Merge pull request #1403 from akto-api-security/feature/add_new_test_… #3687
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Staging | |
# Controls when the workflow will run | |
on: | |
push: | |
branches: [ master ] | |
pull_request: | |
workflow_dispatch: | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
outputs: | |
IMAGE_TAG: ${{ steps.docker_tag.outputs.IMAGE_TAG }} | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: actions/setup-java@v2 | |
with: | |
distribution: 'adopt' | |
java-version: '8' | |
architecture: x64 | |
- uses: actions/setup-node@v2 | |
with: | |
node-version: '17' | |
- name: Convert github branch name to be compatible with docker tag name convention and generate tag name | |
id: docker_tag | |
run: echo "IMAGE_TAG=a-$(echo ${{ github.ref_name }} | sed 's/[^a-zA-Z0-9]/-/g')" >> $GITHUB_OUTPUT | |
- name: Download Akto templates zip and PII files | |
working-directory: ./apps/dashboard/src/main/resources | |
run: | | |
wget -O tests-library-master.zip https://github.com/akto-api-security/tests-library/archive/refs/heads/master.zip | |
wget -O general.json https://raw.githubusercontent.com/akto-api-security/pii-types/master/general.json | |
wget -O fintech.json https://raw.githubusercontent.com/akto-api-security/akto/master/pii-types/fintech.json | |
wget -O filetypes.json https://raw.githubusercontent.com/akto-api-security/akto/master/pii-types/filetypes.json | |
- name: Prepare Dashboard polaris UI | |
working-directory: ./apps/dashboard/web/polaris_web | |
run: npm install && export RELEASE_VERSION=${{steps.docker_tag.outputs.IMAGE_TAG}} && npm run build | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{secrets.AWS_ACCESS_KEY_ID}} | |
aws-secret-access-key: ${{secrets.AWS_SECRET_ACCESS_KEY}} | |
aws-region: ap-south-1 | |
- name: Deploy polaris site to S3 bucket | |
run: aws s3 sync ./apps/dashboard/web/polaris_web/web/dist s3://dashboard-on-cdn/polaris_web/${{steps.docker_tag.outputs.IMAGE_TAG}}/dist --delete | |
- run: mvn package -Dakto-image-tag=${{ github.event.inputs.Tag }} -Dakto-build-time=$(eval "date +%s") -Dakto-release-version=${{steps.docker_tag.outputs.IMAGE_TAG}} | |
- name: DockerHub login | |
env: | |
DOCKER_USERNAME: ${{secrets.DOCKER_USERNAME}} | |
DOCKER_PASSWORD: ${{secrets.DOCKER_PASSWORD}} | |
run: | | |
docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD | |
- name: Build, tag, and push the image to DockerHub | |
id: build-image-dockerhub | |
env: | |
ECR_REGISTRY: aktosecurity | |
ECR_REPOSITORY: akto-api-security | |
IMAGE_TAG: ${{ steps.docker_tag.outputs.IMAGE_TAG }} | |
IMAGE_TAG_DASHBOARD: ${{ github.event.inputs.Deploy == 'true' && '-t aktosecurity/akto-api-security-dashboard:flash' || '' }} | |
IMAGE_TAG_TESTING: ${{ github.event.inputs.Deploy == 'true' && '-t aktosecurity/akto-api-testing:flash' || '' }} | |
IMAGE_TAG_TESTING_CLI: ${{ github.event.inputs.Deploy == 'true' && '-t aktosecurity/akto-api-testing-cli:flash' || '' }} | |
run: | | |
echo $IMAGE_TAG >> $GITHUB_STEP_SUMMARY | |
docker buildx create --use | |
# Build a docker container and push it to DockerHub | |
cd apps/dashboard | |
docker buildx build --platform linux/arm64/v8,linux/amd64 -t $ECR_REGISTRY/$ECR_REPOSITORY-dashboard:$IMAGE_TAG $IMAGE_TAG_DASHBOARD . --push | |
