diff --git a/.github/openshift.yml b/.github/openshift.yml new file mode 100644 index 00000000..9f989288 --- /dev/null +++ b/.github/openshift.yml @@ -0,0 +1,82 @@ +name: OpenShift + +env: + IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} + REGISTRY_USER: ${{ github.actor }} + REGISTRY_PASSWORD: ${{ github.token }} + APP_NAME: nationalparks + IMAGE_TAGS: latest ${{ github.sha }} + + OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} + OPENSHIFT_TOKEN: ${{ secrets.OPENSHIFT_TOKEN }} + OPENSHIFT_NAMESPACE: "manoj-singh8-dev" + + pcc_console_url: ${{ secrets.PCC_CONSOLE_URL }} + pcc_user: ${{ secrets.PCC_USER }} + pcc_pass: ${{ secrets.PCC_PASS }} + + APP_PORT: "8080" + +on: + # https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows + push: + branches: [ master ] + +jobs: + build-and-push: + name: Build and push to github container registry + runs-on: ubuntu-22.04 + environment: development + + outputs: + ROUTE: ${{ steps.deploy-and-expose.outputs.route }} + SELECTOR: ${{ steps.deploy-and-expose.outputs.selector }} + + steps: + - name: Checkout + id: checkout + uses: actions/checkout@v2 + + # https://github.com/redhat-actions/s2i-build#readme + - name: S2I Build + id: build_image + uses: redhat-actions/s2i-build@v2 + with: + path_context: '.' + builder_image: 'registry.access.redhat.com/ubi8/openjdk-11' + image: ${{ env.APP_NAME }} + tags: ${{ env.IMAGE_TAGS }} + + # https://github.com/redhat-actions/push-to-registry#readme + - name: Push to Registry + id: push-to-registry + uses: redhat-actions/push-to-registry@v2 + with: + image: ${{ steps.build_image.outputs.image }} + tags: ${{ steps.build_image.outputs.tags }} + registry: ${{ env.IMAGE_REGISTRY }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + + # The path the image was pushed to is now stored in ${{ steps.push-to-registry.outputs.registry-path }} + + # https://github.com/redhat-actions/oc-login#readme + - name: Log in to OpenShift + uses: redhat-actions/oc-login@v1 + with: + openshift_server_url: ${{ env.OPENSHIFT_SERVER }} + openshift_token: ${{ env.OPENSHIFT_TOKEN }} + insecure_skip_tls_verify: true + namespace: ${{ env.OPENSHIFT_NAMESPACE }} + + # Run a script to create a new app or update the current one with the previously pushed container image + - run: | + "${GITHUB_WORKSPACE}/.github/script.sh" ${{ env.APP_NAME }} ${{ env.IMAGE_REGISTRY }}/${{ steps.build_image.outputs.image }}:${{ github.sha }} ${{ env.OPENSHIFT_NAMESPACE }} + # Run Prisma Scan IBM Account + - name: Scan image + uses: PaloAltoNetworks/prisma-cloud-scan@v1 + with: + pcc_console_url: ${{ secrets.PCC_CONSOLE_URL }} + pcc_user: ${{ secrets.PCC_USER }} + pcc_pass: ${{ secrets.PCC_PASS }} + image_name: ${{ env.APP_NAME }} diff --git a/.github/script.sh b/.github/script.sh index 90816b27..ac71f3ae 100755 --- a/.github/script.sh +++ b/.github/script.sh @@ -1,8 +1,8 @@ #!