Merge branch 'main' into patch-16

This commit is contained in:
Sampark Sharma
2022-03-14 13:08:51 +05:30
committed by GitHub
21 changed files with 525 additions and 59 deletions
+5 -1
View File
@@ -1,6 +1,10 @@
name: MSBuild
on: [push]
on:
push:
branches: [ $default-branch ]
pull_request:
branches: [ $default-branch ]
env:
# Path to the solution file relative to the root of the project.
+6 -1
View File
@@ -42,8 +42,13 @@ on:
workflow_dispatch:
permissions:
contents: read
jobs:
Trigger APIsec scan:
permissions:
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
@@ -61,4 +66,4 @@ jobs:
- name: Import results
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: ./apisec-results.sarif
sarif_file: ./apisec-results.sarif
+6
View File
@@ -17,8 +17,14 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
brakeman-scan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
name: Brakeman Scan
runs-on: ubuntu-latest
steps:
+6
View File
@@ -22,8 +22,14 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
codacy-security-scan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
name: Codacy Security Scan
runs-on: ubuntu-latest
steps:
+7 -1
View File
@@ -13,8 +13,14 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
mobile-security:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
@@ -33,4 +39,4 @@ jobs:
- name: Upload mobsfscan report
uses: github/codeql-action/upload-sarif@v1
with:
sarif_file: results.sarif
sarif_file: results.sarif
+6
View File
@@ -20,8 +20,14 @@ env:
# Path to the CMake build directory.
build: '${{ github.workspace }}/build'
permissions:
contents: read
jobs:
analyze:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
name: Analyze
runs-on: windows-latest
+6
View File
@@ -17,8 +17,14 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
njsscan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
name: njsscan code scanning
steps:
+6
View File
@@ -21,8 +21,14 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
prisma_cloud_iac_scan:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
name: Run Prisma Cloud IaC Scan to check
steps:
+1 -1
View File
@@ -27,7 +27,7 @@ jobs:
persist-credentials: false
- name: "Run analysis"
uses: ossf/scorecard-action@c8416b0b2bf627c349ca92fc8e3de51a64b005cf # v1.0.2
uses: ossf/scorecard-action@c1aec4ac820532bab364f02a81873c555a0ba3a1 # v1.0.4
with:
results_file: results.sarif
results_format: sarif
+6
View File
@@ -19,8 +19,14 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
semgrep:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
name: Scan
runs-on: ubuntu-latest
steps:
+6
View File
@@ -37,8 +37,14 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
stackhawk:
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for stackhawk/hawkscan-action to upload code scanning alert info
name: StackHawk
runs-on: ubuntu-20.04
steps:
+8 -1
View File
@@ -13,10 +13,17 @@ on:
schedule:
- cron: $cron-weekly
permissions:
contents: read
jobs:
build:
permissions:
checks: write # for sysdiglabs/scan-action to publish the checks
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
@@ -51,4 +58,4 @@ jobs:
#Upload SARIF file
if: always()
with:
sarif_file: ${{ steps.scan.outputs.sarifReport }}
sarif_file: ${{ steps.scan.outputs.sarifReport }}
+6
View File
@@ -17,10 +17,16 @@ on:
- cron: $cron-weekly
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
permissions:
contents: read
jobs:
# This workflow contains a job to build and submit pipeline scan, you will need to customize the build process accordingly and make sure the artifact you build is used as the file input to the pipeline scan file parameter
build-and-pipeline-scan:
# The type of runner that the job will run on
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps:
@@ -0,0 +1,122 @@
# This workflow will build and push an application to a Azure Kubernetes Service (AKS) cluster when you push your code
#
# This workflow assumes you have already created the target AKS cluster and have created an Azure Container Registry (ACR)
# For instructions see:
# - https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough-portal
# - https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-portal
# - https://github.com/Azure/aks-create-action
#
# To configure this workflow:
#
# 1. Set the following secrets in your repository (instructions for getting these
# https://github.com/Azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication):
# - AZURE_CLIENT_ID
# - AZURE_TENANT_ID
# - AZURE_SUBSCRIPTION_ID
#
# 2. Set the following environment variables (or replace the values below):
# - AZURE_CONTAINER_REGISTRY (name of your container registry / ACR)
# - RESOURCE_GROUP (where your cluster is deployed)
# - CLUSTER_NAME (name of your AKS cluster)
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
# - SECRET_NAME (name of the secret associated with pulling your ACR image)
#
# 3. Choose the appropriate render engine for the bake step https://github.com/Azure/k8s-bake. The config below assumes Helm.
