Github Actions Fast Pipelines

This is a personal work in progress.

Your repo as an auto-helm upgrade or k8s-apply pipeline.

Features

• Semantic Versioning: Semantic-Release
• Dockerfile linter: Hadolint
• Static docerfile analysis: Trivy
• Static code analysis: SonarQube

Usage

Repository Patterns

This pipeline assumes you have just 3 types of repositories:

Name	Short	Description
Application	app	Front-end application with internet-facing ingress
Service	svc	Microservice that may - or may not - have ingress
Infrastructure as Code	iac	Code that generates cloud infrastructure

Those repositories must obey a name pattern.

{ecosystem}-{type}-{name/client/integration}

Examples:

• ff-svc-clients: microservice that manages clients' data
• ff-app-budget: application that organizes the company finances
• ff-iac-aws: iac code to manage the aws environment

Setup

Your repository need to implement:

name: My pipeline
on: ['push', 'pull_request']

jobs:

  Service:
    uses: filipeforattini/ff-iac-github-actions/.github/workflows/service.yml@main
    with:
      containerRegistry: ghcr.io

Parameters

Name	Default	Description
containerRegistry	ghcr.io	Container registry host that you will use

Requirements

Configure your

Workflows

A) Service Push

1. Setup:

Organizes the whole workflow jobs' inputs.

1. Checkout your code and few tools from this repo.
2. Configure repository environments.
   1. List all environments
      • for (env in [dev, stg, sbx, prd, dry]): 1.
3. Runs scrappers to extract information from your repository and environment keys.
4. (TODO) Updates repository configs
   1. (TODO) Create environments
5. Define which path should this build go.

2. Depending on the event

• if [ event_name = push ]
  1. Build your repository. Supported: nodejs, python
     1. Checkout your code and few tools from this repo again.
     2. Define few variables for your build
     3. Install version
     4. Loads cache that matches with your repository organization
     5. Install dependencies
     6. Runs few scripts
     7. Generates a .dockerignore, if there isn't one
     8. Generates a dockerfile, if there isn't one
     9. Setups docker builder
     10. Log-in into your Container Registry
     11. Builds and push the container
  2. Deploy your container into your DEV environment
• if [ event_name = pull_request ]
  1. Code quality check
     1. Checkout your code and few tools from this repo again.
     2. Define few variables for your build
  2. Team approval

Daily work

Commits & Versioning

git commit -m "action(scope): subject"

Where the actions:

• feat: new feature for the user, not a new feature for the build script
• fix: bug fix for the user, not a fix for a build script
• docs: documentation changes
• style: formatting, lack of semicolons, etc; no changes to the production code
• refactor: refactoring the production code, for example. renaming a variable
• test: adding missing tests, refactoring tests; no changes to the production code
• chore:updating grunted tasks, etc; no changes to the production code

Adds BREAKING CHANGE in the commit message and it will generate a new major version.

Secrets

gpg -v \
  --symmetric \
  --cipher-algo AES256 \
  --output ./manifests/secrets/dev.gpg \
  ./manifests/secrets/dev.env