Update to utilize new commons (#21) #81
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build 'n Deploy | |
| on: | |
| push: | |
| branches: | |
| - '*' | |
| tags-ignore: | |
| - '*' | |
| paths-ignore: | |
| - 'pyproject.toml' | |
| - 'bumpver.toml' | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| inputs: | |
| venue: | |
| type: choice | |
| description: Venue to deploy to | |
| options: | |
| - SIT | |
| - UAT | |
| - OPS | |
| commit: | |
| type: string | |
| description: Custom commit hash | |
| jobs: | |
| build: | |
| name: build, lint, and test ingest-to-sds | |
| runs-on: ubuntu-latest | |
| outputs: | |
| deploy_env: ${{ steps.set-env.outputs.deploy_env }} | |
| github_sha: ${{ steps.update-sha.outputs.github_sha }} | |
| steps: | |
| # -- Setup -- | |
| - uses: getsentry/action-github-app-token@v2 | |
| name: my-app-install token | |
| id: podaac-cicd | |
| with: | |
| app_id: ${{ secrets.CICD_APP_ID }} | |
| private_key: ${{ secrets.CICD_APP_PRIVATE_KEY }} | |
| - uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: 1.3.7 | |
| - name: Initial checkout ${{ github.ref }} | |
| if: github.event.inputs.commit == '' | |
| uses: actions/checkout@v4 | |
| - name: Adjust to proper commit hash ${{ github.event.inputs.commit }} | |
| if: github.event.inputs.commit != '' | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.inputs.commit }} | |
| - uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.9' | |
| - name: Install bumpver & poetry | |
| run: pip3 install bumpver poetry poetry-plugin-bundle | |
| - name: Setup git user | |
| run: | | |
| git config user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
| git config user.name "github-actions[bot]" | |
| - name: Install dependencies | |
| run: poetry install | |
| # -- Testing & Linting -- | |
| - name: Lint | |
| run: | | |
| poetry run flake8 podaac/ tests/ | |
| poetry run pylint podaac/ tests/ | |
| - name: Test | |
| run: poetry run pytest | |
| - name: Validate Terraform | |
| run: terraform validate -no-color | |
| # -- Version Bumping -- | |
| - name: Manual execution means no version bump | |
| # If triggered by workflow dispatch, no version bump | |
| if: ${{ github.event_name == 'workflow_dispatch' }} | |
| run: | | |
| echo "TARGET_ENV=${{ github.event.inputs.venue }}" >> $GITHUB_ENV | |
| TARGET_ENV=${{ github.event.inputs.venue }} | |
| - name: Bump alpha version | |
| if: github.ref == 'refs/heads/develop' && github.event_name != 'workflow_dispatch' && github.event_name != 'pull_request' | |
| run: | | |
| TAG=$(bumpver show -e | awk -F= '$1 == "TAG" {print $2};') | |
| if [ $TAG == 'final' ]; then | |
| # Bump patch version first then append tag | |
| bumpver update --patch --tag alpha --tag-num | |
| else | |
| bumpver update --tag alpha --tag-num | |
| fi | |
| echo "TARGET_ENV=SIT" >> $GITHUB_ENV | |
| - name: Bump rc version | |
| if: startsWith(github.ref, 'refs/heads/release/') && github.event_name != 'workflow_dispatch' && github.event_name != 'pull_request' | |
| run: | | |
| bumpver update -f --tag rc --tag-num | |
| echo "TARGET_ENV=UAT" >> $GITHUB_ENV | |
| - name: Release version | |
| if: github.ref == 'refs/heads/main' && github.event_name != 'workflow_dispatch' && github.event_name != 'pull_request' | |
| run: | | |
| bumpver update -f --tag final | |
| echo "TARGET_ENV=OPS" >> $GITHUB_ENV | |
| - name: Set the target environment to ${{ env.TARGET_ENV }} | |
| id: set-env | |
| run: | | |
| echo "deploy_env=${{ env.TARGET_ENV }}" >> $GITHUB_OUTPUT | |
