WIP

3lvia · Aug 9, 2024 · c027fb4 · c027fb4
1 parent 260b043
commit c027fb4
Show file tree

Hide file tree

Showing 8 changed files with 501 additions and 84 deletions.
diff --git a/...workflows/example-build-deploy-google.yml → ...ws/example-build-deploy-dotnet-google.yml b/...workflows/example-build-deploy-google.yml → ...ws/example-build-deploy-dotnet-google.yml
@@ -1,4 +1,4 @@
-name: Build and Deploy to Kubernetes on Google Cloud
+name: Build and Deploy .NET to Kubernetes on Google Cloud
 
 on:
   push:
@@ -14,15 +14,7 @@ env:
   APPLICATION_NAME: 'demo-api'
   SYSTEM_NAME: 'core'
   HELM_VALUES_PATH: '.github/test/deploy/values.yml'
-  # For the 'build-scan' job, you MUST specify either 'csproj-file' or 'dockerfile'.
-  #
-  # If you are deploying a .NET application, specify 'csproj-file'. This is preferred.
-  # If you are deploying a non-.NET application using a Dockerfile, specify 'dockerfile'.
-  #
-  # Remember to uncomment the 'dockerfile' argument in the 'build-scan' job,
-  # and comment out the 'csproj-file' line if using a Dockerfile.
-  CSPROJ_FILE: '.github/test/src/core-demo-api.csproj'
-  DOCKERFILE: '.github/test/src/Dockerfile'
+  PROJECT_FILE: '.github/test/src/core-demo-api.csproj'
 
 jobs:
   unit-tests:
@@ -75,8 +67,6 @@ jobs:
           name: ${{ env.APPLICATION_NAME }}
           namespace: ${{ env.SYSTEM_NAME }}
           csproj-file: ${{ env.CSPROJ_FILE }}
-          # Uncomment the following line if using a Dockerfile:
-          # dockerfile: ${{ env.DOCKERFILE }}
           AZURE_CLIENT_ID: ${{ vars.ACR_CLIENT_ID }}
 
   deploy-dev:
@@ -103,6 +93,7 @@ jobs:
           environment: 'dev'
           helm-values-path: ${{ env.HELM_VALUES_PATH }}
           runtime-cloud-provider: 'GKE'
+          slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts'
           GC_SERVICE_ACCOUNT: ${{ vars.GC_SERVICE_ACCOUNT }}
           GC_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GC_WORKLOAD_IDENTITY_PROVIDER }}
 
@@ -125,6 +116,7 @@ jobs:
           environment: 'test'
           helm-values-path: ${{ env.HELM_VALUES_PATH }}
           runtime-cloud-provider: 'GKE'
+          slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts'
           GC_SERVICE_ACCOUNT: ${{ vars.GC_SERVICE_ACCOUNT }}
           GC_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GC_WORKLOAD_IDENTITY_PROVIDER }}
 
@@ -147,5 +139,6 @@ jobs:
           environment: 'prod'
           helm-values-path: ${{ env.HELM_VALUES_PATH }}
           runtime-cloud-provider: 'GKE'
+          slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts'
           GC_SERVICE_ACCOUNT: ${{ vars.GC_SERVICE_ACCOUNT }}
           GC_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GC_WORKLOAD_IDENTITY_PROVIDER }}
diff --git a/.github/workflows/example-build-deploy.yml → ...workflows/example-build-deploy-dotnet.yml b/.github/workflows/example-build-deploy.yml → ...workflows/example-build-deploy-dotnet.yml
@@ -1,4 +1,4 @@
-name: Build and Deploy to Kubernetes
+name: Build and Deploy .NET to Kubernetes
 
