├── .github └── workflows │ ├── clojure.yml │ ├── erlang.yml │ ├── elixir.yml │ ├── CICD.yml │ ├── python-package-conda.yml │ ├── tencent.yml │ ├── ibm.yml │ ├── azure-webapps-node.yml │ ├── google.yml │ ├── terraform.yml │ ├── aws.yml │ ├── alibabacloud.yml │ └── openshift.yml └── README.md /.github/workflows/clojure.yml: -------------------------------------------------------------------------------- 1 | name: Clojure CI 2 | 3 | on: 4 | push: 5 | branches: [ main ] 6 | pull_request: 7 | branches: [ main ] 8 | 9 | jobs: 10 | build: 11 | 12 | runs-on: ubuntu-latest 13 | 14 | steps: 15 | - uses: actions/checkout@v2 16 | - name: Install dependencies 17 | run: lein deps 18 | - name: Run tests 19 | run: lein test 20 | -------------------------------------------------------------------------------- /.github/workflows/erlang.yml: -------------------------------------------------------------------------------- 1 | name: Erlang CI 2 | 3 | on: 4 | push: 5 | branches: [ main ] 6 | pull_request: 7 | branches: [ main ] 8 | 9 | jobs: 10 | 11 | build: 12 | 13 | runs-on: ubuntu-latest 14 | 15 | container: 16 | image: erlang:22.0.7 17 | 18 | steps: 19 | - uses: actions/checkout@v2 20 | - name: Compile 21 | run: rebar3 compile 22 | - name: Run tests 23 | run: rebar3 do eunit, ct 24 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Enviroment_Testing 2 | 3 | **Offical Doc Link** - ***https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment/*** 4 | 5 | 6 | Environments are used to describe a general deployment target like production, staging, or development. When a GitHub Actions workflow deploys to an environment, the environment is displayed on the main page of the repository. For more information about viewing deployments to environments 7 | 8 | 9 | #### Hope you liked this project, dont forget to ⭐ the repo. 10 | -------------------------------------------------------------------------------- /.github/workflows/elixir.yml: -------------------------------------------------------------------------------- 1 | name: Elixir CI 2 | 3 | on: 4 | push: 5 | branches: [ main ] 6 | pull_request: 7 | branches: [ main ] 8 | 9 | jobs: 10 | build: 11 | 12 | name: Build and test 13 | runs-on: ubuntu-latest 14 | 15 | steps: 16 | - uses: actions/checkout@v2 17 | - name: Set up Elixir 18 | uses: erlef/setup-beam@988e02bfe678367a02564f65ca2e37726dc0268f 19 | with: 20 | elixir-version: '1.12.3' # Define the elixir version [required] 21 | otp-version: '24.1' # Define the OTP version [required] 22 | - name: Restore dependencies cache 23 | uses: actions/cache@v2 24 | with: 25 | path: deps 26 | key: ${{ runner.os }}-mix-${{ hashFiles('**/mix.lock') }} 27 | restore-keys: ${{ runner.os }}-mix- 28 | - name: Install dependencies 29 | run: mix deps.get 30 | - name: Run tests 31 | run: mix test 32 | -------------------------------------------------------------------------------- /.github/workflows/CICD.yml: -------------------------------------------------------------------------------- 1 | name: CI + CD 2 | 3 | on: 4 | workflow_dispatch: 5 | 6 | jobs: 7 | Staging: 8 | runs-on: ubuntu-latest 9 | environment: Staging 10 | steps: 11 | - uses: actions/checkout@v2 12 | - name: Run a script 13 | run: echo "Running in Staging" 14 | 15 | Quality_Assurance: 16 | runs-on: ubuntu-latest 17 | environment: Quality_Assurance 18 | needs: Staging 19 | steps: 20 | - uses: actions/checkout@v2 21 | - name: Run a script 22 | run: echo "Running in production" 23 | 24 | Production: 25 | runs-on: ubuntu-latest 26 | environment: Development 27 | needs: Quality_Assurance 28 | steps: 29 | - uses: actions/checkout@v2 30 | - name: Run a script 31 | run: echo "Running in production" 32 | 33 | Development: 34 | runs-on: ubuntu-latest 35 | environment: Production 36 | needs: Production 37 | steps: 38 | - uses: actions/checkout@v2 39 | - name: Run a script 40 | run: echo "Deployed" 41 | 42 | 43 | -------------------------------------------------------------------------------- /.github/workflows/python-package-conda.yml: -------------------------------------------------------------------------------- 1 | name: Python Package using Conda 2 | 3 | on: [push] 4 | 5 | jobs: 6 | build-linux: 7 | runs-on: ubuntu-latest 8 | strategy: 9 | max-parallel: 5 10 | 11 | steps: 12 | - uses: actions/checkout@v2 13 | - name: Set up Python 3.10 14 | uses: actions/setup-python@v2 15 | with: 16 | python-version: 3.10 17 | - name: Add conda to system path 18 | run: | 19 | # $CONDA is an environment variable pointing to the root of the miniconda directory 20 | echo $CONDA/bin >> $GITHUB_PATH 21 | - name: Install dependencies 22 | run: | 23 | conda env update --file environment.yml --name base 24 | - name: Lint with flake8 25 | run: | 26 | conda install flake8 27 | # stop the build if there are Python syntax errors or undefined names 28 | flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics 29 | # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide 30 | flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics 31 | - name: Test with pytest 32 | run: | 33 | conda install pytest 34 | pytest 35 | -------------------------------------------------------------------------------- /.github/workflows/tencent.yml: -------------------------------------------------------------------------------- 1 | # This workflow will build a docker container, publish and deploy it to Tencent Kubernetes Engine (TKE) when there is a push to the main branch. 