Staging #1684

Summary
Jobs
- build
- deploy
- test
- delete
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/staging.yml at 79780eb

	name: Staging

	# Controls when the workflow will run
	on:
	# Triggers the workflow on push or pull request events but only for the master branch
	push:
	branches: [ master ]
	pull_request:
	branches: [ master ]

	# Allows you to run this workflow manually from the Actions tab
	workflow_dispatch:
	inputs:
	Deploy_Flash:
	description: 'Deploy to flash staging'
	required: false
	type: boolean
	default: false

	jobs:
	build:
	runs-on: ubuntu-latest
	outputs:
	IMAGE_TAG: ${{ steps.docker_tag.outputs.IMAGE_TAG }}
	steps:
	- uses: actions/checkout@v2
	- uses: actions/setup-java@v2
	with:
	distribution: 'adopt'
	java-version: '8'
	architecture: x64
	- uses: actions/setup-node@v2
	with:
	node-version: '17'
	- name: Convert github branch name to be compatible with docker tag name convention and generate tag name
	id: docker_tag
	run: echo "IMAGE_TAG=a-$(echo ${{ github.ref_name }} \| sed 's/[^a-zA-Z0-9]/-/g')" >> $GITHUB_OUTPUT
	- name: Download Akto templates zip
	working-directory: ./apps/dashboard/src/main/resources
	run: wget -O test-library-master.zip https://github.com/akto-api-security/tests-library/archive/refs/heads/master.zip
	- name: Prepare Dashboard UI
	working-directory: ./apps/dashboard/
	run: npm install && export RELEASE_VERSION=${{steps.docker_tag.outputs.IMAGE_TAG}} && npm run build
	- name: Prepare Dashboard polaris UI
	working-directory: ./apps/dashboard/web/polaris_web
	run: npm install && export RELEASE_VERSION=${{steps.docker_tag.outputs.IMAGE_TAG}} && npm run build
	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@v1
	with:
	aws-access-key-id: ${{secrets.AWS_ACCESS_KEY_ID}}
	aws-secret-access-key: ${{secrets.AWS_SECRET_ACCESS_KEY}}
	aws-region: ap-south-1

	- name: Deploy static site to S3 bucket
	run: aws s3 sync ./apps/dashboard/web/dist s3://dashboard-on-cdn/web/${{steps.docker_tag.outputs.IMAGE_TAG}}/dist --delete
	- name: Deploy polaris site to S3 bucket
	run: aws s3 sync ./apps/dashboard/web/polaris_web/web/dist s3://dashboard-on-cdn/polaris_web/${{steps.docker_tag.outputs.IMAGE_TAG}}/dist --delete

	- run: mvn package -Dakto-image-tag=${{ github.event.inputs.Tag }} -Dakto-build-time=$(eval "date +%s") -Dakto-release-version=${{steps.docker_tag.outputs.IMAGE_TAG}}
	- name: DockerHub login
	env:
	DOCKER_USERNAME: ${{secrets.DOCKER_USERNAME}}
	DOCKER_PASSWORD: ${{secrets.DOCKER_PASSWORD}}
	run: \|
	docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
	- name: Build, tag, and push the image to DockerHub
	id: build-image-dockerhub
	env:
	ECR_REGISTRY: aktosecurity
	ECR_REPOSITORY: akto-api-security
	IMAGE_TAG: ${{ steps.docker_tag.outputs.IMAGE_TAG }}
	IMAGE_TAG_DASHBOARD: ${{ github.event.inputs.Deploy == 'true' && '-t aktosecurity/akto-api-security-dashboard:flash' \|\| '' }}
	IMAGE_TAG_TESTING: ${{ github.event.inputs.Deploy == 'true' && '-t aktosecurity/akto-api-testing:flash' \|\| '' }}
	IMAGE_TAG_TESTING_CLI: ${{ github.event.inputs.Deploy == 'true' && '-t aktosecurity/akto-api-testing-cli:flash' \|\| '' }}
	run: \|
	docker buildx create --use
	# Build a docker container and push it to DockerHub
	cd apps/dashboard
	docker buildx build --platform linux/arm64/v8,linux/amd64 -t $ECR_REGISTRY/$ECR_REPOSITORY-dashboard:$IMAGE_TAG $IMAGE_TAG_DASHBOARD . --push
	cd ../testing
	docker buildx build --platform linux/arm64/v8,linux/amd64 -t $ECR_REGISTRY/akto-api-testing:$IMAGE_TAG $IMAGE_TAG_TESTING . --push
	cd ../testing-cli
	docker buildx build --platform linux/arm64/v8,linux/amd64 -t $ECR_REGISTRY/akto-api-testing-cli:$IMAGE_TAG $IMAGE_TAG_TESTING_CLI . --push