cd ../testing | |
docker buildx build --platform linux/arm64/v8,linux/amd64 -t $ECR_REGISTRY/akto-api-testing:$IMAGE_TAG $IMAGE_TAG_TESTING . --push | |
cd ../testing-cli | |
docker buildx build --platform linux/arm64/v8,linux/amd64 -t $ECR_REGISTRY/akto-api-testing-cli:$IMAGE_TAG $IMAGE_TAG_TESTING_CLI . --push | |
cd ../billing | |
docker buildx build --platform linux/arm64/v8,linux/amd64 -t $ECR_REGISTRY/akto-billing:$IMAGE_TAG . --push | |
cd ../internal | |
docker buildx build --platform linux/arm64/v8,linux/amd64 -t $ECR_REGISTRY/akto-internal:$IMAGE_TAG . --push | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v1 | |
with: | |
java-version: 11 | |
- name: Cache SonarCloud packages | |
uses: actions/cache@v1 | |
with: | |
path: ~/.sonar/cache | |
key: ${{ runner.os }}-sonar | |
restore-keys: ${{ runner.os }}-sonar | |
- name: Cache Maven packages | |
uses: actions/cache@v1 | |
with: | |
path: ~/.m2 | |
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | |
restore-keys: ${{ runner.os }}-m2 | |
deploy: | |
needs: build | |
runs-on: ubuntu-latest | |
environment: Dev | |
permissions: | |
id-token: write | |
contents: read | |
env: | |
IMAGE_TAG: ${{needs.build.outputs.IMAGE_TAG}} | |
FLASH_NLB_DNS: ${{ secrets.FLASH_NLB_DNS }} | |
FLASH_MONGO_CONN: ${{ secrets.FLASH_MONGO_CONN }} | |
outputs: | |
lb_name: ${{ steps.deploy_cluster.outputs.lb_name }} | |
steps: | |
#revert branch name | |
- name: Setup mongo, akto-k8s-agent kube yaml's | |
run: | | |
wget https://raw.githubusercontent.com/akto-api-security/infra/ephemeral_env_staging/mongo.yml | |
cat mongo.yml | sed "s/akto/${IMAGE_TAG}/g" > mongo_complete.yml | |
wget https://raw.githubusercontent.com/akto-api-security/infra/flash/akto_k8s_agent.yml | |
envsubst < akto_k8s_agent.yml > akto_k8s_agent_complete.yml | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_AKI_DEV_CLUSTER_02 }} | |
aws-secret-access-key: ${{ secrets.AWS_SAK_DEV_CLUSTER_02 }} | |
aws-region: ap-south-1 | |
- name: deploy to cluster | |
id: deploy_cluster | |
uses: koslib/helm-eks-action@master | |
env: | |
KUBE_CONFIG_DATA: ${{ secrets.DEV_CLUSTER_02_KUBE_CONFIG }} | |
with: | |
command: | | |
kubectl apply -n dev -f mongo_complete.yml | |
helm repo add akto https://akto-api-security.github.io/helm-charts | |
export AKTO_MONGO_IP=$(kubectl get services/mongo-${IMAGE_TAG} -n dev -o jsonpath="{.spec.clusterIP}") | |
echo $AKTO_MONGO_IP >> $GITHUB_STEP_SUMMARY | |
echo "starting helm install..." >> $GITHUB_STEP_SUMMARY | |
helm install ${IMAGE_TAG} akto/akto -n dev \ | |
--set mongo.aktoMongoConn="mongodb://${AKTO_MONGO_IP}:27017/admini" \ | |
--set dashboard.aktoApiSecurityDashboard.image.repository="aktosecurity/akto-api-security-dashboard" \ | |
--set dashboard.aktoApiSecurityDashboard.image.tag=${IMAGE_TAG} \ | |
--set testing.aktoApiSecurityTesting.image.repository="aktosecurity/akto-api-testing" \ | |
--set testing.aktoApiSecurityTesting.image.tag=${IMAGE_TAG} | |
kubectl delete deployment/${IMAGE_TAG}-akto-runtime -n dev | |
kubectl delete deployment/${IMAGE_TAG}-akto-keel -n dev | |
kubectl delete deployment/${IMAGE_TAG}-akto-testing -n dev | |
echo "initiating patch..." >> $GITHUB_STEP_SUMMARY | |
