Part-2: Building CI/CD using GitHub Actions, SonarCloud, and ArgoCD on Google Kubernetes Engine

In Part 2 of this series, we'll explore the tools and techniques to streamline your development process and deliver high-quality software with ease. Building a robust CI/CD pipeline can help you automate the deployment process, ensure the quality of your code through code analysis and testing, and achieve faster and more reliable deployments to production.

We'll cover topics such as setting up GitHub Actions workflows for building, testing, and deploying your application, integrating SonarCloud for code quality analysis, and leveraging ArgoCD for automated deployment of your application to Google Kubernetes Engine (GKE).

With this comprehensive guide, you'll be able to optimize your development workflow, ensure code quality, and achieve efficient and reliable deployments to production.

Note: If you haven't checkout part-1 , please check the first Link.

Prerequisites

• Sonarcloud account

• GitHub public repositories ( works with Sonarcloud free plan)

• Slack (Optional)

Why SonarCloud and GitHub Actions?

SonarCloud is a go-to choice for devs when it comes to code analysis and quality management, thanks to its awesome features and support for a bunch of programming languages like Java, JavaScript, C#, C++, Python, and more. It's got some powerful code analysis tools, like detecting code smells, security vulnerabilities, code duplication, and analyzing code coverage, which helps teams spot and fix issues early in the dev process. On the flip side, GitHub Actions is a super handy automation tool that lets devs automate all sorts of tasks, like continuous integration (CI), continuous delivery (CD), and code quality checks, right within their GitHub repos. GitHub Actions offers a flexible and customizable way to automate workflows and create automated pipelines for software development projects.

Combining SonarCloud and GitHub Actions can provide a seamless and automated way to incorporate code quality checks into the software development workflow, enabling developers to catch and fix code issues before they make their way into production.

Setting up SonarCloud and GitHub Actions: Here's a step-by-step guide on how to set up SonarCloud and GitHub Actions for code quality checks in your GitHub repositories:

Sonarcloud Setup

1. Sign up and configure SonarCloud Sign up for a free account on SonarCloud (https://sonarcloud.io/).

2. Create a new project for your GitHub repository or import organization.

1. Click on the imported repo and choose analysis method Github actions. copy token, as they will be needed in the GitHub Actions workflow.

1. Add the above token to Github actions secrets

1. Generate one more Github token or take from part-1 API_TOKEN_GITHUB

GitHub Actions workflow

1. Create a sonar-project.properties file in the main repo and configure it.

   sonar.projectKey=<<ADD PROJECT KEY>>

   sonar.organization=<<organization name>>

   sonar.projectName= <ADD project NAME>

sonar.projectKey=<<ADD PROJECT KEY>>
sonar.organization=shivam779823
sonar.python.coverage.reportPaths=*coverage*.xml
sonar.python.xunit.reportPath=*output*.xml 
sonar.coverage.dtdVerification=false
#sonar.inclusions=*.py

# This is the name and version displayed in the SonarCloud UI.
sonar.projectName= <ADD project NAME>
#sonar.projectVersion=1.0
sonar.python.version = 3

# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
sonar.sources=.


# Encoding of the source code. Default is default system encoding
sonar.sourceEncoding=UTF-8

1. Establish the steps for your GitHub Actions workflow, incorporating essential code quality checks. These may consist of checking out the code, installing dependencies, running tests, and performing SonarCloud analysis. Below is a GitHub Actions workflow YAML file featuring SonarCloud analysis for a Python project

#################################################
# MAINTAINED BY: SHIVAM
#################################################

name: ArgoCD CI Pipeline 
on:
  workflow_dispatch:
  push:
    branches:
      - main
      - test
  pull_request:
    branches:
      - main
      - test
env:     
  IMAGE: mywebsite
  DOCKERHUB_USERNAME: <username> 

jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python-version: ["3.9",]

    steps:
      - name: code Checkout
        uses: actions/checkout@v3
        with:
           fetch-depth: 0

      - name: Set up Python ${{ matrix.python-version }}
        uses: actions/setup-python@v4
        with:
          python-version: ${{ matrix.python-version }}

