Loan Calculator Demo
This repository provides a demo project for getting started with the Merkely DevOps Change Management Platform.
Getting started
Pre-requisites: You will need an account on Merkely, Dockerhub and Github.
- Fork this repo so you can follow along.
- Change the
owner
in the Merkleypipe pipeline definition to the name of your user or team in the Merkely platform. - Also, change the values for
description
andname
in Merkelypipe.json. Name should not contain whitespace. - Add the secrets below in your github repository settings.
SECRET NAME | NOTES |
---|---|
MERKELY_API_TOKEN |
Your Merkely api token is in your profile page. |
DOCKERHUB_DEPLOY_USERNAME |
Your dockerhub username |
DOCKERHUB_REPO_OWNER |
Your repository owner in dockerhub, typically the same as DOCKERHUB_DEPLOY_USERNAME |
DOCKERHUB_DEPLOY_TOKEN |
For deploying your docker image, you will need to make a personal access token |
For example:
The pipelines
You will notice that this project comes with a CI/CD implementation using github actions.
There is a master pipeline following these steps:
- Build and Publish Docker Image
- Declare Merkely Pipeline
- Run test suite and log summary to Merkely
- Run security analysis and log summary to Merkely
- Run coverage and log summary to Merkely
- Deploy to STAGE and log deployment to Merkely
In addition, we have these manually triggered ci pipeline:
Things to try
-
Go to the github actions and run the master pipeline. See the results in Merkely.
-
Check deployments are blocked without approval.
- Run the
Deploy to Production
workflow. It should fail because the artifact is not approved for deployment. - Run the
Create approval in Merkely
workflow. It will create an approval in Merkely. - You can see this in the
Approvals
tab in your pipeline. Go ahead an approve it in Merkely's UI. - Re-run the
Deploy to Production
workflow. This time it should succeed.
- Run the
-
Extra-credit: Smuggling in security failures