Skip to content

update bumpver for PR #91

update bumpver for PR

update bumpver for PR #91

Workflow file for this run

name: Build 'n Deploy
on:
push:
branches:
- '*'
tags-ignore:
- '*'
paths-ignore:
- 'pyproject.toml'
- 'bumpver.toml'
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
inputs:
venue:
type: choice
description: Venue to deploy to
options:
- SIT
- UAT
- OPS
commit:
type: string
description: Custom commit hash
jobs:
build:
name: build, lint, and test ingest-to-sds
runs-on: ubuntu-latest
outputs:
deploy_env: ${{ steps.set-env.outputs.deploy_env }}
github_sha: ${{ steps.update-sha.outputs.github_sha }}
steps:
# -- Setup --
- uses: getsentry/action-github-app-token@v2
name: my-app-install token
id: podaac-cicd
with:
app_id: ${{ secrets.CICD_APP_ID }}
private_key: ${{ secrets.CICD_APP_PRIVATE_KEY }}
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.3.7
- name: Initial checkout ${{ github.ref }}
if: github.event.inputs.commit == ''
uses: actions/checkout@v4
- name: Adjust to proper commit hash ${{ github.event.inputs.commit }}
if: github.event.inputs.commit != ''
uses: actions/checkout@v4
with:
ref: ${{ github.event.inputs.commit }}
- uses: actions/setup-python@v4
with:
python-version: '3.9'
- name: Install bumpver & poetry
run: pip3 install bumpver poetry poetry-plugin-bundle
- name: Setup git user
run: |
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git config user.name "github-actions[bot]"
- name: Install dependencies
run: poetry install
# -- Testing & Linting --
- name: Lint
run: |
poetry run flake8 podaac/ tests/
poetry run pylint podaac/ tests/
- name: Test
run: poetry run pytest
- name: Validate Terraform
run: terraform validate -no-color
# -- Version Bumping --
- name: Manual execution means no version bump
# If triggered by workflow dispatch, no version bump
if: ${{ github.event_name == 'workflow_dispatch' }}
run: |
echo "TARGET_ENV=${{ github.event.inputs.venue }}" >> $GITHUB_ENV
TARGET_ENV=${{ github.event.inputs.venue }}
- name: Bump alpha version
if: github.ref == 'refs/heads/develop' && github.event_name != 'workflow_dispatch'
run: |
TAG=$(bumpver show -e | awk -F= '$1 == "TAG" {print $2};')
if [ $TAG == 'final' ]; then
# Bump patch version first then append tag
bumpver update --patch --tag alpha --tag-num
else
bumpver update -f -n --tag alpha --tag-num
fi
echo "TARGET_ENV=SIT" >> $GITHUB_ENV
- name: Bump rc version
if: startsWith(github.ref, 'refs/heads/release/') && github.event_name != 'workflow_dispatch'
run: |
bumpver update -f -n --tag rc --tag-num
echo "TARGET_ENV=UAT" >> $GITHUB_ENV
- name: Release version
if: github.ref == 'refs/heads/main' && github.event_name != 'workflow_dispatch'
run: |
bumpver update -f --tag final
echo "TARGET_ENV=OPS" >> $GITHUB_ENV
- name: Set the target environment to ${{ env.TARGET_ENV }}
id: set-env
run: |
echo "deploy_env=${{ env.TARGET_ENV }}" >> $GITHUB_OUTPUT
# -- Build --
- name: Build lambda package
run: |
./build.sh
- name: Upload packaged zip
uses: actions/upload-artifact@v4
with:
name: dist
path: dist/*.zip
- name: Set github SHA for deployment
id: update-sha
run: |
SHA=$(git rev-parse HEAD)
echo "github_sha=${SHA}" >> $GITHUB_OUTPUT
deploy:
name: Deploy
needs: build
# The type of runner that the job will run on
runs-on: ubuntu-latest
environment:
name: ${{ needs.build.outputs.deploy_env }}
if: |
(github.ref == 'refs/heads/develop') ||
(github.ref == 'refs/heads/main') ||
(startsWith(github.ref, 'refs/heads/release') ) ||
github.event_name == 'workflow_dispatch'
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-west-2
role-session-name: GitHubActions
aws-access-key-id: ${{ secrets[vars.AWS_ACCESS_KEY_ID_SECRET_NAME] }}
aws-secret-access-key: ${{ secrets[vars.AWS_SECRET_ACCESS_KEY_SECRET_NAME] }}
mask-aws-account-id: true
- uses: actions/checkout@v4
with:
ref: ${{ needs.build.outputs.github_sha }}
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: ${{ env.TERRAFORM_VERSION }}
terraform_wrapper: false
- name: Retrieve artifact from build step
uses: actions/download-artifact@v4
with:
name: dist
path: dist/
- name: Deploy to ${{ needs.build.outputs.deploy_env }}
id: terraform-deploy
working-directory: terraform/
env:
TF_VAR_edl_base_url: ${{ secrets.EDL_BASE_URL }}
TF_VAR_edl_client_id: ${{ secrets.EDL_CLIENT_ID }}
TF_VAR_edl_client_secret: ${{ secrets.EDL_CLIENT_SECRET }}
TF_VAR_session_encryption_key: ${{ secrets.SESSION_ENCRYPTION_KEY }}
TF_VAR_ingest_aws_account: ${{ secrets.INGEST_AWS_ACCOUNT }}
TF_VAR_ingest_aws_role: ${{ secrets.INGEST_AWS_ROLE }}
TF_VAR_sds_ca_cert_path: ${{ runner.temp }}/JPLICA.pem
TF_VAR_sds_host: ${{ secrets.SDS_HOST }}
TF_VAR_sds_username: ${{ secrets.SDS_USERNAME }}
TF_VAR_sds_password: ${{ secrets.SDS_PASSWORD }}
run: |
echo "${{ secrets.JPLICA_CERT }}" >> ${{ runner.temp }}/JPLICA.pem
source bin/config.sh ${{ vars.TF_VENUE }}
terraform apply -auto-approve
- name: Retrieve version number for notifications
run: |
VERSION=$(cat bumpver.toml|grep current_version |grep -v {version} |sed -E "s/current_version = //"|sed -E "s/\"//g")
echo "SUBMODULE_VERSION=$VERSION">>$GITHUB_ENV
- name: Send notifications to slack
uses: slackapi/[email protected]
env:
SLACK_WEBHOOK_URL: ${{ secrets.NOTIFICATION_WEBHOOK_SWODLR }}
with:
payload: |
{
"message": "${{ github.repository }} [version ${{ env.SUBMODULE_VERSION }}] has been deployed to the ${{ needs.build.outputs.deploy_env }} environment"
}
- name: Send failure notifications to slack
if: failure()
uses: slackapi/[email protected]
env:
SLACK_WEBHOOK_URL: ${{ secrets.NOTIFICATION_WEBHOOK_SWODLR }}
with:
payload: |
{
"message": "ERROR: ${{ github.repository }} [version ${{ env.SUBMODULE_VERSION }}] has encountered an error while trying to deploy to the ${{ needs.build.outputs.deploy_env }} environment"
}