Monday, February 26, 2024

How to integrate SonarQube with GitHub Actions | SonarQube Integration with GitHub Actions| Automate Code Scan using SonarQube In GitHub Actions

 Please find steps for integrating SonarQube with GitHub Actions


Pre-requisites:

How to integrate SonarQube with GitHub Actions:
We will be following below steps:
  • Create Token in SonarQube to authenticate with GitHub Actions
  • Add Sonar Token, SonarQube URL as Secrets in GitHub Actions
  • Create GitHub Actions CICD workflow yaml
  • Add tasks for Maven build and Sonar Scan
  • Run the workflow in GitHub hosted runner(Ubuntu)
  • Verify scan report in SonarQube

Create Token in SonarQube to authenticate with GitHub Actions
You need to login to SonarQube using your admin password and click on Admin on your top side.
Click on My Account, Security. 
Under Tokens, Give some value for token name and choose global analysis token, click on generate Tokens. Copy the token value generated.


Add Sonar Token and Sonar Host URLs as Secret in GitHub Actions
Go to your GitHub Repo --> Settings --> 

Click on Secrets and Variables under Security in left nav 
Click new Repository Secret


Add another variable for storing Sonar token


Create GitHub Actions CICD workflow yaml:

Go to GitHub repo where your Java project is, create a new file:

.github/workflows/cicd.yml


The below file have four steps(tasks) 
    - Checkout
    - Install Java on runner
    - Build using Maven
    - run Sonar Scan (this task need to have projectKey defined, otherwise build will fail)

Copy the content from below:

name: CI/CD workflow for Maven Build and Sonar Code scan
on:
  push:
    branches:
      - main
  workflow_dispatch:
jobs:
  build:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout code
      uses: actions/checkout@v2
    - name: Set up JDK 11
      uses: actions/setup-java@v2
      with:
        distribution: 'adopt'
        java-version: '11'
    - name: Build with Maven
      run: mvn clean install -f MyWebApp/pom.xml
    - name: SonarQube Scan
      uses: sonarsource/sonarqube-scan-action@v1
      with:
        projectBaseDir: .
        args: >
          -Dsonar.organization=my-org
          -Dsonar.projectKey=my-Java-web-app
      env:
        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
        SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}

Commit the file.

As soon as you commit, build will run immediately in GitHub Actions. 
Now you can see the output of build in Actions tab.


Now login to SonarQube to see the Scan report


Notes:
You can also refer the documentation below from below websites.


Watch steps in YouTube channel: 

How to configure Self-Hosted GitHub Actions Runner | How to install Self-Hosted GitHub Actions Runner | Configure EC2 instance as self-hosted runner in GitHub Actions

A self-hosted GitHub runner is a machine (physical or virtual) that you set up and manage to run GitHub Actions workflows. A self-hosted runner differs from the default GitHub-hosted runners in that it runs on infrastructure that you control. Self-hosted runners can be physical, virtual, in a container, on-premises, or in a cloud. To learn more about GitHub runner, please click here.

    Advantages of self-hosted runners:

    • full control over the environment and tools
    • Any size machine or configuration
    • Secure access and networking

    Pre-requisites:

    • Project configured in GitHub
    • workflow yaml already checked-in GitHub. If you don't have one, click here to create one.
    • Create a virtual machine with at least 2 GB RAM. we will use EC2 instance in AWS cloud.
    • Install Maven on runner EC2 instance

    How to create self-hosted GitHub Actions Runner?

    Go to GitHub Repo--> Actions --> Runners


    Click on self-hosted runners --> New Runner

    Click on Linux



    Perform update
    sudo apt update

    Install Maven in Runner EC2 as We will be doing Maven build for Java project

    sudo apt install maven -y

    Execute below commands in your virtual machine to configure runner.

    Download installables

    # Create a folder

    mkdir actions-runner && cd actions-runner


    # Download the latest runner package

     curl -o actions-runner-linux-x64-2.313.0.tar.gz -L https://github.com/actions/runner/releases/download/v2.313.0/actions-runner-linux-x64-2.313.0.tar.gz



    # Extract the installer

    tar xzf ./actions-runner-linux-x64-2.313.0.tar.gz


    Configure the runner


    ./config.sh --url https://github.com/akannan1087/myJan2024WeekdayRepo --token Token



    Enter the name of the runner group to add this runner to: [press Enter for Default]

    press enter default for the runner group


    Enter name of the runner 

    MyRunner1


    Enter any additional labels

    MyRunner1


    Now run the runner


    ./run.sh

    this confirms that runner is setup and running fine. waiting for the jobs.

    you can also view in GitHub under Runners tab:



    Create a workflow or modify your workflow to include GitHub runner:


    name: Build a WAR file using Maven

    on:

      push:

        branches: [ "main" ]

    jobs:

      build:

        runs-on: self-hosted

        steps:

        - uses: actions/checkout@v3

        - name: Set up JDK 11
          uses: actions/setup-java@v2
          with:
            distribution: 'adopt'
            java-version: '11'
        - name: Build with Maven
          run: mvn clean install -f MyWebApp/pom.xml


    Save the file and run the workflow.





