validate/online-boutique
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source 
Change-Id: I9c68c43e939d2c1a3b95a68b71ecc5ba861a4df5
This commit is contained in:
Scaffolder
2026-03-05 13:37:56 +00:00
commit 7e119cad41
24 changed files with 3024 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

141
.gitea/workflows/build-push.yml Normal file
View File

@@ -0,0 +1,141 @@
name: Build and Push to ACR
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
workflow_dispatch: {}
concurrency:
group: -
cancel-in-progress: true
env:
AZURE_FEDERATED_TOKEN_FILE: /var/run/secrets/azure/tokens/azure-identity-token
jobs:
build:
name: Build and Push
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '17'
cache: 'maven'
- name: Install Maven
run: |
echo "Installing Maven..."
apt-get update -qq
apt-get install -y maven
mvn --version
echo "Maven installed"
- name: Build with Maven
run: |
echo "Building online-boutique..."
mvn clean package -DskipTests -B
echo "Build completed"
- name: Run tests
run: |
echo "Running tests..."
mvn test -B
echo "Tests passed"
# ── Install Azure CLI ───────────────────────────────────────────────
# act runners don't include az by default — install via Microsoft's
# official script which works on Debian/Ubuntu without sudo.
- name: Install Azure CLI
run: |
if command -v az &>/dev/null; then
echo "Azure CLI already installed: $(az version --query '"azure-cli"' -o tsv)"
else
curl -sL https://aka.ms/InstallAzureCLIDeb | bash
fi
# ── Authenticate to Azure ──────────────────────────────────────────
- name: Azure login (OIDC)
run: |
az login \
--service-principal \
--username "$AZURE_CLIENT_ID" \
--tenant "$AZURE_TENANT_ID" \
--federated-token "$(cat $AZURE_FEDERATED_TOKEN_FILE)"
echo "✓ Azure login successful"
- name: Get ACR details
id: acr
run: |
echo "Getting ACR details..."
ACR_NAME=$(az acr list --query "[0].name" -o tsv)
ACR_NAME="${ACR_NAME:-bstagecjotdevacr}"
ACR_LOGIN_SERVER="${ACR_NAME}.azurecr.io"
# Validation
if [ -z "$ACR_NAME" ]; then
echo "❌ ACR_NAME is empty"
exit 1
fi
if [ -z "$ACR_LOGIN_SERVER" ]; then
echo "❌ ACR_LOGIN_SERVER is empty"
exit 1
fi
echo "ACR_NAME=$ACR_NAME" >> $GITHUB_ENV
echo "ACR_LOGIN_SERVER=$ACR_LOGIN_SERVER" >> $GITHUB_ENV
echo "✓ Using ACR: $ACR_LOGIN_SERVER"
- name: ACR Login
run: |
echo "Logging into ACR..."
echo "ACR_NAME='$ACR_NAME'"
ACR_TOKEN=$(az acr login --name "$ACR_NAME" --expose-token --output tsv --query accessToken)
docker login "$ACR_LOGIN_SERVER" --username "$AZURE_CLIENT_ID" --password "$ACR_TOKEN"
echo "✓ ACR login successful"
- name: Build and Push Docker Image
run: |
IMAGE_NAME="online-boutique"
IMAGE_TAG=""
IMAGE_FULL="/$IMAGE_NAME:$IMAGE_TAG"
IMAGE_LATEST="/$IMAGE_NAME:latest"
echo "Building Docker image..."
docker build -t $IMAGE_NAME:$IMAGE_TAG .
echo "Tagging images..."
docker tag $IMAGE_NAME:$IMAGE_TAG $IMAGE_FULL
docker tag $IMAGE_NAME:$IMAGE_TAG $IMAGE_LATEST
echo "Pushing to ACR..."
docker push $IMAGE_FULL
docker push $IMAGE_LATEST
echo "Images pushed:"
echo " - $IMAGE_FULL"
echo " - $IMAGE_LATEST"
echo "IMAGE_FULL=$IMAGE_FULL" >> $GITHUB_ENV
- name: Build Summary
run: |
echo "### Build Successful" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "- **Application**: online-boutique" >> $GITHUB_STEP_SUMMARY
echo "- **Commit**: " >> $GITHUB_STEP_SUMMARY
echo "- **Image**: " >> $GITHUB_STEP_SUMMARY
echo "- **ACR**: " >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "Built, tested, and pushed to ACR!" >> $GITHUB_STEP_SUMMARY

