Skip to content

Commit

Permalink
Merge 4a21f84 into e76c43b
Browse files Browse the repository at this point in the history
  • Loading branch information
@andrewpearce-digital
andrewpearce-digital authored Dec 6, 2023
2 parents e76c43b + 4a21f84 commit 49930e8
Show file tree
Hide file tree
Showing 8 changed files with 204 additions and 152 deletions.
77 changes: 62 additions & 15 deletions .github/workflows/docker_job.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,31 +26,56 @@ permissions:
jobs:
docker_build_scan_push:
strategy:
fail-fast: false
matrix:
include:
- ecr_repository: modernising-lpa/app
path: ./docker/mlpa/Dockerfile
platforms: linux/arm64
- ecr_repository: modernising-lpa/create-s3-batch-replication-job
path: ./lambda/create_s3_replication_job/Dockerfile
platforms: linux/amd64
- ecr_repository: modernising-lpa/event-received
path: ./docker/event-received/Dockerfile
platforms: linux/amd64
- ecr_repository: modernising-lpa/mock-onelogin
path: ./docker/mock-onelogin/Dockerfile
platforms: linux/amd64
runs-on: ubuntu-latest
name: ${{ matrix.ecr_repository }}
steps:
- uses: actions/checkout@v4
with:
ref: ${{ inputs.checkout_tag }}

- name: Set up QEMU
uses: docker/[email protected]
- name: Set up Docker Buildx
uses: docker/[email protected]
id: buildx_setup
with:
version: v0.12.0
platforms: linux/amd64,linux/arm64

- name: Build ${{ matrix.ecr_repository }} Image
id: build_image
run: |
docker build -f ${{ matrix.path }} -t ${{ matrix.ecr_repository }} --build-arg TAG=${{inputs.tag}} .
uses: docker/[email protected]
with:
context: .
file: ${{ matrix.path }}
# builder: ${{ steps.buildx_setup.outputs.name }}
platforms: linux/amd64
push: false
load: true
tags: |
${{ matrix.ecr_repository }}:${{ inputs.tag }}
build-args: |
TAG=${{inputs.tag}}
- name: Trivy Image Vulnerability Scanner for ${{ matrix.ecr_repository }}
id: trivy_scan
uses: aquasecurity/[email protected]
with:
image-ref: ${{ matrix.ecr_repository }}:latest
image-ref: ${{ matrix.ecr_repository }}:${{ inputs.tag }}
severity: 'HIGH,CRITICAL'
format: 'sarif'
output: 'trivy-results.sarif'
Expand All @@ -60,6 +85,7 @@ jobs:
if: always()
with:
sarif_file: 'trivy-results.sarif'

- uses: unfor19/install-aws-cli-action@v1
- name: Configure AWS Credentials
uses: aws-actions/[email protected]
Expand All @@ -74,14 +100,35 @@ jobs:
with:
mask-password: true
registries: 311462405659
- name: Push ${{ matrix.ecr_repository }} Image to ECR
env:
ECR_REGISTRY: ${{ steps.login_ecr.outputs.registry }}
ECR_REPOSITORY: ${{ matrix.ecr_repository }}
run: |
docker tag ${{ matrix.ecr_repository }}:latest $ECR_REGISTRY/$ECR_REPOSITORY:${{ inputs.tag }}
if ${{ github.workflow == 'Path To Live' }}; then
docker tag ${{ matrix.ecr_repository }}:latest $ECR_REGISTRY/$ECR_REPOSITORY:latest
docker tag ${{ matrix.ecr_repository }}:latest $ECR_REGISTRY/$ECR_REPOSITORY:main-${{ inputs.tag }}
fi
docker push --all-tags $ECR_REGISTRY/$ECR_REPOSITORY
- name: Push ${{ matrix.ecr_repository }} Image to ECR for PR
if: ${{ github.workflow != 'Path To Live' }}
uses: docker/[email protected]
with:
context: .
file: ${{ matrix.path }}
builder: ${{ steps.buildx_setup.outputs.name }}
push: true
platforms: ${{ matrix.platforms }}
tags: |
${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:${{ inputs.tag }}
build-args: |
TAG=${{inputs.tag}}
sbom: false
provenance: false

- name: Push ${{ matrix.ecr_repository }} Image to ECR for Path to Live
if: ${{ github.workflow == 'Path To Live' }}
uses: docker/[email protected]
with:
context: .
file: ${{ matrix.path }}
builder: ${{ steps.buildx_setup.outputs.name }}
push: true
platforms: ${{ matrix.platforms }}
tags: |
${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:main-${{ inputs.tag }}
${{ steps.login_ecr.outputs.registry }}/${{ matrix.ecr_repository }}:latest
build-args: |
TAG=${{inputs.tag}}
sbom: false
provenance: false
171 changes: 86 additions & 85 deletions .github/workflows/workflow_pr.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,65 +32,66 @@ jobs:
needs: detect_changes
uses: ./.github/workflows/tags_job.yml
with:
changes_detected: ${{ needs.detect_changes.outputs.changes_detected }}

go_unit_tests:
name: Run Go unit tests
if: needs.detect_changes.outputs.changes_detected == 'true'
needs: create_tags
uses: ./.github/workflows/go-unit-tests.yml
with:
tag: ${{ needs.create_tags.outputs.version_tag }}
commit_sha: ${{ github.event.pull_request.head.sha }}
branch: ${{ github.head_ref }}
secrets:
pact_broker_password: ${{ secrets.PACT_BROKER_PASSWORD }}
changes_detected: true
# changes_detected: ${{ needs.detect_changes.outputs.changes_detected }}

