Tuesday, March 12, 2024

How to Create Quality Gate in SonarQube and integrate with GitHub Actions | SonarQube Integration with GitHub Actions | Automate Code Scan using SonarQube In GitHub Actions and Force build to Fail or Pass



Pre-requisites:

How to Create Quality gate in SonarQube and integrate with GitHub Actions?

Make sure SonarQube is up and running and integrated with GitHub Actions. Please click here if you would like to setup SonarQube and integrate with GitHub Actions.

We will be executing below steps:
  • Login to SonarQube
  • Create Quality Gate in SonarQube
  • Add conditions in Quality Gate
  • Make quality gate as Default
  • Create GitHub Actions CICD workflow yaml
  • Add tasks for Maven build and Sonar Scan
  • Add tasks for integrating Quality gate 
  • pass/fail the builds in SonarQube

What is Quality gate?

In SonarQube a quality gate is a set of conditions that must be met in order for a project to be marked as passed.

Create Quality Gate

Login to SonarQube, Click on Quality gate, enter some name

Once you create the quality gate. Click on Add condition. 

Select new issues from the drop down and enter 2 



Select new bugs from the drop down and enter 1 as error


Setup a Default Gate


Create GitHub Actions CICD workflow yaml:

Go to GitHub repo where your Java project is, create a new file:

.github/workflows/cicd.yml


The below file have four steps(tasks) 
    - Checkout
    - Install Java on runner
    - Build using Maven
    - run Sonar Scan (this task need to have projectKey defined, otherwise build will fail)
    - run quality gate check
    - pass/fail the build

Copy the the whole yellow color marked content from below:

name: CI/CD workflow for Maven Build, Sonar Code scan and Quality gate check
on:
  push:
    branches:
      - main
  workflow_dispatch:
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout code
      uses: actions/checkout@v3
    - name: Set up JDK 11
      uses: actions/setup-java@v2
      with:
        distribution: 'adopt'
        java-version: '11'
    - name: Build with Maven
      run: mvn install -f MyWebApp/pom.xml
    - name: SonarQube Scan
      uses: sonarsource/sonarqube-scan-action@master
      with:
        projectBaseDir: .
        args: >
          -Dsonar.organization=my-org
          -Dsonar.projectKey=my-Java-web-app
      env:
        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
    # Check the Quality Gate status.
    - name: SonarQube Quality Gate check
      id: sonarqube-quality-gate-check
      uses: sonarsource/sonarqube-quality-gate-action@master
      # Force to fail step after specific time.
      timeout-minutes: 5
      env:
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
       SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }} #OPTIONAL
    # Show the output from the Quality Gate.
    # The possible outputs of the `quality-gate-status` variable are `PASSED`, `WARN` or `FAILED`.
    - name: "Here is SonarQube Quality Gate Status value.."
      run: echo "The Quality Gate status is ${{ steps.sonarqube-quality-gate-check.outputs.quality-gate-status }}"


Commit the file.

As soon as you commit, build will run immediately in GitHub Actions. 
Now you can see the output of build in Actions tab.




Now login to SonarQube to see the Scan report


If your code have any defects, you can see some build fails.

SonarQube Quality gate failed:

Watch Steps in YouTube channel:

Thursday, March 7, 2024

Install Jenkins on Red Hat Enterprise Linux 9 | How to setup Jenkins on RHEL | Install Jenkins on Red Hat Linux

How to Install Jenkins on RedHat Enterprise Linux 9?

Please find below steps for setting up Jenkins on RHEL 9.

Pre-requisites:

  • Memory should be t2.medium (4 GB RAM)
  • port 8080 opened in firewall rule to access Jenkins
  • Connect to EC2 instance using git bash or iTerm

update package

sudo yum update

Install wget
sudo yum install wget -y

Add Jenkins repository to yum repository
sudo wget -O /etc/yum.repos.d/jenkins.repo https://pkg.jenkins.io/redhat-stable/jenkins.repo

sudo rpm --import https://pkg.jenkins.io/redhat-stable/jenkins.io-2023.key

sudo yum upgrade -y

Java Installation

# Add required dependencies for the jenkins package 
sudo yum install fontconfig java-17-openjdk -y

Install Jenkins
sudo yum install jenkins -y
sudo systemctl daemon-reload

sudo systemctl enable jenkins

Start Jenkins
sudo systemctl start jenkins
sudo systemctl status jenkins

Now go to browser and access the Jenkins page.

http://dns_name:8080

Your page will look something like this. Now paste the password into the below Administrator password text box.

