full pipeline test for backend-api #64
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Backend API CI/CD | |
| on: | |
| push: | |
| env: | |
| GCP_PROJECT: ${{ secrets.GCP_PROJECT_ID }} | |
| jobs: | |
| compile-and-test: | |
| name: Compile and test application | |
| runs-on: ubuntu-latest | |
| defaults: | |
| run: | |
| working-directory: ./backendAPI | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v4 | |
| - name: Setup Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '>=1.17.0' | |
| - name: Install dependencies | |
| run: go mod download | |
| - name: Run tests | |
| run: go test -v ./... | |
| file-system-scan: | |
| name: File System Scan | |
| runs-on: ubuntu-latest | |
| needs: compile-and-test | |
| defaults: | |
| run: | |
| working-directory: ./backendAPI | |
| permissions: | |
| contents: read | |
| security-events: write | |
| actions: read | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| language: [ 'go' ] | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v4 | |
| - name: Setup Go for Auto Build | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '>=1.17.0' | |
| - name: Run Trivy file system scan | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: 'fs' | |
| scan-ref: '.' | |
| severity: CRITICAL | |
| ignore-unfixed: true | |
| format: sarif | |
| output: trivy-filesystem-report.sarif | |
| - name: Upload Trivy file system scan result | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: trivy-filesystem-report.sarif | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v3 | |
| with: | |
| languages: ${{ matrix.language }} | |
| - name: Autobuild | |
| uses: github/codeql-action/autobuild@v3 | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v3 | |
| with: | |
| category: "/languages:${{matrix.language}}" | |
| containerize: | |
| name: Containerize application | |
| runs-on: ubuntu-latest | |
| needs: file-system-scan | |
| defaults: | |
| run: | |
| working-directory: ./backendAPI | |
| permissions: | |
| contents: read | |
| security-events: write | |
| actions: read | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v4 | |
| - name: Authenticate to Google Cloud | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| credentials_json: ${{ secrets.GCP_SA_KEY }} | |
| - name: Setup Google Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v2 | |
| with: | |
| project_id: ${{ secrets.GCP_PROJECT_ID }} | |
| - name: Build Docker image | |
| run: | | |
| docker build -t ${{ secrets.GCP_REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/portfolio/backend-api:${{ github.sha }} . | |
| - name: Run Trivy container image scan | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: ${{ secrets.GCP_REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/portfolio/backend-api:${{ github.sha }} | |
| format: sarif | |
| output: trivy-image-report.sarif | |
| - name: Upload Trivy container image scan result | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: trivy-image-report.sarif | |
| - name: Docker Auth | |
| run: |- | |
| gcloud auth configure-docker ${{ secrets.GCP_REGION }}-docker.pkg.dev --quiet | |
| - name: Push Docker image | |
| run: | | |
| docker push ${{ secrets.GCP_REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/portfolio/backend-api:${{ github.sha }} | |
| deploy: | |
| name: Deploy application to Cloud Run | |
| runs-on: ubuntu-latest | |
| needs: containerize | |
| defaults: | |
| run: | |
| working-directory: ./backendAPI | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v4 | |
| - name: Authenticate to Google Cloud | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| credentials_json: ${{ secrets.GCP_SA_KEY }} | |
| - name: Setup Google Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v2 | |
| with: | |
| project_id: ${{ secrets.GCP_PROJECT_ID }} | |
| - name: Update Cloud Run Config file | |
| run : |- | |
| sed -i "s|<IMAGE>|${{ secrets.GCP_REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/portfolio/backend-api:${{ github.sha }}|g" ./cloud-run-config.yaml | |
| - name: Deploy to Cloud Run | |
| run: |- | |
| gcloud run deploy backend-api --image=${{ secrets.GCP_REGION }}-docker.pkg.dev/${{ secrets.GCP_PROJECT_ID }}/portfolio/backend-api:${{ github.sha }} --platform=managed --allow-unauthenticated --region=${{ secrets.GCP_REGION }} --cpu=2 --memory=1024Mi --max-instances=2 --port=3000 --set-secrets=MONGOURI=MONGOURI:1 | |
| - name: Print service URL | |
| run: gcloud run services describe backend-api --region=${{ secrets.GCP_REGION }} --format='value(status.url)' |