#       #STEP 1 python install

      - name: install dependencies
        run: |
          python -m pip install --upgrade pip
          pip install pytest
          if [ -f requirements.txt ]; then pip install -r requirements.txt; fi  
#       #STEP 2 Pytest        
      - name: Test with pytest
        run: |
          pytest --cov=main test_main.py --junitxml=./output.xml 
          python3 -m coverage xml
          ls
          cat coverage.xml
          pwd
        #STEP 3 Sonarcloud
      - name: SonarCloud Scan
        uses: SonarSource/sonarcloud-github-action@master
        env:
            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
            SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}   

      - name: SonarQube Quality Gate check
        id: sonarqube-quality-gate-check
        uses: sonarsource/sonarqube-quality-gate-action@master
      # Force to fail step after specific time.
        timeout-minutes: 1
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} 

#       #STEP 4 Dockerhub login
      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

#       #STEP 5 Build and Push
      - name: Build and push
        uses: docker/build-push-action@v3
        with:
          context: .
          file: ./Dockerfile
          push: true
          tags: ${{env.DOCKERHUB_USERNAME}}/${{env.IMAGE}}:${{github.run_number}} 

#       #STEP 6  Invoke deployment action     
      - name: Invoke deployment GitOps pipe
        run: |
          curl -H "Accept: application/vnd.github.everest-preview+json" \
          -H "Authorization: token ${{secrets.API_TOKEN_GITHUB}}" \
          --request POST \
          --data '{"event_type": "update-deployment", "client_payload": { "buildnumber": "'"${{github.run_number}}"'" }}' \
          https://api.github.com/repos/shivam779823/argocd-deployment/dispatches

In this example, the workflow is triggered on push and pull request events for the main branch.

Github APP repo: ArgoCD-CICD-app-repo

Github Secrets

Add all secrets to GitHub secrets

DOCKERHUB_USERNAME :

API_GITHUB_TOKEN:

DOCKERHUB_TOKEN:

SONAR_TOKEN:

1. Configure sonar Quality Gates as per your requirements.

Try to push or add a commit run CI/CD you will see code analysis on Sonarcloud UI

The next step is Slack integration this is optional you can add whatever tool you like for notifications

Slack Integrations

1. Create a Slack workspace: If you don't already have a Slack workspace, you'll need to create one. You can sign up for a free account on the Slack website (https://slack.com/) and create a new workspace for your team or organization.

2. Add the GitHub app to Slack: In your Slack workspace, you can search for the GitHub app in the Slack App Directory and add it to your workspace. The GitHub app allows you to receive notifications and updates from your GitHub repositories directly in Slack.

3. Configure GitHub integration settings: Once the GitHub app is added to your Slack workspace, you'll need to configure the integration settings. This usually involves authorizing the app to access your GitHub repositories and selecting the repositories for which you want to receive notifications in Slack.

4. Customize notifications: You can customize the notifications that you want to receive in Slack from GitHub. For example, you can choose to receive notifications for new pull requests, code reviews, commits, and other GitHub events. You can also configure the format and content of the notifications, such as the channel where notifications are posted, the message template, and the level of detail in the notifications.

5. Set up Slack webhooks: Slack also supports webhooks, which allow you to receive custom notifications and events from GitHub in Slack. You can set up webhooks in GitHub to send notifications to a specific Slack channel or user when certain events occur, such as new pull requests or issues being opened or closed.

6. Use Slack commands for GitHub actions: Slack also supports custom slash commands, which allow you to trigger GitHub actions directly from Slack. For example, you can create custom slash commands to create new issues, comment on pull requests, or close issues in GitHub, all from within Slack.

7. Collaborate with team members: Once the Slack and GitHub integration is set up, you can collaborate with your team members in Slack by discussing code changes, reviewing pull requests, and coordinating code reviews. Slack notifications can help you stay up-to-date with the latest changes in your GitHub repositories, and you can use Slack commands to take actions on GitHub directly from Slack, making it a seamless and efficient way to collaborate on code development and reviews.

Summary

building a CI/CD pipeline using GitHub Actions, SonarCloud, and ArgoCD on GKE. These tools enable developers to automate code quality analysis, build, and deployment processes, resulting in faster and more reliable software development cycles. By implementing a robust CI/CD pipeline, teams can achieve higher code quality, faster release cycles, and improved collaboration among team members, ultimately leading to more successful and efficient software development projects.

In conclusion, this blog provides a comprehensive guide on how to build a CI/CD pipeline using GitHub Actions, SonarCloud, and ArgoCD on GKE, empowering teams to deliver high-quality software with increased speed, reliability, and scalability.