update from AWS to GCP

SecurityForCloudBuilders · May 20, 2024 · 9f0d77e · 9f0d77e
1 parent 962132a
commit 9f0d77e
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 27 deletions.
diff --git a/.github/workflows/secure-pipeline.yml b/.github/workflows/secure-pipeline.yml
@@ -38,38 +38,32 @@ jobs:
           version: 'v1.24.0'
         id: install
 
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v2
+      - name: install the gcloud cli
+        uses: google-github-actions/setup-gcloud@v0
         with:
-          role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
-          role-session-name: JavaGoofDeployment
-          aws-region: us-west-2        
+          project_id: ${{ secrets.GOOGLE_PROJECT }}
+          service_account_key: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}
+          install_components: 'gke-gcloud-auth-plugin'
+          export_default_credentials: true
 
-      - name: Login to Amazon ECR
-        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v1
-
-      - name: Build, tag, and push image to Amazon ECR
+      - name: build and push the docker image
         env:
-          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
-          ECR_REPOSITORY: cs-reinvent-demo
-          IMAGE_TAG: ${{ github.sha }}
+          GOOGLE_PROJECT: ${{ secrets.GOOGLE_PROJECT }}
         run: |
-          DOCKER_BUILDKIT=1 docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:latest .
-          docker push -a $ECR_REGISTRY/$ECR_REPOSITORY
+          gcloud auth configure-docker us-central-1-docker.pkg.dev
+          gcloud build -t us-central1-docker.pkg.dev/$GOOGLE_PROJECT/java-goof/java-goof:latest .
+          docker push us-central1-docker.pkg.dev/$GOOGLE_PROJECT/java-goof/java-goof:latest
 
-      - name: Trend Cloud One Container Security Scan Action
-        env:
-          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
-          ECR_REPOSITORY: cs-reinvent-demo      
+      - name: Trend Cloud One Container Security Scan Action 
         run: |
          export CLOUD_ONE_API_KEY=${{ secrets.TMAS_API_KEY }}
          curl -s -L https://gist.github.com/raphabot/abae09b46c29afc7c3b918b7b8ec2a5c/raw/ | bash
-         tmas scan registry:$ECR_REGISTRY/$ECR_REPOSITORY
-
-      - name: Update kube config
-        run: aws eks update-kubeconfig --name igorsCluster --region us-west-2  
+         tmas scan registry:us-central1-docker.pkg.dev/$GOOGLE_PROJECT/java-goof/java-goof:latest
 
-      - name: Deploy to EKS
-        run: |
-          kubectl apply -f k8s/java-goof.yaml
+#      - name: Deploy to GKE
+#        env:
+#          GOOGLE_PROJECT: ${{ secrets.GOOGLE_PROJECT }}
+#        run: |
+#          gcloud container clusters get-credentials igorsdevcluster --region us-central1
+#          sed -i "s/GOOGLE_PROJECT/$GOOGLE_PROJECT/g" k8s/java-goof.yaml
+#          kubectl apply -f k8s/java-goof.yaml
diff --git a/todolist-goof/k8s/java-goof.yaml b/todolist-goof/k8s/java-goof.yaml
@@ -1,3 +1,8 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: java-goof
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -17,7 +22,7 @@ spec:
     spec:
       containers:
       - name: java-goof
-        image: 199694721883.dkr.ecr.us-west-2.amazonaws.com/cs-reinvent-demo:latest
+        image: us-central1-docker.pkg.dev/GOOGLE_PROJECT/java-goof/java-goof:latest
         ports:
         - containerPort: 8080
 ---