# Set your helmChart, overrideFiles, overrides, and helm-version to suit your configuration.
# - CHART_PATH (path to your helm chart)
# - CHART_OVERRIDE_PATH (path to your helm chart with override values)
#
# For more information on GitHub Actions for Azure, refer to https://github.com/Azure/Actions
# For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples
# For more options with the actions used below please refer to https://github.com/Azure/login
name: Build and deploy an app to AKS with Helm
on:
push:
branches:
- $default-branch
workflow_dispatch:
env:
AZURE_CONTAINER_REGISTRY: "your-azure-container-registry"
CONTAINER_NAME: "your-container-name"
RESOURCE_GROUP: "your-resource-group"
CLUSTER_NAME: "your-cluster-name"
IMAGE_PULL_SECRET_NAME: "your-image-pull-secret-name"
CHART_PATH: "your-chart-path"
CHART_OVERRIDE_PATH: "your-chart-override-path"
jobs:
build:
permissions:
actions: read
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
# Checks out the repository this file is in
- uses: actions/checkout@master
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Builds and pushes an image up to your Azure Container Registry
- name: Build and push image to ACR
run: |
az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v2.0
with:
resource-group: ${{ env.RESOURCE_GROUP }}
cluster-name: ${{ env.CLUSTER_NAME }}
# Retrieves the credentials for pulling images from your Azure Container Registry
- name: Get ACR credentials
run: |
az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} --admin-enabled true
ACR_USERNAME=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
ACR_PASSWORD=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
echo "::set-output name=username::${ACR_USERNAME}"
echo "::set-output name=password::${ACR_PASSWORD}"
id: get-acr-creds
# Creates a kubernetes secret on your Azure Kubernetes Service cluster that matches up to the credentials from the last step
- name: Create K8s secret for pulling image from ACR
uses: Azure/k8s-create-secret@v1.1
with:
container-registry-url: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io
container-registry-username: ${{ steps.get-acr-creds.outputs.username }}
container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
# Runs Helm to create manifest files
- name: Bake deployment
uses: azure/k8s-bake@v2.1
with:
renderEngine: 'helm'
helmChart: ${{ env.CHART_PATH }}
overrideFiles: ${{ env.CHART_OVERRIDE_PATH }}
overrides: |
replicas:2
helm-version: 'latest'
id: bake
# Deploys application based on manifest files from previous step
- name: Deploy application
uses: Azure/k8s-deploy@v3.0
with:
action: deploy
manifests: ${{ steps.bake.outputs.manifestsBundle }}
images: |
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
imagepullsecrets: |
${{ env.IMAGE_PULL_SECRET_NAME }}
@@ -0,0 +1,111 @@
# This workflow will build and push an application to a Azure Kubernetes Service (AKS) cluster when you push your code
#
# This workflow assumes you have already created the target AKS cluster and have created an Azure Container Registry (ACR)
# For instructions see:
# - https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough-portal
# - https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-portal
# - https://github.com/Azure/aks-create-action
#
# To configure this workflow:
#
# 1. Set the following secrets in your repository (instructions for getting these
# https://github.com/Azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication):
# - AZURE_CLIENT_ID
# - AZURE_TENANT_ID
# - AZURE_SUBSCRIPTION_ID
#
# 2. Set the following environment variables (or replace the values below):
# - AZURE_CONTAINER_REGISTRY (name of your container registry / ACR)
# - RESOURCE_GROUP (where your cluster is deployed)
# - CLUSTER_NAME (name of your AKS cluster)
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
# - SECRET_NAME (name of the secret associated with pulling your ACR image)
#
# 3. Choose the appropriate render engine for the bake step https://github.com/Azure/k8s-bake. The config below assumes Kompose.
