metadata:
|
||||
app: dsm-client
|
||||
|
||||
spec:
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app: dsm-client
|
||||
@ -17,33 +18,32 @@ spec:
|
||||
app: dsm-client
|
||||
|
||||
spec:
|
||||
securityContext:
|
||||
runAsUser: 1001
|
||||
runAsGroup: 1001
|
||||
runAsNonRoot: true
|
||||
|
||||
containers:
|
||||
- name: dsm-client
|
||||
image: IMAGE
|
||||
resources:
|
||||
limits:
|
||||
memory: 32Mi
|
||||
cpu: 500m
|
||||
requests:
|
||||
memory: 32Mi
|
||||
cpu: 5m
|
||||
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 80
|
||||
containerPort: 8080
|
||||
|
||||
resources:
|
||||
limits:
|
||||
cpu: 100m
|
||||
memory: 32Mi
|
||||
requests:
|
||||
cpu: 5m
|
||||
memory: 32Mi
|
||||
|
||||
livenessProbe:
|
||||
tcpSocket:
|
||||
port: http
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 5
|
||||
failureThreshold: 6
|
||||
successThreshold: 1
|
||||
|
||||
readinessProbe:
|
||||
tcpSocket:
|
||||
port: http
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 3
|
||||
failureThreshold: 3
|
||||
successThreshold: 1
|
||||
initialDelaySeconds: 5
|
||||
|
||||
@ -6,6 +6,8 @@ metadata:
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
|
||||
spec:
|
||||
tls:
|
||||
- secretName: ingress-cert-dit-docs-dsm-client
|
||||
rules:
|
||||
- http:
|
||||
paths:
|
||||
@ -14,5 +16,4 @@ spec:
|
||||
backend:
|
||||
service:
|
||||
name: service
|
||||
port:
|
||||
number: 80
|
||||
port: { name: http }
|
||||
|
||||
@ -10,4 +10,6 @@ spec:
|
||||
app: dsm-client
|
||||
ports:
|
||||
- port: 80
|
||||
name: http
|
||||
targetPort: http
|
||||
type: ClusterIP
|
||||
|
||||
@ -1,9 +1,8 @@
|
||||
---
|
||||
- op: add
|
||||
path: /spec/rules/0/host
|
||||
value: service-manual.docs.dev.krd
|
||||
- op: add
|
||||
path: /spec/tls
|
||||
path: /spec/tls/0/hosts
|
||||
value:
|
||||
- hosts:
|
||||
- service-manual.docs.dev.krd
|
||||
secretName: ingress-cert-dit-docs-dsm-client
|
||||
|
||||
@ -1,9 +1,8 @@
|
||||
---
|
||||
- op: add
|
||||
path: /spec/rules/0/host
|
||||
value: docs.digital.gov.krd
|
||||
- op: add
|
||||
path: /spec/tls
|
||||
path: /spec/tls/0/hosts
|
||||
value:
|
||||
- hosts:
|
||||
- docs.digital.gov.krd
|
||||
secretName: ingress-cert-dit-docs-dsm-client
|
||||
|
||||
Loading…
Reference in New Issue
Block a user