Production #607
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Production | |
# Controls when the workflow will run | |
on: | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
inputs: | |
release_version: | |
required: true | |
dashboard: | |
type: boolean | |
default: true | |
description: Dashboard | |
testing: | |
type: boolean | |
default: true | |
description: Testing | |
billing: | |
type: boolean | |
default: true | |
description: Billing | |
internal: | |
type: boolean | |
default: true | |
description: Internal | |
threat_detection_backend: | |
type: boolean | |
default: true | |
description: Threat Deteection Backend | |
# A workflow run is made up of one or more jobs that can run sequentially or in parallel | |
jobs: | |
# This workflow contains a single job called "build" | |
build: | |
# The type of runner that the job will run on | |
runs-on: ubuntu-22.04 | |
# Steps represent a sequence of tasks that will be executed as part of the job | |
steps: | |
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
- uses: actions/checkout@v2 | |
- uses: actions/setup-java@v2 | |
with: | |
distribution: "adopt" | |
java-version: "8" | |
architecture: x64 | |
- uses: actions/setup-node@v2 | |
with: | |
node-version: '17' | |
- name: Setup Protoc | |
uses: arduino/setup-protoc@v3 | |
with: | |
version: "29.2" | |
- uses: bufbuild/buf-action@v1 | |
with: | |
setup_only: true | |
- name: Download Akto templates zip and PII files | |
working-directory: ./apps/dashboard/src/main/resources | |
run: | | |
wget -O tests-library-master.zip https://github.com/akto-api-security/tests-library/archive/refs/heads/master.zip | |
wget -O general.json https://raw.githubusercontent.com/akto-api-security/pii-types/master/general.json | |
wget -O fintech.json https://raw.githubusercontent.com/akto-api-security/akto/master/pii-types/fintech.json | |
wget -O filetypes.json https://raw.githubusercontent.com/akto-api-security/akto/master/pii-types/filetypes.json | |
wget -O automated_api_groups.csv https://raw.githubusercontent.com/akto-api-security/akto/master/automated-api-groups/automated-api-groups.csv | |
- name: Create maxmind directory | |
run: mkdir -p ./apps/threat-detection-backend/src/main/resources/maxmind | |
- name: Download Maxmind Country database | |
working-directory: ./apps/threat-detection-backend/src/main/resources/maxmind | |
run: | | |
wget -O Geo-Country.mmdb https://raw.githubusercontent.com/akto-api-security/tests-library/refs/heads/master/resources/Geo-Country.mmdb | |
- name: Prepare Dashboard polaris UI | |
working-directory: ./apps/dashboard/web/polaris_web | |
run: npm install && export RELEASE_VERSION=${{github.event.inputs.release_version}} && npm run build | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{secrets.AWS_ACCESS_KEY_ID}} | |
aws-secret-access-key: ${{secrets.AWS_SECRET_ACCESS_KEY}} | |
aws-region: ap-south-1 | |
- name: Deploy polaris site to S3 bucket | |
run: aws s3 sync ./apps/dashboard/web/polaris_web/web/dist s3://dashboard-on-cdn/polaris_web/${{github.event.inputs.release_version}}/dist --delete | |
- run: mvn package -Dakto-image-tag=${{ github.event.inputs.release_version }} -Dakto-build-time=$(eval "date +%s") -Dakto-release-version=${{github.event.inputs.release_version}} -DskipTests | |
- name: DockerHub login | |
env: | |
DOCKER_USERNAME: ${{secrets.DOCKER_USERNAME}} | |
DOCKER_PASSWORD: ${{secrets.DOCKER_PASSWORD}} | |
run: | | |
docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD | |
- name: Build, tag, and push the image to DockerHub | |
id: build-image-dockerhub | |
env: | |
