# Assignment: Build CI/CD Pipeline using GitHub Actions + Cloud Build

## Objective
This assignment focuses on building a continuous integration and continuous deployment (CI/CD) pipeline using a hybrid approach: GitHub Actions for triggering and basic CI steps, and Google Cloud Build for more robust build, test, and deployment stages within Google Cloud Platform (GCP). You will deploy a simple web application (e.g., a Flask or Node.js app) to Cloud Run, demonstrating automated builds and deployments on code changes.

## Part 1: Application Setup and Initial Repository (20 Marks)

1.  **GCP Project Setup:**
    * Ensure you have an active Google Cloud Platform (GCP) project. If not, create a new one.
    * Make sure billing is enabled for your project.
    * Enable the following APIs: Cloud Run API, Cloud Build API, Artifact Registry API (or Container Registry API if preferred), Cloud IAM API.
    * Provide `gcloud services enable` commands for each required API and confirm their successful enablement.

2.  **Simple Web Application:**
    * Create a very basic web application (e.g., a Python Flask app, Node.js Express app, or a simple Go server). It should:
        * Listen on `0.0.0.0` and the port specified by the `PORT` environment variable (Cloud Run's default).
        * Have a single endpoint (e.g., `/`) that returns a simple message like "Hello from Cloud Run v1!".
    * Include a `Dockerfile` for your application that builds a runnable container image.
    * Include a `.gitignore` file to exclude unnecessary files.
    * Provide the source code for your application and its `Dockerfile`.

3.  **GitHub Repository:**
    * Create a new public (or private, but manage access for assessment) GitHub repository.
    * Initialize it with your web application code, `Dockerfile`, and `.gitignore`.
    * Make an initial commit and push it to your GitHub repository.
    * Provide the link to your GitHub repository.

In [None]:
# Your GCP CLI commands for API enablement.
# Source code for your simple web application and Dockerfile.
# Link to your GitHub repository.
        # Verify initial commit and push.

## Part 2: Cloud Build Configuration (30 Marks)

1.  **Cloud Build Service Account Permissions:**
    * Ensure the default Cloud Build service account (`[PROJECT_NUMBER]@cloudbuild.gserviceaccount.com`) has the necessary roles:
        * `Cloud Run Admin`
        * `Service Account User` (for Cloud Run service account)
        * `Artifact Registry Writer` (or `Storage Admin` for Container Registry).
    * Provide the `gcloud projects add-iam-policy-binding` commands to grant these roles.

2.  **`cloudbuild.yaml` for Containerization & Deployment:**
    * Create a `cloudbuild.yaml` file in the root of your GitHub repository.
    * This file should define a multi-step Cloud Build process:
        * **Build Image:** Build your Docker image and push it to Artifact Registry (or Container Registry).
            * Use the `gcr.io/cloud-builders/docker` builder.
            * Tag the image with a dynamic tag, e.g., `_IMAGE_NAME:latest` or using `COMMIT_SHA`.
        * **Deploy to Cloud Run:** Deploy the newly built image to Cloud Run.
            * Use the `gcr.io/cloud-builders/gcloud` builder.
            * Deploy to a new Cloud Run service or an existing one, specifying region and allowing unauthenticated invocations for easy testing.
    * Include your `cloudbuild.yaml` content here.

3.  **Manual Test of Cloud Build:**
    * Manually trigger a Cloud Build using `gcloud builds submit --config cloudbuild.yaml .` from your project directory (ensure `.` refers to your application root).
    * Verify that the image is built and pushed to Artifact Registry/Container Registry.
    * Verify that the Cloud Run service is deployed and accessible via its URL.
    * Provide the `gcloud builds submit` command and a screenshot of the successful build in the GCP Console. Include the Cloud Run service URL and a screenshot of hitting that URL in your browser.

In [None]:
# Your GCP CLI commands for IAM permissions.
        # Content of your `cloudbuild.yaml`.
        # `gcloud builds submit` command and screenshots of successful Cloud Build and Cloud Run deployment.

## Part 3: GitHub Actions Workflow (30 Marks)

1.  **GitHub Actions Workflow File:**
    * Create a GitHub Actions workflow file (e.g., `.github/workflows/main.yml`) in your repository.
    * This workflow should:
        * **Trigger:** On `push` to the `main` branch.
        * **Checkout Code:** Use `actions/checkout@v4`.
        * **Authenticate to GCP:** Use `google-github-actions/auth@v2` with `workload_identity_provider` and `service_account` for secure authentication. You will need to set up Workload Identity Federation (WIF) in GCP.
            * **Workload Identity Federation (WIF) Setup (Crucial):**
                * Create an IAM Workload Identity Pool in your GCP project.
                * Create a Workload Identity Provider within this pool for GitHub.
                * Grant the GCP service account (used by Cloud Build) the necessary roles (`roles/iam.workloadIdentityUser`) on the Workload Identity Provider.
                * Provide `gcloud iam workload-identity-pools create` and `gcloud iam workload-identity-pools providers create-oidc` commands and `gcloud iam service-accounts add-iam-policy-binding`.
                * Set up the necessary GitHub repository secrets (`GCP_PROJECT_ID`, `WORKLOAD_IDENTITY_PROVIDER`, `SERVICE_ACCOUNT_EMAIL`).
        * **Trigger Cloud Build:** Use `google-github-actions/cloudbuild-build@v2` to trigger the `cloudbuild.yaml` file from your repository.
    * Include your `main.yml` content here.

2.  **Automated CI/CD Test:**
    * Make a small code change to your web application (e.g., change the "Hello from Cloud Run v1!" message to "Hello from Cloud Run v2!" or update the date).
    * Commit and push this change to the `main` branch of your GitHub repository.
    * Monitor the GitHub Actions run and the triggered Cloud Build in the GCP Console.
    * Verify that the Cloud Run service is updated with the new version.
    * Provide a screenshot of the successful GitHub Actions run and a screenshot of hitting the Cloud Run URL showing the updated message.

In [None]:
# Your GCP CLI commands for Workload Identity Federation setup.
        # Content of your `.github/workflows/main.yml`.
        # Screenshots of successful GitHub Actions run and updated Cloud Run service.

## Part 4: Reflection and Clean-up (20 Marks)

1.  **CI/CD Pipeline Analysis:**
    * Discuss the advantages of this hybrid CI/CD approach (GitHub Actions + Cloud Build) over a purely GitHub Actions-based deployment or a purely Cloud Build-triggered approach.
    * How does this pipeline ensure continuous delivery?
    * What are the benefits of using Workload Identity Federation for authentication?

2.  **Potential Improvements:**
    * Suggest at least two enhancements to this CI/CD pipeline (e.g., adding unit tests, integration tests, rollbacks, blue/green deployments, notifications, environment-specific deployments).

3.  **Clean Up Resources:**
    * After completing the assignment, delete the Cloud Run service, the Artifact Registry repository (or Container Registry images), and any custom IAM roles/service accounts/Workload Identity Pools created specifically for this assignment to avoid incurring unnecessary costs.
    * Provide the `gcloud run services delete`, `gcloud artifacts repositories delete` (or `gcloud container images delete`), and relevant `gcloud iam` commands for cleanup.

## Submission Guidelines

* Submit this Jupyter Notebook (.ipynb file) with all cells executed and outputs visible.
* Provide the link to your GitHub repository.
* Ensure your GitHub repository contains:
    * Your web application code and `Dockerfile`.
    * `cloudbuild.yaml`
    * `.github/workflows/main.yml`
    * `.gitignore`
* Clearly present all requested code, commands, and screenshots.
* Make sure your pipeline is functional and demonstrable via the GitHub repository.