2 | # 3 | # To configure this workflow: 4 | # 5 | # 1. Ensure that your repository contains the necessary configuration for your Tencent Kubernetes Engine cluster, 6 | # including deployment.yml, kustomization.yml, service.yml, etc. 7 | # 8 | # 2. Set up secrets in your workspace: 9 | # - TENCENT_CLOUD_SECRET_ID with Tencent Cloud secret id 10 | # - TENCENT_CLOUD_SECRET_KEY with Tencent Cloud secret key 11 | # - TENCENT_CLOUD_ACCOUNT_ID with Tencent Cloud account id 12 | # - TKE_REGISTRY_PASSWORD with TKE registry password 13 | # 14 | # 3. Change the values for the TKE_IMAGE_URL, TKE_REGION, TKE_CLUSTER_ID and DEPLOYMENT_NAME environment variables (below). 15 | 16 | name: Tencent Kubernetes Engine 17 | 18 | on: 19 | push: 20 | branches: 21 | - main 22 | 23 | # Environment variables available to all jobs and steps in this workflow 24 | env: 25 | TKE_IMAGE_URL: ccr.ccs.tencentyun.com/demo/mywebapp 26 | TKE_REGION: ap-guangzhou 27 | TKE_CLUSTER_ID: cls-mywebapp 28 | DEPLOYMENT_NAME: tke-test 29 | 30 | jobs: 31 | setup-build-publish-deploy: 32 | name: Setup, Build, Publish, and Deploy 33 | runs-on: ubuntu-latest 34 | environment: production 35 | steps: 36 | 37 | - name: Checkout 38 | uses: actions/checkout@v2 39 | 40 | # Build 41 | - name: Build Docker image 42 | run: | 43 | docker build -t ${TKE_IMAGE_URL}:${GITHUB_SHA} . 44 | 45 | - name: Login TKE Registry 46 | run: | 47 | docker login -u ${{ secrets.TENCENT_CLOUD_ACCOUNT_ID }} -p '${{ secrets.TKE_REGISTRY_PASSWORD }}' ${TKE_IMAGE_URL} 48 | 49 | # Push the Docker image to TKE Registry 50 | - name: Publish 51 | run: | 52 | docker push ${TKE_IMAGE_URL}:${GITHUB_SHA} 53 | 54 | - name: Set up Kustomize 55 | run: | 56 | curl -o kustomize --location https://github.com/kubernetes-sigs/kustomize/releases/download/v3.1.0/kustomize_3.1.0_linux_amd64 57 | chmod u+x ./kustomize 58 | 59 | - name: Set up ~/.kube/config for connecting TKE cluster 60 | uses: TencentCloud/tke-cluster-credential-action@v1 61 | with: 62 | secret_id: ${{ secrets.TENCENT_CLOUD_SECRET_ID }} 63 | secret_key: ${{ secrets.TENCENT_CLOUD_SECRET_KEY }} 64 | tke_region: ${{ env.TKE_REGION }} 65 | cluster_id: ${{ env.TKE_CLUSTER_ID }} 66 | 67 | - name: Switch to TKE context 68 | run: | 69 | kubectl config use-context ${TKE_CLUSTER_ID}-context-default 70 | 71 | # Deploy the Docker image to the TKE cluster 72 | - name: Deploy 73 | run: | 74 | ./kustomize edit set image ${TKE_IMAGE_URL}:${GITHUB_SHA} 75 | ./kustomize build . | kubectl apply -f - 76 | kubectl rollout status deployment/${DEPLOYMENT_NAME} 77 | kubectl get services -o wide 78 | -------------------------------------------------------------------------------- /.github/workflows/ibm.yml: -------------------------------------------------------------------------------- 1 | # This workflow will build a docker container, publish it to IBM Container Registry, and deploy it to IKS when there is a push to the main branch. 2 | # 3 | # To configure this workflow: 4 | # 5 | # 1. Ensure that your repository contains a Dockerfile 6 | # 2. Setup secrets in your repository by going to settings: Create ICR_NAMESPACE and IBM_CLOUD_API_KEY 7 | # 3. Change the values for the IBM_CLOUD_REGION, REGISTRY_HOSTNAME, IMAGE_NAME, IKS_CLUSTER, DEPLOYMENT_NAME, and PORT 8 | 9 | name: Build and Deploy to IKS 10 | 11 | on: 12 | push: 13 | branches: 14 | - main 15 | 16 | # Environment variables available to all jobs and steps in this workflow 17 | env: 18 | GITHUB_SHA: ${{ github.sha }} 19 | IBM_CLOUD_API_KEY: ${{ secrets.IBM_CLOUD_API_KEY }} 20 | IBM_CLOUD_REGION: us-south 21 | ICR_NAMESPACE: ${{ secrets.ICR_NAMESPACE }} 22 | REGISTRY_HOSTNAME: us.icr.io 23 | IMAGE_NAME: iks-test 24 | IKS_CLUSTER: example-iks-cluster-name-or-id 25 | DEPLOYMENT_NAME: iks-test 26 | PORT: 5001 27 | 28 | jobs: 29 | setup-build-publish-deploy: 30 | name: Setup, Build, Publish, and Deploy 31 | runs-on: ubuntu-latest 32 | environment: production 33 | steps: 34 | 35 | - name: Checkout 36 | uses: actions/checkout@v2 37 | 38 | # Download and Install IBM Cloud CLI 39 | - name: Install IBM Cloud CLI 40 | run: | 41 | curl -fsSL https://clis.cloud.ibm.com/install/linux | sh 42 | ibmcloud --version 43 | ibmcloud config --check-version=false 44 | ibmcloud plugin install -f kubernetes-service 45 | ibmcloud plugin install -f container-registry 46 | 47 | # Authenticate with IBM Cloud CLI 48 | - name: Authenticate with IBM Cloud CLI 49 | run: | 50 | ibmcloud login --apikey "${IBM_CLOUD_API_KEY}" -r "${IBM_CLOUD_REGION}" -g default 51 | ibmcloud cr region-set "${IBM_CLOUD_REGION}" 52 | ibmcloud cr login 53 | 54 | # Build the Docker image 55 | - name: Build with Docker 56 | run: | 57 | docker build -t "$REGISTRY_HOSTNAME"/"$ICR_NAMESPACE"/"$IMAGE_NAME":"$GITHUB_SHA" \ 58 | --build-arg GITHUB_SHA="$GITHUB_SHA" \ 59 | --build-arg GITHUB_REF="$GITHUB_REF" . 