File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ name : DevSecOps Pipeline
2+
3+ on :
4+ push :
5+ branches : [ main ]
6+ pull_request :
7+ branches : [ main ]
8+
9+ jobs :
10+ security-scan :
11+ runs-on : ubuntu-latest
12+ steps :
13+ - name : Checkout code
14+ uses : actions/checkout@v4
15+
16+ - name : Run tfsec on Terraform
17+ uses : aquasecurity/tfsec-action@v1.0.0
18+ with :
19+ working-directory : ./terraform
20+
21+ - name : Run Trivy Docker image scan
22+ uses : aquasecurity/trivy-action@v0.13.0
23+ with :
24+ image-ref : devopsproject1/production:latest # <-- Match your pushed Docker image
25+
26+ deploy :
27+ needs : security-scan
28+ runs-on : ubuntu-latest
29+ steps :
30+ - name : Checkout code
31+ uses : actions/checkout@v4
32+
33+ - name : Set up kubectl
34+ uses : azure/setup-kubectl@v3
35+ with :
36+ version : ' v1.29.0'
37+
38+ - name : Load kubeconfig from secret
39+ run : echo "$KUBECONFIG_DATA" | base64 -d > $HOME/.kube/config
40+ env :
41+ KUBECONFIG_DATA : ${{ secrets.KUBECONFIG_DATA }}
42+
43+ - name : Apply SealedSecret
44+ run : kubectl apply -f k8s/sealed-secrets/sealedsecret.yaml
45+
46+ - name : Deploy to Kubernetes
47+ run : |
48+ kubectl apply -f k8s/deployment.yaml
49+ kubectl apply -f k8s/service.yaml
You can’t perform that action at this time.
0 commit comments