Skip to content

Feature/ci #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Kobeep merged 2 commits into from
Oct 6, 2025
Merged

Feature/ci #11

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a555fc7
Re-write Readme file | Used best-readme-template
Kobeep Oct 6, 2025
2a64b21
Built Ci pipeline
Kobeep Oct 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
229 changes: 229 additions & 0 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,229 @@
name: CI Pipeline

on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main, develop ]

jobs:
validate-yaml:
name: Validate YAML Syntax
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.11'

- name: Install yamllint
run: pip install yamllint

- name: Validate YAML files
run: |
find . -name "*.yaml" -o -name "*.yml" | xargs yamllint -d "{extends: relaxed, rules: {line-length: {max: 120}}}"

validate-kubernetes:
name: Validate Kubernetes Manifests
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Set up kubectl
uses: azure/setup-kubectl@v3
with:
version: 'v1.28.0'

- name: Validate cluster configs
run: |
echo "Validating k3d cluster configurations..."
kubectl version --client

- name: Validate ArgoCD applications
run: |
echo "Checking ArgoCD application manifests..."
for file in clusters/*/argocd-apps/*.yaml; do
if [ -f "$file" ]; then
echo "Validating $file"
kubectl apply --dry-run=client -f "$file" || exit 1
fi
done

validate-helm:
name: Validate Helm Charts
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Set up Helm
uses: azure/setup-helm@v3
with:
version: 'v3.13.0'

- name: Add Helm repositories
run: |
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo add grafana https://grafana.github.io/helm-charts
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo add kyverno https://kyverno.github.io/kyverno/
helm repo update

- name: Validate Helm charts
run: |
echo "Validating platform Helm charts..."
for chart in platform/*/; do
if [ -f "${chart}Chart.yaml" ]; then
echo "Linting $(basename $chart)"
helm dependency update "$chart"
helm lint "$chart" || exit 1

# Validate with dev values
if [ -f "${chart}values-dev.yaml" ]; then
helm lint "$chart" -f "${chart}values-dev.yaml" || exit 1
fi

# Validate with prod values
if [ -f "${chart}values-prod.yaml" ]; then
helm lint "$chart" -f "${chart}values-prod.yaml" || exit 1
fi
fi
done

test-scripts:
name: Test Shell Scripts
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Install shellcheck
run: sudo apt-get update && sudo apt-get install -y shellcheck

- name: Validate shell scripts
run: |
echo "Checking shell scripts with shellcheck..."
find scripts/ -name "*.sh" -type f | xargs shellcheck -x || exit 1

- name: Check script permissions
run: |
echo "Verifying script permissions..."
for script in scripts/*.sh; do
if [ -f "$script" ]; then
if [ ! -x "$script" ]; then
echo "Warning: $script is not executable"
chmod +x "$script"
fi
fi
done

security-scan:
name: Security Scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
scan-type: 'config'
scan-ref: '.'
format: 'sarif'
output: 'trivy-results.sarif'

- name: Upload Trivy results to GitHub Security
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: 'trivy-results.sarif'

integration-test:
name: Integration Test (Optional)
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Set up Docker
uses: docker/setup-buildx-action@v3

- name: Install k3d
run: |
curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | bash

- name: Install kubectl
uses: azure/setup-kubectl@v3
with:
version: 'v1.28.0'

- name: Install Helm
uses: azure/setup-helm@v3
with:
version: 'v3.13.0'

- name: Create test cluster
run: |
echo "Creating test k3d cluster..."
k3d cluster create test-cluster \
--servers 1 \
--agents 1 \
--wait \
--timeout 120s

- name: Verify cluster
run: |
kubectl cluster-info
kubectl get nodes

- name: Test ArgoCD installation
run: |
echo "Testing ArgoCD installation..."
kubectl create namespace argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
kubectl wait --for=condition=available --timeout=300s deployment/argocd-server -n argocd

- name: Cleanup
if: always()
run: |
k3d cluster delete test-cluster

lint-markdown:
name: Lint Markdown
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4

- name: Lint Markdown files
uses: DavidAnson/markdownlint-cli2-action@v14
with:
globs: '**/*.md'
config: |
{
"default": true,
"MD013": false,
"MD033": false,
"MD041": false
}

summary:
name: CI Summary
runs-on: ubuntu-latest
needs: [validate-yaml, validate-kubernetes, validate-helm, test-scripts, security-scan]
if: always()
steps:
- name: Check job results
run: |
echo "## CI Pipeline Summary" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "✅ YAML Validation: ${{ needs.validate-yaml.result }}" >> $GITHUB_STEP_SUMMARY
echo "✅ Kubernetes Validation: ${{ needs.validate-kubernetes.result }}" >> $GITHUB_STEP_SUMMARY
echo "✅ Helm Validation: ${{ needs.validate-helm.result }}" >> $GITHUB_STEP_SUMMARY
echo "✅ Shell Script Tests: ${{ needs.test-scripts.result }}" >> $GITHUB_STEP_SUMMARY
echo "✅ Security Scan: ${{ needs.security-scan.result }}" >> $GITHUB_STEP_SUMMARY
38 changes: 38 additions & 0 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
name: Release

on:
push:
tags:
- 'v*.*.*'

jobs:
release:
name: Create Release
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Get version from tag
id: get_version
run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT

- name: Generate changelog
id: changelog
run: |
echo "## What's Changed" > CHANGELOG.txt
git log $(git describe --tags --abbrev=0 HEAD^)..HEAD --pretty=format:"* %s (%h)" >> CHANGELOG.txt

- name: Create GitHub Release
uses: softprops/action-gh-release@v1
with:
name: Release ${{ steps.get_version.outputs.VERSION }}
body_path: CHANGELOG.txt
draft: false
prerelease: false
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
16 changes: 16 additions & 0 deletions .yamllint
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
---
extends: relaxed

rules:
line-length:
max: 120
level: warning
indentation:
spaces: 2
indent-sequences: true
comments:
min-spaces-from-content: 1
comments-indentation: {}
document-start: disable
truthy:
allowed-values: ['true', 'false', 'yes', 'no']
Loading
Loading