From 1f5dc062152986975e21bf569a552da4080d5f70 Mon Sep 17 00:00:00 2001 From: Youssof Khawaja Date: Wed, 7 Feb 2024 12:47:41 +0200 Subject: [PATCH 1/2] Create DevDeployment.yml --- .github/workflows/DevDeployment.yml | 197 ++++++++++++++++++++++++++++ 1 file changed, 197 insertions(+) create mode 100644 .github/workflows/DevDeployment.yml diff --git a/.github/workflows/DevDeployment.yml b/.github/workflows/DevDeployment.yml new file mode 100644 index 0000000..fe78c17 --- /dev/null +++ b/.github/workflows/DevDeployment.yml @@ -0,0 +1,197 @@ +name: Local Weather App Deployment + +on: + # push: + # branches: ["Development"] + workflow_dispatch: + +jobs: + # Step 1: Gitleaks Scan + scan: + name: gitleaks scan + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - uses: gitleaks/gitleaks-action@v2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # Step 2: Test .NET Application + test: + name: Test App + needs: scan + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Setup .NET + uses: actions/setup-dotnet@v3 + with: + dotnet-version: 7.0.x + - name: Restore dependencies + run: dotnet restore LocalWeatherApp/LocalWeatherApp.csproj + - name: Build + run: dotnet build --no-restore LocalWeatherApp/LocalWeatherApp.csproj + - name: Run Tests + run: dotnet test --no-build --verbosity normal LocalWeatherApp/LocalWeatherApp.csproj + + # Step 3: SonarQube Analysis + sonarqube: + name: SonarQube Analysis + needs: test + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Setup .NET + uses: actions/setup-dotnet@v3 + with: + dotnet-version: 7.0.x + - name: Set up JDK 11 + uses: actions/setup-java@v1 + with: + java-version: 17 + - name: Cache SonarCloud packages + uses: actions/cache@v1 + with: + path: ~/.sonar/cache + key: ${{ runner.os }}-sonar + restore-keys: ${{ runner.os }}-sonar + - name: Install SonarCloud scanners + run: | + dotnet tool install --global dotnet-sonarscanner + dotnet tool install --global dotnet-coverage + - name: Build and analyze + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: | + dotnet-sonarscanner begin /k:"localweatherapp" /d:sonar.token="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="${{ secrets.SONAR_HOST_URL }}" /d:sonar.cs.vscoveragexml.reportsPaths="coverage.xml" + dotnet build + dotnet-coverage collect 'dotnet test' -f xml -o 'coverage.xml' + dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" + + # Step 4: SonarQube Quality Gate + qualitygate: + name: SonarQube Quality Gate + needs: sonarqube + runs-on: ubuntu-latest + steps: + - name: Install jq + run: sudo apt-get update && sudo apt-get install jq -y + - name: Check SonarQube Scan Status + run: | + response=$(curl -s -u "${{ secrets.SONAR_TOKEN }}:" -X GET "${{ secrets.SONAR_HOST_URL }}/api/qualitygates/project_status?projectKey=localweatherapp") + status=$(echo "$response" | jq -r '.projectStatus.status') + + echo "SonarQube Scan Status: $status" + + if [ "$status" == "OK" ]; then + echo "SonarQube Scan passed!" + exit 0 + else + echo "SonarQube Scan failed!" + exit 1 + fi + + # Step 5: Build and Push Docker Image + docker: + name: Docker Build + needs: qualitygate + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Build Docker Image + run: docker build -t youssofkhawaja/localweatherapp:latest -f LocalWeatherApp/Dockerfile . + - name: Save Docker Image + run: docker save -o localweatherapp.tar youssofkhawaja/localweatherapp + - name: Save Docker Image as Artifact + uses: actions/upload-artifact@v2 + with: + name: localweatherapp + path: localweatherapp.tar + + # Step 6: Trivy Vulnerability Scan + trivy: + name: Trivy Vulnerability Scan + runs-on: ubuntu-latest + needs: docker + steps: + - name: Download Artifact + uses: actions/download-artifact@v2 + with: + name: localweatherapp + path: . + - name: Run Trivy Vulnerability Scanner + uses: aquasecurity/trivy-action@master + with: + input: localweatherapp.tar + severity: 'CRITICAL,HIGH' + ignore-unfixed: true + + # Step 7: Push Docker Image to Remote Server + docker-push: + name: Docker Push to Server and Run + needs: trivy + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Download Artifact + uses: actions/download-artifact@v2 + with: + name: localweatherapp + path: . + - name: Load Docker Image + run: docker load -i localweatherapp.tar + - name: Copy Tar via SSH + uses: appleboy/scp-action@v0.1.3 + with: + host: ${{ secrets.REMOTE_HOST }} + username: ${{ secrets.REMOTE_USER }} + key: ${{ secrets.KEY }} + port: 22 + source: "localweatherapp.tar" + target: "/home/ubuntu/images" + - name: Execute SSH Commands + uses: appleboy/ssh-action@master + with: + host: ${{ secrets.REMOTE_HOST }} + username: ${{ secrets.REMOTE_USER }} + key: ${{ secrets.KEY }} + script: | + docker load -i /home/ubuntu/images/localweatherapp.tar + rm /home/ubuntu/images/localweatherapp.tar + docker kill localweatherapp + docker system prune -f + docker run --name localweatherapp -p 24117:80 --restart always -d youssofkhawaja/localweatherapp:latest + + # Step 7: ZAP Scan + zap_scan: + name: Scan the webapplication + needs: docker-push + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: ZAP Scan + uses: zaproxy/action-full-scan@master + with: + token: ${{ secrets.GITHUB_TOKEN }} + target: 'http://${{ secrets.REMOTE_HOST }}:24117' + allow_issue_writing: false + + # Step 8: Delete + Delete: + name: delete artifact + needs: [docker, docker-push, trivy] + runs-on: ubuntu-latest + steps: + - uses: geekyeggo/delete-artifact@v4 + with: + name: | + localweatherapp From fcfd501f2f1de5ec96d51598d1360c5e5303bcc3 Mon Sep 17 00:00:00 2001 From: Youssof Khawaja Date: Wed, 7 Feb 2024 13:06:44 +0200 Subject: [PATCH 2/2] some fixes and added readme --- .github/workflows/Deployment.yml | 32 +++++----------- .github/workflows/DevDeployment.yml | 4 +- .gitmodules | 3 ++ IoT-Climate-Tracker | 1 + README.md | 57 ++++++++++++++++++++++++++++- 5 files changed, 71 insertions(+), 26 deletions(-) create mode 100644 .gitmodules create mode 160000 IoT-Climate-Tracker diff --git a/.github/workflows/Deployment.yml b/.github/workflows/Deployment.yml index 092899b..02e2f05 100644 --- a/.github/workflows/Deployment.yml +++ b/.github/workflows/Deployment.yml @@ -6,21 +6,9 @@ on: workflow_dispatch: jobs: - # Step 1: Gitleaks Scan - scan: - name: gitleaks scan - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - uses: gitleaks/gitleaks-action@v2 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # Step 2: Test .NET Application + # Step 1: Test .NET Application test: name: Test App - needs: scan runs-on: ubuntu-latest steps: - name: Checkout @@ -36,7 +24,7 @@ jobs: - name: Run Tests run: dotnet test --no-build --verbosity normal LocalWeatherApp/LocalWeatherApp.csproj - # Step 3: SonarQube Analysis + # Step 2: SonarQube Analysis sonarqube: name: SonarQube Analysis needs: test @@ -74,7 +62,7 @@ jobs: dotnet-coverage collect 'dotnet test' -f xml -o 'coverage.xml' dotnet-sonarscanner end /d:sonar.token="${{ secrets.SONAR_TOKEN }}" - # Step 4: SonarQube Quality Gate + # Step 3: SonarQube Quality Gate qualitygate: name: SonarQube Quality Gate needs: sonarqube @@ -97,7 +85,7 @@ jobs: exit 1 fi - # Step 5: Build and Push Docker Image + # Step 4: Build and Push Docker Image docker: name: Docker Build needs: qualitygate @@ -115,7 +103,7 @@ jobs: name: localweatherapp path: localweatherapp.tar - # Step 6: Trivy Vulnerability Scan + # Step 5: Trivy Vulnerability Scan trivy: name: Trivy Vulnerability Scan runs-on: ubuntu-latest @@ -133,7 +121,7 @@ jobs: severity: 'CRITICAL,HIGH' ignore-unfixed: true - #Step 7: AWS login and Docker push + #Step 6: AWS login and Docker push docker-push: name: Docker Push needs: [docker, trivy] @@ -160,7 +148,7 @@ jobs: docker tag youssofkhawaja/localweatherapp:latest ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.eu-west-3.amazonaws.com/weatherapp:latest docker push ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.eu-west-3.amazonaws.com/weatherapp:latest - # Step 8: EKS Deployment + # Step 7: EKS Deployment eks-deployment: name: EKS Deployment needs: docker-push @@ -176,12 +164,12 @@ jobs: aws-region: eu-west-3 - name: Deploy to EKS run: | - aws eks update-kubeconfig --region eu-west-3 --name WeatherApp + aws eks update-kubeconfig --region eu-west-3 --name cluster-1 kubectl apply -f Deployment/Deployment.yml kubectl apply -f Deployment/Service.yml kubectl apply -f Deployment/Ingress.yml - # Step 9: ZAP Scan + # Step 8: ZAP Scan zap_scan: name: Scan the webapplication needs: eks-deployment @@ -196,7 +184,7 @@ jobs: target: 'https://weatherapp.youssofkhawaja.com' allow_issue_writing: false - # Step 10: Delete artifact + # Step 9: Delete artifact Delete: name: delete artifact needs: [docker, docker-push, trivy] diff --git a/.github/workflows/DevDeployment.yml b/.github/workflows/DevDeployment.yml index fe78c17..380d5fc 100644 --- a/.github/workflows/DevDeployment.yml +++ b/.github/workflows/DevDeployment.yml @@ -1,8 +1,8 @@ name: Local Weather App Deployment on: - # push: - # branches: ["Development"] + push: + branches: ["Development"] workflow_dispatch: jobs: diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..7ad8cf2 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "IoT-Climate-Tracker"] + path = IoT-Climate-Tracker + url = https://github.com/YoussofKhawaja/IoT-Climate-Tracker diff --git a/IoT-Climate-Tracker b/IoT-Climate-Tracker new file mode 160000 index 0000000..b3b5832 --- /dev/null +++ b/IoT-Climate-Tracker @@ -0,0 +1 @@ +Subproject commit b3b5832c66113414cfbc6c8e31dad1bf8738cd7a diff --git a/README.md b/README.md index b71066b..7a5bf2a 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,55 @@ -# WeatherApp - Weather App +# WeatherApp DevOps Project + +Welcome to the WeatherApp DevOps project repository. This project aims to manage the deployment and CI/CD pipelines for the WeatherApp, which consists of frontend code and utilizes an Arduino project with ESP8266 and DHT11 sensor as a submodule. Additionally, the backend is built with an ASP.NET API and a database. + +## Branches + +This repository contains two main branches: + +- **main**: Production-ready branch, used for stable releases. +- **development**: Branch for ongoing development work. + +## Workflows + +### Main Workflow + +The main workflow is responsible for deploying changes to the production environment. + +- **Trigger**: Automatically triggered on pushes to the main branch. +- **Actions**: + - Build and test frontend code. + - Deploy frontend changes to the AWS server using Amazon EKS. + +### Development Workflow + +The development workflow is used for testing changes in a development environment. + +- **Trigger**: Automatically triggered on pushes to the development branch. +- **Actions**: + - Build and test frontend code. + - Deploy frontend changes to a development environment for testing. + +## Server Infrastructure + +We are utilizing AWS as our server infrastructure, leveraging Amazon EKS for container orchestration. + +## Submodule + +The WeatherApp frontend relies on a submodule for the backend, which includes an Arduino project with ESP8266 and DHT11 sensor, as well as an ASP.NET API backend with a database. + +## Getting Started + +To get started with the project: + +1. Clone the repository: `git clone ` +2. Ensure you have the necessary dependencies installed. +3. Follow instructions for setting up the submodule. +4. Start contributing to the project! + +## Contributing + +Contributions to the project are welcome! If you'd like to contribute, please follow the guidelines outlined in the CONTRIBUTING.md file. + +## License + +This project is licensed under the [MIT License](LICENSE).