-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #16 from podaac/release/1.0.0
Release/1.0.0
- Loading branch information
Showing
35 changed files
with
3,305 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,196 @@ | ||
name: Build 'n Deploy | ||
|
||
on: | ||
push: | ||
branches: | ||
- '*' | ||
tags-ignore: | ||
- '*' | ||
paths-ignore: | ||
- 'pyproject.toml' | ||
- 'bumpver.toml' | ||
|
||
# Allows you to run this workflow manually from the Actions tab | ||
workflow_dispatch: | ||
inputs: | ||
venue: | ||
type: choice | ||
description: Venue to deploy to | ||
options: | ||
- SIT | ||
- UAT | ||
- OPS | ||
commit: | ||
type: string | ||
description: Custom commit hash | ||
|
||
jobs: | ||
build: | ||
name: build, lint, and test ingest-to-sds | ||
runs-on: ubuntu-latest | ||
outputs: | ||
deploy_env: ${{ steps.set-env.outputs.deploy_env }} | ||
github_sha: ${{ steps.update-sha.outputs.github_sha }} | ||
steps: | ||
# -- Setup -- | ||
- uses: getsentry/action-github-app-token@v2 | ||
name: my-app-install token | ||
id: podaac-cicd | ||
with: | ||
app_id: ${{ secrets.CICD_APP_ID }} | ||
private_key: ${{ secrets.CICD_APP_PRIVATE_KEY }} | ||
- uses: hashicorp/setup-terraform@v3 | ||
with: | ||
terraform_version: 1.3.7 | ||
- name: Initial checkout ${{ github.ref }} | ||
if: github.event.inputs.commit == '' | ||
uses: actions/checkout@v4 | ||
- name: Adjust to proper commit hash ${{ github.event.inputs.commit }} | ||
if: github.event.inputs.commit != '' | ||
uses: actions/checkout@v4 | ||
with: | ||
ref: ${{ github.event.inputs.commit }} | ||
- uses: actions/setup-python@v4 | ||
with: | ||
python-version: '3.9' | ||
- name: Install bumpver & poetry | ||
run: pip3 install bumpver poetry poetry-plugin-bundle | ||
- name: Setup git user | ||
run: | | ||
git config user.email "41898282+github-actions[bot]@users.noreply.github.com" | ||
git config user.name "github-actions[bot]" | ||
- name: Install dependencies | ||
run: poetry install | ||
|
||
# -- Testing & Linting -- | ||
- name: Lint | ||
run: | | ||
poetry run flake8 podaac/ tests/ | ||
poetry run pylint podaac/ tests/ | ||
- name: Test | ||
run: poetry run pytest | ||
- name: Validate Terraform | ||
run: terraform validate -no-color | ||
|
||
# -- Version Bumping -- | ||
- name: Manual execution means no version bump | ||
# If triggered by workflow dispatch, no version bump | ||
if: ${{ github.event_name == 'workflow_dispatch' }} | ||
run: | | ||
echo "TARGET_ENV=${{ github.event.inputs.venue }}" >> $GITHUB_ENV | ||
TARGET_ENV=${{ github.event.inputs.venue }} | ||
- name: Bump alpha version | ||
if: github.ref == 'refs/heads/develop' && github.event_name != 'workflow_dispatch' && github.event_name != 'pull_request' | ||
run: | | ||
TAG=$(bumpver show -e | awk -F= '$1 == "TAG" {print $2};') | ||
if [ $TAG == 'final' ]; then | ||
# Bump patch version first then append tag | ||
bumpver update --patch --tag alpha --tag-num | ||
else | ||
bumpver update --tag alpha --tag-num | ||
fi | ||
echo "TARGET_ENV=SIT" >> $GITHUB_ENV | ||
- name: Bump rc version | ||
if: startsWith(github.ref, 'refs/heads/release/') && github.event_name != 'workflow_dispatch' && github.event_name != 'pull_request' | ||
run: | | ||
bumpver update -f --tag rc --tag-num | ||
echo "TARGET_ENV=UAT" >> $GITHUB_ENV | ||
- name: Release version | ||
if: github.ref == 'refs/heads/main' && github.event_name != 'workflow_dispatch' && github.event_name != 'pull_request' | ||
run: | | ||
bumpver update -f --tag final | ||
echo "TARGET_ENV=OPS" >> $GITHUB_ENV | ||
- name: Set the target environment to ${{ env.TARGET_ENV }} | ||
id: set-env | ||
run: | | ||
echo "deploy_env=${{ env.TARGET_ENV }}" >> $GITHUB_OUTPUT | ||
# -- Build -- | ||
- name: Build lambda package | ||
run: | | ||
./build.sh | ||
- name: Upload packaged zip | ||
uses: actions/upload-artifact@v4 | ||
with: | ||
name: dist | ||
path: dist/*.zip | ||
