From b6109fc20ba6b39dfbe854b2041eae771a9516ed Mon Sep 17 00:00:00 2001 From: Rishwanth14 Date: Sat, 27 Sep 2025 13:26:00 +1000 Subject: [PATCH 1/5] push --- docker-compose.yml | 6 +++--- k8s/frontend.yaml | 2 +- k8s/order-service.yaml | 2 +- k8s/product-service.yaml | 2 +- k8s/secrets.yaml | 4 ++-- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index ffe144c7..9b8b8c1f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -53,9 +53,9 @@ services: - "8000:8000" environment: POSTGRES_HOST: product_db # Connects to the 'product_db' service within Docker network - AZURE_STORAGE_ACCOUNT_NAME: # Replace with your Azure Storage account name - AZURE_STORAGE_ACCOUNT_KEY: # Replace with your Azure Storage account key - AZURE_STORAGE_CONTAINER_NAME: # Replace with your Azure Storage container name + AZURE_STORAGE_ACCOUNT_NAME: rsit722stgacc # Replace with your Azure Storage account name + AZURE_STORAGE_ACCOUNT_KEY: QyxZRd8Kt2r38+Z94jGdUvWGlK2sGnN3J3nDjcJQCdNHFWEOuqAf9EFnsAgKOTL9CbeQ7mc6T8we+ASt7W9Edw== # Replace with your Azure Storage account key + AZURE_STORAGE_CONTAINER_NAME: datacontainer # Replace with your Azure Storage container name AZURE_SAS_TOKEN_EXPIRY_HOURS: 24 depends_on: product_db: diff --git a/k8s/frontend.yaml b/k8s/frontend.yaml index 1948536d..fd779006 100644 --- a/k8s/frontend.yaml +++ b/k8s/frontend.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: frontend-container - image: durgeshsamariya.azurecr.io/frontend:latest + image: acrsit722r.azurecr.io/frontend:latest imagePullPolicy: Always ports: - containerPort: 80 diff --git a/k8s/order-service.yaml b/k8s/order-service.yaml index c9d92e4d..07f5f942 100644 --- a/k8s/order-service.yaml +++ b/k8s/order-service.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: order-service-container - image: durgeshsamariya.azurecr.io/order_service:latest + image: acrsit722r.azurecr.io/order_service:latest imagePullPolicy: Always ports: - containerPort: 8000 diff --git a/k8s/product-service.yaml b/k8s/product-service.yaml index 0cbbd505..cbee8335 100644 --- a/k8s/product-service.yaml +++ b/k8s/product-service.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: product-service-container - image: durgeshsamariya.azurecr.io/product_service:latest + image: acrsit722r.azurecr.io/product_service:latest imagePullPolicy: Always ports: - containerPort: 8000 diff --git a/k8s/secrets.yaml b/k8s/secrets.yaml index 5eebe1fa..49a63c4b 100644 --- a/k8s/secrets.yaml +++ b/k8s/secrets.yaml @@ -13,6 +13,6 @@ data: # Azure Storage Account Credentials for Product Service image uploads # REPLACE WITH YOUR ACTUAL BASE64 ENCODED VALUES from your Azure Storage Account # Example: echo -n 'myblobstorageaccount' | base64 - AZURE_STORAGE_ACCOUNT_NAME: "ZHVyZ2VzaHNhbWFyaXlh" + AZURE_STORAGE_ACCOUNT_NAME: "cnNpdDcyMnN0Z2FjYw==" # Example: echo -n 'your_storage_account_key_string' | base64 - AZURE_STORAGE_ACCOUNT_KEY: "aEFNQ24rbkh2cmhwSGFEaW5jSnAxNFlHaU5nTnJja2NJR05Bc3Y5VXZPUlpsblJkbkVUR3drdTREdSszblBDR3E4ZEVTVjlFNE1jMytBU3RubmZ5QVE9PQ==" + AZURE_STORAGE_ACCOUNT_KEY: "UXl4WlJkOEt0MnIzOCtaOTRqR2RVdldHbEsyc0duTjNKM25EamNKUUNkTkhGV0VPdXFBZjlFRm5zQWdLT1RMOUNiZVE3bWM2VDh3ZStBU3Q3VzlFZHc9PQ==" From 34fca24f274bdb6b592c01c409042fc0745463ff Mon Sep 17 00:00:00 2001 From: Rishwanth14 Date: Sat, 27 Sep 2025 16:11:13 +1000 Subject: [PATCH 2/5] push1 --- .github/workflows/backend-cd.yml | 131 +++++++++++++++++++------------ 1 file changed, 80 insertions(+), 51 