feat: update github actions

tamnk74 · Mar 6, 2022 · 7d4f6dd · 7d4f6dd
1 parent 3f47a26
commit 7d4f6dd
Show file tree

Hide file tree

Showing 23 changed files with 17,283 additions and 198 deletions.
diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml
@@ -0,0 +1,65 @@
+name: Deployment Flow
+
+on:
+  workflow_call:
+    inputs:
+      env_tag:
+        required: true
+        type: string
+      environment:
+        required: true
+        type: string
+    secrets:
+      DOCKER_IMAGE_REPOSITORY:
+        required: true
+      DOCKER_USERNAME:
+        required: true
+      DOCKER_PASSWORD:
+        required: true
+      DEPLOYMENT_FILE:
+        required: true
+      KUBE_CA:
+        required: true
+      KUBE_TOKEN:
+        required: true
+      KUBE_CLUSTER:
+        required: true
+      KUBE_SERVER:
+        required: true
+      GCP_STORAGE_KEY:
+        required: true
+
+jobs:
+  deploy:
+    name: Deploy to ${{ inputs.environment }} env
+    runs-on: ubuntu-latest
+    container: google/cloud-sdk:latest
+    environment: ${{ inputs.environment }}
+
+    steps:
+      - uses: actions/checkout@v2
+      - name: Deploy to ${{ inputs.environment }}
+        run: |
+          export IMAGE_NAME=asia.gcr.io/$DOCKER_IMAGE_REPOSITORY/$ENV_TAG/$REPOSITORY_NAME:$GITHUB_SHA
+          docker build -t $IMAGE_NAME --build-arg ENV_TAG=$ENV_TAG .
+          docker login -u $DOCKER_USERNAME -p "$DOCKER_PASSWORD" https://asia.gcr.io
+          docker push $IMAGE_NAME
+          sed -i "s|{{image}}|$IMAGE_NAME|g" $DEPLOYMENT_FILE
+          echo $KUBE_TOKEN | base64 --decode > ./kube_token
+          echo $KUBE_CA | base64 --decode > ./kube_ca
+          kubectl config set-cluster $KUBE_CLUSTER --server=$KUBE_SERVER --certificate-authority="$(pwd)/kube_ca"
+          kubectl config set-credentials github --token="$(cat ./kube_token)"
+          kubectl config set-context development --cluster=$KUBE_CLUSTER --user=github
+          kubectl config use-context development
+          kubectl apply -f $DEPLOYMENT_FILE
+        env:
+          REPOSITORY_NAME: nest_api_gateway
+          ENV_TAG: ${{ inputs.env_tag }}
+          DOCKER_IMAGE_REPOSITORY: ${{ secrets.DOCKER_IMAGE_REPOSITORY }}
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+          DEPLOYMENT_FILE: ${{ secrets.DEPLOYMENT_FILE}}
+          KUBE_CA: ${{ secrets.KUBE_CA }}
+          KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }}
+          KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
+          KUBE_SERVER: ${{ secrets.KUBE_SERVER }}
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -0,0 +1,145 @@
+
+name: Continuous Integration
+
+on:
+  workflow_call:
+
+jobs:
+  setup:
+    name: Setup
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [14.x]
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: actions/setup-node@v2
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'npm'
+
+      - uses: actions/cache@v2
+        with:
+          path: node_modules
+          key: node-modules-${{ hashFiles('**/package-lock.json') }}
+
+      - name: Setup
+        run: |
+          unset NPM_CONFIG_USER
+          npm i
+          # npm audit --audit-level=critical
+
+  lint:
+    name: Run lint
+    needs: setup
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [14.x]
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: actions/setup-node@v2
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'npm'
+
+      - uses: actions/cache@v2
+        with:
+          path: node_modules
+          key: node-modules-${{ hashFiles('**/package-lock.json') }}
+
+      - name: Lint
+        run: npm run lint
+
+  type-check:
+    name: Run type check
+    needs: setup
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [14.x]
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: actions/setup-node@v2
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'npm'
+
+      - uses: actions/cache@v2
+        with:
+          path: node_modules
+          key: node-modules-${{ hashFiles('**/package-lock.json') }}
+
+      - name: Lint
+        run: npm run type-check
+
+  unit-test:
+    name: Run Unit Test
+    needs: [setup]
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [14.x]
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: actions/setup-node@v2
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'npm'
+
+      - uses: actions/cache@v2
+        with:
+          path: node_modules
+          key: node-modules-${{ hashFiles('**/package-lock.json') }}
+
+      - name: Unit Test
+        run: npm run test:cov
+
+      - name: Archive Coverage Report Artifacts
+        uses: actions/upload-artifact@v2
+        with:
+          name: coverage
+          path: coverage
+
+  build:
+    name: Build
+    needs: [lint, type-check, unit-test]
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [14.x]
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - uses: actions/setup-node@v2
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: 'npm'
+
+      - uses: actions/cache@v2
+        with:
+          path: node_modules
+          key: node-modules-${{ hashFiles('**/package-lock.json') }}
+
+      - name: Build
+        run: npm run build
+
+      - name: Archive Dist Artifacts
+        uses: actions/upload-artifact@v2
+        with:
+          name: dist
+          path: dist
diff --git a/.github/workflows/deployment.yaml b/.github/workflows/deployment.yaml
@@ -6,11 +6,11 @@ on:
 env:
   ENV_TAG: ${{ secrets.ENV_TAG }}
   REGISTRY: ghcr.io
-  IMAGE_NAME: nestjs_api_gateway
+  IMAGE_NAME: nestjs-api-gateway
   PROJECT_ID: ${{ secrets.GKE_PROJECT }}
   GKE_CLUSTER: gke-deploy-cluster
   GKE_ZONE: asia-east1-a
-  DEPLOYMENT_NAME: nestjs_api_gateway
+  DEPLOYMENT_NAME: nestjs-api-gateway
 
