diff --git a/README.md b/README.md index 5ebcb0c..2004664 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,9 @@ # awesome-coderabbit A single repo to share your coderabbit config's, path instructions for various languages etc + +## Yaml Configurations + +This directory has sample yaml configurations that you can use. + +- [GitHub](yaml/.github/config.yaml) +- [Circle](yaml/.circleci/config.yml) diff --git a/yaml/.circleci/config.yml b/yaml/.circleci/config.yml new file mode 100644 index 0000000..56dc9a0 --- /dev/null +++ b/yaml/.circleci/config.yml @@ -0,0 +1,186 @@ +version: 2.1 + +executors: + python-executor: + docker: + - image: circleci/python:3.8 + working_directory: ~/expense_tracker + +jobs: + lint: + executor: python-executor + steps: + - checkout + - run: + name: Install Node.js + command: | + curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash - + sudo apt-get install -y nodejs + + - run: + name: Lint JavaScript code + command: npm run lint + + yaml_lint: + docker: + - image: circleci/python:3.8 + steps: + - checkout + - run: + name: Install YAMLlint + command: | + sudo apt-get update + sudo apt-get install -y npm + sudo npm install -g yaml-lint + - run: + name: Lint YAML files + command: | + yaml-lint **/*.yaml || true + + gitleaks: + docker: + - image: zricethezav/gitleaks:v8.3.0 + steps: + - checkout + - run: + name: Run Gitleaks + command: | + echo "AWS_SECRET_ACCESS_KEY=A9B8C7D6E5F4G3H2I1J0K9L8M7N6O5P4Q3R2S1" > app.py + gitleaks detect --source . --report-format json --report-path gitleaks-report.json + cat gitleaks-report.json + + build: + executor: python-executor + steps: + - checkout + - run: + name: Install Node.js + command: | + curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash - + sudo apt-get install -y nodejs + + - run: + name: Install dependencies + command: | + echo '{"dependencies": {"express": "4.0.0"}}' > package.json + npm install + + - run: + name: Run tests + command: npm test + + - run: + name: Check for vulnerabilities + command: npm audit --production + + checkov: + docker: + - image: bridgecrew/checkov:2.0.0 + steps: + - checkout + - run: + name: Run Checkov + command: | + checkov --directory infrastructure + + terraform: + executor: python-executor + steps: + - checkout + - run: + name: Install Terraform + command: | + curl -LO https://releases.hashicorp.com/terraform/1.5.0/terraform_1.5.0_linux_amd64.zip + unzip terraform_1.5.0_linux_amd64.zip + sudo mv terraform /usr/local/bin/ + terraform --version + + - run: + name: Terraform init + command: terraform init + working_directory: infrastructure/ + + - run: + name: Terraform plan + command: terraform plan + working_directory: infrastructure/ + + - run: + name: Terraform apply (development) + when: on_success + command: terraform apply -auto-approve + working_directory: infrastructure/ + environment: + AWS_ACCESS_KEY_ID: $AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY: $AWS_SECRET_ACCESS_KEY + + docker: + executor: python-executor + steps: + - checkout + - run: + name: Login to AWS ECR + command: | + aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin $ECR_REGISTRY + + - run: + name: Build and tag Docker image + command: | + IMAGE_TAG=$(echo $CIRCLE_SHA1 | cut -c1-7) + docker build -t $ECR_REGISTRY/my-app:latest . + + - run: + name: Push Docker image to AWS ECR + command: | + IMAGE_TAG=$(echo $CIRCLE_SHA1 | cut -c1-7) + docker push $ECR_REGISTRY/my-app:$IMAGE_TAG + + deploy: + executor: python-executor + steps: + - checkout + - run: + name: Deploy to Development + when: << pipeline.parameters.deploy_to_development >> + command: | + echo "Deploying to development environment" + chmod 777 ~/.ssh/id_rsa + + - run: + name: Deploy to Staging + when: << pipeline.parameters.deploy_to_staging >> + command: | + echo "Deploying to staging environment" + + - run: + name: Deploy to Production + when: << pipeline.parameters.deploy_to_production >> + command: | + echo "Deploying to production environment" + +workflows: + version: 2 + build_and_deploy: + jobs: + - lint + - yaml_lint: + requires: + - lint + - gitleaks: + requires: + - yaml_lint + - build: + requires: + - gitleaks + - checkov: + requires: + - build + - terraform: + requires: + - checkov + - docker: + requires: + - terraform + - deploy: + requires: + - docker \ No newline at end of file diff --git a/yaml/.github/config.yaml b/yaml/.github/config.yaml new file mode 100644 index 0000000..6d9fb04 --- /dev/null +++ b/yaml/.github/config.yaml @@ -0,0 +1,142 @@ +name: CI/CD Pipeline + +on: + push: + branches: + - main + - develop + - staging + pull_request: + branches: + - main + - develop + - staging + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Lint workflow YAML files + uses: rhysd/actionlint@v1 + + - name: Setup Node.js + uses: actions/setup-node@v3 + with: + node-version: '18' + + - name: Install dependencies + run: npm install + + - name: Lint JavaScript code + run: npm run lint + + build: + runs-on: ubuntu-latest + needs: lint + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Setup Node.js + uses: actions/setup-node@v3 + with: + node-version: '18' + + - name: Install dependencies and cache + uses: actions/cache@v3 + with: + path: ~/.npm + key: ${{ runner.os }}-node-${{ hashFiles('package-lock.json') }} + restore-keys: | + ${{ runner.os }}-node- + run: npm install + + - name: Run tests + run: npm test + + - name: Check for vulnerabilities + run: npm audit --production + + terraform: + runs-on: ubuntu-latest + needs: build + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Setup Terraform + uses: hashicorp/setup-terraform@v2 + with: + terraform_version: 1.5.0 + + - name: Terraform init + run: terraform init + working-directory: infrastructure/ + + - name: Terraform plan + run: terraform plan + working-directory: infrastructure/ + + - name: Terraform apply (development) + if: github.ref == 'refs/heads/develop' + run: terraform apply -auto-approve + working-directory: infrastructure/ + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCES_KEY: ${{ secrets.AWS_SECRET_ACCES_KEY }} + + docker: + runs-on: ubuntu-latest + needs: terraform + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Login to AWS ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + with: + region: us-east-1 + + - name: Build and tag Docker image + run: | + IMAGE_TAG=${{ github.sha }} + docker build -t ${{ secrets.ECR_REGISTRY }}/my-app:latest . + echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV + + - name: Push Docker image to AWS ECR + run: | + IMAGE_TAG=${{ env.IMAGE_TAG }} + docker push ${{ secrets.ECR_REGISTRY }}/my-app:$IMAGE_TAG + + deploy: + runs-on: ubuntu-latest + needs: docker + environment: production + steps: + - name: Deploy to Development + if: github.ref == 'refs/heads/develop' + run: | + echo "Deploying to development environment" + # Your deployment script here + + - name: Deploy to Staging + if: github.ref == 'refs/heads/staging' + run: | + echo "Deploying to staging environment" + # Your deployment script here + + - name: Manual Approval for Production + if: github.ref == 'refs/head/main' + uses: hmarr/auto-approve-action@v2 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Deploy to Production + if: github.ref == 'refs/heads/main' + run: | + echo "Deploying to production environment" + # Your deployment script here \ No newline at end of file