diff --git a/.github/workflows/catalogue.yaml b/.github/workflows/catalogue.yaml index 17e34e1..08a6b0b 100644 --- a/.github/workflows/catalogue.yaml +++ b/.github/workflows/catalogue.yaml @@ -5,7 +5,7 @@ name: Shopstack DevSecOps Pipeline For Catalogue on: - pull_request: + push: branches: - env/prod paths: @@ -18,7 +18,7 @@ permissions: env: PROJECT: "shopstack" - ENV: "staging" + ENV: "prod" jobs: build: @@ -111,4 +111,40 @@ jobs: uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: ${{ matrix.component }}/Dockerfile - failure-threshold: warning \ No newline at end of file + failure-threshold: warning + + update-manifest: + name: "🚀 Update K8s Manifest" + runs-on: ubuntu-latest + needs: [build, image-scan, dockerfile-lint] + if: github.event_name == 'push' && github.ref == 'refs/heads/env/prod' + permissions: + contents: write # Needed to push manifest changes + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Get short SHA + id: sha + run: echo "short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + + - name: Update K8s manifest with new image tags + run: | + git fetch origin + git checkout origin/k8s/prod + + IMAGE_TAG=${{ steps.sha.outputs.short }} + sed -i 's/tag: .*/tag: ${IMAGE_TAG}/' helm/catalogue/values.yaml + + echo "✅ Updated images to tag: ${IMAGE_TAG}" + grep "tag:" helm/catalogue/values.yaml + + - name: Commit and push manifest update + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add helm/catalogue/values.yaml + git diff --cached --quiet || git commit -m "ci(${{ env.ENV }}): update helm catalogue values to ${{ steps.sha.outputs.short }} [skip ci]" + git push \ No newline at end of file diff --git a/.github/workflows/dispatch.yaml b/.github/workflows/dispatch.yaml index aa45679..d4bd5e9 100644 --- a/.github/workflows/dispatch.yaml +++ b/.github/workflows/dispatch.yaml @@ -5,7 +5,7 @@ name: Shopstack DevSecOps Pipeline For Dispatch on: - pull_request: + push: branches: - env/prod paths: @@ -18,7 +18,7 @@ permissions: env: PROJECT: "shopstack" - ENV: "staging" + ENV: "prod" jobs: build: @@ -111,4 +111,40 @@ jobs: uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: ${{ matrix.component }}/Dockerfile - failure-threshold: warning \ No newline at end of file + failure-threshold: warning + + update-manifest: + name: "🚀 Update K8s Manifest" + runs-on: ubuntu-latest + needs: [build, image-scan, dockerfile-lint] + if: github.event_name == 'push' && github.ref == 'refs/heads/env/prod' + permissions: + contents: write # Needed to push manifest changes + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Get short SHA + id: sha + run: echo "short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + + - name: Update K8s manifest with new image tags + run: | + git fetch origin + git checkout origin/k8s/prod + + IMAGE_TAG=${{ steps.sha.outputs.short }} + sed -i 's/tag: .*/tag: ${IMAGE_TAG}/' helm/dispatch/values.yaml + + echo "✅ Updated images to tag: ${IMAGE_TAG}" + grep "tag:" helm/dispatch/values.yaml + + - name: Commit and push manifest update + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add helm/dispatch/values.yaml + git diff --cached --quiet || git commit -m "ci(${{ env.ENV }}): update helm dispatch values to ${{ steps.sha.outputs.short }} [skip ci]" + git push \ No newline at end of file diff --git a/.github/workflows/mongo.yaml b/.github/workflows/mongo.yaml index 05ddf30..f73bd9c 100644 --- a/.github/workflows/mongo.yaml +++ b/.github/workflows/mongo.yaml @@ -5,7 +5,7 @@ name: Shopstack DevSecOps Pipeline For Mongo on: - pull_request: + push: branches: - env/prod paths: @@ -18,7 +18,7 @@ permissions: env: PROJECT: "shopstack" - ENV: "staging" + ENV: "prod" jobs: build: @@ -111,4 +111,40 @@ jobs: uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: ${{ matrix.component }}/Dockerfile - failure-threshold: warning \ No newline at end of file + failure-threshold: warning + + update-manifest: + name: "🚀 Update K8s Manifest" + runs-on: ubuntu-latest + needs: [build, image-scan, dockerfile-lint] + if: github.event_name == 'push' && github.ref == 'refs/heads/env/prod' + permissions: + contents: write # Needed to push manifest changes + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Get short SHA + id: sha + run: echo "short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + + - name: Update K8s manifest with new image tags + run: | + git fetch origin + git checkout origin/k8s/prod + + IMAGE_TAG=${{ steps.sha.outputs.short }} + sed -i 's/tag: .