4e20b52618
* Added Cloudrail according to instructions and existing examples * Adding Cloudrail according to documentation and examples * Oops * Add original Fortify on Demand workflow * Update Fortify on Demand workflow * Update Fortify on Demand supported languages * Add 3rd-party GitHub Actions disclaimer * Sysdig Secure Inline Scan with SARIF report to starter workflows * Added some extra comments, Github Actions V2 and changed env vars * Reviews from PR #1110 * Adding 'Dockerfile' to category list * Update according to PR review comments * File renames as requested in PR comments * Revert "Azure Data Factory CI starter workflow (#1111)" (#1146) This reverts commit7f30309cce. * use env variables for user-set values (#1117) Co-authored-by: Josh Gross <joshmgross@github.com> * Apply suggestions from nickfyson's code review Co-authored-by: Nick Fyson <nickfyson@github.com> * removing "deployment" templates from sync-ghes (#1127) * Update code-scanning/properties/sysdig-scan.properties.json Co-authored-by: Nick Fyson <nickfyson@github.com> * Update code-scanning/properties/sysdig-scan.properties.json Co-authored-by: Nick Fyson <nickfyson@github.com> * Changed svg logo * Rename sysdig.svg to sysdig-scan.svg * Switched svg logo (again) for a better fit * Rename fortify.json to fortify.properties.json * Correct character-case of "c" in Cloudrail * AWS template also used Docker * trigger on push instead of release (#1157) Co-authored-by: Josh Gross <joshmgross@github.com> * Added new templates for 3 clouds. * Revert "Added new templates for 3 clouds." This reverts commitc765d6316f. * Add workflow for Microsoft C++ Code Analysis * Updated action to meet guidelines * correct typo in msvc.properties.json Co-authored-by: Yoni Leitersdorf <y@indeni.com> Co-authored-by: Ruud Senden <ruud.senden@microfocus.com> Co-authored-by: Ruud Senden <8635138+rsenden@users.noreply.github.com> Co-authored-by: Manuel Boira Cuevas <manuel.boira@MacBook-Pro.local> Co-authored-by: manuelbcd <manuel.boira@sysdig.com> Co-authored-by: Nick Fyson <nickfyson@github.com> Co-authored-by: Sarah Edwards <skedwards88@github.com> Co-authored-by: Josh Gross <joshmgross@github.com> Co-authored-by: Aparna Ravindra <82894348+aparna-ravindra@users.noreply.github.com> Co-authored-by: manuelbcd <manuelbcd@gmail.com> Co-authored-by: Daniel Winsor <danwin@microsoft.com>
82 lines
2.9 KiB
YAML
82 lines
2.9 KiB
YAML
# This workflow will build a docker container, publish it to Google Container Registry, and deploy it to GKE when there is a push to the $default-branch branch.
|
|
#
|
|
# To configure this workflow:
|
|
#
|
|
# 1. Ensure that your repository contains the necessary configuration for your Google Kubernetes Engine cluster, including deployment.yml, kustomization.yml, service.yml, etc.
|
|
#
|
|
# 2. Set up secrets in your workspace: GKE_PROJECT with the name of the project and GKE_SA_KEY with the Base64 encoded JSON service account key (https://github.com/GoogleCloudPlatform/github-actions/tree/docs/service-account-key/setup-gcloud#inputs).
|
|
#
|
|
# 3. Change the values for the GKE_ZONE, GKE_CLUSTER, IMAGE, and DEPLOYMENT_NAME environment variables (below).
|
|
#
|
|
# For more support on how to run the workflow, please visit https://github.com/google-github-actions/setup-gcloud/tree/master/example-workflows/gke
|
|
|
|
name: Build and Deploy to GKE
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- $default-branch
|
|
|
|
env:
|
|
PROJECT_ID: ${{ secrets.GKE_PROJECT }}
|
|
GKE_CLUSTER: cluster-1 # TODO: update to cluster name
|
|
GKE_ZONE: us-central1-c # TODO: update to cluster zone
|
|
DEPLOYMENT_NAME: gke-test # TODO: update to deployment name
|
|
IMAGE: static-site
|
|
|
|
jobs:
|
|
setup-build-publish-deploy:
|
|
name: Setup, Build, Publish, and Deploy
|
|
runs-on: ubuntu-latest
|
|
environment: production
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v2
|
|
|
|
# Setup gcloud CLI
|
|
- uses: google-github-actions/setup-gcloud@v0.2.0
|
|
with:
|
|
service_account_key: ${{ secrets.GKE_SA_KEY }}
|
|
project_id: ${{ secrets.GKE_PROJECT }}
|
|
|
|
# Configure Docker to use the gcloud command-line tool as a credential
|
|
# helper for authentication
|
|
- run: |-
|
|
gcloud --quiet auth configure-docker
|
|
|
|
# Get the GKE credentials so we can deploy to the cluster
|
|
- uses: google-github-actions/get-gke-credentials@v0.2.1
|
|
with:
|
|
cluster_name: ${{ env.GKE_CLUSTER }}
|
|
location: ${{ env.GKE_ZONE }}
|
|
credentials: ${{ secrets.GKE_SA_KEY }}
|
|
|
|
# Build the Docker image
|
|
- name: Build
|
|
run: |-
|
|
docker build \
|
|
--tag "gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA" \
|
|
--build-arg GITHUB_SHA="$GITHUB_SHA" \
|
|
--build-arg GITHUB_REF="$GITHUB_REF" \
|
|
.
|
|
|
|
# Push the Docker image to Google Container Registry
|
|
- name: Publish
|
|
run: |-
|
|
docker push "gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA"
|
|
|
|
# Set up kustomize
|
|
- name: Set up Kustomize
|
|
run: |-
|
|
curl -sfLo kustomize https://github.com/kubernetes-sigs/kustomize/releases/download/v3.1.0/kustomize_3.1.0_linux_amd64
|
|
chmod u+x ./kustomize
|
|
|
|
# Deploy the Docker image to the GKE cluster
|
|
- name: Deploy
|
|
run: |-
|
|
./kustomize edit set image gcr.io/PROJECT_ID/IMAGE:TAG=gcr.io/$PROJECT_ID/$IMAGE:$GITHUB_SHA
|
|
./kustomize build . | kubectl apply -f -
|
|
kubectl rollout status deployment/$DEPLOYMENT_NAME
|
|
kubectl get services -o wide
|