 on:
   push:
@@ -14,15 +14,7 @@ env:
   APPLICATION_NAME: 'demo-api'
   SYSTEM_NAME: 'core'
   HELM_VALUES_PATH: '.github/test/deploy/values.yml'
-  # For the 'build-scan' job, you MUST specify either 'csproj-file' or 'dockerfile'.
-  #
-  # If you are deploying a .NET application, specify 'csproj-file'. This is preferred.
-  # If you are deploying a non-.NET application using a Dockerfile, specify 'dockerfile'.
-  #
-  # Remember to uncomment the 'dockerfile' argument in the 'build-scan' job,
-  # and comment out the 'csproj-file' line if using a Dockerfile.
-  CSPROJ_FILE: '.github/test/src/core-demo-api.csproj'
-  DOCKERFILE: '.github/test/src/Dockerfile'
+  PROJECT_FILE: '.github/test/src/core-demo-api.csproj'
 
 jobs:
   unit-tests:
@@ -74,9 +66,7 @@ jobs:
         with:
           name: ${{ env.APPLICATION_NAME }}
           namespace: ${{ env.SYSTEM_NAME }}
-          csproj-file: ${{ env.CSPROJ_FILE }}
-          # Uncomment the following line if using a Dockerfile:
-          # dockerfile: ${{ env.DOCKERFILE }}
+          project-file: ${{ env.PROJECT_FILE }}
           AZURE_CLIENT_ID: ${{ vars.ACR_CLIENT_ID }}
 
   deploy-dev:
@@ -102,8 +92,8 @@ jobs:
           namespace: ${{ env.SYSTEM_NAME }}
           environment: 'dev'
           helm-values-path: ${{ env.HELM_VALUES_PATH }}
-          AZURE_CLIENT_ID: ${{ vars.AKS_CLIENT_ID }}
           slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts'
+          AZURE_CLIENT_ID: ${{ vars.AKS_CLIENT_ID }}
 
   deploy-test:
     name: Deploy Test
@@ -123,8 +113,8 @@ jobs:
           namespace: ${{ env.SYSTEM_NAME }}
           environment: 'test'
           helm-values-path: ${{ env.HELM_VALUES_PATH }}
-          AZURE_CLIENT_ID: ${{ vars.AKS_CLIENT_ID }}
           slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts'
+          AZURE_CLIENT_ID: ${{ vars.AKS_CLIENT_ID }}
 
