This repository has been archived by the owner on Oct 18, 2023. It is now read-only.
update terraform to provision endpoints - change docker script #129
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is the main build pipeline that verifies and publishes the software | |
| name: Build | |
| # Controls when the workflow will run | |
| on: | |
| # Triggers the workflow on push events | |
| push: | |
| branches: | |
| - main | |
| - develop | |
| - 'release/**' | |
| - 'feature/**' | |
| - 'issue/**' | |
| - 'issues/**' | |
| - 'dependabot/**' | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| PROJECT_ NAME: podaac/hydrocronapi-api | |
| jobs: | |
| # First job in the workflow installs and verifies the software | |
| build: | |
| name: Build, Test, Deploy | |
| # The type of runner that the job will run on | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Checkout | |
| - name: Checkout project to build and deploy | |
| uses: actions/checkout@v2 | |
| ## Read the json file into the environment variables | |
| - name: JSON to variables | |
| uses: rgarcia-phi/[email protected] | |
| with: | |
| filename: 'package.json' | |
| prefix: project | |
| ## Set environment variables | |
| - name: Configure Initial YAML file and environment variables | |
| run: | | |
| echo "THE_VERSION=${{ env.project_version }}" >> $GITHUB_ENV; | |
| echo "GIT_BRANCH=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV; | |
| GITHUB_REF_READABLE="${GITHUB_REF//\//-}" | |
| echo "GITHUB_REF_READABLE=${GITHUB_REF_READABLE}" >> $GITHUB_ENV | |
| echo "TARGET_ENV_UPPERCASE=SIT" >> $GITHUB_ENV | |
| ## NPM Tagging | |
| - name: Pre Alpha | |
| #if: | | |
| # startsWith(github.ref, 'refs/heads/issue') || | |
| # startsWith(github.ref, 'refs/heads/dependabot/') || | |
| # startsWith(github.ref, 'refs/heads/feature/') | |
| run: | | |
| echo "THE_ENV=sit" >> $GITHUB_ENV | |
| echo "TARGET_ENV_UPPERCASE=SIT" >> $GITHUB_ENV | |
| echo "THE_VERSION=$(npm --no-git-tag-version --allow-same-version version ${{ env.THE_VERSION }}-${GITHUB_SHA})" >> $GITHUB_ENV | |
| ## Set Alpha variables | |
| - name: Alpha | |
| if: github.ref == 'refs/heads/develop' | |
| run: | | |
| echo "THE_ENV=sit" >> $GITHUB_ENV | |
| echo "TARGET_ENV_UPPERCASE=SIT" >> $GITHUB_ENV | |
| echo "THE_VERSION=$(npm --no-git-tag-version version prerelease)" >> $GITHUB_ENV | |
| ## Bump RC Version | |
| - name: Bump rc version | |
| # If triggered by push to a release branch | |
| if: ${{ startsWith(github.ref, 'refs/heads/release/') }} | |
| env: | |
| # True if the version already has a 'rc' pre-release identifier | |
| BUMP_RC: ${{ contains(env.project_version, 'rc') }} | |
| RELEASE_VERSION: ${THE_BRANCH//*\/} | |
| run: | | |
| if [ "$BUMP_RC" == true ]; then | |
| echo "THE_VERSION=$(npm --no-git-tag-version version prerelease --preid rc)" >> $GITHUB_ENV | |
| else | |
| echo "THE_VERSION=$(npm --no-git-tag-version version ${GITHUB_REF#refs/heads/release/}-rc.1)" >> $GITHUB_ENV | |
| fi | |
| echo "THE_ENV=uat" >> $GITHUB_ENV | |
| echo "TARGET_ENV_UPPERCASE=UAT" >> $GITHUB_ENV | |
| ## Set Release variables | |
| - name: Release | |
| if: ${{ startsWith(github.ref, 'refs/heads/main') }} | |
| run: | | |
| echo "THE_ENV=ops" >> $GITHUB_ENV | |
| echo "TARGET_ENV_UPPERCASE=OPS" >> $GITHUB_ENV | |
| echo "Modifying version number ${{ env.project_version}}" | |
| THE_VERSION=${{ env.project_version }} | |
| echo "THE_VERSION=${THE_VERSION//-*}" >> $GITHUB_ENV | |
| npm --no-git-tag-version version ${THE_VERSION//-*} | |
| - name: Setup local DynamoDB | |
| if: ${{ startsWith(github.ref, 'test') }} | |
| run: docker run -d -p 8000:8000 amazon/dynamodb-local | |
| - name: Lint and Flake Install | |
| if: ${{ startsWith(github.ref, 'test') }} | |
| run: | | |
| pip3 install -U pip pylint | |
| pip3 install -U pip flake8 | |
| pip3 install -U pip boto3 | |
| pip3 install -U pip geopandas | |
| pip3 install -U pip pytest | |
| pip3 install -U pip connexion | |
| pip3 install -U pip flask_testing | |
| pip3 install -U pip pytest-dynamodb | |
| - name: Load sample | |
| if: ${{ startsWith(github.ref, 'test') }} | |
| run: python3 tests/example_load_data.py | |
| - name: Test with pytest | |
| if: ${{ startsWith(github.ref, 'test') }} | |
| run: pytest tests/test_api.py | |
| - name: Commit Version Bump | |
| # If building develop, a release branch, or main then we commit the version bump back to the repo | |
| if: | | |
| github.ref == 'refs/heads/develop' || | |
| github.ref == 'refs/heads/main' || | |
| startsWith(github.ref, 'refs/heads/release') | |
| run: | | |
| git config --global user.name 'hydrocronapi-api bot' | |
| git config --global user.email '[email protected]' | |
| git commit -am "/version ${{ env.THE_VERSION }}" | |
| git push | |
| - name: Push Tag | |
| if: | | |
| github.ref == 'refs/heads/develop' || | |
