diff --git a/.github/workflows/secure-pipeline.yml b/.github/workflows/secure-pipeline.yml index 5ad1c19..fbb8f16 100644 --- a/.github/workflows/secure-pipeline.yml +++ b/.github/workflows/secure-pipeline.yml @@ -38,38 +38,32 @@ jobs: version: 'v1.24.0' id: install - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + - name: install the gcloud cli + uses: google-github-actions/setup-gcloud@v0 with: - role-to-assume: ${{ secrets.AWS_IAM_ROLE }} - role-session-name: JavaGoofDeployment - aws-region: us-west-2 + project_id: ${{ secrets.GOOGLE_PROJECT }} + service_account_key: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }} + install_components: 'gke-gcloud-auth-plugin' + export_default_credentials: true - - name: Login to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 - - - name: Build, tag, and push image to Amazon ECR + - name: build and push the docker image env: - ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} - ECR_REPOSITORY: cs-reinvent-demo - IMAGE_TAG: ${{ github.sha }} + GOOGLE_PROJECT: ${{ secrets.GOOGLE_PROJECT }} run: | - DOCKER_BUILDKIT=1 docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:latest . - docker push -a $ECR_REGISTRY/$ECR_REPOSITORY + gcloud auth configure-docker us-central-1-docker.pkg.dev + gcloud build -t us-central1-docker.pkg.dev/$GOOGLE_PROJECT/java-goof/java-goof:latest . + docker push us-central1-docker.pkg.dev/$GOOGLE_PROJECT/java-goof/java-goof:latest - - name: Trend Cloud One Container Security Scan Action - env: - ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} - ECR_REPOSITORY: cs-reinvent-demo + - name: Trend Cloud One Container Security Scan Action run: | export CLOUD_ONE_API_KEY=${{ secrets.TMAS_API_KEY }} curl -s -L https://gist.github.com/raphabot/abae09b46c29afc7c3b918b7b8ec2a5c/raw/ | bash - tmas scan registry:$ECR_REGISTRY/$ECR_REPOSITORY - - - name: Update kube config - run: aws eks update-kubeconfig --name igorsCluster --region us-west-2 + tmas scan registry:us-central1-docker.pkg.dev/$GOOGLE_PROJECT/java-goof/java-goof:latest - - name: Deploy to EKS - run: | - kubectl apply -f k8s/java-goof.yaml +# - name: Deploy to GKE +# env: +# GOOGLE_PROJECT: ${{ secrets.GOOGLE_PROJECT }} +# run: | +# gcloud container clusters get-credentials igorsdevcluster --region us-central1 +# sed -i "s/GOOGLE_PROJECT/$GOOGLE_PROJECT/g" k8s/java-goof.yaml +# kubectl apply -f k8s/java-goof.yaml diff --git a/todolist-goof/k8s/java-goof.yaml b/todolist-goof/k8s/java-goof.yaml index 30c312a..e4e9388 100644 --- a/todolist-goof/k8s/java-goof.yaml +++ b/todolist-goof/k8s/java-goof.yaml @@ -1,3 +1,8 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: java-goof +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -17,7 +22,7 @@ spec: spec: containers: - name: java-goof - image: 199694721883.dkr.ecr.us-west-2.amazonaws.com/cs-reinvent-demo:latest + image: us-central1-docker.pkg.dev/GOOGLE_PROJECT/java-goof/java-goof:latest ports: - containerPort: 8080 ---