kubectl patch deployment/${IMAGE_TAG}-akto-dashboard -n dev --type=strategic --patch-file akto_k8s_agent_complete.yml | |
echo "current status..." >> $GITHUB_STEP_SUMMARY | |
echo $EXTERNAL_IP >> $GITHUB_STEP_SUMMARY | |
while [[ "${EXTERNAL_IP}" == "<pending>" ]] || [ -z "${EXTERNAL_IP}" ]; do EXTERNAL_IP=$(kubectl get svc -n dev | grep ${IMAGE_TAG}-akto-dashboard | awk -F " " '{print $4;}'); sleep 1; done | |
export LB_NAME=$EXTERNAL_IP | |
echo $LB_NAME >> $GITHUB_STEP_SUMMARY | |
echo "lb_name=http://$LB_NAME:8080" >> $GITHUB_OUTPUT | |
while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' ${LB_NAME}:8080/metrics)" != "200" ]]; do sleep 5; done | |
echo "Dashboard running" >> $GITHUB_STEP_SUMMARY | |
- name: setup test environment | |
uses: koslib/helm-eks-action@master | |
env: | |
lb_name: ${{steps.deploy_cluster.outputs.lb_name}} | |
QA_EMAIL: ${{vars.QA_EMAIL}} | |
QA_PASSWORD: ${{secrets.QA_PASSWORD}} | |
QA_API_TOKEN: ${{secrets.QA_API_TOKEN}} | |
KUBE_CONFIG_DATA: ${{ secrets.DEV_CLUSTER_02_KUBE_CONFIG }} | |
with: | |
command: | | |
curl -X POST "$lb_name/signup-email" -H "Content-Type: application/json" -d "{\"email\":\"$QA_EMAIL\",\"password\":\"$QA_PASSWORD\",\"invitationCode\":\"\"}" | |
export staging_mongo=$(kubectl get pods -n dev -l app=mongo-${IMAGE_TAG} -o custom-columns=":metadata.name" --no-headers) | |
kubectl exec -i -n dev $staging_mongo -- env QA_API_TOKEN=$QA_API_TOKEN QA_EMAIL=$QA_EMAIL mongosh --eval 'use common;' --eval ' db.api_tokens.insertOne({ "_id": 1692262638, "_t": "com.akto.dto.ApiToken", "accountId": 1000000, "key": process.env.QA_API_TOKEN, "name": "external_api", "timestamp": 1692262638, "username": process.env.QA_EMAIL, "utility": "EXTERNAL_API" });' | |
test: | |
needs: deploy | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: actions/setup-node@v2 | |
with: | |
node-version: '17' | |
- name: Check Vulnerable API's | |
working-directory: ./.github/scripts | |
env: | |
AKTO_DASHBOARD_URL: ${{needs.deploy.outputs.lb_name}} | |
AKTO_API_KEY: ${{secrets.QA_API_TOKEN}} | |
run: | | |
npm install axios | |
node ./vulnerable_checker.js | |
delete: | |
if: ${{ always() }} | |
needs: [build, deploy, test] | |
runs-on: ubuntu-latest | |
environment: Dev | |
permissions: | |
id-token: write | |
contents: read | |
env: | |
IMAGE_TAG: ${{needs.build.outputs.IMAGE_TAG}} | |
FLASH_NLB_DNS: ${{ secrets.FLASH_NLB_DNS }} | |
FLASH_MONGO_CONN: ${{ secrets.FLASH_MONGO_CONN }} | |
steps: | |
- name: Fetch kube yaml | |
#revert branch name | |
run: | | |
wget https://raw.githubusercontent.com/akto-api-security/infra/ephemeral_env_staging/mongo.yml | |
cat mongo.yml | sed "s/akto/${IMAGE_TAG}/g" > mongo_complete.yml | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_AKI_DEV_CLUSTER_02 }} | |
aws-secret-access-key: ${{ secrets.AWS_SAK_DEV_CLUSTER_02 }} | |
aws-region: ap-south-1 | |
- name: delete cluster | |
uses: koslib/helm-eks-action@master | |
env: | |
KUBE_CONFIG_DATA: ${{ secrets.DEV_CLUSTER_02_KUBE_CONFIG }} | |
IMAGE_TAG: ${{needs.build.outputs.IMAGE_TAG}} | |
with: | |
command: | | |
kubectl delete -n dev -f mongo_complete.yml | |
helm repo add akto https://akto-api-security.github.io/helm-charts | |
helm uninstall -n dev ${IMAGE_TAG} |