Creating a Netflix Clone: A Comprehensive Guide to Deployment
Written on
Netflix Clone Project
This guide outlines the process of deploying a clone of Netflix utilizing GitHub Actions for Continuous Integration and Continuous Deployment (CI/CD).
Git Repository
You can find the project repository here:
Requirements
Instance: - Operating System: Ubuntu (AMI — 0c7217cdde317cfec) - Instance Type: T2.medium - Storage: 8GB
Installing Docker and Running SonarQube Container
Run the following commands to install Docker:
sudo apt-get update sudo apt install docker.io -y sudo usermod -aG docker ubuntu newgrp docker sudo chmod 777 /var/run/docker.sock
Running the SonarQube Docker Image
Execute the following command to run the SonarQube Docker image:
docker run -d --name sonar -p 9000:9000 sonarqube:lts-community
After installing SonarQube, ensure the 9000 port is open in the security groups to access it.
To log in, use the following format:
<ec2-public-ip>:9000
Credentials: - Username: admin - Password: admin
Make sure to change your password after logging in and save it securely. The SonarQube interface will appear as shown below:
Integrating SonarQube with GitHub Actions
Integrating SonarQube with GitHub Actions allows for automatic assessment of your code's quality and security during the CI process.
With SonarQube set up, navigate to the Dashboard and select the Manual option.
Next, assign a name to your project and specify a branch name, then click on Setup.
We will now check your repository for the CI process using GitHub Actions.
Follow the above steps precisely. Open GitHub, select your repository, and then click on Settings.
Search for "Secrets and variables," click on it, then go to Actions and choose New Repository Secret.
Return to your SonarQube Dashboard, copy the Name: SONAR_TOKEN, and paste it into the Actions secrets under New Secret. Click on Generate a Token.
After generating the token, save it in GitHub Actions. Again, click on New Repository Secret and add the SonarQube Host URL.
Navigate back to the SonarQube Dashboard and click Continue. Select the YAML workflow file, ensuring you choose the appropriate application type (e.g., JS).
Carefully follow the instructions and incorporate them into your GitHub Repository.
Create a sonar-project.properties file in your GitHub Repository.
File Name: sonar-project.properties
Add the following content to this file:
sonar.projectKey=Netflix
Next, add your workflow by clicking on Add file, followed by Create a new file.
File Name: .github/workflows/build.yml
The content to be included in build.yml is as follows:
name: Build
on:
push:
branches:
- main
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
uses: actions/checkout@v2
with:
fetch-depth: 0 # Shallow clones should be disabled for better analysis relevance
uses: sonarsource/sonarqube-scan-action@master
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
The workflow will start automatically upon committing changes.
Let's examine the Build process closely.
Visit the SonarQube dashboard, click on Projects, and review the analysis results.
To access the complete report, click on Issues.
Scanning Files with Trivy
Incorporate the following code into your build.yml file and commit the changes:
name: install trivy
run: |
# Install Trivy
sudo apt-get install wget apt-transport-https gnupg lsb-release -y
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install trivy -y
# Command to scan files
trivy fs .
Ensure proper formatting while creating your build.yml script.
Once you commit the changes, the build will initiate automatically.
After a successful build, you should see that Trivy has been installed.
Docker Build and Push to Docker Hub
To create a Personal Access Token for your Docker Hub account, navigate to Docker Hub and select Account settings > Security > New access token.
Provide a description for the access token, such as Netflix.
Store the generated token securely.
Next, return to GitHub, go to settings, and navigate to Secrets and variables > Actions > New Repository Secret.
Add your Docker Hub username:
DOCKERHUB_USERNAME # Use your Docker Hub username
Now, add your Docker Hub token as well:
DOCKERHUB_TOKEN # Add your saved Docker Hub Token
You should now see four action secrets.
Creating a TMDB API Key
If you haven't created a TMDB account, do so and follow these steps:
To create an API Request, go to Settings > API > Create > Developer. Fill in the necessary details and agree to the terms and conditions. Upon submission, you will receive an API Key.
Add the following step to the workflow, ensuring you input your API Key and username correctly:
name: Docker build and push
run: |
# Run commands to build and push Docker images
docker build --build-arg TMDB_V3_API_KEY=<APIKEY> -t netflix .
docker tag netflix <DOCKERHUB_USERNAME>/netflix:latest
docker login -u ${{ secrets.DOCKERHUB_USERNAME }} -p ${{ secrets.DOCKERHUB_TOKEN }}
docker push <DOCKERHUB_USERNAME>/netflix:latest
env:
DOCKER_CLI_ACI: 1
Adding a Self-Hosted Runner to EC2
In GitHub, navigate to Settings > Actions > Runners.
Click on New self-hosted runner, select Linux, and specify the architecture. Execute the following commands in the EC2 instance to establish a connection between GitHub and EC2.
Downloads # Create a folder mkdir actions-runner && cd actions-runner
# Download the latest runner package curl -o actions-runner-linux-x64-2.311.0.tar.gz -L https://github.com/actions/runner/releases/download/v2.311.0/actions-runner-linux-x64-2.311.0.tar.gz
# Optional: Validate the hash echo "29fc8cf2dab4c195bb147384e7e2c94cfd4d4022c793b346a6175435265aa278 actions-runner-linux-x64-2.311.0.tar.gz" | shasum -a 256 -c
# Extract the installer tar xzf ./actions-runner-linux-x64-2.311.0.tar.gz
Configure # Create the runner and start the configuration process ./config.sh --url https://github.com/himapandu/Netflix-clone --token A24KZYJH3ZH4CF5HN4VR4JDFQPXWI
Press Enter when prompted to accept the defaults.
# Last step, run it! ./run.sh
After this, check GitHub to verify the status of the runner.
Final Workflow for Running the Container
Let’s incorporate a deployment workflow.
deploy:
needs: build
runs-on: [aws-netflix]
steps:
name: Pull the Docker image
run: docker pull <DOCKERHUB_USERNAME>/netflix:latest
name: Trivy image scan
run: trivy image <DOCKERHUB_USERNAME>/netflix:latest
name: Run the container Netflix
run: docker run -d --name netflix -p 8081:80 <DOCKERHUB_USERNAME>/netflix:latest
Using Your Self-Hosted Runner # Use this YAML in your workflow file for each job runs-on: self-hosted
- deploy: This denotes a workflow or job name, likely tied to a CI/CD pipeline.
- needs: build-analyze-scan: This indicates that this deployment job relies on the successful completion of the "build-analyze-scan" job.
- runs-on: [aws-netflix]: This job will run on a specific type of runner or environment, labeled as "aws-netflix," indicating an AWS infrastructure.
- steps: Lists individual tasks to be executed in the deployment job.
- name: Pull the docker image: Uses the docker pull command to fetch a Docker image labeled "<dockerhub_username>/netflix:latest."
- name: Trivy image scan: Performs a security scan on the Docker image using Trivy.
- name: Run the container Netflix: Starts a Docker container named "netflix," mapping port 8081 on the host to port 80 in the container.
This workflow automates the deployment of a Docker container, incorporating checks for the latest image, a security scan, and container launch. It is designed to run on the specified runner in an AWS environment, dependent on the successful completion of the preceding "build-analyze-scan" job.
Commit the changes and observe two distinct jobs. Click on Build to view the process details.
Return to the Summary and click on Deploy now to initiate the job on your EC2 instance.
If you encounter issues during deployment, install Trivy manually on your EC2 instance.
# Install Trivy sudo apt-get install wget apt-transport-https gnupg lsb-release -y wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list sudo apt-get update sudo apt-get install trivy -y
Afterward, revisit your build.yml file and commit the changes. You should see a successful build and be able to access the Netflix Clone website at:
<IP_Address>:8081
The Netflix web application will be operational.
FULL WORKFLOW (build.yml) name: Build
on:
push:
branches:
- main
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
uses: actions/checkout@v2
with:
fetch-depth: 0 # Shallow clones should be disabled for better analysis relevance
uses: sonarsource/sonarqube-scan-action@master
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
name: install trivy
run: |
# Install Trivy
sudo apt-get install wget apt-transport-https gnupg lsb-release -y
wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | gpg --dearmor | sudo tee /usr/share/keyrings/trivy.gpg > /dev/null
echo "deb [signed-by=/usr/share/keyrings/trivy.gpg] https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main" | sudo tee -a /etc/apt/sources.list.d/trivy.list
sudo apt-get update
sudo apt-get install trivy -y
# Command to scan files
trivy fs .
name: Docker build and push
run: |
# Run commands to build and push Docker images
docker build --build-arg TMDB_V3_API_KEY=<APIKEY> -t netflix .
docker tag netflix <DOCKERHUB_USERNAME>/netflix:latest
docker login -u ${{ secrets.DOCKERHUB_USERNAME }} -p ${{ secrets.DOCKERHUB_TOKEN }}
docker push <DOCKERHUB_USERNAME>/netflix:latest
env:
DOCKER_CLI_ACI: 1
deploy:
needs: build
runs-on: self-hosted
steps:
name: Pull the Docker image
run: docker pull <DOCKERHUB_USERNAME>/netflix:latest
name: Trivy image scan
run: trivy image <DOCKERHUB_USERNAME>/netflix:latest
name: Run the container Netflix
run: docker run -d --name netflix -p 8081:80 <DOCKERHUB_USERNAME>/netflix:latest
— Follow me on LinkedIn and GitHub for further updates — https://www.linkedin.com/in/vootlasaicharan/
VootlaSaiCharan - Overview DevOps Engineer | Quick Learner | Effective Communicator | AWS & Azure Enthusiast | Animation & Acting Hobbyist
Thank You