# Set your dockerComposeFile and kompose-version to suit your configuration.
# - DOCKER_COMPOSE_FILE_PATH (the path where your Kompose deployment manifest is located)
#
# For more information on GitHub Actions for Azure, refer to https://github.com/Azure/Actions
# For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples
# For more options with the actions used below please refer to https://github.com/Azure/login
name: Build and deploy an app to AKS with Kompose
env:
AZURE_CONTAINER_REGISTRY: "your-azure-container-registry"
CONTAINER_NAME: "your-container-name"
RESOURCE_GROUP: "your-resource-group"
CLUSTER_NAME: "your-cluster-name"
IMAGE_PULL_SECRET_NAME: "your-image-pull-secret-name"
DOCKER_COMPOSE_FILE_PATH: "your-docker-compose-file-path"
jobs:
build:
permissions:
actions: read
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
# Checks out the repository this file is in
- uses: actions/checkout@master
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Builds and pushes an image up to your Azure Container Registry
- name: Build and push image to ACR
run: |
az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v2.0
with:
resource-group: ${{ env.RESOURCE_GROUP }}
cluster-name: ${{ env.CLUSTER_NAME }}
# Retrieves the credentials for pulling images from your Azure Container Registry
- name: Get ACR credentials
run: |
az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} --admin-enabled true
ACR_USERNAME=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
ACR_PASSWORD=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
echo "::set-output name=username::${ACR_USERNAME}"
echo "::set-output name=password::${ACR_PASSWORD}"
id: get-acr-creds
# Creates a kubernetes secret on your Azure Kubernetes Service cluster that matches up to the credentials from the last step
- name: Create K8s secret for pulling image from ACR
uses: Azure/k8s-create-secret@v1.1
with:
container-registry-url: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io
container-registry-username: ${{ steps.get-acr-creds.outputs.username }}
container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
# Runs Kompose to create manifest files
- name: Bake deployment
uses: azure/k8s-bake@v2.1
with:
renderEngine: 'kompose'
dockerComposeFile: ${{ env.DOCKER_COMPOSE_FILE_PATH }}
kompose-version: 'latest'
id: bake
# Deploys application based on manifest files from previous step
- name: Deploy application
uses: Azure/k8s-deploy@v3.0
with:
action: deploy
manifests: ${{ steps.bake.outputs.manifestsBundle }}
images: |
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
imagepullsecrets: |
${{ env.IMAGE_PULL_SECRET_NAME }}
@@ -0,0 +1,117 @@
# This workflow will build and push an application to a Azure Kubernetes Service (AKS) cluster when you push your code
#
# This workflow assumes you have already created the target AKS cluster and have created an Azure Container Registry (ACR)
# For instructions see:
# - https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough-portal
# - https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-portal
# - https://github.com/Azure/aks-create-action
#
# To configure this workflow:
#
# 1. Set the following secrets in your repository (instructions for getting these
# https://github.com/Azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication):
# - AZURE_CLIENT_ID
# - AZURE_TENANT_ID
# - AZURE_SUBSCRIPTION_ID
#
# 2. Set the following environment variables (or replace the values below):
# - AZURE_CONTAINER_REGISTRY (name of your container registry / ACR)
# - RESOURCE_GROUP (where your cluster is deployed)
# - CLUSTER_NAME (name of your AKS cluster)
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
# - SECRET_NAME (name of the secret associated with pulling your ACR image)
#
# 3. Choose the appropriate render engine for the bake step https://github.com/Azure/k8s-bake. The config below assumes Kustomize.
# Set your kustomizationPath and kubectl-version to suit your configuration.
# - KUSTOMIZE_PATH (the path where your Kustomize manifests are located)
#
# For more information on GitHub Actions for Azure, refer to https://github.com/Azure/Actions
# For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples
# For more options with the actions used below please refer to https://github.com/Azure/login
name: Build and deploy an app to AKS with Kustomize
on:
push:
branches:
- $default-branch
workflow_dispatch:
env:
AZURE_CONTAINER_REGISTRY: "your-azure-container-registry"
CONTAINER_NAME: "your-container-name"
RESOURCE_GROUP: "your-resource-group"
CLUSTER_NAME: "your-cluster-name"
IMAGE_PULL_SECRET_NAME: "your-image-pull-secret-name"
KUSTOMIZE_PATH: "your-kustomize-path"
jobs:
build:
permissions:
actions: read
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
# Checks out the repository this file is in
- uses: actions/checkout@master
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Builds and pushes an image up to your Azure Container Registry
- name: Build and push image to ACR
run: |
az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v2.0
with:
resource-group: ${{ env.RESOURCE_GROUP }}
cluster-name: ${{ env.CLUSTER_NAME }}
# Retrieves the credentials for pulling images from your Azure Container Registry
- name: Get ACR credentials
run: |
az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} --admin-enabled true