ECR_REGISTRY: aktosecurity | |
ECR_REPOSITORY: akto-api-security | |
IMAGE_TAG_1: local | |
IMAGE_TAG_2: ${{ github.event.inputs.release_version }}_local | |
IMAGE_TAG_3: latest | |
run: | | |
docker buildx create --use | |
# Build a docker container and push it to DockerHub | |
cd apps/dashboard | |
if [[ "${{ github.event.inputs.dashboard }}" == "true" ]]; then | |
cd ../dashboard | |
docker buildx build --platform linux/arm64/v8,linux/amd64 -t $ECR_REGISTRY/$ECR_REPOSITORY-dashboard:$IMAGE_TAG_1 -t $ECR_REGISTRY/$ECR_REPOSITORY-dashboard:$IMAGE_TAG_2 . --push | |
echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY-dashboard:$IMAGE_TAG" | |
fi | |
if [[ "${{ github.event.inputs.testing }}" == "true" ]]; then | |
cd ../testing | |
docker buildx build --platform linux/arm64/v8,linux/amd64 -t $ECR_REGISTRY/akto-api-testing:$IMAGE_TAG_1 -t $ECR_REGISTRY/akto-api-testing:$IMAGE_TAG_2 . --push | |
echo "::set-output name=image::$ECR_REGISTRY/akto-api-testing:$IMAGE_TAG" | |
fi | |
if [[ "${{ github.event.inputs.testing }}" == "true" ]]; then | |
cd ../testing-cli | |
docker buildx build --platform linux/arm64/v8,linux/amd64 -t $ECR_REGISTRY/akto-api-testing-cli:$IMAGE_TAG_1 -t $ECR_REGISTRY/akto-api-testing-cli:$IMAGE_TAG_2 . --push | |
echo "::set-output name=image::$ECR_REGISTRY/akto-api-testing-cli:$IMAGE_TAG" | |
fi | |
if [[ "${{ github.event.inputs.billing }}" == "true" ]]; then | |
cd ../billing | |
docker buildx build --platform linux/arm64/v8,linux/amd64 -t $ECR_REGISTRY/akto-billing:$IMAGE_TAG_1 -t $ECR_REGISTRY/akto-billing:$IMAGE_TAG_2 . --push | |
echo "::set-output name=image::$ECR_REGISTRY/akto-billing:$IMAGE_TAG" | |
fi | |
if [[ "${{ github.event.inputs.internal }}" == "true" ]]; then | |
cd ../internal | |
docker buildx build --platform linux/arm64/v8,linux/amd64 -t $ECR_REGISTRY/akto-internal:$IMAGE_TAG_1 -t $ECR_REGISTRY/akto-internal:$IMAGE_TAG_2 . --push | |
echo "::set-output name=image::$ECR_REGISTRY/akto-internal:$IMAGE_TAG" | |
fi | |
if [[ "${{ github.event.inputs.threat_detection_backend}}" == "true" ]]; then | |
cd apps/threat-detection-backend | |
docker buildx build --platform linux/arm64/v8,linux/amd64 -t $ECR_REGISTRY/akto-threat-detection-backend:$IMAGE_TAG . --push | |
fi | |
- name: Configure AWS Credentials for ECR | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{secrets.AWS_ACCESS_KEY_ID}} | |
aws-secret-access-key: ${{secrets.AWS_SECRET_ACCESS_KEY}} | |
aws-region: us-east-1 | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
with: | |
mask-password: "true" | |
registry-type: public | |
- name: Push git tag | |
id: tag_version | |
uses: mathieudutour/[email protected] | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
custom_tag: ${{ github.event.inputs.release_version }} | |
- name: Create a GitHub release | |
uses: ncipollo/[email protected] | |
with: | |
tag: ${{ steps.tag_version.outputs.new_tag }} | |
name: Release ${{ steps.tag_version.outputs.new_tag }} | |
omitBody: true | |
- name: Send Github release notification to Slack | |
id: slack | |
uses: slackapi/[email protected] | |
with: | |
payload: | | |
{ | |
"text": "Akto Open Source v${{ github.event.inputs.release_version }} released!" | |
} | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v1 | |
with: | |
java-version: 11 | |
- name: Cache SonarCloud packages | |
uses: actions/cache@v1 | |
with: | |
path: ~/.sonar/cache | |
key: ${{ runner.os }}-sonar | |
restore-keys: ${{ runner.os }}-sonar | |
- name: Cache Maven packages | |
uses: actions/cache@v1 | |
with: | |
path: ~/.m2 | |
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-m2 |