From 160d55dd577f33a45771024d5559f21f8e647c40 Mon Sep 17 00:00:00 2001
From: Ankush Jain <91221068+ankush-jain-akto@users.noreply.github.com>
Date: Mon, 6 Nov 2023 05:57:47 +0530
Subject: [PATCH] Use ephemeral env

---
 .github/workflows/staging.yml | 129 +++++-----------------------------
 1 file changed, 18 insertions(+), 111 deletions(-)

diff --git a/.github/workflows/staging.yml b/.github/workflows/staging.yml
index 996dd12d3c..25f5f178fb 100644
--- a/.github/workflows/staging.yml
+++ b/.github/workflows/staging.yml
@@ -47,87 +47,7 @@ jobs:
           distribution: 'adopt'
           java-version: '8'
           architecture: x64
-
-      - uses: actions/setup-node@v2
-        with:
-          node-version: '17'
-      - name: Convert github branch name to be compatible with docker tag name convention and generate tag name
-        id: docker_tag
-        run: echo "IMAGE_TAG=${{ github.event.inputs.Tag }}_$(echo ${{ github.ref_name }} | sed 's/[^a-zA-Z0-9]/_/g')" >> $GITHUB_OUTPUT
-      - name: Download Akto templates zip
-        working-directory: ./apps/dashboard/src/main/resources
-        run: wget -O test-library-master.zip https://github.com/akto-api-security/tests-library/archive/refs/heads/master.zip
-      - name: Prepare Dashboard UI
-        working-directory: ./apps/dashboard/
-        run: npm install && export RELEASE_VERSION=${{steps.docker_tag.outputs.IMAGE_TAG}} && npm run build
-      - name: Prepare Dashboard polaris UI
-        working-directory: ./apps/dashboard/web/polaris_web
-        run: npm install && export RELEASE_VERSION=${{steps.docker_tag.outputs.IMAGE_TAG}} && npm run build
-      - name: Configure AWS Credentials
-        if: ${{ github.event.inputs.Environment == 'prod' }}
-        uses: aws-actions/configure-aws-credentials@v1
-        with:
-          aws-access-key-id: ${{secrets.AWS_ACCESS_KEY_ID}}
-          aws-secret-access-key: ${{secrets.AWS_SECRET_ACCESS_KEY}}
-          aws-region: ap-south-1
-
-      - name: Deploy static site to S3 bucket
-        if: ${{ github.event.inputs.Environment == 'prod' }}
-        run: aws s3 sync ./apps/dashboard/web/dist s3://dashboard-on-cdn/web/${{steps.docker_tag.outputs.IMAGE_TAG}}/dist --delete
-      - name: Deploy polaris site to S3 bucket
-        if: ${{ github.event.inputs.Environment == 'prod' }}
-        run: aws s3 sync ./apps/dashboard/web/polaris_web/web/dist s3://dashboard-on-cdn/polaris_web/${{steps.docker_tag.outputs.IMAGE_TAG}}/dist --delete
-
-      - run: mvn package -Dakto-image-tag=${{ github.event.inputs.Tag }} -Dakto-build-time=$(eval "date +%s") -Dakto-release-version=${{steps.docker_tag.outputs.IMAGE_TAG}}
-      - name: DockerHub login
-        if: ${{ github.event.inputs.Environment == 'prod' }}
-        env:
-          DOCKER_USERNAME: ${{secrets.DOCKER_USERNAME}}
-          DOCKER_PASSWORD: ${{secrets.DOCKER_PASSWORD}}
-        run: |
-          docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
-      - name: Build, tag, and push the image to DockerHub
-        if: ${{ github.event.inputs.Environment == 'prod' }}
-        id: build-image-dockerhub
-        env:
-          ECR_REGISTRY: aktosecurity
-          ECR_REPOSITORY: akto-api-security
-          IMAGE_TAG: ${{ steps.docker_tag.outputs.IMAGE_TAG }}
-          IMAGE_TAG_DASHBOARD: ${{ github.event.inputs.Deploy == 'true' && '-t aktosecurity/akto-api-security-dashboard:flash' || '' }}
-          IMAGE_TAG_TESTING: ${{ github.event.inputs.Deploy == 'true' && '-t aktosecurity/akto-api-testing:flash' || '' }}
-          IMAGE_TAG_TESTING_CLI: ${{ github.event.inputs.Deploy == 'true' && '-t aktosecurity/akto-api-testing-cli:flash' || '' }}
-        run: |
-          docker buildx create --use
-          # Build a docker container and push it to DockerHub 
-          cd apps/dashboard
-          docker buildx build --platform linux/arm64/v8,linux/amd64 -t $ECR_REGISTRY/$ECR_REPOSITORY-dashboard:$IMAGE_TAG $IMAGE_TAG_DASHBOARD . --push
-          echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY-dashboard:$IMAGE_TAG"   
-          cd ../testing
-          docker buildx build --platform linux/arm64/v8,linux/amd64 -t $ECR_REGISTRY/akto-api-testing:$IMAGE_TAG $IMAGE_TAG_TESTING . --push
-          echo "::set-output name=image::$ECR_REGISTRY/akto-api-testing:$IMAGE_TAG"
-          cd ../testing-cli
-          docker buildx build --platform linux/arm64/v8,linux/amd64 -t $ECR_REGISTRY/akto-api-testing-cli:$IMAGE_TAG $IMAGE_TAG_TESTING_CLI . --push
-          echo "::set-output name=image::$ECR_REGISTRY/akto-api-testing-cli:$IMAGE_TAG"
-
-      - name: Set up JDK 11
-        uses: actions/setup-java@v1
-        with:
-          java-version: 11
-      - name: Cache SonarCloud packages
-        uses: actions/cache@v1
-        with:
-          path: ~/.sonar/cache
-          key: ${{ runner.os }}-sonar
-          restore-keys: ${{ runner.os }}-sonar
-      - name: Cache Maven packages
-        uses: actions/cache@v1
-        with:
-          path: ~/.m2
-          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
-          restore-keys: ${{ runner.os }}-m2
-
   deploy:
-    if: ${{ github.event.inputs.Environment == 'prod' && github.event.inputs.Deploy == 'true' }}
     needs: build
     runs-on: ubuntu-latest
     environment: Dev
@@ -136,16 +56,26 @@ jobs:
       contents: read
     steps:
     - uses: actions/checkout@v2
-    - uses: aws-actions/configure-aws-credentials@v1
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
       with:
-        role-to-assume: ${{ secrets.IAMROLE_GITHUB }}
-        role-session-name: GitHub-Action-Role
-        aws-region: ${{ vars.AWS_REGION }}
-    - name: Deploy to flash
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: us-east-2
+    - name: Fetch kube yaml
       run: |
-        echo "Deploying branch ${{ env.GITHUB_REF }} to ${{ github.event.inputs.environment }}"
-        commit_hash=`git rev-parse HEAD`
-        aws deploy create-deployment --application-name flash-deploy --deployment-group-name flash-deployment-group --github-location repository=$GITHUB_REPOSITORY,commitId=$commit_hash --ignore-application-stop-failures
+        wget https://raw.githubusercontent.com/akto-api-security/infra/feature/ephemeral_env/single.yml
+        export SETUP_SUFFIX=test
+        envsubst < single.yml > single_complete.yml
+      
+        
+    - name: deploy to cluster
+      uses: kodermax/kubectl-aws-eks@main
+      env:
+        KUBE_CONFIG_DATA: ${{ secrets.DEV_CLUSTER_02_KUBE_CONFIG }}
+        IMAGE_TAG: ${{ github.sha }}
+      with:
+        args: apply -f single_complete.yml
       
