728x90
기본적이면서 표준화된 CI/CD 프로세스 기준으로 구현하였다.
Sample Python 어플리케이션으로 수행하였다.
Github Actions 파이프라인은 다음과 같다.
name: Python application
on:
workflow_dispatch:
inputs:
logLevel:
description: 'Log level'
required: true
default: 'warning'
tags:
description: 'Test scenario tags'
# push:
# branches: [ "master" ]
# pull_request:
# branches: [ "master" ]
permissions:
contents: read
env:
BASE_BRANCH: "develop"
PROJECT_NAME: "testPagePy"
BUILD_PATH: "/buildspace"
MANIFEST_PATH: "/deployment"
APP_NAME: "sample-app"
K8S_NAMESPACE: "sample-ns"
# TARGET_SERVER: >
# 192.168.122.13
# 192.168.122.13
# 192.168.122.13
jobs:
source-code-build-job:
runs-on: ubuntu-latest
# configuration And Checkout
steps:
- uses: actions/checkout@v3
with:
ref: ${{env.BASE_BRANCH}}
- name: Set up Python 3.10
uses: actions/setup-python@v3
with:
python-version: "3.10"
# Before build
- name: Setup build environment
run: |
pwd
mkdir ../$BUILD_PATH
rsync -a ../$PROJECT_NAME ..$BUILD_PATH/
cd ..$BUILD_PATH/$PROJECT_NAME
# initailize
- name: Install dependencies
run: |
python -m pip install --upgrade pip
if [ -f requirements.txt ]; then pip install -r requirements.txt; fi
# Source Code Build
- name: Build source codes
run: |
echo "Compiling the code..."
echo "Compile complete."
# Unit test
- name: Unit test
run: |
echo "Running unit tests... This will take about 60 seconds."
sleep 2
echo "Code coverage is 90%"
# Quality Gate
- name: Quality Gate Check
uses: dieuhd/sonar-quality-gate@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GIT_URL: "https://api.github.com"
GIT_TOKEN: ${{ secrets.GIT_TOKEN }}
SONAR_URL: ${{ secrets.SONAR_URL }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_PROJECT_KEY: ${{ secrets.SONAR_PROJECT_KEY }}
with:
login: ${{ secrets.SONAR_TOKEN }}
url: ${{ secrets.SONAR_URL }}
projectKey: ${{ secrets.SONAR_PROJECT_KEY }}
# After build
- name: Make manifests
run: |
sed -i -e 's,APP_NAME,'$APP_NAME',g' deployment/deployment.yaml
sed -i -e 's,APP_NAME,'$APP_NAME',g' deployment/ingress.yaml
sed -i -e 's,APP_NAME,'$APP_NAME',g' deployment/service.yaml
# Store artifacts
- name: Archive production artifacts
uses: actions/upload-artifact@v3
with:
name: dist-without-markdown
path: |
dist
!dist/**/*.md
retention-days: 5
- name: Archive Manifests
uses: actions/upload-artifact@v3
with:
name: deployement-without-markdown
path: |
deployment
retention-days: 5
build-image-job:
needs: source-code-build-job
runs-on: ubuntu-latest
# DownLoad Artifact
steps:
- name: Download a application artifact
uses: actions/download-artifact@v3
with:
name: dist-without-markdown
# Before build
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# Docker Repository Login
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
# Build and Push Image Artifact to Docker Repository
- name: Build and Push Image Artifact
uses: docker/build-push-action@v5
with:
push: true
tags: $PROJECT_NAME/app:latest
deploy-job:
needs: build-image-job
runs-on: ubuntu-latest
# DownLoad Artifact
steps:
- name: Download manifests
uses: actions/download-artifact@v3
with:
name: deployement-without-markdown
# Check Kubeconfig Setting for deploy
- name: Check Kubeconfig
uses: actions-hub/kubectl@master
env: ${{ secrets.KUBE_CONFIG }}
with:
args: get pods -n $K8S_NAMESPACE
# Deploy Manifests
- name: Deploy Manifests
uses: actions-hub/kubectl@master
env: ${{ secrets.KUBE_CONFIG }}
with:
args:
apply -f $MANIFEST_PATH/deployment.yaml -n $K8S_NAMESPACE
apply -f $MANIFEST_PATH/service.yaml -n $K8S_NAMESPACE
apply -f $MANIFEST_PATH/ingress.yaml -n $K8S_NAMESPACE
이 기본틀에서 추가할것은.
- Exception
- 최소권한(보안강화)
- Job 종료 후 권한회수
정도가 되겠다.
'PaaS > CI CD' 카테고리의 다른 글
| Blue / Green 배포의 라우팅 포인트를 어디로 가져가야 하는가? (0) | 2023.11.09 |
|---|---|
| CI/CD에서 테스트가 매우 중요해지고 있다. (0) | 2023.11.09 |
| Commit/Push할 Git remote branch 바꾸기 (0) | 2023.11.09 |
| Github과 Gitlab의 리소스 비교 (0) | 2023.11.08 |
| Github Actions 설정 (0) | 2023.11.07 |