Zomeal

.github/workflows/deploy.yaml

@@ -0,0 +1,63 @@
+name: Build,Analyze,scan
+on:
+  push:
+    branches:
+      - main
+jobs:
+  build-analyze-scan:
+    name: Build
+    runs-on: [self-hosted]
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - name: Build and analyze with SonarQube
+        uses: sonarsource/sonarqube-scan-action@master
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
+      - name: npm install dependency
+        run: npm install
+      - name: Trivy file scan
+        run: trivy fs . > trivyfs.txt
+      - name: Docker Build and push
+        run: |
+          docker build -t zomeal .
+          docker tag zomeal sreedhar8897/zomeal:latest
+          docker login -u ${{ secrets.DOCKERHUB_USERNAME }} -p ${{ secrets.DOCKERHUB_TOKEN }}
+          docker push sreedhar8897/zomeal:latest
+        env:
+          DOCKER_CLI_ACI: 1
+      - name: Image scan
+        run: trivy image sreedhar8897/zomeal:latest > trivyimage.txt
+  deploy:
+   needs: build-analyze-scan
+   runs-on: [self-hosted]
+   steps:
+      - name: docker pull image
+        run: docker pull sreedhar8897/zomeal:latest
+      - name: Image scan
+        run: trivy image sreedhar8897/zomeal:latest > trivyimagedeploy.txt
+      - name: Deploy to container
+        run: docker run -d --name zomeal -p 3000:3000 sreedhar8897/zomeal:latest
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Update kubeconfig
+        run: aws eks --region us-east-1 update-kubeconfig --name zomeal-EKS-Cluster
+      - name: Deploy to kubernetes
+        run: kubectl apply -f deployment-service.yml
+      - name: Send a Slack Notification
+        if: always()
+        uses: act10ns/slack@v1
+        with:
+          status: ${{ job.status }}
+          steps: ${{ toJson(steps) }}
+          channel: '#githubactions-eks'
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

.gitignore

@@ -0,0 +1 @@
+node_modules

Dockerfile

@@ -0,0 +1,23 @@
+# Use Node.js 16 slim as the base image
+FROM node:16-slim
+
+# Set the working directory
+WORKDIR /app
+
+# Copy package.json and package-lock.json to the working directory
+COPY package*.json ./
+
+# Install dependencies
+RUN npm install
+
+# Copy the rest of the application code
+COPY . .
+
+# Build the React app
+RUN npm run build
+
+# Expose port 3000 (or the port your app is configured to listen on)
+EXPOSE 3000
+
+# Start your Node.js server (assuming it serves the React app)
+CMD ["npm", "start"]

EKS-TF/backend.tf

@@ -0,0 +1,16 @@
+terraform {
+  backend "s3" {
+    bucket         = "tetris-bucket"
+    region         = "us-east-1"
+    key            = "EKS-DevSecOps-Tetris-Project/EKS-TF/terraform.tfstate"
+    dynamodb_table = "Lock-Files"
+    encrypt        = true
+  }
+  required_version = ">=0.13.0"
+  required_providers {
+    aws = {
+      version = ">= 2.7.0"
+      source  = "hashicorp/aws"
+    }
+  }
+}

EKS-TF/eks-cluster.tf

@@ -0,0 +1,12 @@
+resource "aws_eks_cluster" "eks-cluster" {
+  name     = var.cluster-name
+  role_arn = aws_iam_role.EKSClusterRole.arn
+  vpc_config {
+    subnet_ids         = [data.aws_subnet.subnet.id, aws_subnet.public-subnet2.id]
+    security_group_ids = [data.aws_security_group.sg-default.id]
+  }
+
+  version = 1.28
+
+  depends_on = [aws_iam_role_policy_attachment.AmazonEKSClusterPolicy]
+}

EKS-TF/eks-node-group.tf

@@ -0,0 +1,23 @@
+resource "aws_eks_node_group" "eks-node-group" {
+  cluster_name    = aws_eks_cluster.eks-cluster.name
+  node_group_name = var.eksnode-group-name
+  node_role_arn   = aws_iam_role.NodeGroupRole.arn
+  subnet_ids      = [data.aws_subnet.subnet.id, aws_subnet.public-subnet2.id]
+
+
+  scaling_config {
+    desired_size = 2
+    max_size     = 3
+    min_size     = 1
+  }
+
+  ami_type       = "AL2_x86_64"
+  instance_types = ["t2.medium"]
+  disk_size      = 20
+
+  depends_on = [
+    aws_iam_role_policy_attachment.AmazonEKSWorkerNodePolicy,
+    aws_iam_role_policy_attachment.AmazonEC2ContainerRegistryReadOnly,
+    aws_iam_role_policy_attachment.AmazonEKS_CNI_Policy
+  ]
+}

EKS-TF/iam-policy.tf

@@ -0,0 +1,19 @@
+resource "aws_iam_role_policy_attachment" "AmazonEKSClusterPolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
+  role       = aws_iam_role.EKSClusterRole.name
+}
+
+resource "aws_iam_role_policy_attachment" "AmazonEKSWorkerNodePolicy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
+  role       = aws_iam_role.NodeGroupRole.name
+}
+
+resource "aws_iam_role_policy_attachment" "AmazonEC2ContainerRegistryReadOnly" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
+  role       = aws_iam_role.NodeGroupRole.name
+}
+
+resource "aws_iam_role_policy_attachment" "AmazonEKS_CNI_Policy" {
+  policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
+  role       = aws_iam_role.NodeGroupRole.name
+}