- name: Set github SHA for deployment | ||
id: update-sha | ||
run: | | ||
SHA=$(git rev-parse HEAD) | ||
echo "github_sha=${SHA}" >> $GITHUB_OUTPUT | ||
deploy: | ||
name: Deploy | ||
needs: build | ||
# The type of runner that the job will run on | ||
runs-on: ubuntu-latest | ||
environment: | ||
name: ${{ needs.build.outputs.deploy_env }} | ||
if: | | ||
(github.ref == 'refs/heads/develop' && github.event_name != 'pull_request') || | ||
(github.ref == 'refs/heads/main' && github.event_name != 'pull_request') || | ||
(startsWith(github.ref, 'refs/heads/release') && github.event_name != 'pull_request') || | ||
github.event_name == 'workflow_dispatch' | ||
steps: | ||
- name: Configure AWS credentials | ||
uses: aws-actions/configure-aws-credentials@v4 | ||
with: | ||
aws-region: us-west-2 | ||
role-session-name: GitHubActions | ||
aws-access-key-id: ${{ secrets[vars.AWS_ACCESS_KEY_ID_SECRET_NAME] }} | ||
aws-secret-access-key: ${{ secrets[vars.AWS_SECRET_ACCESS_KEY_SECRET_NAME] }} | ||
mask-aws-account-id: true | ||
- uses: actions/checkout@v4 | ||
with: | ||
ref: ${{ needs.build.outputs.github_sha }} | ||
- uses: hashicorp/setup-terraform@v3 | ||
with: | ||
terraform_version: ${{ env.TERRAFORM_VERSION }} | ||
terraform_wrapper: false | ||
- name: Retrieve artifact from build step | ||
uses: actions/download-artifact@v4 | ||
with: | ||
name: dist | ||
path: dist/ | ||
- name: Deploy to ${{ needs.build.outputs.deploy_env }} | ||
id: terraform-deploy | ||
working-directory: terraform/ | ||
env: | ||
TF_VAR_edl_base_url: ${{ secrets.EDL_BASE_URL }} | ||
TF_VAR_edl_client_id: ${{ secrets.EDL_CLIENT_ID }} | ||
TF_VAR_edl_client_secret: ${{ secrets.EDL_CLIENT_SECRET }} | ||
TF_VAR_session_encryption_key: ${{ secrets.SESSION_ENCRYPTION_KEY }} | ||
TF_VAR_ingest_aws_account: ${{ secrets.INGEST_AWS_ACCOUNT }} | ||
TF_VAR_ingest_aws_role: ${{ secrets.INGEST_AWS_ROLE }} | ||
TF_VAR_sds_ca_cert_path: ${{ runner.temp }}/JPLICA.pem | ||
TF_VAR_sds_host: ${{ secrets.SDS_HOST }} | ||
TF_VAR_sds_username: ${{ secrets.SDS_USERNAME }} | ||
TF_VAR_sds_password: ${{ secrets.SDS_PASSWORD }} | ||
run: | | ||
echo "${{ secrets.JPLICA_CERT }}" >> ${{ runner.temp }}/JPLICA.pem | ||
source bin/config.sh ${{ vars.TF_VENUE }} | ||
terraform apply -auto-approve | ||
- name: Retrieve version number for notifications | ||
run: | | ||
VERSION=$(cat bumpver.toml|grep current_version |grep -v {version} |sed -E "s/current_version = //"|sed -E "s/\"//g") | ||
echo "SUBMODULE_VERSION=$VERSION">>$GITHUB_ENV | ||
- name: Send notifications to slack | ||
uses: slackapi/[email protected] | ||
env: | ||
SLACK_WEBHOOK_URL: ${{ secrets.NOTIFICATION_WEBHOOK_SWODLR }} | ||
with: | ||
payload: | | ||
{ | ||
"message": "${{ github.repository }} [version ${{ env.SUBMODULE_VERSION }}] has been deployed to the ${{ needs.build.outputs.deploy_env }} environment" | ||
} | ||
- name: Send failure notifications to slack | ||
if: failure() | ||
uses: slackapi/[email protected] | ||
env: | ||
SLACK_WEBHOOK_URL: ${{ secrets.NOTIFICATION_WEBHOOK_SWODLR }} | ||
with: | ||
payload: | | ||
{ | ||
"message": "ERROR: ${{ github.repository }} [version ${{ env.SUBMODULE_VERSION }}] has encountered an error while trying to deploy to the ${{ needs.build.outputs.deploy_env }} environment" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,202 @@ | ||
# macOS/IDE | ||
.DS_Store | ||
.vs_code/ | ||
|
||
# Byte-compiled / optimized / DLL files | ||
__pycache__/ | ||
*.py[cod] | ||
*$py.class | ||
|
||
# C extensions | ||
*.so | ||
|
||
# Distribution / packaging | ||
.Python | ||
build/ | ||
develop-eggs/ | ||
dist/ | ||
downloads/ | ||
eggs/ | ||
.eggs/ | ||
lib/ | ||
lib64/ | ||
parts/ | ||
sdist/ | ||
var/ | ||
wheels/ | ||
share/python-wheels/ | ||
*.egg-info/ | ||
.installed.cfg | ||
*.egg | ||
MANIFEST | ||
|
||