ACR_USERNAME=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
ACR_PASSWORD=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
echo "::set-output name=username::${ACR_USERNAME}"
echo "::set-output name=password::${ACR_PASSWORD}"
id: get-acr-creds
# Creates a kubernetes secret on your Azure Kubernetes Service cluster that matches up to the credentials from the last step
- name: Create K8s secret for pulling image from ACR
uses: Azure/k8s-create-secret@v1.1
with:
container-registry-url: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io
container-registry-username: ${{ steps.get-acr-creds.outputs.username }}
container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
# Runs Kustomize to create manifest files
- name: Bake deployment
uses: azure/k8s-bake@v2.1
with:
renderEngine: 'kustomize'
kustomizationPath: ${{ env.KUSTOMIZE_PATH }}
kubectl-version: latest
id: bake
# Deploys application based on manifest files from previous step
- name: Deploy application
uses: Azure/k8s-deploy@v3.0
with:
action: deploy
manifests: ${{ steps.bake.outputs.manifestsBundle }}
images: |
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
imagepullsecrets: |
${{ env.IMAGE_PULL_SECRET_NAME }}
+76 -51
View File
@@ -1,80 +1,105 @@
# This workflow will build and push an application to a Azure Kubernetes Service (AKS) cluster when you push your code
#
# This workflow assumes you have already created the target AKS cluster and have created an Azure Container Registry (ACR)
# For instructions see https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough-portal
# https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-portal
# https://github.com/Azure/aks-create-action
# For instructions see:
# - https://docs.microsoft.com/en-us/azure/aks/kubernetes-walkthrough-portal
# - https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-portal
# - https://github.com/Azure/aks-create-action
#
# To configure this workflow:
#
# 1. Set the following secrets in your repository:
# - AZURE_CREDENTIALS (instructions for getting this https://github.com/Azure/login#configure-a-service-principal-with-a-secret)
# 1. Set the following secrets in your repository (instructions for getting these
# https://github.com/Azure/login#configure-a-service-principal-with-a-federated-credential-to-use-oidc-based-authentication):
# - AZURE_CLIENT_ID
# - AZURE_TENANT_ID
# - AZURE_SUBSCRIPTION_ID
#
# 2. Set the following environment variables (or replace the values below):
# - AZURE_CONTAINER_REGISTRY (name of your container registry)
# - PROJECT_NAME
# - AZURE_CONTAINER_REGISTRY (name of your container registry / ACR)
# - RESOURCE_GROUP (where your cluster is deployed)
# - CLUSTER_NAME (name of your AKS cluster)
#
# 3. Choose the approrpiate render engine for the bake step https://github.com/Azure/k8s-bake. The config below assumes helm, then set
# any needed environment variables such as:
# - CHART_PATH
# - CHART_OVERRIDE_PATH
# - CONTAINER_NAME (name of the container image you would like to push up to your ACR)
# - SECRET_NAME (name of the secret associated with pulling your ACR image)
# - DEPLOYMENT_MANIFEST_PATH (path to the manifest yaml for your deployment)
#
# For more information on GitHub Actions for Azure, refer to https://github.com/Azure/Actions
# For more samples to get started with GitHub Action workflows to deploy to Azure, refer to https://github.com/Azure/actions-workflow-samples
# For more options with the actions used below please see the folllowing
# https://github.com/Azure/login
# https://github.com/Azure/aks-set-context
# https://github.com/marketplace/actions/azure-cli-action
# https://github.com/Azure/k8s-bake
# https://github.com/Azure/k8s-deploy
# For more options with the actions used below please refer to https://github.com/Azure/login
on: [push]
name: Build and deploy an app to AKS
on:
push:
branches:
- $default-branch
workflow_dispatch:
env:
AZURE_CONTAINER_REGISTRY: "your-azure-container-registry"
CONTAINER_NAME: "your-container-name"
RESOURCE_GROUP: "your-resource-group"
CLUSTER_NAME: "your-cluster-name"
IMAGE_PULL_SECRET_NAME: "your-image-pull-secret-name"
DEPLOYMENT_MANIFEST_PATH: 'your-deployment-manifest-path'
jobs:
build:
permissions:
actions: read
contents: read
id-token: write
runs-on: ubuntu-latest
steps:
# Checks out the repository this file is in
- uses: actions/checkout@master
- name: Azure Login
uses: azure/login@v1
# Logs in with your Azure credentials
- name: Azure login
uses: azure/login@v1.4.3
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Build image on ACR
uses: azure/CLI@v1
with:
azcliversion: 2.29.1
inlineScript: |
az configure --defaults acr=${{ env.AZURE_CONTAINER_REGISTRY }}
az acr build -t -t ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.PROJECT_NAME }}:${{ github.sha }}
- name: Gets K8s context
uses: azure/aks-set-context@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
resource-group: ${{ env.RESOURCE_GROUP }}
cluster-name: ${{ env.CLUSTER_NAME }}
id: login
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
# Builds and pushes an image up to your Azure Container Registry
- name: Build and push image to ACR
run: |
az acr build --image ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }} --registry ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} .
