-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
UML-2732 Build and use container image for Lambda function
- Loading branch information
Sam Ainsworth
committed
Apr 23, 2024
1 parent
65276a0
commit adc15fd
Showing
31 changed files
with
679 additions
and
382 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
documentation: | ||
- changed-files: | ||
- any-glob-to-any-file: docs/** | ||
|
||
terraform: | ||
- changed-files: | ||
- any-glob-to-any-file: terraform/** | ||
|
||
github_actions: | ||
- changed-files: | ||
- any-glob-to-any-file: .github/workflows/** | ||
|
||
docker: | ||
- changed-files: | ||
- any-glob-to-any-file: | ||
- '**/Dockerfile' | ||
- '**/docker-compose*' | ||
|
||
python: | ||
- changed-files: | ||
- any-glob-to-any-file: | ||
- '**/*.py' | ||
- '**/requirements*.txt' | ||
|
||
php: | ||
- changed-files: | ||
- any-glob-to-any-file: '**/*.php' | ||
|
||
go: | ||
- changed-files: | ||
- any-glob-to-any-file: '**/*.go' | ||
|
||
javascript: | ||
- changed-files: | ||
- any-glob-to-any-file: '**/*.js' | ||
|
||
dependencies: | ||
- changed-files: | ||
- any-glob-to-any-file: | ||
- '**/requirements*.txt' | ||
- '**/package*.json' | ||
- '**/yarn*.lock' | ||
- '**/Gemfile*' | ||
- '**/composer*.json' | ||
- '**/go.mod' | ||
- '**/go.sum' | ||
- '**/vendor/**' | ||
- '**/node_modules/**' | ||
- '**/vendor/**' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,107 @@ | ||
permissions: | ||
actions: read | ||
checks: read | ||
contents: read | ||
deployments: none | ||
issues: none | ||
packages: none | ||
pull-requests: none | ||
repository-projects: none | ||
security-events: write | ||
statuses: none | ||
|
||
on: | ||
workflow_call: | ||
inputs: | ||
build_latest: | ||
description: Branch name | ||
type: boolean | ||
default: false | ||
semver_tag: | ||
description: Semver tag | ||
required: true | ||
type: string | ||
outputs: | ||
ecr_image_uri: | ||
value: '${{ jobs.docker_build_scan_push.outputs.ecr_image_uri }}' | ||
description: ECR image URI | ||
|
||
jobs: | ||
docker_build_scan_push: | ||
name: 'Build, Scan and Push Lambdas' | ||
runs-on: ubuntu-latest | ||
outputs: | ||
ecr_image_uri: ${{ steps.login_ecr.outputs.registry }}/${{ matrix.data.ecr_repository }}/${{ matrix.data.name }}:${{ inputs.semver_tag }} | ||
strategy: | ||
matrix: | ||
data: | ||
- name: lpa-data-lambda | ||
docker_build_directory: lambda_functions/v1 | ||
ecr_repository: integrations | ||
dockerfile: Function | ||
env: | ||
sarif_file: trivy-results.sarif | ||
steps: | ||
- uses: actions/checkout@v4 | ||
|
||
- name: Configure AWS Credentials With Assumed Role to Management | ||
uses: aws-actions/configure-aws-credentials@v4 | ||
with: | ||
aws-access-key-id: '${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}' | ||
aws-secret-access-key: '${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}' | ||
aws-region: eu-west-1 | ||
role-to-assume: 'arn:aws:iam::311462405659:role/integrations-ci' | ||
role-duration-seconds: 900 | ||
role-session-name: OPGLPADataGithubAction | ||
|
||
- name: ECR Login | ||
id: login_ecr | ||
uses: aws-actions/[email protected] | ||
with: | ||
registries: 311462405659 | ||
|
||
- name: Generate tags for Docker | ||
env: | ||
SEMVER_TAG: '${{ inputs.semver_tag }}' | ||
ECR_REGISTRY: '${{ steps.login_ecr.outputs.registry }}' | ||
ECR_REPOSITORY: '${{ matrix.data.ecr_repository }}/${{ matrix.data.name }}' | ||
id: docker_tags | ||
run: > | ||
if ${{ inputs.build_latest }}; then | ||
echo "tags=$ECR_REGISTRY/$ECR_REPOSITORY:latest,$ECR_REGISTRY/$ECR_REPOSITORY:$SEMVER_TAG" >> $GITHUB_OUTPUT | ||
else | ||
echo "tags=$ECR_REGISTRY/$ECR_REPOSITORY:$SEMVER_TAG" >> $GITHUB_OUTPUT | ||
fi | ||
echo "semver_tag=$ECR_REGISTRY/$ECR_REPOSITORY:$SEMVER_TAG" >> | ||
$GITHUB_OUTPUT | ||
- name: Set up QEMU | ||
uses: docker/setup-qemu-action@v3 | ||
- name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v3 | ||
- name: Build and push | ||
uses: docker/build-push-action@v5 | ||
with: | ||
context: . | ||
platforms: 'linux/amd64' | ||
file: >- | ||
${{ matrix.data.docker_build_directory }}/Dockerfile-${{ | ||
matrix.data.dockerfile }} | ||
push: true | ||
tags: '${{ steps.docker_tags.outputs.tags }}' | ||
provenance: false | ||
|
||
- name: Trivy scan | ||
uses: aquasecurity/[email protected] | ||
with: | ||
