setting: Add github action build script (#6) #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: AWS ECR push & deploy k8s | |
| on: | |
| push: | |
| branches: [ Cicd/2-add-script-file ] | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout source code | |
| uses: actions/checkout@v2 | |
| - name: AWS ECR push & deploy k8s | |
| run: | | |
| curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.1/install.sh | bash | |
| export NVM_DIR="$HOME/.nvm" | |
| [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" | |
| [ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" | |
| nvm install 16 | |
| nvm use v16 | |
| npm install | |
| npm run build | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ap-northeast-2 | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Get image tag(verion) | |
| id: image | |
| run: | | |
| VERSION=$(echo ${{ github.sha }} | cut -c1-8) | |
| echo VERSION=$VERSION | |
| echo "::set-output name=version::$VERSION" | |
| - name: Build, tag, and push image to Amazon ECR | |
| id: image-info | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| ECR_REPOSITORY: demo-moreview-backend | |
| IMAGE_TAG: ${{ steps.image.outputs.version }} | |
| run: | | |
| echo "::set-output name=ecr_repository::$ECR_REPOSITORY" | |
| echo "::set-output name=image_tag::$IMAGE_TAG" | |
| docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: '${{ steps.login-ecr.outputs.registry}}/${{ steps.image-info.outputs.ecr_repository }}:${{ steps.image-info.outputs.image_tag }}' | |
| format: 'table' | |
| exit-code: '0' | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| - name: Push image to Amazon ECR | |
| run: | | |
| docker push ${{ steps.login-ecr.outputs.registry}}/${{ steps.image-info.outputs.ecr_repository }}:${{ steps.image-info.outputs.image_tag }} | |
| - name: Setup Kustomize | |
| uses: imranismail/setup-kustomize@v1 | |
| - name: Checkout kustomize repository | |
| uses: actions/checkout@v2 | |
| with: | |
| repository: TUK-MoreView/k8s-manifest-repo | |
| ref: main | |
| token: ${{ secrets.ACTION_TOKEN }} | |
| path: k8s-manifest-repo | |
| - name: Update Kubernetes resources | |
| run: | | |
| echo ${{ steps.login-ecr.outputs.registry }} | |
| echo ${{ steps.image-info.outputs.ecr_repository }} | |
| echo ${{ steps.image-info.outputs.image_tag }} | |
| cd k8s-manifest-repo/overlays/dev/ | |
| kustomize edit set image ${{ steps.login-ecr.outputs.registry}}/${{ steps.image-info.outputs.ecr_repository }}=${{ steps.login-ecr.outputs.registry}}/${{ steps.image-info.outputs.ecr_repository }}:${{ steps.image-info.outputs.image_tag }} | |
| cat kustomization.yaml | |
| - name: Commit files | |
| run: | | |
| cd k8s-manifest-repo | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "why-only-english" | |
| git commit -am "Update image tag" | |
| git push -u origin main | |