| # -- Build -- | |
| - name: Build lambda package | |
| run: | | |
| ./build.sh | |
| - name: Upload packaged zip | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dist | |
| path: dist/*.zip | |
| - name: Set github SHA for deployment | |
| id: update-sha | |
| run: | | |
| SHA=$(git rev-parse HEAD) | |
| echo "github_sha=${SHA}" >> $GITHUB_OUTPUT | |
| deploy: | |
| name: Deploy | |
| needs: build | |
| # The type of runner that the job will run on | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: ${{ needs.build.outputs.deploy_env }} | |
| if: | | |
| (github.ref == 'refs/heads/develop' && github.event_name != 'pull_request') || | |
| (github.ref == 'refs/heads/main' && github.event_name != 'pull_request') || | |
| (startsWith(github.ref, 'refs/heads/release') && github.event_name != 'pull_request') || | |
| github.event_name == 'workflow_dispatch' | |
| steps: | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: us-west-2 | |
| role-session-name: GitHubActions | |
| aws-access-key-id: ${{ secrets[vars.AWS_ACCESS_KEY_ID_SECRET_NAME] }} | |
| aws-secret-access-key: ${{ secrets[vars.AWS_SECRET_ACCESS_KEY_SECRET_NAME] }} | |
| mask-aws-account-id: true | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ needs.build.outputs.github_sha }} | |
| - uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: ${{ env.TERRAFORM_VERSION }} | |
| terraform_wrapper: false | |
| - name: Retrieve artifact from build step | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: dist | |
| path: dist/ | |
| - name: Deploy to ${{ needs.build.outputs.deploy_env }} | |
| id: terraform-deploy | |
| working-directory: terraform/ | |
| env: | |
| TF_VAR_edl_base_url: ${{ secrets.EDL_BASE_URL }} | |
| TF_VAR_edl_client_id: ${{ secrets.EDL_CLIENT_ID }} | |
| TF_VAR_edl_client_secret: ${{ secrets.EDL_CLIENT_SECRET }} | |
| TF_VAR_session_encryption_key: ${{ secrets.SESSION_ENCRYPTION_KEY }} | |
| TF_VAR_ingest_aws_account: ${{ secrets.INGEST_AWS_ACCOUNT }} | |
| TF_VAR_ingest_aws_role: ${{ secrets.INGEST_AWS_ROLE }} | |
| TF_VAR_sds_ca_cert_path: ${{ runner.temp }}/JPLICA.pem | |
| TF_VAR_sds_host: ${{ secrets.SDS_HOST }} | |
| TF_VAR_sds_username: ${{ secrets.SDS_USERNAME }} | |
| TF_VAR_sds_password: ${{ secrets.SDS_PASSWORD }} | |
| run: | | |
| echo "${{ secrets.JPLICA_CERT }}" >> ${{ runner.temp }}/JPLICA.pem | |
| source bin/config.sh ${{ vars.TF_VENUE }} | |
| terraform apply -auto-approve | |
| - name: Retrieve version number for notifications | |
| run: | | |
| VERSION=$(cat bumpver.toml|grep current_version |grep -v {version} |sed -E "s/current_version = //"|sed -E "s/\"//g") | |
| echo "SUBMODULE_VERSION=$VERSION">>$GITHUB_ENV | |
| - name: Send notifications to slack | |
| uses: slackapi/[email protected] | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.NOTIFICATION_WEBHOOK_SWODLR }} | |
| with: | |
| payload: | | |
| { | |
| "message": "${{ github.repository }} [version ${{ env.SUBMODULE_VERSION }}] has been deployed to the ${{ needs.build.outputs.deploy_env }} environment" | |
| } | |
| - name: Send failure notifications to slack | |
| if: failure() | |
| uses: slackapi/[email protected] | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.NOTIFICATION_WEBHOOK_SWODLR }} | |
| with: | |
| payload: | | |
| { | |
| "message": "ERROR: ${{ github.repository }} [version ${{ env.SUBMODULE_VERSION }}] has encountered an error while trying to deploy to the ${{ needs.build.outputs.deploy_env }} environment" | |
| } |