	- name: Set up JDK 11
	uses: actions/setup-java@v1
	with:
	java-version: 11
	- name: Cache SonarCloud packages
	uses: actions/cache@v1
	with:
	path: ~/.sonar/cache
	key: ${{ runner.os }}-sonar
	restore-keys: ${{ runner.os }}-sonar
	- name: Cache Maven packages
	uses: actions/cache@v1
	with:
	path: ~/.m2
	key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
	restore-keys: ${{ runner.os }}-m2

	deploy:
	needs: build
	runs-on: ubuntu-latest
	environment: Dev
	permissions:
	id-token: write
	contents: read
	env:
	SETUP_SUFFIX: ${{needs.build.outputs.IMAGE_TAG}}
	outputs:
	lb_name: ${{ steps.deploy_cluster.outputs.lb_name }}
	steps:
	- name: Fetch kube yaml
	run: \|
	wget https://raw.githubusercontent.com/akto-api-security/infra/ephemeral_env_staging/single.yml
	envsubst < single.yml > single_complete.yml

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v1
	with:
	aws-access-key-id: ${{ secrets.AWS_AKI_DEV_CLUSTER_02 }}
	aws-secret-access-key: ${{ secrets.AWS_SAK_DEV_CLUSTER_02 }}
	aws-region: ap-south-1

	- name: deploy to cluster
	id: deploy_cluster
	uses: davi020/kubectl-advanced@master
	env:
	KUBE_CONFIG_DATA: ${{ secrets.DEV_CLUSTER_02_KUBE_CONFIG }}
	with:
	command: \|
	kubectl apply -f single_complete.yml
	kubectl get pods -n dev >> $GITHUB_STEP_SUMMARY
	while [ "$EXTERNAL_IP" == "<pending>" ] \|\| [ -z "$EXTERNAL_IP" ]; do EXTERNAL_IP=$(kubectl get svc -n dev \| grep akto-api-security-dashboard-${SETUP_SUFFIX} \| awk -F " " '{print $4;}'); sleep 1; done
	export LB_NAME=$(kubectl get svc -n dev \| grep akto-api-security-dashboard-${SETUP_SUFFIX} \| awk -F " " '{print $4;}')
	echo $LB_NAME >> $GITHUB_STEP_SUMMARY
	echo "lb_name=http://$LB_NAME:8080" >> $GITHUB_OUTPUT
	while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' ${LB_NAME}:8080/metrics)" != "200" ]]; do sleep 5; done
	echo "Dashboard running" >> $GITHUB_STEP_SUMMARY

	- name: setup test environment
	uses: davi020/kubectl-advanced@master
	env:
	lb_name: ${{steps.deploy_cluster.outputs.lb_name}}
	QA_EMAIL: ${{vars.QA_EMAIL}}
	QA_PASSWORD: ${{secrets.QA_PASSWORD}}
	QA_API_TOKEN: ${{secrets.QA_API_TOKEN}}
	KUBE_CONFIG_DATA: ${{ secrets.DEV_CLUSTER_02_KUBE_CONFIG }}
	with:
	command: \|
	curl -X POST "$lb_name/signup-email" -H "Content-Type: application/json" -d "{\"email\":\"$QA_EMAIL\",\"password\":\"$QA_PASSWORD\",\"invitationCode\":\"\"}"
	export staging_mongo=$(kubectl get pods -n dev -l app=mongo-${SETUP_SUFFIX} -o custom-columns=":metadata.name" --no-headers)
	kubectl exec -it -n dev $staging_mongo -- env QA_API_TOKEN=$QA_API_TOKEN QA_EMAIL=$QA_EMAIL mongosh --eval 'use common;' --eval ' db.api_tokens.insertOne({ "_id": 1692262638, "_t": "com.akto.dto.ApiToken", "accountId": 1000000, "key": process.env.QA_API_TOKEN, "name": "external_api", "timestamp": 1692262638, "username": process.env.QA_EMAIL, "utility": "EXTERNAL_API" });'

	test:
	needs: deploy
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v2
	- uses: actions/setup-node@v2
	with:
	node-version: '17'