EKS-TF/iam-role.tf

@@ -0,0 +1,31 @@
+resource "aws_iam_role" "EKSClusterRole" {
+  name = "EKSClusterRole"
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Principal = {
+          Service = "eks.amazonaws.com"
+        }
+      },
+    ]
+  })
+}
+
+resource "aws_iam_role" "NodeGroupRole" {
+  name = "EKSNodeGroupRole"
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Principal = {
+          Service = "ec2.amazonaws.com"
+        }
+      },
+    ]
+  })
+}

EKS-TF/provider.tf

@@ -0,0 +1,3 @@
+provider "aws" {
+  region = "us-east-1"
+}

EKS-TF/variables.tf

@@ -0,0 +1,12 @@
+variable "vpc-name" {}
+variable "igw-name" {}
+variable "rt-name2" {}
+variable "subnet-name" {}
+variable "subnet-name2" {}
+variable "security-group-name" {}
+variable "iam-role-eks" {}
+variable "iam-role-node" {}
+variable "iam-policy-eks" {}
+variable "iam-policy-node" {}
+variable "cluster-name" {}
+variable "eksnode-group-name" {}

EKS-TF/variables.tfvars

@@ -0,0 +1,12 @@
+vpc-name            = "Github-vpc"
+igw-name            = "Github-igw"
+subnet-name         = "Github-subnet"
+subnet-name2        = "Github-subnet2"
+security-group-name = "Github-sg"
+rt-name2            = "Github-route-table2"
+iam-role-eks        = "zomeal-iam-role-eks"
+iam-role-node       = "zomeal-iam-role-ec2"
+iam-policy-eks      = "zomeal-iam-policy-eks"
+iam-policy-node     = "zomeal-iam-policy-node"
+cluster-name        = "zomeal-EKS-Cluster"
+eksnode-group-name  = "zomeal-Node-Group"

EKS-TF/vpc.tf

@@ -0,0 +1,55 @@
+data "aws_vpc" "vpc" {
+  filter {
+    name   = "tag:Name"
+    values = [var.vpc-name]
+  }
+}
+
+data "aws_internet_gateway" "igw" {
+  filter {
+    name   = "tag:Name"
+    values = [var.igw-name]
+  }
+}
+
+data "aws_subnet" "subnet" {
+  filter {
+    name   = "tag:Name"
+    values = [var.subnet-name]
+  }
+}
+
+data "aws_security_group" "sg-default" {
+  filter {
+    name   = "tag:Name"
+    values = [var.security-group-name]
+  }
+}
+
+resource "aws_subnet" "public-subnet2" {
+  vpc_id                  = data.aws_vpc.vpc.id
+  cidr_block              = "10.0.2.0/24"
+  availability_zone       = "us-east-1b"
+  map_public_ip_on_launch = true
+
+  tags = {
+    Name = var.subnet-name2
+  }
+}
+
+resource "aws_route_table" "rt2" {
+  vpc_id = data.aws_vpc.vpc.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = data.aws_internet_gateway.igw.id
+  }
+
+  tags = {
+    Name = var.rt-name2
+  }
+}
+
+resource "aws_route_table_association" "rt-association2" {
+  route_table_id = aws_route_table.rt2.id
+  subnet_id      = aws_subnet.public-subnet2.id
+}

Github-Server-TF/backend.tf

@@ -0,0 +1,16 @@
+terraform {
+  backend "s3" {
+    bucket         = "my-reddit-bucket-1"
+    region         = "us-east-1"
+    key            = "zomealApp-Clone/Github-Server-TF/terraform.tfstate"
+    dynamodb_table = "Lock-Files"
+    encrypt        = true
+  }
+  required_version = ">=0.13.0"
+  required_providers {
+    aws = {
+      version = ">= 2.7.0"
+      source  = "hashicorp/aws"
+    }
+  }
+}

Github-Server-TF/ec2.tf

@@ -0,0 +1,16 @@
+resource "aws_instance" "ec2" {
+  ami                    = data.aws_ami.ami.image_id
+  instance_type          = "t2.2xlarge"
+  key_name               = var.key-name
+  subnet_id              = aws_subnet.public-subnet.id
+  vpc_security_group_ids = [aws_security_group.security-group.id]
+  iam_instance_profile   = aws_iam_instance_profile.instance-profile.name
+  root_block_device {
+    volume_size = 30
+  }
+  user_data = templatefile("./tools-install.sh", {})
+
+  tags = {
+    Name = var.instance-name
+  }
+}

Github-Server-TF/gather.tf

@@ -0,0 +1,10 @@
+data "aws_ami" "ami" {
+  most_recent = true
+
+  filter {
+    name   = "name"
+    values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"]
+  }
+
+  owners = ["099720109477"]
+}

Github-Server-TF/iam-instance-profile.tf

@@ -0,0 +1,4 @@
+resource "aws_iam_instance_profile" "instance-profile" {
+  name = "Github-instance-profile"
+  role = aws_iam_role.iam-role.name
+}

Github-Server-TF/iam-role.tf

@@ -0,0 +1,17 @@
+resource "aws_iam_role" "iam-role" {
+  name               = var.iam-role
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Action": "sts:AssumeRole"
+    }
+  ]
+}
+EOF
+}

Github-Server-TF/provider.tf

@@ -0,0 +1,3 @@
+provider "aws" {
+  region = "us-east-1"
+}