image-ref: '${{ steps.docker_tags.outputs.semver_tag }}' | ||
severity: 'HIGH,CRITICAL' | ||
format: sarif | ||
output: '${{ env.sarif_file }}' | ||
|
||
- name: Trivy scan upload to github | ||
uses: github/codeql-action/upload-sarif@v3 | ||
if: always() | ||
with: | ||
sarif_file: '${{ env.sarif_file }}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
permissions: | ||
actions: read | ||
checks: read | ||
contents: read | ||
deployments: none | ||
issues: none | ||
packages: none | ||
pull-requests: none | ||
repository-projects: none | ||
security-events: write | ||
statuses: none | ||
|
||
on: | ||
workflow_call: | ||
inputs: | ||
environment_name: | ||
description: 'The name of the environment' | ||
required: true | ||
type: string | ||
working_directory: | ||
description: 'Working Directory to run tests from' | ||
required: true | ||
type: string | ||
tests_directory: | ||
description: 'Directory containing Pytest tests' | ||
required: true | ||
type: string | ||
secrets: | ||
AWS_ACCESS_KEY_ID_ACTIONS: | ||
description: 'AWS Access Key ID' | ||
required: false | ||
AWS_SECRET_ACCESS_KEY_ACTIONS: | ||
description: 'AWS Secret Access Key' | ||
required: false | ||
|
||
jobs: | ||
integration_tests: | ||
name: Run integration tests | ||
runs-on: ubuntu-latest | ||
env: | ||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | ||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | ||
strategy: | ||
matrix: | ||
python-version: ["3.10", "3.12"] | ||
steps: | ||
- name: Check out code | ||
uses: actions/checkout@v4 | ||
|
||
- name: Configure AWS Credentials For integration tests | ||
uses: aws-actions/configure-aws-credentials@v4 | ||
if: ${{ env.AWS_ACCESS_KEY_ID != '' && env.AWS_SECRET_ACCESS_KEY != '' }} | ||
with: | ||
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | ||
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | ||
aws-region: eu-west-1 | ||
role-duration-seconds: 900 | ||
role-session-name: GitHubActionsIntegrationTests | ||
|
||
- name: Setup Python | ||
uses: actions/setup-python@9a7ac94420f42ee15fc60ab88d0dca4be1fd5757 | ||
with: | ||
python-version: ${{ matrix.python-version }} | ||
|
||
- name: Install integration test requirements.txt | ||
run: | | ||
python -m pip install --upgrade pip | ||
pip install -r ${{ inputs.tests_directory }}/requirements.txt | ||
- name: Run tests with Pytest | ||
env: | ||
ENVIRONMENT_NAME: ${{ inputs.environment_name }} | ||
working-directory: ${{ inputs.working_directory }} | ||
run: | | ||
coverage run -m pytest -v -s | ||
- name: Generate Coverage Report | ||
working-directory: ${{ inputs.working_directory }} | ||
run: | | ||
coverage report -m |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
permissions: | ||
actions: read | ||
checks: read | ||
contents: read | ||
deployments: none | ||
issues: none | ||
packages: none | ||
pull-requests: none | ||
repository-projects: none | ||
security-events: write | ||
statuses: none | ||
|
||
on: | ||
workflow_call: null | ||
|
||
jobs: | ||
run_unit_tests: | ||
runs-on: ubuntu-latest | ||
strategy: | ||
matrix: | ||
python-version: ["3.10", "3.12"] | ||
steps: | ||
- uses: actions/checkout@v4 | ||
|
||
- uses: actions/setup-python@v5 | ||
with: | ||
python-version: ${{ matrix.python-version }} | ||
|
||
- uses: unfor19/install-aws-cli-action@v1 | ||
|
||
- name: Install flake8 | ||
run: pip3 install flake8 | ||
|
||
- name: Run Flask8 | ||
run: 'flake8 --ignore Q000,W503 lambda_functions' | ||
|
||
- name: Build Unit Test Container | ||
run: docker compose -f docker-compose.yml build unit-test-lpa-data | ||
|
||
- name: Run Unit Tests | ||
run: docker compose -f docker-compose.yml up unit-test-lpa-data |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -16,9 +16,14 @@ jobs: | |
runs-on: "ubuntu-latest" | ||
steps: | ||
- uses: actions/checkout@v4 | ||
- name: Set terraform version - environment | ||
id: terraform_version_environment | ||
uses: ministryofjustice/opg-github-actions/.github/actions/[email protected] | ||
with: | ||
terraform_directory: "./terraform/environment" | ||
- uses: hashicorp/setup-terraform@v3 | ||
with: | ||
terraform_version: 1.2.4 | ||
terraform_version: ${{ steps.terraform_version_environment.outputs.version }} | ||
terraform_wrapper: false | ||
- name: Install workspace manager | ||
run: | | ||
|
Oops, something went wrong.