	# - name: Run Akto CI/CD tests
	# uses: akto-api-security/run-scan@v1.0.3
	# with:
	# AKTO_DASHBOARD_URL: ${{needs.deploy.outputs.lb_name}}
	# AKTO_API_KEY: ${{secrets.AKTO_API_KEY}}
	# AKTO_TEST_ID: 650d5bcb7bd5e15e3360553f

	# - name: Check for Akto test completion
	# env:
	# AKTO_DASHBOARD_URL: ${{needs.deploy.outputs.lb_name}}
	# AKTO_API_KEY: ${{secrets.AKTO_API_KEY}}
	# AKTO_TEST_ID: 650d5bcb7bd5e15e3360553f
	# run: bash ./.github/scripts/akto-cicd.sh

	- name: Check Vulnerable API's
	working-directory: ./.github/scripts
	env:
	AKTO_DASHBOARD_URL: ${{needs.deploy.outputs.lb_name}}
	AKTO_API_KEY: ${{secrets.QA_API_TOKEN}}
	run: \|
	npm install axios
	node ./vulnerable_checker.js

	delete:
	if: ${{ always() }}
	needs: [build, deploy, test]
	runs-on: ubuntu-latest
	environment: Dev
	permissions:
	id-token: write
	contents: read
	env:
	SETUP_SUFFIX: ${{needs.build.outputs.IMAGE_TAG}}
	steps:
	- name: Fetch kube yaml
	run: \|
	wget https://raw.githubusercontent.com/akto-api-security/infra/feature/ephemeral_env/single.yml
	envsubst < single.yml > single_complete.yml

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v1
	with:
	aws-access-key-id: ${{ secrets.AWS_AKI_DEV_CLUSTER_02 }}
	aws-secret-access-key: ${{ secrets.AWS_SAK_DEV_CLUSTER_02 }}
	aws-region: ap-south-1

	- name: delete cluster
	uses: kodermax/kubectl-aws-eks@main
	env:
	KUBE_CONFIG_DATA: ${{ secrets.DEV_CLUSTER_02_KUBE_CONFIG }}
	IMAGE_TAG: ${{ github.sha }}
	with:
	args: delete -f single_complete.yml

	- name: cluster status
	uses: kodermax/kubectl-aws-eks@main
	env:
	KUBE_CONFIG_DATA: ${{ secrets.DEV_CLUSTER_02_KUBE_CONFIG }}
	IMAGE_TAG: ${{ github.sha }}
	with:
	args: get pods -n dev >> $GITHUB_STEP_SUMMARY


	# deploy_flash:
	# if: ${{ github.event.inputs.Deploy_Flash == 'true' }}
	# needs: build
	# runs-on: ubuntu-latest
	# environment: Dev
	# permissions:
	# id-token: write
	# contents: read
	# steps:
	# - uses: actions/checkout@v2
	# - uses: aws-actions/configure-aws-credentials@v1
	# with:
	# role-to-assume: ${{ secrets.IAMROLE_GITHUB }}
	# role-session-name: GitHub-Action-Role
	# aws-region: ${{ vars.AWS_REGION }}
	# - name: Deploy to flash
	# run: \|
	# echo "Deploying branch ${{ env.GITHUB_REF }} to ${{ github.event.inputs.environment }}"
	# commit_hash=`git rev-parse HEAD`
	# aws deploy create-deployment --application-name flash-deploy --deployment-group-name flash-deployment-group --github-location repository=$GITHUB_REPOSITORY,commitId=$commit_hash --ignore-application-stop-failures

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Staging #1684

Workflow file

Staging #1684

Jobs

Run details

Workflow file for this run