Get Jenkins Admin Password
sudo cat /var/lib/jenkins/secrets/initialAdminPassword

Copy the output of the above command.
Press Continue..Click on install suggested plug-ins..


 Install suggested plug-ins.
Now create user name and password.
enter everything as admin. at least user name as admin password as admin
Click on Save and Finish. Click on start using Jenkins. Now you should see a screen like below:


That's it. You have setup Jenkins successfully 😊

Monday, March 4, 2024

How to Integrate Slack with GitHub Actions | Slack Integration with GitHub Actions| Send Push notifications to Slack GitHub Actions

Integrating Slack with GitHub Actions for sending Notifications



Pre-requisites:

How to integrate Slack with GitHub Actions

We will be using slack GitHub Action Slack integration action for posting messages to Slack channel from GitHub Actions.

We will be following below steps:

1. Create a new App in https://api.slack.com/apps
2. Select workspace in the app
3.Select incoming webhooks
4. Activate incoming webhook
5. Add new webhook integration
6. Select channel, Allow
7. Copy the webhook url

Create App from scratch


Enter App name and pick a workspace
Click on incoming webhooks
Activate incoming webhooks, click on Add new webhook to workspace

Select the channel where you want to send notfications

Copy webhook url



Add Slack Webhook URL as Secret in GitHub Actions
Go to your GitHub Repo --> Settings --> 

Click on Secrets and Variables under Security in left nav 
Click new Repository Secret
Add SLACK_WEBHOOK_URL with value


Create GitHub Actions CICD workflow yaml:

Go to GitHub repo where your Java project is, create a new file:

.github/workflows/cicd.yml


name: cicd-workflow with slack integration
on:
  push:
    branches: [ "master" ]
jobs:
  job1:
    runs-on: ubuntu-latest
    env:
      SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
    steps:
    - uses: act10ns/slack@v2
      with:
        status: starting
        channel: '#mar-2024-weekend-batch'
        message: Starting Docker Build image...
      if: always()
    - uses: actions/checkout@v3
    - name: Build Docker image
      run: |
        docker build -t my-docker-repo .
    - uses: act10ns/slack@v2
      with:
        channel: '#mar-2024-weekday-batch'
        status: ${{ job.status }}
        steps: ${{ toJson(steps) }}
      if: always()


Watch Steps in YouTube channel:

Saturday, February 24, 2024

How to configure Self-Hosted GitHub Actions Runner | How to install Self-Hosted GitHub Actions Runner | Configure EC2 instance as self-hosted runner in GitHub Actions

A self-hosted GitHub runner is a machine (physical or virtual) that you set up and manage to run GitHub Actions workflows. A self-hosted runner differs from the default GitHub-hosted runners in that it runs on infrastructure that you control. Self-hosted runners can be physical, virtual, in a container, on-premises, or in a cloud. To learn more about GitHub runner, please click here.

    Advantages of self-hosted runners:

    • full control over the environment and tools
    • Any size machine or configuration
    • Secure access and networking

    Pre-requisites:

    • Project configured in GitHub
    • workflow yaml already checked-in GitHub. If you don't have one, click here to create one.
    • Create a virtual machine with at least 2 GB RAM. we will use EC2 instance in AWS cloud.
    • Install Maven on runner EC2 instance

    How to create self-hosted GitHub Actions Runner?

    Go to GitHub Repo--> Actions --> Runners


    Click on self-hosted runners --> New Runner

    Click on Linux



    Perform update
    sudo apt update

    Install Maven in Runner EC2 as We will be doing Maven build for Java project

    sudo apt install maven -y

    Execute below commands in your virtual machine to configure runner.

    Download installables

    # Create a folder

    mkdir actions-runner && cd actions-runner


    # Download the latest runner package

     curl -o actions-runner-linux-x64-2.313.0.tar.gz -L https://github.com/actions/runner/releases/download/v2.313.0/actions-runner-linux-x64-2.313.0.tar.gz



    # Extract the installer

    tar xzf ./actions-runner-linux-x64-2.313.0.tar.gz


    Configure the runner


    ./config.sh --url https://github.com/akannan1087/myJan2024WeekdayRepo --token Token



    Enter the name of the runner group to add this runner to: [press Enter for Default]

    press enter default for the runner group


    Enter name of the runner 

    MyRunner1


    Enter any additional labels

    MyRunner1


    Now run the runner


    ./run.sh

    this confirms that runner is setup and running fine. waiting for the jobs.

    you can also view in GitHub under Runners tab:



    Create a workflow or modify your workflow to include GitHub runner:


    name: Build a WAR file using Maven

    on:

      push:

        branches: [ "main" ]

    jobs:

      build:

        runs-on: self-hosted

        steps:

        - uses: actions/checkout@v3

        - name: Set up JDK 11
          uses: actions/setup-java@v2
          with:
            distribution: 'adopt'
            java-version: '11'
        - name: Build with Maven
          run: mvn clean install -f MyWebApp/pom.xml


    Save the file and run the workflow.





    Go to your virtual machine where build is running:


    Watch steps in YouTube channel:

    Thursday, February 22, 2024

    Maven Build compilation Error | Failed to execute goal org.apache.maven.plugins:maven-war-plugin:2.2:war

    When you are using Java 17 and trying to compile your Java project using Maven, you may experience this error. this is due to version incompatible issue of maven war plug-in.



    you can upgrade your Java version in Jenkins by executing below command:
    sudo apt install openjdk-17-jdk -y

    or you can follow steps to setup Jenkins with Java 17.

    Fix in your Java Web App:

    Add following plug-in to pom.xml of your Java Project to fix the build issue:

      <build>
        <finalName>MyWebApp</finalName>
         <plugins>
            <plugin>
              <groupId>org.apache.maven.plugins</groupId>
              <artifactId>maven-war-plugin</artifactId>
              <version>3.3.1</version>
            </plugin>
          </plugins>

      </build>
    </project>

    Save the pom.xml and re-run the build.


    Wednesday, February 21, 2024

    Ansible Role for LAMP Installation on Ubuntu | Install LAMP stack using Ansible Role on Ubuntu 22.0.4

     LAMP Stack comprises the following open-source software applications.

      • Linux – This is the operating system hosting the Applications.
      • Apache – Apache HTTP is a free and open-source cross-platform web server.
      • MySQL– Open Source relational database management system.
      • PHP – Programming/Scripting Language used for developing Web applications.


      Pre-requisites:
      Steps to setup SSH keys:
      1. Login to Ansible management server/machine. Create SSH keys in Ansible host machine by executing the below command: (if you already have keys created, please skip this step)
      ssh-keygen 

      enter three times..now you will see keys successfully created.
      2.  Execute the below command on Ansible management node and copy the public key content:
      sudo cat ~/.ssh/id_rsa.pub

      copy the above output.
      3. Now login into target node where you want to install LAMP stack, execute the below command to open the file
      sudo vi /home/ubuntu/.ssh/authorized_keys
      type shift A and then enter now 
          and paste the key in the above file. please do not delete any existing values in this file.

      4. Now go back to Ansible mgmt node, do changes in /etc/ansible/hosts file to include the node you will be installing software. Make sure you add public or private IP address of target node as highlighted below in red color:
      sudo vi /etc/ansible/hosts
      [My_Group]  
      xx.xx.xx.xx ansible_ssh_user=ubuntu ansible_ssh_private_key_file=~/.ssh/id_rsa  ansible_python_interpreter=/usr/bin/python3

      Ansible playbook for installing LAMP(Linux Apache MySQL PHP) stack on Ubuntu

      sudo vi aws-infra-role/tasks/installLAMP.yml
      ---
          - name: Task # 1 - Update APT package manager repositories cache
            become: true
            apt:
              update_cache: yes
          - name: Task # 2 - Install LAMP stack using Ansible
            become: yes
            apt:
              name: "{{ packages }}"
              state: present
            vars:
              packages:
                 - apache2
                 - mysql-server
                 - php


      Create Ansible main playbook

      sudo vi aws-infra-role/setup-lamp.yml
      ---
      # This Playbook installs LAMP stack

      - hosts: My_Group
        gather_facts: False
        tags: LAMP creation

        tasks:
        - include: tasks/installLAMP.yml

      Execute Ansible Role

      ansible-playbook aws-infra-role/setup-lamp.yml


      This is the execution result of the playbook.

      Now go to browser and use target node DNS to confirm if Apache is installed. make sure port 80 is opened in security firewall rules.


      Now login to target EC2 instance, type below commands to verify PHP and MySql versions:

      php --version

      mysql --version

      Wednesday, February 14, 2024

      How to integrate SonarQube with GitHub Actions | SonarQube Integration with GitHub Actions| Automate Code Scan using SonarQube In GitHub Actions

      Please find steps for integrating SonarQube with GitHub Actions:


      Pre-requisites:

      How to integrate SonarQube with GitHub Actions:
      We will be following below steps:
      • Create Token in SonarQube to authenticate with GitHub Actions
      • Add Sonar Token, SonarQube URL as Secrets in GitHub Actions
      • Create GitHub Actions CICD workflow yaml
      • Add tasks for Maven build and Sonar Scan
      • Run the workflow in GitHub hosted runner(Ubuntu)
      • Verify scan report in SonarQube

      Create Token in SonarQube to authenticate with GitHub Actions
      You need to login to SonarQube using your admin password and click on Admin on your top side.
      Click on My Account, Security. 
      Under Tokens, Give some value for token name and choose global analysis token, click on generate Tokens. Copy the token value generated.


      Add Sonar Token and Sonar Host URLs as Secret in GitHub Actions
      Go to your GitHub Repo --> Settings --> 

      Click on Secrets and Variables under Security in left nav 
      Click new Repository Secret


      Add another variable for storing Sonar token


      Create GitHub Actions CICD workflow yaml:

      Go to GitHub repo where your Java project is, create a new file:

      .github/workflows/cicd.yml


      The below file have four steps(tasks) 
          - Checkout
          - Install Java on runner
          - Build using Maven
          - run Sonar Scan (this task need to have projectKey defined, otherwise build will fail)

      Copy the content from below:

      name: CI/CD workflow for Maven Build and Sonar Code scan
      on:
        push:
          branches:
            - main
        workflow_dispatch:
      jobs:
        build:
          runs-on: ubuntu-latest
          steps:
          - name: Checkout code
            uses: actions/checkout@v2
          - name: Set up JDK 11
            uses: actions/setup-java@v2
            with:
              distribution: 'adopt'
              java-version: '11'
          - name: Build with Maven
            run: mvn clean install -f MyWebApp/pom.xml
          - name: SonarQube Scan
            uses: sonarsource/sonarqube-scan-action@master
            with:
              projectBaseDir: .
              args: >
                -Dsonar.organization=my-org
                -Dsonar.projectKey=my-Java-web-app
            env:
              SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
              SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}

      Commit the file.

      As soon as you commit, build will run immediately in GitHub Actions. 
      Now you can see the output of build in Actions tab.


      Now login to SonarQube to see the Scan report


      Notes:
      You can also refer the documentation below from below websites.


      Watch steps in YouTube channel:

      How to Create Quality Gate in SonarQube and integrate with GitHub Actions | SonarQube Integration with GitHub Actions | Automate Code Scan using SonarQube In GitHub Actions and Force build to Fail or Pass

      Pre-requisites: Make sure SonarQube is up and running Make sure Java Project is setup in GitHub SonarQube is already integrated with GitHub ...