   test:
     if: ${{ github.event.inputs.Environment == 'prod' && github.event.inputs.Deploy == 'true' }}
@@ -161,26 +91,3 @@ jobs:
             TESTSIGMA_TEST_PLAN_ID: 789
             TS_DASHBOARD_URL: ${{vars.TS_DASHBOARD_URL}}
         run: bash ./.github/scripts/akto-testsigma.sh
-
-      - name: Run Akto CI/CD tests
-        uses: akto-api-security/run-scan@v1.0.3
-        with:
-          AKTO_DASHBOARD_URL: https://flash.staging.akto.io
-          AKTO_API_KEY: ${{secrets.AKTO_API_KEY}}
-          AKTO_TEST_ID: 650d5bcb7bd5e15e3360553f
-
-      - name: Check for Akto test completion
-        env:
-            AKTO_DASHBOARD_URL: https://flash.staging.akto.io
-            AKTO_API_KEY: ${{secrets.AKTO_API_KEY}}
-            AKTO_TEST_ID: 650d5bcb7bd5e15e3360553f
-        run: bash ./.github/scripts/akto-cicd.sh
-
-      - name: Check Vulnerable API's
-        working-directory: ./.github/scripts
-        env:
-          AKTO_DASHBOARD_URL: https://flash.staging.akto.io
-          AKTO_API_KEY: ${{secrets.AKTO_API_KEY}}
-        run: |
-          npm install axios
-          node ./vulnerable_checker.js
\ No newline at end of file