hw_python_oop_devsecops/.github/workflows/main.yml at master · mishatimtim/hw_python_oop_devsecops · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

name: CI-СD-Pipeline-to-AWS
env:
  EB_PACKAGE_S3_BUCKET_NAME: "devsecops-project-2022"
  EB_APPLICATION_NAME      : "MyFlask"
  EB_APPLICATION_ID        : "arn:aws:elasticbeanstalk:ap-northeast-1:214980806952:application/MyFlask"
  EB_ENVIRONMENT_NAME      : "Myflask-env"
  DEPLOY_PACKAGE_NAME      : "flask_app_${{ github.sha }}.zip"
  AWS_REGION_NAME          : "eu-west-1"

on:
  push:
    branches: [ master ]


jobs:
  security-check:
    runs-on: ubuntu-latest
    steps:
      - name: sast-scan
        uses: AppThreat/sast-scan-action@1.0.2
        with:
          type: "python"


  CI-pipeline:
    runs-on: ubuntu-latest
    steps:
      - name: Git clone our repo
        uses: actions/checkout@v2

      - name: Create ZIP deployment
        run : zip -r ${{ env.DEPLOY_PACKAGE_NAME }} ./ -x *.git*

      - name: Configure my AWS Credentionals
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id    : ${{ secrets.MY_AWS_ACCESS_KEY}}
          aws-secret-access-key: ${{ secrets.MY_AWS_SECRET_KEY}}
          aws-region           : ${{ env.AWS_REGION_NAME}}

      - name: Copy Deployment Package to S3 Bucket
        run : aws s3 cp ${{ env.DEPLOY_PACKAGE_NAME }} s3://${{env.EB_PACKAGE_S3_BUCKET_NAME}}/

      - name: Print Happy Message for CI Finish
        run:  echo "CI Pipeline Part finished successfully"


  CD-pipeline:
    runs-on: ubuntu-latest
    needs: [CI-pipeline]

    steps:
      - name: Configure my AWS Credentionals
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id    : ${{ secrets.MY_AWS_ACCESS_KEY}}
          aws-secret-access-key: ${{ secrets.MY_AWS_SECRET_KEY}}
          aws-region           : ${{ env.AWS_REGION_NAME}}


      - name: Deploy to EB
        uses: einaregilsson/beanstalk-deploy@v18
        with:
          aws_access_key: ${{ secrets.MY_AWS_ACCESS_KEY}}
          aws_secret_key: ${{ secrets.MY_AWS_SECRET_KEY}}
          application_name: ${{ env.EB_APPLICATION_NAME }}
          environment_name: ${{ env.EB_ENVIRONMENT_NAME }}
          version_label: ${{ env.EB_APPLICATION_NAME }}-${{ steps.buildnumber.outputs.build_number }}
          region: eu-west-1
          deployment_package: ${{ env.DEPLOY_PACKAGE_NAME }}

      - name: Print Happy Message for CD Finish
        run:  echo "CD Pipeline Part finished successfully"