Add sonar #14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'adopt' | |
| # Install SonarScanner CLI and update PATH | |
| - name: Install SonarScanner | |
| run: | | |
| wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.6.2.2472-linux.zip | |
| unzip sonar-scanner-cli-4.6.2.2472-linux.zip | |
| echo "SONAR_SCANNER_HOME=$(pwd)/sonar-scanner-4.6.2.2472-linux" >> $GITHUB_ENV | |
| echo "PATH=\$PATH:\$SONAR_SCANNER_HOME/bin" >> $GITHUB_ENV | |
| # SAST with SonarCloud | |
| - name: SonarCloud Scan | |
| env: | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| SONAR_HOST_URL: https://sonarcloud.io | |
| run: | | |
| sonar-scanner \ | |
| -Dsonar.projectKey=ThomasAdriaanse_Personal-website \ | |
| -Dsonar.organization=thomasadriaanse \ | |
| -Dsonar.host.url=https://sonarcloud.io \ | |
| -Dsonar.login=${{ secrets.SONAR_TOKEN }} | |
| # Log in to Amazon ECR | |
| - name: Log in to Amazon ECR | |
| run: | | |
| aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws ecr get-login-password --region ${{ secrets.AWS_REGION }} | docker login --username AWS --password-stdin ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com | |
| # Build the Docker image | |
| - name: Build Docker image | |
| run: docker build -t ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/website-new:latest . | |
| # Push the Docker image to Amazon ECR | |
| - name: Push Docker image to ECR | |
| run: docker push ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/website-new:latest | |
| deploy: | |
| runs-on: ubuntu-latest | |
| needs: build | |
| steps: | |
| # SSH to EC2 instance and pull the new image from ECR | |
| - name: SSH and Deploy to EC2 | |
| uses: appleboy/[email protected] | |
| with: | |
| host: ${{ secrets.EC2_HOST }} | |
| username: ${{ secrets.EC2_USER }} | |
| key: ${{ secrets.EC2_PEM_KEY }} | |
| script: | | |
| aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws ecr get-login-password --region ${{ secrets.AWS_REGION }} | docker login --username AWS --password-stdin ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com | |
| docker pull ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/website-new:latest | |
| docker stop new_website_container || true | |
| docker rm new_website_container || true | |
| docker run -d -p 5000:5000 --name new_website_container ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/website-new:latest | |
| # restart nginx to update website | |
| sudo systemctl restart nginx |