deletions(-) diff --git a/.github/workflows/backend-cd.yml b/.github/workflows/backend-cd.yml index 6035ed15..cd234b95 100644 --- a/.github/workflows/backend-cd.yml +++ b/.github/workflows/backend-cd.yml @@ -20,10 +20,15 @@ jobs: deploy_backend: runs-on: ubuntu-latest environment: Production - + outputs: - PRODUCT_API_IP: ${{ steps.get_product_ip.outputs.external_ip }} - ORDER_API_IP: ${{ steps.get_order_ip.outputs.external_ip }} + PRODUCT_API_IP: ${{ steps.expose.outputs.product_ip }} + ORDER_API_IP: ${{ steps.expose.outputs.order_ip }} + + env: + NAMESPACE: backend + PRODUCT_SVC: product-service-w08e1 + ORDER_SVC: order-service-w08e1 steps: - name: Checkout repository @@ -37,65 +42,89 @@ jobs: - name: Set Kubernetes context (get AKS credentials) run: | - az aks get-credentials --resource-group ${{ github.event.inputs.aks_resource_group }} --name ${{ github.event.inputs.aks_cluster_name }} --overwrite-existing + az aks get-credentials \ + --resource-group "${{ github.event.inputs.aks_resource_group }}" \ + --name "${{ github.event.inputs.aks_cluster_name }}" \ + --overwrite-existing - name: Attach ACR run: | - az aks update --name ${{ github.event.inputs.aks_cluster_name }} --resource-group ${{ github.event.inputs.aks_resource_group }} --attach-acr ${{ github.event.inputs.aks_acr_name }} + az aks update \ + --name "${{ github.event.inputs.aks_cluster_name }}" \ + --resource-group "${{ github.event.inputs.aks_resource_group }}" \ + --attach-acr "${{ github.event.inputs.aks_acr_name }}" + + - name: Ensure namespace exists + run: | + kubectl get ns "$NAMESPACE" >/dev/null 2>&1 || kubectl create namespace "$NAMESPACE" - name: Deploy Backend Infrastructure (Namespace, ConfigMaps, Secrets, Databases) + working-directory: k8s run: | - echo "Deploying backend infrastructure..." - cd k8s/ - kubectl apply -f configmaps.yaml - kubectl apply -f secrets.yaml - kubectl apply -f product-db.yaml - kubectl apply -f order-db.yaml + echo "Deploying backend infrastructure to namespace: $NAMESPACE" + kubectl apply -f configmaps.yaml -n "$NAMESPACE" + kubectl apply -f secrets.yaml -n "$NAMESPACE" + kubectl apply -f product-db.yaml -n "$NAMESPACE" + kubectl apply -f order-db.yaml -n "$NAMESPACE" - name: Deploy Backend Microservices (Product, Order) + working-directory: k8s + run: | + echo "Deploying backend microservices to namespace: $NAMESPACE" + kubectl apply -f product-service.yaml -n "$NAMESPACE" + kubectl apply -f order-service.yaml -n "$NAMESPACE" + + - name: Verify rollouts (fail fast) run: | - echo "Deploying backend microservices..." - cd k8s/ - kubectl apply -f product-service.yaml - kubectl apply -f order-service.yaml - - - name: Wait for Backend LoadBalancer IPs + set -e + # Update these deployment names only if your YAML uses different names + kubectl rollout status deploy/product-deploy -n "$NAMESPACE" --timeout=180s + kubectl rollout status deploy/order-deploy -n "$NAMESPACE" --timeout=180s + + - name: Wait for Backend LoadBalancer IPs (backoff + diagnostics) + id: wait_ips run: | - echo "Waiting for Product, Order LoadBalancer IPs to be assigned (up to 5 minutes)..." - PRODUCT_IP="" - ORDER_IP="" - - for i in $(seq 1 60); do - echo "Attempt $i/60 to get IPs..." - PRODUCT_IP=$(kubectl get service product-service-w08e1 -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - ORDER_IP=$(kubectl get service order-service-w08e1 -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - - if [[ -n "$PRODUCT_IP" && -n "$ORDER_IP" ]]; then - echo "All backend LoadBalancer IPs assigned!" - echo "Product Service IP: $PRODUCT_IP" - echo "Order Service IP: $ORDER_IP" - break - fi - sleep 5 # Wait 5 seconds before next attempt - done - - if [[ -z "$PRODUCT_IP" || -z "$ORDER_IP" ]]; then - echo "Error: One or more LoadBalancer IPs not assigned after timeout." - exit 1 # Fail the job if IPs are not obtained - fi - - # These are environment variables for subsequent steps in the *same job* - # And used to set the job outputs + set -e + + get_ip () { + SVC="$1"; NS="$2" + for i in 1 2 3 4 5 6 7 8 9 10; do + ip=$(kubectl get svc "$SVC" -n "$NS" -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + if [ -n "$ip" ]; then + echo "$ip" + return 0 + fi + echo "No IP for $SVC yet (attempt $i/10). Waiting $((i*6))s..." + sleep $((i*6)) # 6s..60s + done + return 1 + } + + PRODUCT_IP=$(get_ip "${PRODUCT_SVC}" "$NAMESPACE") || { + echo "Error: No IP for ${PRODUCT_SVC} after timeout." + kubectl describe svc "${PRODUCT_SVC}" -n "$NAMESPACE" || true + kubectl get events -n "$NAMESPACE" --sort-by=.lastTimestamp | tail -n 200 || true + exit 1 + } + + ORDER_IP=$(get_ip "${ORDER_SVC}" "$NAMESPACE") || { + echo "Error: No IP for ${ORDER_SVC} after timeout." + kubectl describe svc "${ORDER_SVC}" -n "$NAMESPACE" || true + kubectl get events -n "$NAMESPACE" --sort-by=.lastTimestamp | tail -n 200 || true + exit 1 + } + echo "PRODUCT_IP=$PRODUCT_IP" >> $GITHUB_ENV - echo "ORDER_IP=$ORDER_IP" >> $GITHUB_ENV + echo "ORDER_IP=$ORDER_IP" >> $GITHUB_ENV - - name: Capture Product Service IP for Workflow Output - id: get_product_ip - run: echo "external_ip=${{ env.PRODUCT_IP }}" >> $GITHUB_OUTPUT - - - name: Capture Order Service IP for Workflow Output - id: get_order_ip - run: echo "external_ip=${{ env.ORDER_IP }}" >> $GITHUB_OUTPUT + - name: Capture IPs as job outputs + id: expose + run: | + echo "product_ip=${PRODUCT_IP}" >> $GITHUB_OUTPUT + echo "order_ip=${ORDER_IP}" >> $GITHUB_OUTPUT + echo "Product Service IP: ${PRODUCT_IP}" + echo "Order Service IP: ${ORDER_IP}" - name: Logout from Azure - run: az logout + if: always() + run: az logout \ No newline at end of file From d7d03524d53b311f8faec37892368c7b478169bb Mon Sep 17 00:00:00 2001 From: Rishwanth14 Date: Sat, 27 Sep 2025 16:22:07 +1000 Subject: [PATCH 3/5] push --- .github/workflows/backend-cd.yml | 131 ++++++++++++------------------- 1 file changed, 51 insertions(+), 80 deletions(-) diff --git a/.github/workflows/backend-cd.yml b/.github/workflows/backend-cd.yml index cd234b95..6035ed15 100644 --- a/.github/workflows/backend-cd.yml +++ b/.github/workflows/backend-cd.yml @@ -20,15 +20,10 @@ jobs: deploy_backend: runs-on: ubuntu-latest environment: Production - + outputs: - PRODUCT_API_IP: ${{ steps.expose.outputs.product_ip }} - ORDER_API_IP: ${{ steps.expose.outputs.order_ip }} - - env: - NAMESPACE: backend - PRODUCT_SVC: product-service-w08e1 - ORDER_SVC: order-service-w08e1 + PRODUCT_API_IP: ${{ steps.get_product_ip.outputs.external_ip }} + ORDER_API_IP: ${{ steps.get_order_ip.outputs.external_ip }} steps: - name: Checkout repository @@ -42,89 +37,65 @@ jobs: - name: Set Kubernetes context (get AKS credentials) run: | - az aks get-credentials \ - --resource-group "${{ github.event.inputs.aks_resource_group }}" \ - --name "${{ github.event.inputs.aks_cluster_name }}" \ - --overwrite-existing + az aks get-credentials --resource-group ${{ github.event.inputs.aks_resource_group }} --name ${{ github.event.inputs.aks_cluster_name }} --overwrite-existing - name: Attach ACR run: | - az aks update \ - --name "${{ github.event.inputs.aks_cluster_name }}" \ - --resource-group "${{ github.event.inputs.aks_resource_group }}" \ - --attach-acr "${{ github.event.inputs.aks_acr_name }}" - - - name: Ensure namespace exists - run: | - kubectl get ns "$NAMESPACE" >/dev/null 2>&1 || kubectl create namespace "$NAMESPACE" + az aks update --name ${{ github.event.inputs.aks_cluster_name }} --resource-group ${{ github.event.inputs.aks_resource_group }} --attach-acr ${{ github.event.inputs.aks_acr_name }} - name: Deploy Backend Infrastructure (Namespace, ConfigMaps, Secrets, Databases) - working-directory: k8s run: | - echo "Deploying backend infrastructure to namespace: $NAMESPACE" - kubectl apply -f configmaps.yaml -n "$NAMESPACE" - kubectl apply -f secrets.yaml -n "$NAMESPACE" - kubectl apply -f product-db.yaml -n "$NAMESPACE" - kubectl apply -f order-db.yaml -n "$NAMESPACE" + echo "Deploying backend infrastructure..." + cd k8s/ + kubectl apply -f configmaps.yaml + kubectl apply -f secrets.yaml + kubectl apply -f product-db.yaml + kubectl apply -f order-db.yaml - name: Deploy Backend Microservices (Product, Order) - working-directory: k8s - run: | - echo "Deploying backend microservices to namespace: $NAMESPACE" - kubectl apply -f product-service.yaml -n "$NAMESPACE" - kubectl apply -f order-service.yaml -n "$NAMESPACE" - - - name: Verify rollouts (fail fast) run: | - set -e - # Update these deployment names only if your YAML uses different names - kubectl rollout status deploy/product-deploy -n "$NAMESPACE" --timeout=180s - kubectl rollout status deploy/order-deploy -n "$NAMESPACE" --timeout=180s - - - name: Wait for Backend LoadBalancer IPs (backoff + diagnostics) - id: wait_ips + echo "Deploying backend microservices..." + cd k8s/ + kubectl apply -f product-service.yaml + kubectl apply -f order-service.yaml + + - name: Wait for Backend LoadBalancer IPs run: | - set -e - - get_ip () { - SVC="$1"; NS="$2" - for i in 1 2 3 4 5 6 7 8 9 10; do - ip=$(kubectl get svc "$SVC" -n "$NS" -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - if [ -n "$ip" ]; then - echo "$ip" - return 0 - fi - echo "No IP for $SVC yet (attempt $i/10). Waiting $((i*6))s..." - sleep $((i*6)) # 6s..60s - done - return 1 - } - - PRODUCT_IP=$(get_ip "${PRODUCT_SVC}" "$NAMESPACE") || { - echo "Error: No IP for ${PRODUCT_SVC} after timeout." - kubectl describe svc "${PRODUCT_SVC}" -n "$NAMESPACE" || true - kubectl get events -n "$NAMESPACE" --sort-by=.lastTimestamp | tail -n 200 || true - exit 1 - } - - ORDER_IP=$(get_ip "${ORDER_SVC}" "$NAMESPACE") || { - echo "Error: No IP for ${ORDER_SVC} after timeout." - kubectl describe svc "${ORDER_SVC}" -n "$NAMESPACE" || true - kubectl get events -n "$NAMESPACE" --sort-by=.lastTimestamp | tail -n 200 || true - exit 1 - } - + echo "Waiting for Product, Order LoadBalancer IPs to be assigned (up to 5 minutes)..." + PRODUCT_IP="" + ORDER_IP="" + + for i in $(seq 1 60); do + echo "Attempt $i/60 to get IPs..." + PRODUCT_IP=$(kubectl get service product-service-w08e1 -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + ORDER_IP=$(kubectl get service order-service-w08e1 -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + + if [[ -n "$PRODUCT_IP" && -n "$ORDER_IP" ]]; then + echo "All backend LoadBalancer IPs assigned!" + echo "Product Service IP: $PRODUCT_IP" + echo "Order Service IP: $ORDER_IP" + break + fi + sleep 5 # Wait 5 seconds before next attempt + done + + if [[ -z "$PRODUCT_IP" || -z "$ORDER_IP" ]]; then + echo "Error: One or more LoadBalancer IPs not assigned after timeout." + exit 1 # Fail the job if IPs are not obtained + fi + + # These are environment variables for subsequent steps in the *same job* + # And used to set the job outputs echo "PRODUCT_IP=$PRODUCT_IP" >> $GITHUB_ENV - echo "ORDER_IP=$ORDER_IP" >> $GITHUB_ENV + echo "ORDER_IP=$ORDER_IP" >> $GITHUB_ENV - - name: Capture IPs as job outputs - id: expose - run: | - echo "product_ip=${PRODUCT_IP}" >> $GITHUB_OUTPUT - echo "order_ip=${ORDER_IP}" >> $GITHUB_OUTPUT - echo "Product Service IP: ${PRODUCT_IP}" - echo "Order Service IP: ${ORDER_IP}" + - name: Capture Product Service IP for Workflow Output + id: get_product_ip + run: echo "external_ip=${{ env.PRODUCT_IP }}" >> $GITHUB_OUTPUT + + - name: Capture Order Service IP for Workflow Output + id: get_order_ip + run: echo "external_ip=${{ env.ORDER_IP }}" >> $GITHUB_OUTPUT - name: Logout from Azure - if: always() - run: az logout \ No newline at end of file + run: az logout From a4032ac6ca1a7c89019286274b15fb8d64aec091 Mon Sep 17 00:00:00 2001 From: Rishwanth14 Date: Sat, 27 Sep 2025 16:34:49 +1000 Subject: [PATCH 4/5] push --- .github/workflows/pr-security.yml | 59 +++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 .github/workflows/pr-security.yml diff --git a/.github/workflows/pr-security.yml b/.github/workflows/pr-security.yml new file mode 100644 index 00000000..ac452d1a --- /dev/null +++ b/.github/workflows/pr-security.yml @@ -0,0 +1,59 @@ +name: PR Security Scan + +on: + pull_request: + branches: [main] + paths: + - 'backend/**/requirements*.txt' + - 'backend/**/Dockerfile' + - 'frontend/Dockerfile' + - 'k8s/**' + - '.github/workflows/**' + +jobs: + trivy-fs: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Trivy scan (filesystem) + uses: aquasecurity/trivy-action@0.24.0 + with: + scan-type: fs + ignore-unfixed: true + severity: CRITICAL,HIGH + exit-code: '1' + + trivy-backend-image: + runs-on: ubuntu-latest + needs: trivy-fs + steps: + - uses: actions/checkout@v4 + + - name: Build backend product_service image + run: docker build -t prscan-product:tmp backend/product_service + + - name: Trivy scan (product_service image) + uses: aquasecurity/trivy-action@0.24.0 + with: + image-ref: prscan-product:tmp + ignore-unfixed: true + severity: CRITICAL,HIGH + exit-code: '1' + + trivy-frontend-image: + runs-on: ubuntu-latest + needs: trivy-fs + steps: + - uses: actions/checkout@v4 + + - name: Build frontend image + run: docker build -t prscan-frontend:tmp frontend + + - name: Trivy scan (frontend image) + uses: aquasecurity/trivy-action@0.24.0 + with: + image-ref: prscan-frontend:tmp + ignore-unfixed: true + severity: CRITICAL,HIGH + exit-code: '1' From ccfc840dad2f059b3c0254a413cbe33992ac2768 Mon Sep 17 00:00:00 2001 From: Rishwanth14 Date: Sat, 27 Sep 2025 16:36:21 +1000 Subject: [PATCH 5/5] PR Test --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 23009398..4d737db8 100644 --- a/README.md +++ b/README.md @@ -36,3 +36,6 @@ image: .azurecr.io/: ### 2. Update Backend Pipeline (`.github/workflows/backend-cd.yml`) & Frontend Pipeline (`.github/workflows/frontend-cd.yml`) Ensure you replace all placeholders value to actual values. + + +Changes \ No newline at end of file