# go_unit_tests:
# name: Run Go unit tests
# if: needs.detect_changes.outputs.changes_detected == 'true'
# needs: create_tags
# uses: ./.github/workflows/go-unit-tests.yml
# with:
# tag: ${{ needs.create_tags.outputs.version_tag }}
# commit_sha: ${{ github.event.pull_request.head.sha }}
# branch: ${{ github.head_ref }}
# secrets:
# pact_broker_password: ${{ secrets.PACT_BROKER_PASSWORD }}

docker_build_scan_push:
name: Docker Build, Scan and Push
if: needs.detect_changes.outputs.changes_detected == 'true' &&
(needs.go_unit_tests.result == 'success' || needs.go_unit_tests.result == 'skipped')
# if: needs.detect_changes.outputs.changes_detected == 'true' &&
# (needs.go_unit_tests.result == 'success' || needs.go_unit_tests.result == 'skipped')
uses: ./.github/workflows/docker_job.yml
needs: [
go_unit_tests,
# go_unit_tests,
create_tags
]
with:
tag: ${{ needs.create_tags.outputs.version_tag }}

terraform_account_workflow_development:
name: TF Plan Dev Account
uses: ./.github/workflows/terraform_account_job.yml
with:
workspace_name: development
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}

terraform_account_workflow_preproduction:
name: TF Plan Preprod Account
needs: terraform_account_workflow_development
uses: ./.github/workflows/terraform_account_job.yml
with:
workspace_name: preproduction
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}

terraform_account_workflow_production:
name: TF Plan Prod Account
needs: terraform_account_workflow_development
uses: ./.github/workflows/terraform_account_job.yml
with:
workspace_name: production
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
# terraform_account_workflow_development:
# name: TF Plan Dev Account
# uses: ./.github/workflows/terraform_account_job.yml
# with:
# workspace_name: development
# secrets:
# aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
# aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}

# terraform_account_workflow_preproduction:
# name: TF Plan Preprod Account
# needs: terraform_account_workflow_development
# uses: ./.github/workflows/terraform_account_job.yml
# with:
# workspace_name: preproduction
# secrets:
# aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
# aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}

# terraform_account_workflow_production:
# name: TF Plan Prod Account
# needs: terraform_account_workflow_development
# uses: ./.github/workflows/terraform_account_job.yml
# with:
# workspace_name: production
# secrets:
# aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
# aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}

ui_tests_image:
name: Run Cypress UI Tests On Images
if: needs.detect_changes.outputs.changes_detected == 'true' &&
(needs.docker_build_scan_push.result == 'success' || needs.docker_build_scan_push.result == 'skipped')
# if: needs.detect_changes.outputs.changes_detected == 'true' &&
# (needs.docker_build_scan_push.result == 'success' || needs.docker_build_scan_push.result == 'skipped')
uses: ./.github/workflows/ui_test_job.yml
needs: [docker_build_scan_push, create_tags]
with:
Expand All @@ -106,13 +107,13 @@ jobs:

pr_deploy:
name: PR Environment Deploy
if: always() &&
(needs.go_unit_tests.result == 'success' || needs.go_unit_tests.result == 'skipped') &&
(needs.docker_build_scan_push.result == 'success' || needs.docker_build_scan_push.result == 'skipped') &&
(needs.ui_tests_image.result == 'success' || needs.ui_tests_image.result == 'skipped')
# if: always() &&
# # (needs.go_unit_tests.result == 'success' || needs.go_unit_tests.result == 'skipped') &&
# (needs.docker_build_scan_push.result == 'success' || needs.docker_build_scan_push.result == 'skipped') &&
# (needs.ui_tests_image.result == 'success' || needs.ui_tests_image.result == 'skipped')
needs: [
create_tags,
go_unit_tests,
# go_unit_tests,
docker_build_scan_push,
ui_tests_image
]
Expand Down Expand Up @@ -145,37 +146,37 @@ jobs:
cypress_record_key: ${{ secrets.CYPRESS_RECORD_KEY }}
github_access_token: ${{ secrets.GITHUB_TOKEN }}

always_remove_ingress:
name: Remove CI ingress from environment
if: always()
uses: ./.github/workflows/remove_ingress_job.yml
needs: [ui_tests_pr_env, pr_deploy]
with:
environment_config_json: ${{ needs.pr_deploy.outputs.environment_config_json }}
secrets:
aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}