/bin/bash -app_name=$1 -image=$2 -namespace=$3 +app_name=nationalparks +image=nationalparks +namespace=manoj-singh8-dev deploy=`oc get deployment $app_name -n $namespace` if [[ "$?" -eq 0 ]]; then diff --git a/.github/workflows/OpenshiftDeploy.yml b/.github/workflows/OpenshiftDeploy.yml new file mode 100644 index 00000000..68cf7726 --- /dev/null +++ b/.github/workflows/OpenshiftDeploy.yml @@ -0,0 +1,94 @@ +name: OpenShift Deployment and Prisma Scan + +on: + push: + branches: [ master] + +jobs: + build-and-deploy: + name: Build, Push, Deploy to OpenShift, and Scan + runs-on: ubuntu-22.04 + environment: development # Set the environment to 'development' + + steps: + - name: Checkout Code + uses: actions/checkout@v2 + + - name: Build with Maven + run: mvn clean package # Or use ./gradlew build for Gradle + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Log in to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io/${{ github.repository_owner }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} # Use environment secret + + - name: Build and Push Docker Image + id: build-and-push + uses: docker/build-push-action@v4 + with: + context: . + file: ./Dockerfile + tags: | + ghcr.io/${{ github.repository_owner }}/nationalparks:latest + ghcr.io/${{ github.repository_owner }}/nationalparks:${{ github.sha }} + push: true + + deploy: + name: Deploy to OpenShift and Run Prisma Scan + runs-on: ubuntu-latest + environment: development # Set the environment to 'development' + + env: + APP_NAME: nationalparks-new + IMAGE_REGISTRY: my-registry-url + OPENSHIFT_NAMESPACE: manoj-singh8-dev + OPENSHIFT_SERVER: https://api.sandbox-m3.1530.p1.openshiftapps.com:6443 + OPENSHIFT_TOKEN: sha256~nL8HZTc43467qXnWYhYJPnAOEP0CywTJOE422kL-b3Q + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Set up OpenShift CLI + run: | + curl -LO https://mirror.openshift.com/pub/openshift-v4/clients/ocp/stable/openshift-client-linux.tar.gz + tar -xzf openshift-client-linux.tar.gz -C /usr/local/bin/ + oc version + + - name: Login to OpenShift + env: + OPENSHIFT_TOKEN: sha256~nL8HZTc43467qXnWYhYJPnAOEP0CywTJOE422kL-b3Q # Use environment secret + run: | + if [ -z "$OPENSHIFT_TOKEN" ]; then + echo "OpenShift token is not set." + exit 1 + fi + oc login "${{ env.OPENSHIFT_SERVER }}" --token="$OPENSHIFT_TOKEN" --insecure-skip-tls-verify + + - name: Build and push image to OpenShift registry + run: | + IMAGE="${{ env.IMAGE_REGISTRY }}/${{ env.OPENSHIFT_NAMESPACE }}/${{ env.APP_NAME }}:${{ github.sha }}" + docker build -t "$IMAGE" . + docker push "$IMAGE" + + - name: Deploy to OpenShift + run: | + bash "${GITHUB_WORKSPACE}/.github/script.sh" \ + "${{ env.APP_NAME }}" \ + "${{ env.IMAGE_REGISTRY }}/${{ env.OPENSHIFT_NAMESPACE }}/${{ env.APP_NAME }}:${{ github.sha }}" \ + "${{ env.OPENSHIFT_NAMESPACE }}" + + - name: Prisma Cloud Scan + uses: PaloAltoNetworks/prisma-cloud-scan@v1 + with: + pcc_console_url: ${{ secrets.PCC_CONSOLE_URL }} # Use environment secret + pcc_user: ${{ secrets.PCC_USER }} # Use environment secret + pcc_pass: ${{ secrets.PCC_PASS }} # Use environment secret + image_name: ${{ env.IMAGE_REGISTRY }}/${{ env.APP_NAME }}:${{ github.sha }} diff --git a/PIPELINE.md b/PIPELINE.md index 49e16f21..c35484b2 100644 --- a/PIPELINE.md +++ b/PIPELINE.md @@ -147,3 +147,4 @@ in the same project as Jenkins. This will contain the `master` branch of each pr to each repository will result in a new pipeline getting instantiated and a new project getting created for that pipeline. The GitHub PR will then include a status of the build, a link to the application preview, and a link to the approval page. + diff --git a/README.adoc b/README.adoc index 