- name: Configure deployment
uses: azure/k8s-bake@v1
# Retrieves your Azure Kubernetes Service cluster's kubeconfig file
- name: Get K8s context
uses: azure/aks-set-context@v2.0
with:
renderEngine: 'helm'
helmChart: ${{ env.CHART_PATH }}
overrideFiles: ${{ env.CHART_OVERRIDE_PATH }}
overrides: |
replicas:2
helm-version: 'latest'
id: bake
resource-group: ${{ env.RESOURCE_GROUP }}
cluster-name: ${{ env.CLUSTER_NAME }}
# Retrieves the credentials for pulling images from your Azure Container Registry
- name: Get ACR credentials
run: |
az acr update -n ${{ env.AZURE_CONTAINER_REGISTRY }} -g ${{ env.RESOURCE_GROUP }} --admin-enabled true
ACR_USERNAME=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query username -o tsv)
ACR_PASSWORD=$(az acr credential show -g ${{ env.RESOURCE_GROUP }} -n ${{ env.AZURE_CONTAINER_REGISTRY }} --query passwords[0].value -o tsv)
echo "::set-output name=username::${ACR_USERNAME}"
echo "::set-output name=password::${ACR_PASSWORD}"
id: get-acr-creds
# Creates a kubernetes secret on your Azure Kubernetes Service cluster that matches up to the credentials from the last step
- name: Create K8s secret for pulling image from ACR
uses: Azure/k8s-create-secret@v1.1
with:
container-registry-url: ${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io
container-registry-username: ${{ steps.get-acr-creds.outputs.username }}
container-registry-password: ${{ steps.get-acr-creds.outputs.password }}
secret-name: ${{ env.IMAGE_PULL_SECRET_NAME }}
# Deploys application based on given manifest file
- name: Deploys application
- uses: Azure/k8s-deploy@v1
uses: Azure/k8s-deploy@v3.0
with:
manifests: ${{ steps.bake.outputs.manifestsBundle }}
action: deploy
manifests: ${{ env.DEPLOYMENT_MANIFEST_PATH }}
images: |
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.PROJECT_NAME }}:${{ github.sha }}
${{ env.AZURE_CONTAINER_REGISTRY }}.azurecr.io/${{ env.CONTAINER_NAME }}:${{ github.sha }}
imagepullsecrets: |
${{ env.PROJECT_NAME }}
${{ env.IMAGE_PULL_SECRET_NAME }}
@@ -0,0 +1,7 @@
{
"name": "Deploy to AKS with Helm",
"description": "Deploy an application to an Azure Kubernetes Service cluster using Helm",
"creator": "Microsoft Azure",
"iconName": "azure",
"categories": ["Deployment", "Helm", "Kubernetes", "Dockerfile"]
}
@@ -0,0 +1,7 @@
{
"name": "Deploy to AKS with Kompose",
"description": "Deploy an application to an Azure Kubernetes Service cluster using Kompose",
"creator": "Microsoft Azure",
"iconName": "azure",
"categories": ["Deployment", "Kompose", "Kubernetes", "Dockerfile"]
}
@@ -0,0 +1,7 @@
{
"name": "Deploy to AKS with Kustomize",
"description": "Deploy an application to an Azure Kubernetes Service cluster using Kustomize",
"creator": "Microsoft Azure",
"iconName": "azure",
"categories": ["Deployment", "Kustomize", "Kubernetes", "Dockerfile"]
}
@@ -1,7 +1,7 @@
{
"name": "Deploy to a AKS Cluster",
"description": "Deploy an application to a Azure Kubernetes Service Cluster using Azure Credentials",
"name": "Deploy to AKS",
"description": "Deploy an application to an Azure Kubernetes Service cluster",
"creator": "Microsoft Azure",
"iconName": "azure",
"categories": ["Deployment", "Kompose", "Helm", "Kustomize", "Kubernetes", "Dockerfile"]
"categories": ["Deployment", "Kubernetes", "Dockerfile"]
}