*/tag: ${IMAGE_TAG}/' helm/mongo/values.yaml + + echo "✅ Updated images to tag: ${IMAGE_TAG}" + grep "tag:" helm/mongo/values.yaml + + - name: Commit and push manifest update + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add helm/mongo/values.yaml + git diff --cached --quiet || git commit -m "ci(${{ env.ENV }}): update helm mongo values to ${{ steps.sha.outputs.short }} [skip ci]" + git push \ No newline at end of file diff --git a/.github/workflows/mysql.yaml b/.github/workflows/mysql.yaml index ed7a9b6..dca548c 100644 --- a/.github/workflows/mysql.yaml +++ b/.github/workflows/mysql.yaml @@ -5,7 +5,7 @@ name: Shopstack DevSecOps Pipeline For Mysql on: - pull_request: + push: branches: - env/prod paths: @@ -18,7 +18,7 @@ permissions: env: PROJECT: "shopstack" - ENV: "staging" + ENV: "prod" jobs: build: @@ -111,4 +111,40 @@ jobs: uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: ${{ matrix.component }}/Dockerfile - failure-threshold: warning \ No newline at end of file + failure-threshold: warning + + update-manifest: + name: "🚀 Update K8s Manifest" + runs-on: ubuntu-latest + needs: [build, image-scan, dockerfile-lint] + if: github.event_name == 'push' && github.ref == 'refs/heads/env/prod' + permissions: + contents: write # Needed to push manifest changes + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Get short SHA + id: sha + run: echo "short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + + - name: Update K8s manifest with new image tags + run: | + git fetch origin + git checkout origin/k8s/prod + + IMAGE_TAG=${{ steps.sha.outputs.short }} + sed -i 's/tag: .*/tag: ${IMAGE_TAG}/' helm/mysql/values.yaml + + echo "✅ Updated images to tag: ${IMAGE_TAG}" + grep "tag:" helm/mysql/values.yaml + + - name: Commit and push manifest update + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add helm/mysql/values.yaml + git diff --cached --quiet || git commit -m "ci(${{ env.ENV }}): update helm mysql values to ${{ steps.sha.outputs.short }} [skip ci]" + git push \ No newline at end of file diff --git a/.github/workflows/payment.yaml b/.github/workflows/payment.yaml index 2f5da12..29667d5 100644 --- a/.github/workflows/payment.yaml +++ b/.github/workflows/payment.yaml @@ -5,7 +5,7 @@ name: Shopstack DevSecOps Pipeline For Payment on: - pull_request: + push: branches: - env/prod paths: @@ -18,7 +18,7 @@ permissions: env: PROJECT: "shopstack" - ENV: "staging" + ENV: "prod" jobs: build: @@ -111,4 +111,40 @@ jobs: uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: ${{ matrix.component }}/Dockerfile - failure-threshold: warning \ No newline at end of file + failure-threshold: warning + + update-manifest: + name: "🚀 Update K8s Manifest" + runs-on: ubuntu-latest + needs: [build, image-scan, dockerfile-lint] + if: github.event_name == 'push' && github.ref == 'refs/heads/env/prod' + permissions: + contents: write # Needed to push manifest changes + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Get short SHA + id: sha + run: echo "short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + + - name: Update K8s manifest with new image tags + run: | + git fetch origin + git checkout origin/k8s/prod + + IMAGE_TAG=${{ steps.sha.outputs.short }} + sed -i 's/tag: .*/tag: ${IMAGE_TAG}/' helm/payment/values.yaml + + echo "✅ Updated images to tag: ${IMAGE_TAG}" + grep "tag:" helm/payment/values.yaml + + - name: Commit and push manifest update + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add helm/payment/values.yaml + git diff --cached --quiet || git commit -m "ci(${{ env.ENV }}): update helm payment values to ${{ steps.sha.outputs.short }} [skip ci]" + git push \ No newline at end of file diff --git a/.github/workflows/ratings.yaml b/.github/workflows/ratings.yaml index d66427f..158a3fa 100644 --- a/.github/workflows/ratings.yaml +++ b/.github/workflows/ratings.yaml @@ -5,7 +5,7 @@ name: Shopstack DevSecOps Pipeline For Ratings on: - pull_request: + push: branches: - env/prod paths: @@ -18,7 +18,7 @@ permissions: env: PROJECT: "shopstack" - ENV: "staging" + ENV: "prod" jobs: build: @@ -111,4 +111,40 @@ jobs: uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: ${{ matrix.component }}/Dockerfile - failure-threshold: warning \ No newline at end of file + failure-threshold: warning + + update-manifest: + name: "🚀 Update K8s Manifest" + runs-on: ubuntu-latest + needs: [build, image-scan, dockerfile-lint] + if: github.event_name == 'push' && github.ref == 'refs/heads/env/prod' + permissions: + contents: write # Needed to push manifest changes + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Get short SHA + id: sha + run: echo "short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + + - name: Update K8s manifest with new image tags + run: | + git fetch origin + git checkout origin/k8s/prod + + IMAGE_TAG=${{ steps.sha.outputs.short }} + sed -i 's/tag: .*/tag: ${IMAGE_TAG}/' helm/ratings/values.yaml + + echo "✅ Updated images to tag: ${IMAGE_TAG}" + grep "tag:" helm/ratings/values.yaml + + - name: Commit and push manifest update + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add helm/ratings/values.yaml + git diff --cached --quiet || git commit -m "ci(${{ env.ENV }}): update helm ratings values to ${{ steps.sha.outputs.short }} [skip ci]" + git push \ No newline at end of file diff --git a/.github/workflows/shipping.yaml b/.github/workflows/shipping.yaml index ab05748..ebb9be4 100644 --- a/.github/workflows/shipping.yaml +++ b/.github/workflows/shipping.yaml @@ -5,7 +5,7 @@ name: Shopstack DevSecOps Pipeline For Shipping on: - pull_request: + push: branches: - env/prod paths: @@ -18,7 +18,7 @@ permissions: env: PROJECT: "shopstack" - ENV: "staging" + ENV: "prod" jobs: build: @@ -111,4 +111,40 @@ jobs: uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: ${{ matrix.component }}/Dockerfile - failure-threshold: warning \ No newline at end of file + failure-threshold: warning + + update-manifest: + name: "🚀 Update K8s Manifest" + runs-on: ubuntu-latest + needs: [build, image-scan, dockerfile-lint] + if: github.event_name == 'push' && github.ref == 'refs/heads/env/prod' + permissions: + contents: write # Needed to push manifest changes + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Get short SHA + id: sha + run: echo "short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + + - name: Update K8s manifest with new image tags + run: | + git fetch origin + git checkout origin/k8s/prod + + IMAGE_TAG=${{ steps.sha.outputs.short }} + sed -i 's/tag: .*/tag: ${IMAGE_TAG}/' helm/shipping/values.yaml + + echo "✅ Updated images to tag: ${IMAGE_TAG}" + grep "tag:" helm/shipping/values.yaml + + - name: Commit and push manifest update + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add helm/shipping/values.yaml + git diff --cached --quiet || git commit -m "ci(${{ env.ENV }}): update helm shipping values to ${{ steps.sha.outputs.short }} [skip ci]" + git push \ No newline at end of file diff --git a/.github/workflows/user.yaml b/.github/workflows/user.yaml index 7546da6..48e6cac 100644 --- a/.github/workflows/user.yaml +++ b/.github/workflows/user.yaml @@ -5,7 +5,7 @@ name: Shopstack DevSecOps Pipeline For User on: - pull_request: + push: branches: - env/prod paths: @@ -18,7 +18,7 @@ permissions: env: PROJECT: "shopstack" - ENV: "staging" + ENV: "prod" jobs: build: @@ -111,4 +111,40 @@ jobs: uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: ${{ matrix.component }}/Dockerfile - failure-threshold: warning \ No newline at end of file + failure-threshold: warning + + update-manifest: + name: "🚀 Update K8s Manifest" + runs-on: ubuntu-latest + needs: [build, image-scan, dockerfile-lint] + if: github.event_name == 'push' && github.ref == 'refs/heads/env/prod' + permissions: + contents: write # Needed to push manifest changes + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Get short SHA + id: sha + run: echo "short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + + - name: Update K8s manifest with new image tags + run: | + git fetch origin + git checkout origin/k8s/prod + + IMAGE_TAG=${{ steps.sha.outputs.short }} + sed -i 's/tag: .*/tag: ${IMAGE_TAG}/' helm/user/values.yaml + + echo "✅ Updated images to tag: ${IMAGE_TAG}" + grep "tag:" helm/user/values.yaml + + - name: Commit and push manifest update + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add helm/user/values.yaml + git diff --cached --quiet || git commit -m "ci(${{ env.ENV }}): update helm user values to ${{ steps.sha.outputs.short }} [skip ci]" + git push \ No newline at end of file diff --git a/.github/workflows/web.yaml b/.github/workflows/web.yaml index 5fa472f..abed5c6 100644 --- a/.github/workflows/web.yaml +++ b/.github/workflows/web.yaml @@ -5,7 +5,7 @@ name: Shopstack DevSecOps Pipeline For Web on: - pull_request: + push: branches: - env/prod paths: @@ -18,7 +18,7 @@ permissions: env: PROJECT: "shopstack" - ENV: "staging" + ENV: "prod" jobs: build: @@ -111,4 +111,40 @@ jobs: uses: hadolint/hadolint-action@v3.1.0 with: dockerfile: ${{ matrix.component }}/Dockerfile - failure-threshold: warning \ No newline at end of file + failure-threshold: warning + + update-manifest: + name: "🚀 Update K8s Manifest" + runs-on: ubuntu-latest + needs: [build, image-scan, dockerfile-lint] + if: github.event_name == 'push' && github.ref == 'refs/heads/env/prod' + permissions: + contents: write # Needed to push manifest changes + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Get short SHA + id: sha + run: echo "short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + + - name: Update K8s manifest with new image tags + run: | + git fetch origin + git checkout origin/k8s/prod + + IMAGE_TAG=${{ steps.sha.outputs.short }} + sed -i 's/tag: .*/tag: ${IMAGE_TAG}/' helm/web/values.yaml + + echo "✅ Updated images to tag: ${IMAGE_TAG}" + grep "tag:" helm/web/values.yaml + + - name: Commit and push manifest update + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add helm/web/values.yaml + git diff --cached --quiet || git commit -m "ci(${{ env.ENV }}): update helm web values to ${{ steps.sha.outputs.short }} [skip ci]" + git push \ No newline at end of file