| github.ref == 'refs/heads/main' || | |
| startsWith(github.ref, 'refs/heads/release') | |
| run: | | |
| git config user.name "${GITHUB_ACTOR}" | |
| git config user.email "${GITHUB_ACTOR}@users.noreply.github.com" | |
| git tag -a "${{ env.THE_VERSION }}" -m "Version ${{ env.THE_VERSION }}" | |
| git push origin "${{ env.THE_VERSION }}" | |
| # Setup Node to install and test | |
| - name: Setup Node | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 14 | |
| - name: NPM install & NPM Lint | |
| if: ${{ startsWith(github.ref, 'test') }} | |
| run: | | |
| npm install | |
| npm run lint | |
| # Setup docker to build and push images | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Deploy Env Override | |
| if: | | |
| github.event.head_commit.message == '/deploy sit' || | |
| github.event.head_commit.message == '/deploy uat' | |
| run: | | |
| message="${{ github.event.head_commit.message }}" | |
| trimmed_message=${message:1} # Remove leading slash | |
| override_env=$(echo "$trimmed_message" | grep -oE '[^[:space:]]+$') | |
| override_env_upper=$(echo "$trimmed_message" | awk '{print toupper($NF)}') | |
| echo "THE_ENV=${override_env}" >> $GITHUB_ENV | |
| echo "TARGET_ENV_UPPERCASE=${override_env_upper}" >> $GITHUB_ENV | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=semver,pattern={{version}},value=${{ env.THE_VERSION }} | |
| type=raw,value=${{ env.THE_ENV }} | |
| - name: Build and push Docker image | |
| if: | | |
| github.ref == 'refs/heads/develop' || | |
| github.ref == 'refs/heads/main' || | |
| startsWith(github.ref, 'refs/heads/release') || | |
| github.event.head_commit.message == '/deploy sit' || | |
| github.event.head_commit.message == '/deploy uat' | |
| uses: docker/build-push-action@v3 | |
| with: | |
| context: . | |
| file: docker/Dockerfile | |
| push: true | |
| pull: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| # Setup Terraform to Deploy | |
| - name: Configure AWS Credentials as Environment Variables | |
| run: echo "AWS_ACCESS_KEY_ID=${{ secrets[format('AWS_ACCESS_KEY_ID_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }}" >> $GITHUB_ENV | | |
| echo "AWS_SECRET_ACCESS_KEY=${{ secrets[format('AWS_SECRET_ACCESS_KEY_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }}" >> $GITHUB_ENV | |
| - name: Validate AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-region: us-west-2 | |
| role-session-name: GitHubActions | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets[format('AWS_ACCESS_KEY_ID_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets[format('AWS_SECRET_ACCESS_KEY_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }} | |
| - run: aws sts get-caller-identity | |
| #- name: upload image to ECR | |
| # uses: appleboy/docker-ecr-action@master | |
| # with: | |
| # access_key: ${{ secrets[format('AWS_ACCESS_KEY_ID_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }} | |
| # secret_key: ${{ secrets[format('AWS_SECRET_ACCESS_KEY_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }} | |
| # registry: ${{ env.REGISTRY }} | |
| # repo: hydrocron-api | |
| # region: us-west-2 | |
| # auto_tag: true | |
| # daemon_off: false | |
| # dockerfile: docker/Dockerfile | |
| # context: example | |
| #- name: Build and deploy docker to ECR | |
| # run: | | |
| # aws configure get ngap-service-sit.${{ secrets[format('AWS_ACCESS_KEY_ID_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }} | |
| # aws configure get ngap-service-sit.${{ secrets[format('AWS_SECRET_ACCESS_KEY_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }} | |
| # bash ./docker/build-docker.sh -n podaac-hydrocron -v ${{ env.THE_VERSION }} | |
| # bash ./docker/push-docker-ecr.sh --aws-account ${{ secrets[format('AWS_ACCESS_KEY_ID_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }} --docker-tag ${{ env.DOCKER_METADATA_OUTPUT_TAGS }} --tf-venue "SIT" | |
| - uses: hashicorp/[email protected] | |
| with: | |
| terraform_version: 1.0.3 | |
| - name: Deploy Terraform | |
| #if: | | |
| # github.ref == 'refs/heads/develop' || | |
| # github.ref == 'refs/heads/main' || | |
| # startsWith(github.ref, 'refs/heads/release') || | |
| # github.event.head_commit.message == '/deploy sit' || | |
| # github.event.head_commit.message == '/deploy uat' | |
| working-directory: terraform/ | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets[format('AWS_ACCESS_KEY_ID_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets[format('AWS_SECRET_ACCESS_KEY_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }} | |
| AWS_DEFAULT_REGION: us-west-2 | |
| TF_VAR_hydrocronapi_api_docker_image: "podaac/podaac-cloud/podaac-hydrocron:${{ env.THE_VERSION }}" | |
| run: | | |
| source bin/config.sh ${{ env.THE_ENV }} | |
| terraform plan -var-file=tfvars/"${{ env.THE_ENV }}".tfvars -var="app_version=${{ env.THE_VERSION }}" -out="tfplan" | |
| terraform apply -auto-approve tfplan |