60 | 61 | # Push the image to IBM Container Registry 62 | - name: Push the image to ICR 63 | run: | 64 | docker push $REGISTRY_HOSTNAME/$ICR_NAMESPACE/$IMAGE_NAME:$GITHUB_SHA 65 | 66 | # Deploy the Docker image to the IKS cluster 67 | - name: Deploy to IKS 68 | run: | 69 | ibmcloud ks cluster config --cluster $IKS_CLUSTER 70 | kubectl config current-context 71 | kubectl create deployment $DEPLOYMENT_NAME --image=$REGISTRY_HOSTNAME/$ICR_NAMESPACE/$IMAGE_NAME:$GITHUB_SHA --dry-run -o yaml > deployment.yaml 72 | kubectl apply -f deployment.yaml 73 | kubectl rollout status deployment/$DEPLOYMENT_NAME 74 | kubectl create service loadbalancer $DEPLOYMENT_NAME --tcp=80:$PORT --dry-run -o yaml > service.yaml 75 | kubectl apply -f service.yaml 76 | kubectl get services -o wide 77 | -------------------------------------------------------------------------------- /.github/workflows/azure-webapps-node.yml: -------------------------------------------------------------------------------- 1 | # This workflow will build and push a node.js application to an Azure Web App when a commit is pushed to your default branch. 2 | # 3 | # This workflow assumes you have already created the target Azure App Service web app. 4 | # For instructions see https://docs.microsoft.com/en-us/azure/app-service/quickstart-nodejs?tabs=linux&pivots=development-environment-cli 5 | # 6 | # To configure this workflow: 7 | # 8 | # 1. Download the Publish Profile for your Azure Web App. You can download this file from the Overview page of your Web App in the Azure Portal. 9 | # For more information: https://docs.microsoft.com/en-us/azure/app-service/deploy-github-actions?tabs=applevel#generate-deployment-credentials 10 | # 11 | # 2. Create a secret in your repository named AZURE_WEBAPP_PUBLISH_PROFILE, paste the publish profile contents as the value of the secret. 12 | # For instructions on obtaining the publish profile see: https://docs.microsoft.com/azure/app-service/deploy-github-actions#configure-the-github-secret 13 | # 14 | # 3. Change the value for the AZURE_WEBAPP_NAME. Optionally, change the AZURE_WEBAPP_PACKAGE_PATH and NODE_VERSION environment variables below. 15 | # 16 | # For more information on GitHub Actions for Azure: https://github.com/Azure/Actions 17 | # For more information on the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy 18 | # For more samples to get started with GitHub Action workflows to deploy to Azure: https://github.com/Azure/actions-workflow-samples 19 | 20 | on: 21 | push: 22 | branches: 23 | - main 24 | workflow_dispatch: 25 | 26 | env: 27 | AZURE_WEBAPP_NAME: your-app-name # set this to your application's name 28 | AZURE_WEBAPP_PACKAGE_PATH: '.' # set this to the path to your web app project, defaults to the repository root 29 | NODE_VERSION: '14.x' # set this to the node version to use 30 | 31 | jobs: 32 | build: 33 | runs-on: ubuntu-latest 34 | steps: 35 | - uses: actions/checkout@v2 36 | 37 | - name: Set up Node.js 38 | uses: actions/setup-node@v2 39 | with: 40 | node-version: ${{ env.NODE_VERSION }} 41 | cache: 'npm' 42 | 43 | - name: npm install, build, and test 44 | run: | 45 | npm install 46 | npm run build --if-present 47 | npm run test --if-present 48 | 49 | - name: Upload artifact for deployment job 50 | uses: actions/upload-artifact@v2 51 | with: 52 | name: node-app 53 | path: . 54 | 55 | deploy: 56 | runs-on: ubuntu-latest 57 | needs: build 58 | environment: 59 | name: 'Development' 60 | url: ${{ steps.deploy-to-webapp.outputs.webapp-url }} 61 | 62 | steps: 63 | - name: Download artifact from build job 64 | uses: actions/download-artifact@v2 65 | with: 66 | name: node-app 67 | 68 | - name: 'Deploy to Azure WebApp' 69 | id: deploy-to-webapp 70 | uses: azure/webapps-deploy@v2 71 | with: 72 | app-name: ${{ env.AZURE_WEBAPP_NAME }} 73 | publish-profile: ${{ secrets.AZURE_WEBAPP_PUBLISH_PROFILE }} 74 | package: ${{ env.AZURE_WEBAPP_PACKAGE_PATH }} 75 | -------------------------------------------------------------------------------- /.github/workflows/google.yml: -------------------------------------------------------------------------------- 1 | # This workflow will build a docker container, publish it to Google Container Registry, and deploy it to GKE when there is a push to the main branch. 