196
.gitea/workflows/deploy-humanitec.yml Normal file
View File

@@ -0,0 +1,196 @@
name: Deploy to Humanitec
on:
# Runs automatically after Build and Push succeeds — prevents deploying before image exists
workflow_run:
workflows: ["Build and Push to ACR"]
types:
- completed
branches: [ "main" ]
workflow_dispatch:
inputs:
environment:
description: 'Target environment'
required: true
default: 'development'
type: choice
options:
- development
- staging
- production
env:
APP_ID: online-boutique
AZURE_FEDERATED_TOKEN_FILE: /var/run/secrets/azure/tokens/azure-identity-token
DEFAULT_ENV_ID: development
jobs:
deploy:
name: Deploy to Humanitec
runs-on: ubuntu-latest
# Only deploy when build succeeded (or when manually dispatched)
if: github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success'
permissions:
contents: read
id-token: write
outputs:
sha: NaN
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Get short SHA
id: get-sha
run: echo "sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
- name: Install CLI tools
run: |
echo "Installing required tools..."
# Install yq
echo "Installing yq..."
wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
chmod +x /usr/local/bin/yq
yq --version
# Install jq
echo "Installing jq..."
wget -qO /usr/local/bin/jq https://github.com/jqlang/jq/releases/latest/download/jq-linux-amd64
chmod +x /usr/local/bin/jq
jq --version
# Install humctl
echo "Installing humctl..."
cd /tmp
HUMCTL_VERSION=$(curl -s https://api.github.com/repos/humanitec/cli/releases/latest | jq -r '.tag_name')
wget -q https://github.com/humanitec/cli/releases/download/${HUMCTL_VERSION}/cli_${HUMCTL_VERSION#v}_linux_amd64.tar.gz
tar -xzf cli_${HUMCTL_VERSION#v}_linux_amd64.tar.gz
mv humctl /usr/local/bin/
chmod +x /usr/local/bin/humctl
cd -
humctl version
echo "Tools installed"
# ── Install Azure CLI ───────────────────────────────────────────────
# act runners don't include az by default — install via Microsoft's
# official script which works on Debian/Ubuntu without sudo.
- name: Install Azure CLI
run: |
if command -v az &>/dev/null; then
echo "Azure CLI already installed: $(az version --query '"azure-cli"' -o tsv)"
else
curl -sL https://aka.ms/InstallAzureCLIDeb | bash
fi
# ── Authenticate to Azure ──────────────────────────────────────────
- name: Azure login (OIDC)
run: |
az login \
--service-principal \
--username "$AZURE_CLIENT_ID" \
--tenant "$AZURE_TENANT_ID" \
--federated-token "$(cat $AZURE_FEDERATED_TOKEN_FILE)"
echo "✓ Azure login successful"
- name: Get image reference
id: image
run: |
ACR_LOGIN_SERVER=$(az acr list --query "[0].loginServer" -o tsv)
COMMIT_SHA=NaN
IMAGE_FULL="${ACR_LOGIN_SERVER}/online-boutique:${COMMIT_SHA}"
echo "IMAGE_FULL=$IMAGE_FULL" >> $GITHUB_ENV
echo "SHA: $COMMIT_SHA"
echo "✓ Image: $IMAGE_FULL"
- name: Set environment
id: set-env
run: |
if [ "" = "workflow_dispatch" ]; then
ENV_ID=""
else
ENV_ID="$DEFAULT_ENV_ID"
fi
# Set default if empty
ENV_ID="${ENV_ID:-development}"
echo "ENV_ID=$ENV_ID" >> $GITHUB_OUTPUT
echo "ENV_ID=$ENV_ID" >> $GITHUB_ENV
echo "DEPLOYMENT_ID=$(date +%Y%m%d-%H%M%S)-NaN" >> $GITHUB_OUTPUT
echo "✓ Using environment: $ENV_ID"
- name: Get Humanitec token from Key Vault
id: get-secret
run: |
echo "Retrieving Humanitec token from Key Vault..."
HUMANITEC_TOKEN=$(az keyvault secret show \
--vault-name "bstage-cjot-dev-core-kv" \
--name "humanitec-api-token" \
--query "value" \
--output tsv)
if [ -z "$HUMANITEC_TOKEN" ]; then
echo "❌ Failed to retrieve Humanitec token"
exit 1
fi
echo "HUMANITEC_TOKEN=$HUMANITEC_TOKEN" >> $GITHUB_ENV
echo "✓ Humanitec token retrieved successfully"
HUMANITEC_ORG=$(az keyvault secret show \
--vault-name "bstage-cjot-dev-core-kv" \
--name "humanitec-org-id" \
--query "value" \
--output tsv)
if [ -z "$HUMANITEC_ORG" ]; then
echo "❌ Failed to retrieve Humanitec org"
exit 1
fi
echo "HUMANITEC_ORG=$HUMANITEC_ORG" >> $GITHUB_ENV
echo "✓ Humanitec org retrieved successfully"
- name: Deploy via Humanitec Score
id: deploy
run: |
# Capture outputs from previous steps as environment variables
echo " Org: $HUMANITEC_ORG"
echo " App: $APP_ID"
echo " Env: $ENV_ID"
echo " Image: $IMAGE_FULL"
echo " sha: NaN"
# Deploy using Score
humctl score deploy \
--org "$HUMANITEC_ORG" \
--app "$APP_ID" \
--env "$ENV_ID" \
--file score.yaml \
--image containers.app=$IMAGE_FULL \
--message "Deployment from commit NaN" \
--token "$HUMANITEC_TOKEN" \
-v 5
echo "✓ Deployment successful!"
- name: Deployment Summary
run: |
DEPLOY_URL="https://app.humanitec.io/orgs/${HUMANITEC_ORG}/apps/${APP_ID}/envs/$ENV_ID"
GRAFANA_URL="https://grafana.kyndemo.live/d/spring-boot-dashboard?var-app=${APP_ID}"
echo "### 🚀 Deployment Complete" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "- **Application**: ${APP_ID}" >> $GITHUB_STEP_SUMMARY
echo "- **Environment**: $ENV_ID" >> $GITHUB_STEP_SUMMARY
echo "- **Image**: $IMAGE_FULL" >> $GITHUB_STEP_SUMMARY
echo "- **Commit**: NaN" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "📊 **Links:**" >> $GITHUB_STEP_SUMMARY
echo "- [Humanitec Console]($DEPLOY_URL)" >> $GITHUB_STEP_SUMMARY
echo "- [Grafana Dashboard]($GRAFANA_URL)" >> $GITHUB_STEP_SUMMARY