   deploy-prod:
     name: Deploy Prod
@@ -144,5 +134,5 @@ jobs:
           namespace: ${{ env.SYSTEM_NAME }}
           environment: 'prod'
           helm-values-path: ${{ env.HELM_VALUES_PATH }}
-          AZURE_CLIENT_ID: ${{ vars.AKS_CLIENT_ID }}
           slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts'
+          AZURE_CLIENT_ID: ${{ vars.AKS_CLIENT_ID }}
diff --git a/.github/workflows/example-build-deploy-go-google.yml b/.github/workflows/example-build-deploy-go-google.yml
@@ -0,0 +1,144 @@
+name: Build and Deploy Go to Kubernetes on Google Cloud
+
+on:
+  push:
+    branches: [trunk]
+  pull_request:
+    branches: [trunk]
+
+concurrency:
+  group: '${{ github.workflow }}-${{ github.event_name }}'
+  cancel-in-progress: true
+
+env:
+  APPLICATION_NAME: 'demo-api'
+  SYSTEM_NAME: 'core'
+  HELM_VALUES_PATH: '.github/test-go/deploy/values.yml'
+  PROJECT_FILE: '.github/test-go/go.mod'
+
+jobs:
+  unit-tests:
+    name: Unit Tests
+    runs-on: elvia-runner
+    permissions:
+      contents: read
+      checks: write
+      issues: read
+      pull-requests: write
+    steps:
+      - uses: 3lvia/core-github-actions-templates/unittest@trunk
+        with:
+          test-coverage: 'true'
+
+  integration-tests:
+    name: Integration Tests
+    runs-on: elvia-runner
+    permissions:
+      contents: read
+      checks: write
+      issues: read
+      pull-requests: write
+      id-token: write
+    steps:
+      - uses: 3lvia/core-github-actions-templates/integrationtest@trunk
+        with:
+          system: ${{ env.SYSTEM_NAME }}
+
+  analyze:
+    name: Analyze
+    runs-on: elvia-runner
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    steps:
+      - uses: 3lvia/core-github-actions-templates/analyze@trunk
+
+  build-scan:
+    name: Build and Scan
+    runs-on: elvia-runner
+    permissions:
+      contents: read
+      id-token: write
+    environment: build
+    steps:
+      - uses: 3lvia/core-github-actions-templates/build@trunk
+        with:
+          name: ${{ env.APPLICATION_NAME }}
+          namespace: ${{ env.SYSTEM_NAME }}
+          project-file: ${{ env.PROJECT_FILE }}
+          AZURE_CLIENT_ID: ${{ vars.ACR_CLIENT_ID }}
+
+  deploy-dev:
+    name: Deploy Dev
+    # Required these jobs to be successful before running this job.
+    # Any of these can be commented out if you want to deploy anyway.
+    needs:
+      - unit-tests
+      - integration-tests
+      - build-scan
+      - analyze
+    runs-on: elvia-runner
+    permissions:
+      contents: read
+      id-token: write
+    environment: dev
+    # Only on push to trunk
+    if: github.ref == 'refs/heads/trunk'
+    steps:
+      - uses: 3lvia/core-github-actions-templates/deploy@trunk
+        with:
+          name: ${{ env.APPLICATION_NAME }}
+          namespace: ${{ env.SYSTEM_NAME }}
+          environment: 'dev'
+          helm-values-path: ${{ env.HELM_VALUES_PATH }}
+          runtime-cloud-provider: 'GKE'
+          slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts'
+          GC_SERVICE_ACCOUNT: ${{ vars.GC_SERVICE_ACCOUNT }}
+          GC_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GC_WORKLOAD_IDENTITY_PROVIDER }}
+
+  deploy-test:
+    name: Deploy Test
+    # Only deploy to test after dev
+    needs: [deploy-dev]
+    runs-on: elvia-runner
+    permissions:
+      contents: read
+      id-token: write
+    environment: test
+    # Only on push to trunk
+    if: github.ref == 'refs/heads/trunk'
+    steps:
+      - uses: 3lvia/core-github-actions-templates/deploy@trunk
+        with:
+          name: ${{ env.APPLICATION_NAME }}
+          namespace: ${{ env.SYSTEM_NAME }}
+          environment: 'test'
+          helm-values-path: ${{ env.HELM_VALUES_PATH }}
+          runtime-cloud-provider: 'GKE'
+          slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts'
+          GC_SERVICE_ACCOUNT: ${{ vars.GC_SERVICE_ACCOUNT }}
+          GC_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GC_WORKLOAD_IDENTITY_PROVIDER }}
+
+  deploy-prod:
+    name: Deploy Prod
+    # Only deploy to prod after test
+    needs: [deploy-test]
+    runs-on: elvia-runner
+    permissions:
+      contents: read
+      id-token: write
+    environment: prod
+    # Only on push to trunk
+    if: github.ref == 'refs/heads/trunk'
+    steps:
+      - uses: 3lvia/core-github-actions-templates/deploy@trunk
+        with:
