reduced complexity #22
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Zero-Trust Pipeline | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| jobs: | |
| sast-and-test: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| security-events: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: github/codeql-action/init@v3 | |
| with: | |
| languages: cpp | |
| - run: | | |
| g++ -O3 -march=native -flto -I include -o engine_test src/*.cpp | |
| ./engine_test --test | |
| - uses: github/codeql-action/analyze@v3 | |
| build-and-deploy: | |
| needs: sast-and-test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - run: docker build -t trading-engine:${{ github.sha }} . | |
| - uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: 'trading-engine:${{ github.sha }}' | |
| format: 'table' | |
| exit-code: '1' | |
| ignore-unfixed: true | |
| vuln-type: 'os,library' | |
| severity: 'CRITICAL,HIGH' | |
| - uses: hashicorp/setup-terraform@v3 | |
| - run: | | |
| cd terraform | |
| terraform init | |
| terraform apply -auto-approve | |
| - run: | | |
| docker tag trading-engine:${{ github.sha }} trading-engine:latest | |
| kind load docker-image trading-engine:latest --name zero-trust-cluster | |
| - run: | | |
| kubectl apply -f k8s/blue.yaml | |
| kubectl apply -f k8s/service.yaml | |
| kubectl rollout status deployment/engine-blue | |
| kubectl apply -f k8s/green.yaml | |
| kubectl rollout status deployment/engine-green | |
| kubectl patch service engine-service -p '{"spec":{"selector":{"version":"green"}}}' | |
| kubectl delete deployment engine-blue |