107
.gitea/workflows/techdocs.yml Normal file
View File

@@ -0,0 +1,107 @@
name: Build and Publish TechDocs
on:
workflow_run:
workflows: ["Build and Push to ACR"]
branches: [main]
types: [completed]
workflow_dispatch: {}
env:
TECHDOCS_AZURE_BLOB_CONTAINER_NAME:
AZURE_FEDERATED_TOKEN_FILE: /var/run/secrets/azure/tokens/azure-identity-token
AZURE_ACCOUNT_NAME: "bstagecjotdevsttechdocs"
ENTITY_NAMESPACE: default
ENTITY_KIND: component
ENTITY_NAME: online-boutique
jobs:
build-and-publish:
if: >-
${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }}
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0 # full history for git-revision-date-localized plugin
- name: read and set output
id: read_env
run: |
echo "$AZURE_FEDERATED_TOKEN_FILE"
env | grep AZURE
echo "$(cat $AZURE_FEDERATED_TOKEN_FILE)"
# act-based Gitea runners run as root — sudo is not available.
# apt-get is called directly; works whether root or not.
- name: Bootstrap pip
run: |
python3 --version
if python3 -m pip --version 2>/dev/null; then
echo "pip already available"
elif python3 -m ensurepip --version 2>/dev/null; then
python3 -m ensurepip --upgrade
else
apt-get update -qq
apt-get install -y python3-pip
fi
python3 -m pip install --upgrade pip
python3 -m pip --version
- name: Install dependencies
run: |
python3 -m pip install --upgrade pip
python3 -m pip install \
mkdocs-techdocs-core==1.* \
mkdocs-git-revision-date-localized-plugin \
mkdocs-awesome-pages-plugin
npm install -g @techdocs/cli
# mkdocs has no dry-run flag — build into a temp dir to validate config
# and catch any broken links or missing pages early.
- name: Validate MkDocs config
run: mkdocs build --strict --site-dir /tmp/mkdocs-validate
- name: Build TechDocs site
run: |
techdocs-cli generate \
--source-dir . \
--output-dir ./site \
--no-docker \
--verbose
# act runners don't include az by default — install via Microsoft's
# official script which works on Debian/Ubuntu without sudo.
- name: Install Azure CLI
run: |
if command -v az &>/dev/null; then
echo "Azure CLI already installed: $(az version --query '"azure-cli"' -o tsv)"
else
curl -sL https://aka.ms/InstallAzureCLIDeb | bash
fi
- name: Azure login (OIDC)
run: |
az login \
--service-principal \
--username "$AZURE_CLIENT_ID" \
--tenant "$AZURE_TENANT_ID" \
--federated-token "$(cat $AZURE_FEDERATED_TOKEN_FILE)"
echo "✓ Azure login successful"
- name: Publish TechDocs site
run: |
echo "$AZURE_ACCOUNT_NAME"
echo "$ENTITY_NAMESPACE"
echo "$ENTITY_KIND"
echo "$ENTITY_NAME"
techdocs-cli publish \
--publisher-type azureBlobStorage \
--storage-name "techdocs" \
--azureAccountName "$AZURE_ACCOUNT_NAME" \
--entity "$ENTITY_NAMESPACE/$ENTITY_KIND/$ENTITY_NAME"