24c14b92..19db66da 100644 --- a/README.adoc +++ b/README.adoc @@ -1,7 +1,9 @@ = NationalParks backend application -This application is a backend that provides geolocation information about NationalParks. The information is stored in a mongodb +This application is a backend that provides geolocation information about NationalParks. The information is stored in a mongodb + +Hello DevD == Installation As the application needs to interact with openshift's API, you'll need to provide some permissions to the default ServiceAccount for that. @@ -30,7 +32,7 @@ There's some options that can be parameterized: * MAVEN_MIRROR_URL: Url of a maven mirror * APPLICATION_HOSTNAME: Hostname/route to access your application -Example: +Example: Hello World Hello World hello word ---- oc new-app nationalparks -p APPLICATION_HOSTNAME=nationalparks-roadshow.127.0.0.1.xip.io -p MAVEN_MIRROR_URL=http://nexus.ci:8081/content/groups/public @@ -41,3 +43,10 @@ oc new-app nationalparks -p APPLICATION_HOSTNAME=nationalparks-roadshow.127.0.0. National Parks data comes from link:https://protectedplanet.net[ProtectedPlanet], listing worldwide National Parks categories, filtered as units shown link:https://en.wikipedia.org/wiki/List_of_the_United_States_National_Park_System_official_units[here] We used this link:https://www.protectedplanet.net/en/search-areas?filters%5Bis_type%5D%5B%5D=terrestrial&filters%5Bdesignation%5D%5B%5D=Nacional+Park&filters%5Bdesignation%5D%5B%5D=National+Forest+Park&filters%5Bdesignation%5D%5B%5D=National+Historic+Park&filters%5Bdesignation%5D%5B%5D=National+Battlefield&filters%5Bdesignation%5D%5B%5D=National+Historic+Site&filters%5Bdesignation%5D%5B%5D=National+Historical+Park&filters%5Bdesignation%5D%5B%5D=National+Lakeshore&filters%5Bdesignation%5D%5B%5D=National+Military+Park&filters%5Bdesignation%5D%5B%5D=National+Monument&filters%5Bdesignation%5D%5B%5D=National+Park&filters%5Bdesignation%5D%5B%5D=National+Park+%28Category+Ii%29&filters%5Bdesignation%5D%5B%5D=National+Park+%28Commonwealth%29&filters%5Bdesignation%5D%5B%5D=National+Park+%28Fbih+Law%29&filters%5Bdesignation%5D%5B%5D=National+Park+%28PN%29&filters%5Bdesignation%5D%5B%5D=National+Park+%28Rs+Law%29&filters%5Bdesignation%5D%5B%5D=National+Park+%28Scientific%29&filters%5Bdesignation%5D%5B%5D=National+Park+%28Svalbard%29&filters%5Bdesignation%5D%5B%5D=National+Park+%28project%29&filters%5Bdesignation%5D%5B%5D=National+Park+-+Buffer+Zone&filters%5Bdesignation%5D%5B%5D=National+Park+-+Buffer+Zone%2FArea+Of+Adhesion&filters%5Bdesignation%5D%5B%5D=National+Park+-+Core+Area&filters%5Bdesignation%5D%5B%5D=National+Park+-+Integrale+Reserve&filters%5Bdesignation%5D%5B%5D=National+Park+-+Peripheral+Zone&filters%5Bdesignation%5D%5B%5D=National+Park+Aboriginal&filters%5Bdesignation%5D%5B%5D=National+Park+and+ASEAN+Heritage+Park&filters%5Bdesignation%5D%5B%5D=National+Park+and+Ecological+Reserve&filters%5Bdesignation%5D%5B%5D=National+Park+and+Indigenous+Territory&filters%5Bdesignation%5D%5B%5D=National+Reserve&filters%5Bdesignation%5D%5B%5D=National+River&filters%5Bdesignation%5D%5B%5D=National+Seashore[query] listing 2830 National Parks at the moment. + +test testing SITA RAM HANUMAN +SITA RAM HANUMAN +SITA RAM HANUMAN + Sita Ram Sita Ram +Hello Test +Hello World