    Go to your virtual machine where build is running:


    Watch steps in YouTube channel:

    Saturday, February 10, 2024

    How to setup Jenkins on Ubuntu using Ansible Role | Setup Java, Jenkins, Maven on Ubuntu EC2 using Ansible Role

    Here below are the Ansible Roles for installing Java, Jenkins, Maven on Ubuntu EC2 instance using Ansible. You need to install Java first (first link below) and then do the steps in the second link for installing Jenkins, third link for installing Maven.

    Click here if you would like to create a new Ubuntu EC2 instance using Ansible Playbook.

    You can watch this lab on YouTube:

    Tuesday, January 23, 2024

    Create Ansible Role to create a new EC2 instance | Ansible Role for provisioning infrastructure in AWS | Refactor Ansible playbook into Ansible Role

    We will learn how to create Ansible Role for provisioning a new EC2 instance in AWS cloud. We will pick a playbook which has all the logic and we will refactor into reusable ansible role.


    What is Ansible Role?
    Ansible also lets you organize tasks in a directory structure called a Role. Using Ansible roles you can break down complex playbooks into smaller and manageable chunks. Ansible role enables reuse and share our Ansible code efficiently.

    How to create Ansible Role?

    Using ansible galaxy command, we can create Ansible role. This will create the below directory with all the files. 

    directory structure of Ansible role
    aws-infra-role/
    ├── README.md
    ├── create.yml
    ├── defaults
    │   └── main.yml
    ├── handlers
    │   └── main.yml
    ├── meta
    │   └── main.yml
    ├── tasks
    │   ├── create-ec2.yml
    │   └── create-sg.yml
    ├── tests
    │   ├── inventory
    │   └── test.yml
    └── vars
        └── main.yml

    Directory structure explained
    tasks - contains the main list of tasks to be executed by the role.
    handlers - handlers are typically used to start, reload, restart, and stop services.
    defaults - default variables for the role.
    vars - other variables for the role. Vars has the higher priority than defaults.
    meta - defines some data / information about this role (author, dependency, versions, examples, etc,.)

    tests - test cases if you have any.

    Pre-requisites:
    Steps to create EC2 instance using Ansible Role:

    Login to EC2 instance using Git bash or ITerm/putty where you installed Ansible. Execute the below command:

    Create an Inventory file first

    sudo mkdir /etc/ansible

    Edit Ansible hosts or inventory file
    sudo vi /etc/ansible/hosts

    Add the below two lines in the end of the file:
    [localhost]
    local


    cd ~
    mkdir roles  
    cd roles

    Create Ansible Role

    ansible-galaxy role init aws-infra-role


    We will convert this playbook into ansible role.
    So all the variables will go inside vars folder.

    vars
        └── main.yml

    sudo vi aws-infra-role/vars/main.yml
    (copy below content)
    keypair: myNov2023Key
    instance_type: t2.small
    image: ami-007855ac798b5175e
    wait: yes
    group: webserver
    region: us-east-1
    security_group: my-jenkins-security-grp1

    Save the file and come out of it.

    So all the tasks will go inside tasks folder. let's create security group first.

    sudo vi aws-infra-role/tasks/create-sg.yml
    ---
      - include_vars: "vars/main.yml"
        tags: create

    # tasks file for security group
      - name: configuring security group for the instance
        ec2_group:
            name: "{{ security_group }}"
            description: my-ajenkin-security_groAup
            region: "{{ region }}"
            rules:
                - proto: tcp
                  from_port: 22
                  to_port: 22
                  cidr_ip: 0.0.0.0/0
                - proto: tcp
                  from_port: 80
                  to_port: 80
                  cidr_ip: 0.0.0.0/0
                - proto: tcp
                  from_port: 8080
                  to_port: 8080
                  cidr_ip: 0.0.0.0/0
            rules_egress:
                - proto: all
                  cidr_ip: 0.0.0.0/0

    Let's create a task for ec2 instance creation.

    sudo vi aws-infra-role/tasks/create-ec2.yml

    ---
      - include_vars: "vars/main.yml"
        tags: create
      - name: creating ec2 instance
        ec2_instance:
            security_group: "{{ security_group }}"
            name: test-stan
            key_name: "{{ keypair }}"
            instance_type: "{{ instance_type}}"
            image_id: "{{ image }}"
            region: "{{ region }}"
            wait_timeout: 2   


    Let's create a task for creating s3 bucket.