# PyInstaller | ||
# Usually these files are written by a python script from a template | ||
# before PyInstaller builds the exe, so as to inject date/other infos into it. | ||
*.manifest | ||
*.spec | ||
|
||
# Installer logs | ||
pip-log.txt | ||
pip-delete-this-directory.txt | ||
|
||
# Unit test / coverage reports | ||
htmlcov/ | ||
.tox/ | ||
.nox/ | ||
.coverage | ||
.coverage.* | ||
.cache | ||
nosetests.xml | ||
coverage.xml | ||
*.cover | ||
*.py,cover | ||
.hypothesis/ | ||
.pytest_cache/ | ||
cover/ | ||
|
||
# Translations | ||
*.mo | ||
*.pot | ||
|
||
# Django stuff: | ||
*.log | ||
local_settings.py | ||
db.sqlite3 | ||
db.sqlite3-journal | ||
|
||
# Flask stuff: | ||
instance/ | ||
.webassets-cache | ||
|
||
# Scrapy stuff: | ||
.scrapy | ||
|
||
# Sphinx documentation | ||
docs/_build/ | ||
|
||
# PyBuilder | ||
.pybuilder/ | ||
target/ | ||
|
||
# Jupyter Notebook | ||
.ipynb_checkpoints | ||
|
||
# IPython | ||
profile_default/ | ||
ipython_config.py | ||
|
||
# pyenv | ||
# For a library or package, you might want to ignore these files since the code is | ||
# intended to run in multiple environments; otherwise, check them in: | ||
# .python-version | ||
|
||
# pipenv | ||
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. | ||
# However, in case of collaboration, if having platform-specific dependencies or dependencies | ||
# having no cross-platform support, pipenv may install dependencies that don't work, or not | ||
# install all needed dependencies. | ||
#Pipfile.lock | ||
|
||
# poetry | ||
# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control. | ||
# This is especially recommended for binary packages to ensure reproducibility, and is more | ||
# commonly ignored for libraries. | ||
# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control | ||
#poetry.lock | ||
|
||
# pdm | ||
# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control. | ||
#pdm.lock | ||
# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it | ||
# in version control. | ||
# https://pdm.fming.dev/#use-with-ide | ||
.pdm.toml | ||
|
||
# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm | ||
__pypackages__/ | ||
|
||
# Celery stuff | ||
celerybeat-schedule | ||
celerybeat.pid | ||
|
||
# SageMath parsed files | ||
*.sage.py | ||
|
||
# Environments | ||
.env | ||
.envrc | ||
.venv | ||
env/ | ||
venv/ | ||
ENV/ | ||
env.bak/ | ||
venv.bak/ | ||
|
||
# Spyder project settings | ||
.spyderproject | ||
.spyproject | ||
|
||
# Rope project settings | ||
.ropeproject | ||
|
||
# mkdocs documentation | ||
/site | ||
|
||
# mypy | ||
.mypy_cache/ | ||
.dmypy.json | ||
dmypy.json | ||
|
||
# Pyre type checker | ||
.pyre/ | ||
|
||
# pytype static type analyzer | ||
.pytype/ | ||
|
||
# Cython debug symbols | ||
cython_debug/ | ||
|
||
# IDEs | ||
.idea/ | ||
.vscode/ | ||
pyrightconfig.json | ||
|
||
# Local .terraform directories | ||
**/.terraform/* | ||
|
||
# .tfstate files | ||
*.tfstate | ||
*.tfstate.* | ||
|
||
# Crash log files | ||
crash.log | ||
crash.*.log | ||
|
||
# Exclude all .tfvars files, which are likely to contain sensitive data, such as | ||
# password, private keys, and other secrets. These should not be part of version | ||
# control as they are data points which are potentially sensitive and subject | ||
# to change depending on the environment. | ||
*.tfvars | ||
*.tfvars.json | ||
|
||
# Ignore override files as they are usually used to override resources locally and so | ||
# are not checked in | ||
override.tf | ||
override.tf.json | ||
*_override.tf | ||
*_override.tf.json | ||
|
||
# Include override files you do wish to add to version control using negated pattern | ||
# !example_override.tf | ||
|
||
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan | ||
# example: *tfplan* | ||
|
||
# Ignore CLI configuration files | ||
.terraformrc | ||
terraform.rc | ||
|
||
/.jplcert/ | ||
/terraform/tfplan | ||
/.aws/ |
Oops, something went wrong.