We are running Docker as non root user
We are using Mocha, mocha-prepare and mongo-unit for IT Tests
- For local deployment using docker compose, check this file: https://github.com/devsahamerlin/terraform-private-gke-mongodb-atlas/blob/main/LOCAL-DEPLOYMENT.md
- Feature Pipeline
- Pull Request Pipeline
- Main Pipeline
-
You must have GCP Project and Known your PROJECT_ID
-
Fork this repository on your own git account
-
Go to GCP
IAM & Admin
->Service Account
, then click ongithub-actions-ar-sa@<PROJECT_ID>.iam.gserviceaccount.com
if you are using the IaC Terraform code provided or Create a service accountgithub-actions-ar-sa@<PROJECT_ID>.iam.gserviceaccount.com
with the following Rules:roles/artifactregistry.writer
-
Generate Key:
- Click on the service account, in the Tab menu, click on
KEYS
, click onADD KEYS
, click onCreate New Key
and chooseJSON
, then click onCREATE
- Click on the service account, in the Tab menu, click on
-
Add the content of your GCP Credentials file on GitHub Actions secret
-
Google Cloud Recommend to Use
Workload Identity Provider
with GitHub Actions, you can get details here and how to use it https://cloud.google.com/blog/products/identity-security/enabling-keyless-authentication-from-github-actions. We added both options in GitHub Actions workflows, if you are using The Terraform provided code for your Infrastructure, then you can use it, by uncommentingworkload_identity_provider
step in.github/worklows/main.yml line 37 to 42
and commentline 32 to 35
-
On your project repository click on Settings -> Secrets & variables -> New Repository Secret and paste the Json content of your credentials file. give name as
GOOGLE_APPLICATION_CREDENTIALS
and click on Add secret
- Repeat to add these Secrets to GitHub Actions:
GCP_PROJECT_ID # your gcp project id
GCP_PROJECT_NUMBER # (Optional) If you choose to use Workload Identity Provider, your can you gcp project number directly on the GCP Welcom page when you select projet, is like this 123456789
-
Make change on a feature branch, then create a Pull Request and Merge to
main
branch to start the pipeline. or directly push new change onmain
branch -
If you follow all steps correctly, your image will be push on GCP Artifact Registry
npm i
npm run test
npm run dev