    sudo vi aws-infra-role/tasks/create-s3.yml                                                                                                     ---
      - include_vars: "vars/main.yml"
        tags: create
      - name: creating s3

        s3_bucket:
          name: myansibles3bucket1234
          state: present
          region: "{{ region }}"
          versioning: yes
          tags:
            name: myansiblebucket
            type: example
        register: s3_url

      - name: Display s3 url
        debug: var=s3_url       

    Let's create Ansible main playbook.
    sudo vi aws-infra-role/main.yml
    ---
    # This Playbook creates infra in aws cloud

    - hosts: local
      connection: local
      gather_facts: False
      tags: ec2_create

      tasks:
      - include: tasks/create-sg.yml
      - include: tasks/create-ec2.yml
      - include: tasks/create-s3.yml 

    now execute the ansible playbook by
    ansible-playbook aws-infra-role/main.yml


    If everything is good, you should see the new instance, S3 bucket created on AWS console. make sure you are able to connect to that instance.

    That's it!! That is how you create a new EC2 instance using Ansible role in AWS cloud. 
    Please watch steps in YouTube channel:

    Sunday, January 21, 2024

    Install Ansible on Red Hat Linux | Setup Ansible on Red Hat Linux

    How to setup Ansible on Red Hat Linux VM?

    Ansible is #1 configuration management tool. It can also be used for infrastructure provisioning as well. or You can use Ansible in combination of Terraform which can take care of infra automation and Ansible can do configuration management. We will be setting up Ansible on Red Hat VM in Azure cloud And create some resources in AWS Cloud by using Ansible playbooks.

    Ansible Architecture:
     

    The best way to install Ansible in Linux is to use PIP, a package manager for Python.

    Pre-requisites:
    • Create new Red Hat EC2 in AWS Cloud for setting up Ansible, just open port 22 in firewall rule.
    How to setup Ansible on Red Hat Linux VM?

    Watch Steps in YouTube channel:

    Change host name to AnsibleMgmtNode
    sudo hostnamectl set-hostname 
    AnsibleMgmtNode

    Update Repository
    sudo yum update -y

    Install Python-pip3
    sudo yum install python3-pip -y

    Upgrade pip3 sudo pip3 install --upgrade pip


    # Install Ansible pip3 install "ansible==2.9.17"



    check Ansible version
    ansible --version


    Friday, January 19, 2024

    Install Jenkins on Ubuntu 22.0.4 | Setup Jenkins on Linux instance | How to setup Jenkins in Ubuntu EC2 instance using Java 17?

    Jenkins is an open source continuous integration/continuous delivery and deployment (CI/CD) automation software DevOps tool written in the Java programming language. It is used to implement CI/CD workflows, called pipelines.



    Please follow the steps to install Java, Jenkins, Maven on Ubuntu 22.0.4 instance. Jenkins, Maven are Java based applications, so we need to install Java first. 

    Pre-requisites:
    • port 8080 opened in firewall rule to access Jenkins
    • Connect to EC2 instance using git bash or iTerm

    Change Host Name to Jenkins
    sudo hostnamectl set-hostname Jenkins

    Perform update first
    sudo apt update

    Install Java 17
    sudo apt install openjdk-17-jdk -y

    Verify Java Version
    java -version

    Maven Installation
    Maven is a popular build tool used for building Java applications. Please click here to learn more about Maven. You can install Maven by executing below command:

    sudo apt install maven -y

    you can type mvn --version
    you should see the below output.



    Now lets start Jenkins installation

    Jenkins Setup

    Add Repository key to the system
    curl -fsSL https://pkg.jenkins.io/debian/jenkins.io-2023.key | sudo tee \
      /usr/share/keyrings/jenkins-keyring.asc > /dev/null

    Append debian package repo address to the system
    echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] \
      https://pkg.jenkins.io/debian binary/ | sudo tee \
      /etc/apt/sources.list.d/jenkins.list > /dev/null

    Update Ubuntu package
    sudo apt update
    Install Jenkins
    sudo apt install jenkins -y


    The above screenshot should confirm that Jenkins is successfully installed.

    Access Jenkins in web browser

    Now Go to AWS console. Click on EC2, click on running instances link. Select the checkbox of EC2 you are installing Java and Jenkins. Click on Action. Copy the value from step 4 that says --> Connect to your instance using its Public DNS:

    Now go to browser. enter public dns name or public IP address with port no 8080.

    Unlock Jenkins
    You may get screen, enter the below command in Git bash( Ubuntu console)
    Get the initial password from the below file
    sudo cat /var/lib/jenkins/secrets/initialAdminPassword


    Copy the password and paste in the browser.
    Then click on install suggested plug-ins. 
    Also create user name and password.
    enter everything as admin. at least user name as admin password as admin
    Click on Save and Finish. Click on start using Jenkins. Now you should see a screen like below:


    That's it. You have setup Jenkins successfully 😊Please watch the steps in our YouTube channel: