fab199 / gitops Goto Github PK

Using git which is a version control system to build, test and deploy code. (GITHUB ACTIONS)

The GitOps involves two Git repositories - one for Terraform code (infrastructure) and another for application code. Each repository has its own GitHub workflow to detect and apply changes.

1. Setting Up Repositories and Workflows:

   • Two Git repositories (Terraform and application).
   • Set up SSH authentication with Git repositories.
   • Use Visual Studio Code to write workflows.

2. Terraform Code Workflow:

   • Utilizes GitHub Actions to create a workflow.
   • Detects changes in the staging branch.
   • Performs testing using Terraform validate and Terraform plan against AWS Cloud.
   • If validation is successful, the staging branch is merged into the main branch (which is locked).
   • A pull request is created, and changes are approved by the main branch owner.
   • Changes in the main branch trigger the workflow to apply the Terraform code at the infrastructure level (AWS, VPC, and EKS).

3. Application Code Workflow:

   • In a separate repository, focuses on application code, Dockerfile, and Kubernetes definition files.
   • Workflow fetches code, builds, tests, and deploys it.
   • Uses Maven with check style and Sonar CLI for code analysis.
   • Builds Docker images and uploads them to Amazon ECR.
   • Utilizes Helm Charts for bundling Kubernetes definition files, including a variable for image tag information.
   • Executes Helm Charts on an EKS cluster, where Kubernetes detects changes in the image tag, fetches the image from ECR, and runs the application.

Opened the Secrets section for the 2 GitHub repositories. Created an IAM User Created an S3 Bucket with a unique name, Copy the bucket name, Store the bucket name in GitHub Secrets of the repository with the name BUCKET_TF_STATE. Created an ECR Repository, Copy the repository URI, Store the repository URI in GitHub Secrets of the repository with the name REGISTRY. GitHub Secrets Configuration: For each repository, add secrets with specific names, in each of the repositories, add the secret keys These steps ensure that sensitive information such as access keys and resource identifiers are securely stored in GitHub Secrets, minimizing the risk of accidental exposure and potential security breaches.

The terraform file.

The workflow ensures that changes to infrastructure are applied only after thorough testing on the staging branch and approval via pull request on the main branch, maintaining control and reliability in infrastructure management

1. Create SonarCloud Organization and Project: Log into SonarCloud and create a new organization, Manually create a new organization with a unique name, Create a new project within the organization
2. Generate Token for Authentication: Generate a token on SonarCloud for authentication purposes.
3. Store Secrets on GitHub:
   • Add repository secrets for:
   • SONAR_TOKEN: The token generated from SonarCloud.
   • SONAR_ORGANIZATION: The name of the SonarCloud organization.
   • SONAR_PROJECT_KEY: The key of the project created on SonarCloud.
4. Review Code and Configuration:Review the source code of the application, including Dockerfile and Kubernetes definitions. Ensure that necessary configurations like Docker image names, Kubernetes deployment files, and Ingress rules are in place.
5. Create Workflow File:Define the workflow including, and Trigger events.
6. Testing Job: Set up a job to test the code using Maven.Fetch the code, run Maven tests, and check style.
7. SonarCloud Analysis:
   • Set up a job to run the SonarScanner CLI for code analysis.
   • Specify Java version (Java 11) using actions/setup-java.
   • Use SonarScanner CLI to scan the code, passing necessary parameters such as URL, authentication token, organization name, and project key.
   • Upload analysis results to SonarCloud.
8. Quality Gate Check:
   • Integrate a quality gate check using an action from the GitHub Marketplace.
   • Specify authentication token and URL for SonarCloud.
   • Define conditions for passing the quality gate based on predefined rules (e.g., number of bugs).
9. Execution and Error Handling:
   • Run the workflow on GitHub Actions.
   • Handle errors encountered during the execution, such as SonarQube server unreachable or failing quality gate checks.
   • Address errors by updating configurations or creating new quality gates on SonarCloud. 10.Final Execution:
   • Rerun the workflow after addressing errors.
   • Ensure successful completion of the workflow, verifying logs and analysis results.

By following these steps, the SonarCloud integration for code analysis is set up within the GitHub repository, allowing for automated testing, analysis, and quality gate checks
The second work flow