2 | # 3 | # To configure this workflow: 4 | # 5 | # 1. Ensure that your repository contains the necessary configuration for your Google Kubernetes Engine cluster, including deployment.yml, kustomization.yml, service.yml, etc. 6 | # 7 | # 2. Create and configure a Workload Identity Provider for GitHub (https://github.com/google-github-actions/auth#setting-up-workload-identity-federation) 8 | # 9 | # 3. Change the values for the GAR_LOCATION, GKE_ZONE, GKE_CLUSTER, IMAGE, REPOSITORY and DEPLOYMENT_NAME environment variables (below). 10 | # 11 | # For more support on how to run the workflow, please visit https://github.com/google-github-actions/setup-gcloud/tree/master/example-workflows/gke-kustomize 12 | 13 | name: Build and Deploy to GKE 14 | 15 | on: 16 | push: 17 | branches: 18 | - main 19 | 20 | env: 21 | PROJECT_ID: ${{ secrets.GKE_PROJECT }} 22 | GAR_LOCATION: us-central1 # TODO: update region of the Artifact Registry 23 | GKE_CLUSTER: cluster-1 # TODO: update to cluster name 24 | GKE_ZONE: us-central1-c # TODO: update to cluster zone 25 | DEPLOYMENT_NAME: gke-test # TODO: update to deployment name 26 | REPOSITORY: samples # TODO: update to Artifact Registry docker repository 27 | IMAGE: static-site 28 | 29 | permissions: 30 | contents: 'read' 31 | id-token: 'write' 32 | 33 | jobs: 34 | setup-build-publish-deploy: 35 | name: Setup, Build, Publish, and Deploy 36 | runs-on: ubuntu-latest 37 | environment: production 38 | 39 | steps: 40 | - name: Checkout 41 | uses: actions/checkout@v2 42 | 43 | # Configure Workload Identity Federation and generate an access token. 44 | - id: 'auth' 45 | name: 'Authenticate to Google Cloud' 46 | uses: 'google-github-actions/auth@v0.4.0' 47 | with: 48 | token_format: 'access_token' 49 | workload_identity_provider: 'projects/123456789/locations/global/workloadIdentityPools/my-pool/providers/my-provider' 50 | service_account: 'my-service-account@my-project.iam.gserviceaccount.com' 51 | 52 | - name: Docker configuration 53 | run: |- 54 | echo ${{steps.auth.outputs.access_token}} | docker login -u oauth2accesstoken --password-stdin https://$GAR_LOCATION-docker.pkg.dev 55 | # Get the GKE credentials so we can deploy to the cluster 56 | - name: Set up GKE credentials 57 | uses: google-github-actions/get-gke-credentials@v0.4.0 58 | with: 59 | cluster_name: ${{ env.GKE_CLUSTER }} 60 | location: ${{ env.GKE_ZONE }} 61 | 62 | # Build the Docker image 63 | - name: Build 64 | run: |- 65 | docker build \ 66 | --tag "$GAR_LOCATION-docker.pkg.dev/$PROJECT_ID/$REPOSITORY/$IMAGE:$GITHUB_SHA" \ 67 | --build-arg GITHUB_SHA="$GITHUB_SHA" \ 68 | --build-arg GITHUB_REF="$GITHUB_REF" \ 69 | . 70 | # Push the Docker image to Google Artifact Registry 71 | - name: Publish 72 | run: |- 73 | docker push "$GAR_LOCATION-docker.pkg.dev/$PROJECT_ID/$REPOSITORY/$IMAGE:$GITHUB_SHA" 74 | # Set up kustomize 75 | - name: Set up Kustomize 76 | run: |- 77 | curl -sfLo kustomize https://github.com/kubernetes-sigs/kustomize/releases/download/v3.1.0/kustomize_3.1.0_linux_amd64 78 | chmod u+x ./kustomize 79 | # Deploy the Docker image to the GKE cluster 80 | - name: Deploy 81 | run: |- 82 | # replacing the image name in the k8s template 83 | ./kustomize edit set image LOCATION-docker.pkg.dev/PROJECT_ID/REPOSITORY/IMAGE:TAG=$GAR_LOCATION-docker.pkg.dev/$PROJECT_ID/$REPOSITORY/$IMAGE:$GITHUB_SHA 84 | ./kustomize build . | kubectl apply -f - 85 | kubectl rollout status deployment/$DEPLOYMENT_NAME 86 | kubectl get services -o wide 87 | -------------------------------------------------------------------------------- /.github/workflows/terraform.yml: -------------------------------------------------------------------------------- 1 | # This workflow installs the latest version of Terraform CLI and configures the Terraform CLI configuration file 2 | # with an API token for Terraform Cloud (app.terraform.io). On pull request events, this workflow will run 3 | # `terraform init`, `terraform fmt`, and `terraform plan` (speculative plan via Terraform Cloud). On push events 4 | # to the main branch, `terraform apply` will be executed. 5 | # 6 | # Documentation for `hashicorp/setup-terraform` is located here: https://github.com/hashicorp/setup-terraform 7 | # 8 | # To use this workflow, you will need to complete the following setup steps. 9 | # 10 | # 1. Create a `main.tf` file in the root of this repository with the `remote` backend and one or more resources defined. 11 | # Example `main.tf`: 12 | # # The configuration for the `remote` backend. 13 | # terraform { 14 | # backend "remote" { 15 | # # The name of your Terraform Cloud organization. 16 | # organization = "example-organization" 17 | # 18 | # # The name of the Terraform Cloud workspace to store Terraform state files in. 19 | # workspaces { 20 | # name = "example-workspace" 21 | # } 22 | # } 23 | # } 24 | # 25 | # # An example resource that does nothing. 26 | # resource "null_resource" "example" { 27 | # triggers = { 28 | # value = "A example resource that does nothing!" 29 | # } 30 | # } 31 | # 32 | # 33 | # 2. Generate a Terraform Cloud user API token and store it as a GitHub secret (e.g. TF_API_TOKEN) on this repository. 