Skip to content

ssm fixes

ssm fixes #58

name: Go CI/CD
on:
pull_request:
types: [opened, synchronize, reopened]
branches:
- main
push:
branches:
- main
permissions:
contents: write
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
jobs:
ci:
name: CI Pipeline
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v2
with:
go-version: ^1.22.1
- name: Install dependencies
run: go mod download
- name: Build
run: go build -o ./app .
- name: Format code with gofumpt
run: go install mvdan.cc/gofumpt@latest && gofumpt -w .
- name: Install golangci-lint
run: curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin latest
- name: Run golangci-lint
run: |
OUTPUT=$(golangci-lint run ./... 2>&1) || true
if [[ -n "$OUTPUT" ]]; then
echo "golangci-lint found issues:"
echo "$OUTPUT"
fi
- name: Install go-staticcheck
run: go install honnef.co/go/tools/cmd/staticcheck@latest
- name: Run go-staticcheck
run: |
OUTPUT=$(staticcheck ./... 2>&1) || true
if [[ -n "$OUTPUT" ]]; then
echo "golangci-lint found issues:"
echo "$OUTPUT"
fi
- name: Install gosec
run: go install github.com/securego/gosec/cmd/gosec@latest
- name: Run gosec
run: |
OUTPUT=$(gosec -exclude=G104 ./... 2>&1) || true
if [[ -n "$OUTPUT" ]]; then
echo "golangci-lint found issues:"
echo "$OUTPUT"
fi
- name: Test
run: go test ./...
build-and-deploy:
name: CD Pipeline - Continuous Delivery Pipeline
runs-on: ubuntu-latest
if: github.event_name == 'push'
steps:
- name: Set short git commit SHA
id: commit
uses: prompt/actions-commit-hash@v2
- name: Checkout code
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Set up AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ vars.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag, and push Docker image to Amazon ECR
env:
ECR_REPOSITORY: ${{ vars.SERVICE_NAME }}
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
IMAGE_TAG: ${{ steps.commit.outputs.short }}
run: |
IMAGE_URI="$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
docker build -t $IMAGE_URI .
docker push $IMAGE_URI
echo "IMAGE_URI=$IMAGE_URI" >> $GITHUB_ENV
- name: Update Kubernetes configuration
env:
SERVICE_NAME: ${{ vars.SERVICE_NAME }}
run: |
DB_NAME=$(aws ssm get-parameter --name "/$SERVICE_NAME/db_name" --with-decryption --output json | jq '.Parameter | .Value')
DB_HOST=$(aws ssm get-parameter --name "/$SERVICE_NAME/db_host" --with-decryption --output json | jq '.Parameter | .Value')
DB_USERNAME=$(aws ssm get-parameter --name "/$SERVICE_NAME/db_username" --with-decryption --output json | jq '.Parameter | .Value')
DB_PASSWORD=$(aws ssm get-parameter --name "/$SERVICE_NAME/db_password" --with-decryption --output json | jq '.Parameter | .Value')
DOCUMENT_DB_HOST=$(aws ssm get-parameter --name "/$SERVICE_NAME/documentdb_host" --with-decryption --output json | jq '.Parameter | .Value')
DOCUMENT_DB_USERNAME=$(aws ssm get-parameter --name "/$SERVICE_NAME/documentdb_username" --with-decryption --output json | jq '.Parameter | .Value')
DOCUMENT_DB_PASSWORD=$(aws ssm get-parameter --name "/$SERVICE_NAME/documentdb_password" --with-decryption --output json | jq '.Parameter | .Value')
sed -i 's|placeholder_repository_name|'"$IMAGE_URI"'|' ./infra/golang-app-deployment.yaml
sed -i 's|aws_ssm_db_name|'"$DB_NAME"'|' ./infra/configmap.yaml
sed -i 's|aws_ssm_db_host|'"$DB_HOST"'|' ./infra/configmap.yaml
sed -i 's|aws_ssm_db_username|'"$DB_USERNAME"'|' ./infra/secrets.yaml
sed -i 's|aws_ssm_db_password|'"$DB_PASSWORD"'|' ./infra/secrets.yaml
sed -i 's|aws_ssm_documentdb_host|'"$DOCUMENT_DB_HOST"'|' ./infra/configmap.yaml
sed -i 's|aws_ssm_documentdb_username|'"$DOCUMENT_DB_USERNAME"'|' ./infra/secrets.yaml
sed -i 's|aws_ssm_documentdb_password|'"$DOCUMENT_DB_PASSWORD"'|' ./infra/secrets.yaml
- name: Install kubectl
run: |
curl -LO "https://dl.k8s.io/release/$(curl -sSL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
chmod +x kubectl
sudo mv kubectl /usr/local/bin/
- name: Update kube config
env:
AWS_EKS_CLUSTER_NAME: ${{ vars.AWS_EKS_CLUSTER_NAME }}
AWS_REGION: ${{ vars.AWS_REGION }}
run: aws eks update-kubeconfig --name $AWS_EKS_CLUSTER_NAME --region $AWS_REGION
- name: Deploy to Kubernetes
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
run: |
kubectl config get-contexts
kubectl apply -f ./infra --validate=false
kubectl rollout status deployment/order-service