 jobs:
   build-image:
@@ -40,7 +40,7 @@ jobs:
         with:
           context: .
           push: true
-          tags:  ghcr.io/tomnk/nestjs_api_gateway/${{ env.IMAGE_NAME }}:latest
+          tags:  ghcr.io/tamnk74/nestjs-api-gateway/${{ env.IMAGE_NAME }}:latest
       # Build the Docker image
       # - name: Build
       #   run: |-

diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml
@@ -0,0 +1,47 @@
+name: Pull Request
+
+on:
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  build:
+    uses: ./.github/workflows/ci.yaml
+
+  # sonarqube-analysis:
+  #   name: SonarQube Analysis
+  #   runs-on: [self-hosted]
+  #   needs: [build]
+
+  #   steps:
+  #     - name: Setup sonar scanner
+  #       uses: warchant/setup-sonar-scanner@v3
+  #       env:
+  #         ACTIONS_ALLOW_UNSECURE_COMMANDS: 'true'
+  #     - uses: actions/checkout@v2
+  #     - uses: actions/download-artifact@v2
+  #       with:
+  #         name: coverage
+  #         path: coverage
+  #     - name: Sonar Scaner
+  #       run: |
+  #         sonar-scanner -Dsonar.projectBaseDir=$(pwd) \
+  #           -Dproject.settings=sonar.properties \
+  #           -Dsonar.projectKey=$SONAR_PROJECT_KEY \
+  #           -Dsonar.projectName=$SONAR_PROJECT_KEY \
+  #           -Dsonar.exclusions=**/node_modules/**/*,**/migrations/**/*,**/misc/**/*,**/webserver/**/*,**/*.spec.ts,**/cli/**/* \
+  #           -Dsonar.coverage.exclusions=**/test/**/* \
+  #           -Dsonar.sources=src \
+  #           -Dsonar.language=ts \
+  #           -Dsonar.javascript.lcov.reportPaths=coverage/lcov.info \
+  #           -Dsonar.pullrequest.key=$PULL_REQUEST_KEY \
+  #           -Dsonar.pullrequest.branch=$GITHUB_HEAD_REF \
+  #           -Dsonar.pullrequest.base=$GITHUB_BASE_REF \
+  #           -Dsonar.qualitygate.wait=true \
+  #           -Dsonar.login=$SONAR_LOGIN \
+  #           -Dsonar.host.url=$SONAR_URL \
+  #       env:
+  #         PULL_REQUEST_KEY: ${{ github.event.number }}
+  #         SONAR_LOGIN: ${{ secrets.SONAR_LOGIN }}
+  #         SONAR_URL: ${{ secrets.SONAR_URL }}
+  #         SONAR_PROJECT_KEY: ${{ secrets.SONAR_PROJECT_KEY }}
diff --git a/.github/workflows/push_branch.yaml b/.github/workflows/push_branch.yaml
@@ -0,0 +1,60 @@
+name: Deployment on Push, Change
+
+on:
+  push:
+    branches: [develop, main]
+
+jobs:
+  build:
+    uses: ./.github/workflows/ci.yaml
+
+  # sonarqube-analysis:
+  #   name: SonarQube Analysis
+  #   runs-on: [self-hosted]
+  #   needs: [build]
+
+  #   steps:
+  #     - name: Setup sonar scanner