34 | # Documentation: 35 | # - https://www.terraform.io/docs/cloud/users-teams-organizations/api-tokens.html 36 | # - https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets 37 | # 38 | # 3. Reference the GitHub secret in step using the `hashicorp/setup-terraform` GitHub Action. 39 | # Example: 40 | # - name: Setup Terraform 41 | # uses: hashicorp/setup-terraform@v1 42 | # with: 43 | # cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} 44 | 45 | name: 'Terraform' 46 | 47 | on: 48 | push: 49 | branches: 50 | - main 51 | pull_request: 52 | 53 | jobs: 54 | terraform: 55 | name: 'Terraform' 56 | runs-on: ubuntu-latest 57 | environment: production 58 | 59 | # Use the Bash shell regardless whether the GitHub Actions runner is ubuntu-latest, macos-latest, or windows-latest 60 | defaults: 61 | run: 62 | shell: bash 63 | 64 | steps: 65 | # Checkout the repository to the GitHub Actions runner 66 | - name: Checkout 67 | uses: actions/checkout@v2 68 | 69 | # Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token 70 | - name: Setup Terraform 71 | uses: hashicorp/setup-terraform@v1 72 | with: 73 | cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }} 74 | 75 | # Initialize a new or existing Terraform working directory by creating initial files, loading any remote state, downloading modules, etc. 76 | - name: Terraform Init 77 | run: terraform init 78 | 79 | # Checks that all Terraform configuration files adhere to a canonical format 80 | - name: Terraform Format 81 | run: terraform fmt -check 82 | 83 | # Generates an execution plan for Terraform 84 | - name: Terraform Plan 85 | run: terraform plan 86 | 87 | # On push to main, build or change infrastructure according to Terraform configuration files 88 | # Note: It is recommended to set up a required "strict" status check in your repository for "Terraform Cloud". See the documentation on "strict" required status checks for more information: https://help.github.com/en/github/administering-a-repository/types-of-required-status-checks 89 | - name: Terraform Apply 90 | if: github.ref == 'refs/heads/main' && github.event_name == 'push' 91 | run: terraform apply -auto-approve 92 | -------------------------------------------------------------------------------- /.github/workflows/aws.yml: -------------------------------------------------------------------------------- 1 | # This workflow will build and push a new container image to Amazon ECR, 2 | # and then will deploy a new task definition to Amazon ECS, when there is a push to the main branch. 3 | # 4 | # To use this workflow, you will need to complete the following set-up steps: 5 | # 6 | # 1. Create an ECR repository to store your images. 7 | # For example: `aws ecr create-repository --repository-name my-ecr-repo --region us-east-2`. 8 | # Replace the value of the `ECR_REPOSITORY` environment variable in the workflow below with your repository's name. 9 | # Replace the value of the `AWS_REGION` environment variable in the workflow below with your repository's region. 10 | # 11 | # 2. Create an ECS task definition, an ECS cluster, and an ECS service. 12 | # For example, follow the Getting Started guide on the ECS console: 13 | # https://us-east-2.console.aws.amazon.com/ecs/home?region=us-east-2#/firstRun 14 | # Replace the value of the `ECS_SERVICE` environment variable in the workflow below with the name you set for the Amazon ECS service. 15 | # Replace the value of the `ECS_CLUSTER` environment variable in the workflow below with the name you set for the cluster. 16 | # 17 | # 3. Store your ECS task definition as a JSON file in your repository. 18 | # The format should follow the output of `aws ecs register-task-definition --generate-cli-skeleton`. 19 | # Replace the value of the `ECS_TASK_DEFINITION` environment variable in the workflow below with the path to the JSON file. 20 | # Replace the value of the `CONTAINER_NAME` environment variable in the workflow below with the name of the container 21 | # in the `containerDefinitions` section of the task definition. 22 | # 23 | # 4. Store an IAM user access key in GitHub Actions secrets named `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`. 24 | # See the documentation for each action used below for the recommended IAM policies for this IAM user, 25 | # and best practices on handling the access key credentials. 