+          name: ${{ env.APPLICATION_NAME }}
+          namespace: ${{ env.SYSTEM_NAME }}
+          environment: 'prod'
+          helm-values-path: ${{ env.HELM_VALUES_PATH }}
+          runtime-cloud-provider: 'GKE'
+          slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts'
+          GC_SERVICE_ACCOUNT: ${{ vars.GC_SERVICE_ACCOUNT }}
+          GC_WORKLOAD_IDENTITY_PROVIDER: ${{ vars.GC_WORKLOAD_IDENTITY_PROVIDER }}
diff --git a/.github/workflows/example-build-deploy-go.yml b/.github/workflows/example-build-deploy-go.yml
@@ -0,0 +1,138 @@
+name: Build and Deploy Go to Kubernetes
+
+on:
+  push:
+    branches: [trunk]
+  pull_request:
+    branches: [trunk]
+
+concurrency:
+  group: '${{ github.workflow }}-${{ github.event_name }}'
+  cancel-in-progress: true
+
+env:
+  APPLICATION_NAME: 'demo-api-go'
+  SYSTEM_NAME: 'core'
+  HELM_VALUES_PATH: '.github/test-go/deploy/values.yml'
+  PROJECT_FILE: '.github/test-go/go.mod'
+
+jobs:
+  unit-tests:
+    name: Unit Tests
+    runs-on: elvia-runner
+    permissions:
+      contents: read
+      checks: write
+      issues: read
+      pull-requests: write
+    steps:
+      - uses: 3lvia/core-github-actions-templates/unittest@trunk
+        with:
+          test-coverage: 'true'
+
+  integration-tests:
+    name: Integration Tests
+    runs-on: elvia-runner
+    permissions:
+      contents: read
+      checks: write
+      issues: read
+      pull-requests: write
+      id-token: write
+    steps:
+      - uses: 3lvia/core-github-actions-templates/integrationtest@trunk
+        with:
+          system: ${{ env.SYSTEM_NAME }}
+
+  analyze:
+    name: Analyze
+    runs-on: elvia-runner
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    steps:
+      - uses: 3lvia/core-github-actions-templates/analyze@trunk
+
+  build-scan:
+    name: Build and Scan
+    runs-on: elvia-runner
+    permissions:
+      contents: read
+      id-token: write
+    environment: build
+    steps:
+      - uses: 3lvia/core-github-actions-templates/build@trunk
+        with:
+          name: ${{ env.APPLICATION_NAME }}
+          namespace: ${{ env.SYSTEM_NAME }}
+          project-file: ${{ env.PROJECT_FILE }}
+          AZURE_CLIENT_ID: ${{ vars.ACR_CLIENT_ID }}
+
+  deploy-dev:
+    name: Deploy Dev
+    # Required these jobs to be successful before running this job.
+    # Any of these can be commented out if you want to deploy anyway.
+    needs:
+      - unit-tests
+      - integration-tests
+      - build-scan
+      - analyze
+    runs-on: elvia-runner
+    permissions:
+      contents: read
+      id-token: write
+    environment: dev
+    # Only on push to trunk
+    if: github.ref == 'refs/heads/trunk'
+    steps:
+      - uses: 3lvia/core-github-actions-templates/deploy@trunk
+        with:
+          name: ${{ env.APPLICATION_NAME }}
+          namespace: ${{ env.SYSTEM_NAME }}
+          environment: 'dev'
+          helm-values-path: ${{ env.HELM_VALUES_PATH }}
+          slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts'
+          AZURE_CLIENT_ID: ${{ vars.AKS_CLIENT_ID }}
+
+  deploy-test:
+    name: Deploy Test
+    # Only deploy to test after dev
+    needs: [deploy-dev]
+    runs-on: elvia-runner
+    permissions:
+      contents: read
+      id-token: write
+    environment: test
+    # Only on push to trunk
+    if: github.ref == 'refs/heads/trunk'
+    steps:
+      - uses: 3lvia/core-github-actions-templates/deploy@trunk
+        with:
+          name: ${{ env.APPLICATION_NAME }}
+          namespace: ${{ env.SYSTEM_NAME }}
+          environment: 'test'
+          helm-values-path: ${{ env.HELM_VALUES_PATH }}
+          slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts'
+          AZURE_CLIENT_ID: ${{ vars.AKS_CLIENT_ID }}
+
+  deploy-prod:
+    name: Deploy Prod
+    # Only deploy to prod after test
+    needs: [deploy-test]
+    runs-on: elvia-runner
+    permissions:
+      contents: read
+      id-token: write
+    environment: prod
+    # Only on push to trunk
+    if: github.ref == 'refs/heads/trunk'
+    steps:
+      - uses: 3lvia/core-github-actions-templates/deploy@trunk
+        with:
+          name: ${{ env.APPLICATION_NAME }}
+          namespace: ${{ env.SYSTEM_NAME }}
+          environment: 'prod'
+          helm-values-path: ${{ env.HELM_VALUES_PATH }}
+          slack-channel: '#team-${{ env.SYSTEM_NAME }}-alerts'
+          AZURE_CLIENT_ID: ${{ vars.AKS_CLIENT_ID }}