+  #       uses: warchant/setup-sonar-scanner@v3
+  #       env:
+  #         ACTIONS_ALLOW_UNSECURE_COMMANDS: 'true'
+  #     - uses: actions/checkout@v2
+  #     - uses: actions/download-artifact@v2
+  #       with:
+  #         name: coverage
+  #         path: coverage
+  #     - name: Sonar Scanner
+  #       run: |
+  #         sonar-scanner -Dsonar.projectBaseDir=$(pwd) \
+  #           -Dproject.settings=sonar.properties \
+  #           -Dsonar.projectKey=$SONAR_PROJECT_KEY \
+  #           -Dsonar.projectName=$SONAR_PROJECT_KEY \
+  #           -Dsonar.exclusions=**/node_modules/**/*,**/migrations/**/*,**/misc/**/*,**/webserver/**/*,**/*.spec.ts,**/cli/**/* \
+  #           -Dsonar.coverage.exclusions=**/test/**/* \
+  #           -Dsonar.sources=src \
+  #           -Dsonar.language=ts \
+  #           -Dsonar.javascript.lcov.reportPaths=coverage/lcov.info \
+  #           -Dsonar.branch.name=$GITHUB_HEAD_REF \
+  #           -Dsonar.login=$SONAR_LOGIN \
+  #           -Dsonar.host.url=$SONAR_URL
+  #       env:
+  #         SONAR_LOGIN: ${{ secrets.SONAR_LOGIN }}
+  #         SONAR_URL: ${{ secrets.SONAR_URL }}
+  #         SONAR_PROJECT_KEY: ${{ secrets.SONAR_PROJECT_KEY }}
+
+  # deploy:
+  #   uses: ./.github/workflows/cd.yaml
+  #   needs: [sonarqube-analysis]
+  #   with:
+  #     env_tag: development
+  #     environment: Development
+  #   secrets:
+  #     DOCKER_IMAGE_REPOSITORY: ${{ secrets.DOCKER_IMAGE_REPOSITORY }}
+  #     DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+  #     DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+  #     DEPLOYMENT_FILE: ${{ secrets.DEPLOYMENT_FILE}}
+  #     KUBE_CA: ${{ secrets.KUBE_CA }}
+  #     KUBE_TOKEN: ${{ secrets.KUBE_TOKEN }}
+  #     KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER }}
+  #     KUBE_SERVER: ${{ secrets.KUBE_SERVER}}
+  #     GCP_STORAGE_KEY: ${{ secrets.GCP_STORAGE_KEY}}
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -0,0 +1,21 @@
+{
+  // Use IntelliSense to learn about possible attributes.
+  // Hover to view descriptions of existing attributes.
+  // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "type": "node",
+      "request": "launch",
+      "name": "Debug Api Gatewway",
+      "args": ["${workspaceFolder}/src/main.ts"],
+      "runtimeExecutable": "npm",
+      "runtimeArgs": ["run-script", "start:dev"],
+      "sourceMaps": true,
+      "port": 3000,
+      "cwd": "${workspaceRoot}",
+      "protocol": "inspector",
+      "console": "integratedTerminal"
+    }
+  ]
+}