26 | 27 | name: Deploy to Amazon ECS 28 | 29 | on: 30 | push: 31 | branches: 32 | - main 33 | 34 | env: 35 | AWS_REGION: MY_AWS_REGION # set this to your preferred AWS region, e.g. us-west-1 36 | ECR_REPOSITORY: MY_ECR_REPOSITORY # set this to your Amazon ECR repository name 37 | ECS_SERVICE: MY_ECS_SERVICE # set this to your Amazon ECS service name 38 | ECS_CLUSTER: MY_ECS_CLUSTER # set this to your Amazon ECS cluster name 39 | ECS_TASK_DEFINITION: MY_ECS_TASK_DEFINITION # set this to the path to your Amazon ECS task definition 40 | # file, e.g. .aws/task-definition.json 41 | CONTAINER_NAME: MY_CONTAINER_NAME # set this to the name of the container in the 42 | # containerDefinitions section of your task definition 43 | 44 | jobs: 45 | deploy: 46 | name: Deploy 47 | runs-on: ubuntu-latest 48 | environment: production 49 | 50 | steps: 51 | - name: Checkout 52 | uses: actions/checkout@v2 53 | 54 | - name: Configure AWS credentials 55 | uses: aws-actions/configure-aws-credentials@v1 56 | with: 57 | aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} 58 | aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} 59 | aws-region: ${{ env.AWS_REGION }} 60 | 61 | - name: Login to Amazon ECR 62 | id: login-ecr 63 | uses: aws-actions/amazon-ecr-login@v1 64 | 65 | - name: Build, tag, and push image to Amazon ECR 66 | id: build-image 67 | env: 68 | ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} 69 | IMAGE_TAG: ${{ github.sha }} 70 | run: | 71 | # Build a docker container and 72 | # push it to ECR so that it can 73 | # be deployed to ECS. 74 | docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . 75 | docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG 76 | echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" 77 | 78 | - name: Fill in the new image ID in the Amazon ECS task definition 79 | id: task-def 80 | uses: aws-actions/amazon-ecs-render-task-definition@v1 81 | with: 82 | task-definition: ${{ env.ECS_TASK_DEFINITION }} 83 | container-name: ${{ env.CONTAINER_NAME }} 84 | image: ${{ steps.build-image.outputs.image }} 85 | 86 | - name: Deploy Amazon ECS task definition 87 | uses: aws-actions/amazon-ecs-deploy-task-definition@v1 88 | with: 89 | task-definition: ${{ steps.task-def.outputs.task-definition }} 90 | service: ${{ env.ECS_SERVICE }} 91 | cluster: ${{ env.ECS_CLUSTER }} 92 | wait-for-service-stability: true 93 | -------------------------------------------------------------------------------- /.github/workflows/alibabacloud.yml: -------------------------------------------------------------------------------- 1 | # This workflow will build and push a new container image to Alibaba Cloud Container Registry (ACR), 2 | # and then will deploy it to Alibaba Cloud Container Service for Kubernetes (ACK), when there is a push to the main branch. 3 | # 4 | # To use this workflow, you will need to complete the following set-up steps: 5 | # 6 | # 1. Create an ACR repository to store your container images. 7 | # You can use ACR EE instance for more security and better performance. 8 | # For instructions see https://www.alibabacloud.com/help/doc-detail/142168.htm 9 | # 10 | # 2. Create an ACK cluster to run your containerized application. 11 | # You can use ACK Pro cluster for more security and better performance. 12 | # For instructions see https://www.alibabacloud.com/help/doc-detail/95108.htm 13 | # 14 | # 3. Store your AccessKey pair in GitHub Actions secrets named `ACCESS_KEY_ID` and `ACCESS_KEY_SECRET`. 15 | # For instructions on setting up secrets see: https://developer.github.com/actions/managing-workflows/storing-secrets/ 16 | # 17 | # 4. Change the values for the REGION_ID, REGISTRY, NAMESPACE, IMAGE, ACK_CLUSTER_ID, and ACK_DEPLOYMENT_NAME. 18 | # 19 | 20 | name: Build and Deploy to ACK 21 | 22 | on: 23 | push: 24 | branches: 25 | - main 26 | 27 | # Environment variables available to all jobs and steps in this workflow. 28 | env: 29 | REGION_ID: cn-hangzhou 30 | REGISTRY: registry.cn-hangzhou.aliyuncs.com 31 | NAMESPACE: namespace 32 | IMAGE: repo 33 | TAG: ${{ github.sha }} 34 | ACK_CLUSTER_ID: clusterID 35 | ACK_DEPLOYMENT_NAME: nginx-deployment 36 | 37 | ACR_EE_REGISTRY: myregistry.cn-hangzhou.cr.aliyuncs.com 38 | ACR_EE_INSTANCE_ID: instanceID 39 | ACR_EE_NAMESPACE: namespace 40 | ACR_EE_IMAGE: repo 41 | ACR_EE_TAG: ${{ github.sha }} 42 | 43 | jobs: 44 | build: 45 | runs-on: ubuntu-latest 46 | environment: production 47 | 48 | steps: 49 | - name: Checkout 50 | uses: actions/checkout@v2 51 | 52 | # 1.1 Login to ACR 53 | - name: Login to ACR with the AccessKey pair 54 | uses: aliyun/acr-login@v1 55 | with: 56 | region-id: "${{ env.REGION_ID }}" 57 | access-key-id: "${{ secrets.ACCESS_KEY_ID }}" 58 | access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}" 59 | 60 | # 1.2 Buid and push image to ACR 61 | - name: Build and push image to ACR 62 | run: | 63 | docker build --tag "$REGISTRY/$NAMESPACE/$IMAGE:$TAG" . 64 | docker push "$REGISTRY/$NAMESPACE/$IMAGE:$TAG" 65 | 66 | # 1.3 Scan image in ACR 67 | - name: Scan image in ACR 68 | uses: aliyun/acr-scan@v1 69 | with: 70 | region-id: "${{ env.REGION_ID }}" 71 | access-key-id: "${{ secrets.ACCESS_KEY_ID }}" 72 | access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}" 73 | repository: "${{ env.NAMESPACE }}/${{ env.IMAGE }}" 74 | tag: "${{ env.TAG }}" 75 | 76 | # 2.1 (Optional) Login to ACR EE 77 | - uses: actions/checkout@v2 78 | - name: Login to ACR EE with the AccessKey pair 79 | uses: aliyun/acr-login@v1 80 | with: 81 | login-server: "https://${{ env.ACR_EE_REGISTRY }}" 82 | region-id: "${{ env.REGION_ID }}" 83 | access-key-id: "${{ secrets.ACCESS_KEY_ID }}" 84 | access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}" 85 | instance-id: "${{ env.ACR_EE_INSTANCE_ID }}" 86 | 87 | # 2.2 (Optional) Build and push image ACR EE 88 | - name: Build and push image to ACR EE 89 | run: | 90 | docker build -t "$ACR_EE_REGISTRY/$ACR_EE_NAMESPACE/$ACR_EE_IMAGE:$TAG" . 