Skip to content

Commit

Permalink
Build PR environments
Browse files Browse the repository at this point in the history
To test the current configuration

#major
  • Loading branch information
gregtyler committed Sep 29, 2023
1 parent 6ea60f5 commit 7d3314f
Show file tree
Hide file tree
Showing 4 changed files with 174 additions and 28 deletions.
90 changes: 90 additions & 0 deletions .github/workflows/build-push-images.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
name: "[Job] Docker Build, Scan and Push to ECR"

on:
workflow_call:
inputs:
docker_tag:
description: "Tag for docker image"
required: true
type: string
checkout_tag:
description: "Ref or tag to checkout"
default: ${{ github.ref }}
required: false
type: string

defaults:
run:
shell: bash

permissions:
id-token: write
contents: write
security-events: write
pull-requests: read

jobs:
docker_build_scan_push:
strategy:
matrix:
include:
- ecr_repository: lpa-store/lambda/api-create
dir: create
runs-on: ubuntu-latest
name: ${{ matrix.ecr_repository }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.checkout_tag }}
- name: Build ${{ matrix.ecr_repository }} Image
id: build_image
run: |
docker build -f ./lambda/Dockerfile -t ${{ matrix.ecr_repository }} --build-arg DIR=${{ matrix.dir }} .
- name: Trivy Image Vulnerability Scanner for ${{ matrix.ecr_repository }}
id: trivy_scan
uses: aquasecurity/[email protected]
with:
image-ref: ${{ matrix.ecr_repository }}:latest
severity: "HIGH,CRITICAL"
format: "sarif"
output: "trivy-results.sarif"
- name: Upload Trivy scan results to GitHub Security tab for ${{ matrix.ecr_repository }}
id: trivy_upload_sarif
uses: github/codeql-action/upload-sarif@v2
if: always()
with:
sarif_file: "trivy-results.sarif"
- uses: unfor19/install-aws-cli-action@v1
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-west-1
role-to-assume: arn:aws:iam::311462405659:role/lpa-store-ci
role-duration-seconds: 3600
role-session-name: GitHubActions
- name: ECR Login
id: login_ecr
uses: aws-actions/[email protected]
with:
mask-password: true
registries: 311462405659
- name: Output push intentions
env:
ECR_REGISTRY: ${{ steps.login_ecr.outputs.registry }}
ECR_REPOSITORY: ${{ matrix.ecr_repository }}
run: |
docker tag ${{ matrix.ecr_repository }}:latest $ECR_REGISTRY/$ECR_REPOSITORY:${{ inputs.docker_tag }}
echo "Would push $ECR_REGISTRY/$ECR_REPOSITORY"
# - name: Push ${{ matrix.ecr_repository }} Image to ECR
# env:
# ECR_REGISTRY: ${{ steps.login_ecr.outputs.registry }}
# ECR_REPOSITORY: ${{ matrix.ecr_repository }}
# run: |
# docker tag ${{ matrix.ecr_repository }}:latest $ECR_REGISTRY/$ECR_REPOSITORY:${{ inputs.docker_tag }}
# if ${{ github.workflow == 'Path To Live' }}; then
# docker tag ${{ matrix.ecr_repository }}:latest $ECR_REGISTRY/$ECR_REPOSITORY:latest
# docker tag ${{ matrix.ecr_repository }}:latest $ECR_REGISTRY/$ECR_REPOSITORY:main-${{ inputs.docker_tag }}
# fi
# docker push --all-tags $ECR_REGISTRY/$ECR_REPOSITORY
27 changes: 0 additions & 27 deletions .github/workflows/build.yml

This file was deleted.

2 changes: 1 addition & 1 deletion .github/workflows/validate-api.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
name: Validate
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-node@v3
Expand Down
83 changes: 83 additions & 0 deletions .github/workflows/workflow-pr.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
name: Test & Build

on:
pull_request:
branches:
- main
workflow_dispatch:

defaults:
run:
shell: bash

jobs:
generate-tags:
name: Generate tags
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: "0"
- name: Extract branch name
id: extract_branch
run: |
if [ "$GITHUB_EVENT_NAME" == "push" ]; then
echo BRANCH_NAME=main >> $GITHUB_ENV
else
branch=${{ github.head_ref }}
branch=${branch//-}
branch=${branch//_}
branch=${branch//\/}
echo BRANCH_NAME=${branch} >> $GITHUB_ENV
fi
- name: Bump version
id: bump_version
uses: anothrNick/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
INITIAL_VERSION: 0.0.0
DEFAULT_BUMP: minor
PRERELEASE: true
PRERELEASE_SUFFIX: ${{ env.BRANCH_NAME }}
RELEASE_BRANCHES: main
WITH_V: true
outputs:
docker_tag: ${{ steps.bump_version.outputs.tag }}

generate-environment-workspace-name:
runs-on: ubuntu-latest
steps:
- name: Generate workspace name
id: name_workspace
run: |
workspace=${{ github.event.number }}${{ github.head_ref }}
workspace=${workspace//-}
workspace=${workspace//_}
workspace=${workspace//\/}
workspace=${workspace:0:11}
workspace=$(echo ${workspace} | tr '[:upper:]' '[:lower:]')
echo "name=${workspace}" >> $GITHUB_OUTPUT
echo ${workspace}
outputs:
environment_workspace_name: ${{ steps.name_workspace.outputs.name }}

build:
name: Build, Scan & Push Images
needs: [generate-tags]
uses: ./.github/workflows/build-push-images.yml
with:
docker_tag: ${{ needs.generate-tags.outputs.docker_tag }}
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

# deploy-pr-env:
# name: Deploy PR Environment
# needs: [build, generate-environment-workspace-name]
# uses: ./.github/workflows/deploy.yml
# with:
# workspace_name: ${{ needs.generate-environment-workspace-name.outputs.environment_workspace_name }}
# version_tag: ${{ needs.generate-tags.outputs.docker_tag }}
# secrets:
# aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}
# aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

0 comments on commit 7d3314f

Please sign in to comment.