This is a demo project for education/training purposes of DevOps. All the services used below are in the Cloud to facilitate the understanding. The architecture uses microservices and containerization.

The pipeline uses GitHub Actions that contains a pipeline with 7 phases described below:

All commands of this phase are defined in build.sh file. It checks if there are no compile/build errors. The tools used are:

• Gradle - Tool to automate the build of the code.

All commands of this phase are defined in codeAnalysis.sh file. It checks Bugs, Vulnerabilities, Hotspots, Code Smells, Duplications and Coverage of the code. If these metrics don't comply with the defined Quality Gate, the pipeline won't continue. The tools used are:

• Gradle - Tool to automate the SAST analysis of the code.
• Sonar - Service that provides SAST analysis of the code.

Environments variables needed in this phase:

• GITHUB_TOKEN: API Key used by Sonar client to communicate with GitHub.
• SONAR_TOKEN: API Key used by Sonar client to store the generated analysis.

All commands of this phase are defined in librariesAnalysis.sh file. It checks for vulnerabilities in internal and external libraries used in the code. The tools used are:

• Gradle - Tool to automate the SAST analysis of the libraries.
• Snyk - Service that provides SAST analysis of the libraries.

Environments variables needed in this phase:

• SNYK_TOKEN: API Key used by Snyk to store the generated analysis.

All commands of this phase are defined in package.sh file. It encapsulates all binaries in a Docker image. Once the code and libraries were checked, it's time build the package to be used in the next phases. The tools/services used are:

• Docker Compose - Tool to build the images.

All commands of this phase are defined in packageAnalysis.sh file. It checks for vulnerabilities in the generated package. The tools/services used are:

• Gradle - Tool to automate the SAST analysis of the package.
• Snyk - Service that provides SAST analysis of the package.

Environments variables needed in this phase:

• SNYK_TOKEN: API Key used by Snyk to store the generated analysis.

All commands of this phase are defined in publish.sh file. It publishes the package in the Docker registry (GitHub Packages). The tools/services used are:

• Docker Compose - Tool to push the images into the Docker registry.
• GitHub Packages - Docker registry where the images are stored.

Environments variables needed in this phase:

• DOCKER_REGISTRY_USER: Username of the Docker registry.
• DOCKER_REGISTRY_PASSWORD: Password of the Docker registry.

All commands of this phase are defined in deploy.sh file. It deploys the package in a K3S (Kubernetes) cluster. The tools/services used are:

• Terraform - Infrastructure as a Code tool.
• kubectl - Kubernetes Orchestration tool.
• Portainer - Kubernetes Orchestration Portal.
• Linode - Cloud (Newark/USA) where the cluster manager is installed.
• Cloudflare - CDN platform used to store DNS entries.

We are doing this phase outside the pipeline but it can be incorporated in the future. The tools/services used are:

• Contrast Security - Services that protects and checks vulnerabilities.

The application uses:

• Java 11 - Programming Language.
• Spring Boot 2.5.4 - Development Framework.
• Gradle 6.8.3 - Automation build tool.
• Mockito 3 - Test framework.
• JUnit 5 - Test framework.
• MariaDB - Database server.
• NGINX 1.18 - Web server.
• Docker 20.10.8 - Containerization tool.
• K3S 1.21.4 - Containerization tool.

For further documentation please check the documentation of each tool/service.

1. Linux operating system.
2. You need an IDE such as IntelliJ.
3. You need an account in the following services: GitHub, Sonarcloud, Snyk, Contrast Security.
4. You need to set the environment variables described above in you system.
5. The API Keys for each service must be defined in the UI of each service. Please refer the service documentation.
6. Fork this project from GitHub.
7. Import the project in IDE.
8. Commit some changes in the code and follow the execution of the pipeline in GitHub.

1. In the project directory, execute the scripts below: ./build.sh; ./package.sh; docker-compose up
2. Open the URL https://localhost in your preferred browser after the boot.

1. Run the deploy.sh script that will provision your infrastructure, the kubernetes cluster/orchestration and the application microservices.
2. Open the URL https://<linode-ip>:30080 in your preferred browser after the boot.

• Official Gradle documentation
• Spring Boot Gradle Plugin Reference Guide
• Spring Web
• Spring Data JPA
• Serving Web Content with Spring MVC
• Accessing Data with JPA

All opinions and standard described here are my own.

That's it! Now enjoy and have fun!

• LinkedIn: https://www.linkedin.com/in/fvilarinho
• e-Mail: [email protected]