91 | docker push "$ACR_EE_REGISTRY/$ACR_EE_NAMESPACE/$ACR_EE_IMAGE:$TAG" 92 | # 2.3 (Optional) Scan image in ACR EE 93 | - name: Scan image in ACR EE 94 | uses: aliyun/acr-scan@v1 95 | with: 96 | region-id: "${{ env.REGION_ID }}" 97 | access-key-id: "${{ secrets.ACCESS_KEY_ID }}" 98 | access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}" 99 | instance-id: "${{ env.ACR_EE_INSTANCE_ID }}" 100 | repository: "${{ env.ACR_EE_NAMESPACE}}/${{ env.ACR_EE_IMAGE }}" 101 | tag: "${{ env.ACR_EE_TAG }}" 102 | 103 | # 3.1 Set ACK context 104 | - name: Set K8s context 105 | uses: aliyun/ack-set-context@v1 106 | with: 107 | access-key-id: "${{ secrets.ACCESS_KEY_ID }}" 108 | access-key-secret: "${{ secrets.ACCESS_KEY_SECRET }}" 109 | cluster-id: "${{ env.ACK_CLUSTER_ID }}" 110 | 111 | # 3.2 Deploy the image to the ACK cluster 112 | - name: Set up Kustomize 113 | run: |- 114 | curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" | bash /dev/stdin 3.8.6 115 | - name: Deploy 116 | run: |- 117 | ./kustomize edit set image REGISTRY/NAMESPACE/IMAGE:TAG=$REGISTRY/$NAMESPACE/$IMAGE:$TAG 118 | ./kustomize build . | kubectl apply -f - 119 | kubectl rollout status deployment/$ACK_DEPLOYMENT_NAME 120 | kubectl get services -o wide 121 | -------------------------------------------------------------------------------- /.github/workflows/openshift.yml: -------------------------------------------------------------------------------- 1 | # This workflow uses actions that are not certified by GitHub. 2 | # They are provided by a third-party and are governed by 3 | # separate terms of service, privacy policy, and support 4 | # documentation. 5 | 6 | # 💁 The OpenShift Starter workflow will: 7 | # - Checkout your repository 8 | # - Perform a container image build 9 | # - Push the built image to the GitHub Container Registry (GHCR) 10 | # - Log in to your OpenShift cluster 11 | # - Create an OpenShift app from the image and expose it to the internet 12 | 13 | # ℹ️ Configure your repository and the workflow with the following steps: 14 | # 1. Have access to an OpenShift cluster. Refer to https://www.openshift.com/try 15 | # 2. Create the OPENSHIFT_SERVER and OPENSHIFT_TOKEN repository secrets. Refer to: 16 | # - https://github.com/redhat-actions/oc-login#readme 17 | # - https://docs.github.com/en/actions/reference/encrypted-secrets 18 | # - https://cli.github.com/manual/gh_secret_set 19 | # 3. (Optional) Edit the top-level 'env' section as marked with '🖊️' if the defaults are not suitable for your project. 20 | # 4. (Optional) Edit the build-image step to build your project. 21 | # The default build type is by using a Dockerfile at the root of the repository, 22 | # but can be replaced with a different file, a source-to-image build, or a step-by-step buildah build. 23 | # 5. Commit and push the workflow file to your default branch to trigger a workflow run. 24 | 25 | # 👋 Visit our GitHub organization at https://github.com/redhat-actions/ to see our actions and provide feedback. 26 | 27 | name: OpenShift 28 | 29 | env: 30 | # 🖊️ EDIT your repository secrets to log into your OpenShift cluster and set up the context. 31 | # See https://github.com/redhat-actions/oc-login#readme for how to retrieve these values. 32 | # To get a permanent token, refer to https://github.com/redhat-actions/oc-login/wiki/Using-a-Service-Account-for-GitHub-Actions 33 | OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} 34 | OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} 35 | # 🖊️ EDIT to set the kube context's namespace after login. Leave blank to use your user's default namespace. 36 | OPENSHIFT_NAMESPACE: "" 37 | 38 | # 🖊️ EDIT to set a name for your OpenShift app, or a default one will be generated below. 39 | APP_NAME: "" 40 | 41 | # 🖊️ EDIT with the port your application should be accessible on. 42 | # If the container image exposes *exactly one* port, this can be left blank. 43 | # Refer to the 'port' input of https://github.com/redhat-actions/oc-new-app 44 | APP_PORT: "" 45 | 46 | # 🖊️ EDIT to change the image registry settings. 47 | # Registries such as GHCR, Quay.io, and Docker Hub are supported. 48 | IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} 49 | IMAGE_REGISTRY_USER: ${{ github.actor }} 50 | IMAGE_REGISTRY_PASSWORD: ${{ github.token }} 51 | 52 | # 🖊️ EDIT to specify custom tags for the container image, or default tags will be generated below. 53 | IMAGE_TAGS: "" 54 | 55 | on: 56 | # https://docs.github.com/en/actions/reference/events-that-trigger-workflows 57 | push: 58 | # Edit to the branch(es) you want to build and deploy on each push. 59 | branches: [ main ] 60 | 61 | jobs: 62 | openshift-ci-cd: 63 | name: Build and deploy to OpenShift 64 | # ubuntu-20.04 can also be used. 65 | runs-on: ubuntu-18.04 66 | environment: production 67 | 68 | outputs: 69 | ROUTE: ${{ steps.deploy-and-expose.outputs.route }} 70 | SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} 71 | 72 | steps: 73 | - name: Check for required secrets 74 | uses: actions/github-script@v4 75 | with: 76 | script: | 77 | const secrets = { 78 | OPENSHIFT_SERVER: `${{ secrets.OPENSHIFT_SERVER }}`, 79 | OPENSHIFT_TOKEN: `${{ secrets.OPENSHIFT_TOKEN }}`, 80 | }; 81 | 82 | const GHCR = "ghcr.io"; 83 | if (`${{ env.IMAGE_REGISTRY }}`.startsWith(GHCR)) { 84 | core.info(`Image registry is ${GHCR} - no registry password required`); 85 | } 86 | else { 87 | core.info("A registry password is required"); 88 | secrets["IMAGE_REGISTRY_PASSWORD"] = `${{ secrets.IMAGE_REGISTRY_PASSWORD }}`; 89 | } 90 | 91 | const missingSecrets = Object.entries(secrets).filter(([ name, value ]) => { 92 | if (value.length === 0) { 93 | core.error(`Secret "${name}" is not set`); 94 | return true; 95 | } 96 | core.info(`✔️ Secret "${name}" is set`); 97 | return false; 98 | }); 99 | 100 | if (missingSecrets.length > 0) { 101 | core.setFailed(`❌ At least one required secret is not set in the repository. \n` + 102 | "You can add it using:\n" + 103 | "GitHub UI: https://docs.github.com/en/actions/reference/encrypted-secrets#creating-encrypted-secrets-for-a-repository \n" + 104 | "GitHub CLI: https://cli.github.com/manual/gh_secret_set \n" + 105 | "Also, refer to https://github.com/redhat-actions/oc-login#getting-started-with-the-action-or-see-example"); 106 | } 107 | else { 108 | core.info(`✅ All the required secrets are set`); 109 | } 110 | 111 | - name: Check out repository 112 | uses: actions/checkout@v2 113 | 114 | - name: Determine app name 115 | if: env.APP_NAME == '' 116 | run: | 117 | echo "APP_NAME=$(basename $PWD)" | tee -a $GITHUB_ENV 118 | 119 | - name: Determine image tags 120 | if: env.IMAGE_TAGS == '' 121 | run: | 122 | echo "IMAGE_TAGS=latest ${GITHUB_SHA::12}" | tee -a $GITHUB_ENV 123 | 124 | # https://github.com/redhat-actions/buildah-build#readme 125 | - name: Build from Dockerfile 126 | id: build-image 127 | uses: redhat-actions/buildah-build@v2 128 | with: 129 | image: ${{ env.APP_NAME }} 130 | tags: ${{ env.IMAGE_TAGS }} 131 | 132 | # If you don't have a Dockerfile/Containerfile, refer to https://github.com/redhat-actions/buildah-build#scratch-build-inputs 133 | # Or, perform a source-to-image build using https://github.com/redhat-actions/s2i-build 134 | # Otherwise, point this to your Dockerfile/Containerfile relative to the repository root. 135 | dockerfiles: | 136 | ./Dockerfile 137 | 138 | # https://github.com/redhat-actions/push-to-registry#readme 139 | - name: Push to registry 140 | id: push-image 141 | uses: redhat-actions/push-to-registry@v2 142 | with: 143 | image: ${{ steps.build-image.outputs.image }} 144 | tags: ${{ steps.build-image.outputs.tags }} 145 | registry: ${{ env.IMAGE_REGISTRY }} 146 | username: ${{ env.IMAGE_REGISTRY_USER }} 147 | password: ${{ env.IMAGE_REGISTRY_PASSWORD }} 148 | 149 | # The path the image was pushed to is now stored in ${{ steps.push-image.outputs.registry-path }} 150 | 151 | - name: Install oc 152 | uses: redhat-actions/openshift-tools-installer@v1 153 | with: 154 | oc: 4 155 | 156 | # https://github.com/redhat-actions/oc-login#readme 157 | - name: Log in to OpenShift 158 | uses: redhat-actions/oc-login@v1 159 | with: 160 | openshift_server_url: ${{ env.OPENSHIFT_SERVER }} 161 | openshift_token: ${{ env.OPENSHIFT_TOKEN }} 162 | insecure_skip_tls_verify: true 163 | namespace: ${{ env.OPENSHIFT_NAMESPACE }} 164 | 165 | # This step should create a deployment, service, and route to run your app and expose it to the internet. 166 | # https://github.com/redhat-actions/oc-new-app#readme 167 | - name: Create and expose app 168 | id: deploy-and-expose 169 | uses: redhat-actions/oc-new-app@v1 170 | with: 171 | app_name: ${{ env.APP_NAME }} 172 | image: ${{ steps.push-image.outputs.registry-path }} 173 | namespace: ${{ env.OPENSHIFT_NAMESPACE }} 174 | port: ${{ env.APP_PORT }} 175 | 176 | - name: Print application URL 177 | env: 178 | ROUTE: ${{ steps.deploy-and-expose.outputs.route }} 179 | SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} 180 | run: | 181 | [[ -n ${{ env.ROUTE }} ]] || (echo "Determining application route failed in previous step"; exit 1) 182 | echo 183 | echo "======================== Your application is available at: ========================" 184 | echo ${{ env.ROUTE }} 185 | echo "===================================================================================" 186 | echo 187 | echo "Your app can be taken down with: \"oc delete all --selector='${{ env.SELECTOR }}'\"" 188 | --------------------------------------------------------------------------------