end_of_pr_workflow:
name: End of PR Workflow
runs-on: ubuntu-latest
if: always()
environment:
name: "dev_${{ needs.create_tags.outputs.environment_workspace_name }}"
url: "https://${{ needs.pr_deploy.outputs.url }}"
needs: [pr_deploy, create_tags, ui_tests_pr_env]
steps:
- name: End of PR Workflow
run: |
echo "${{ needs.pr_deploy.outputs.terraform_workspace_name }} PR environment tested, built and deployed"
echo "Tag Deployed: ${{ needs.pr_deploy.outputs.terraform_container_version }}"
echo "URL: https://${{ needs.pr_deploy.outputs.url }}"
if ${{ contains(needs.ui_tests_pr_env.result,'success') }}
then
echo "PR environment tested, built and deployed"
exit 0
else
echo "PR environment tested, built and deployed but UI tests failed"
exit 1
fi
# always_remove_ingress:
# name: Remove CI ingress from environment
# if: always()
# uses: ./.github/workflows/remove_ingress_job.yml
# needs: [ui_tests_pr_env, pr_deploy]
# with:
# environment_config_json: ${{ needs.pr_deploy.outputs.environment_config_json }}
# secrets:
# aws_access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
# aws_secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}

# end_of_pr_workflow:
# name: End of PR Workflow
# runs-on: ubuntu-latest
# if: always()
# environment:
# name: "dev_${{ needs.create_tags.outputs.environment_workspace_name }}"
# url: "https://${{ needs.pr_deploy.outputs.url }}"
# needs: [pr_deploy, create_tags, ui_tests_pr_env]
# steps:
# - name: End of PR Workflow
# run: |
# echo "${{ needs.pr_deploy.outputs.terraform_workspace_name }} PR environment tested, built and deployed"
# echo "Tag Deployed: ${{ needs.pr_deploy.outputs.terraform_container_version }}"
# echo "URL: https://${{ needs.pr_deploy.outputs.url }}"

# if ${{ contains(needs.ui_tests_pr_env.result,'success') }}
# then
# echo "PR environment tested, built and deployed"
# exit 0
# else
# echo "PR environment tested, built and deployed but UI tests failed"
# exit 1
# fi
8 changes: 4 additions & 4 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,16 +43,16 @@ endif
go test -coverprofile=$(t) $(path) && go tool cover -html=$(t) && unlink $(t)

down: ##@build Takes all containers down
docker compose -f docker/docker-compose.yml -f docker/docker-compose.dev.yml down
COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_BUILDKIT=1 DOCKER_DEFAULT_PLATFORM=linux/arm64 docker compose -f docker/docker-compose.yml -f docker/docker-compose.dev.yml down

up: ##@build Builds and brings the app up
docker compose -f docker/docker-compose.yml up -d --build --remove-orphans app
COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_BUILDKIT=1 DOCKER_DEFAULT_PLATFORM=linux/arm64 docker compose -f docker/docker-compose.yml up -d --build --remove-orphans app

up-dev: ##@build Builds the app and brings up via Air hot reload with Delve debugging enabled using amd binaries
docker compose -f docker/docker-compose.yml -f docker/docker-compose.dev.yml up -d --build --force-recreate --remove-orphans app
COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_BUILDKIT=1 DOCKER_DEFAULT_PLATFORM=linux/amd64 docker compose -f docker/docker-compose.yml -f docker/docker-compose.dev.yml up -d --build --force-recreate --remove-orphans app

up-dev-arm: ##@build Builds the app and brings up via Air hot reload with Delve debugging enabled using arm binaries
ARCH=arm64 docker compose -f docker/docker-compose.yml -f docker/docker-compose.dev.yml up -d --build --force-recreate --remove-orphans app
COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_BUILDKIT=1 DOCKER_DEFAULT_PLATFORM=linux/arm64 docker compose -f docker/docker-compose.yml -f docker/docker-compose.dev.yml up -d --build --force-recreate --remove-orphans app

run-cypress: ##@testing Runs cypress e2e tests. To run a specific spec file pass in spec e.g. make run-cypress spec=start
ifdef spec
Expand Down
14 changes: 7 additions & 7 deletions docker/event-received/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,21 +2,21 @@ FROM golang:1.21.4-alpine as build

WORKDIR /app

COPY go.mod go.sum ./
COPY --link go.mod go.sum ./
RUN go mod download

COPY cmd/event-received ./cmd/event-received
COPY internal ./internal
COPY --link cmd/event-received ./cmd/event-received
COPY --link internal ./internal

RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -tags lambda.norpc -o event-received ./cmd/event-received
RUN GOOS=linux GOARCH=${TARGETPLATFORM} CGO_ENABLED=0 go build -tags lambda.norpc -o event-received ./cmd/event-received

FROM public.ecr.aws/lambda/provided:al2 AS dev

WORKDIR /app

COPY --from=build /app/event-received /var/task/event-received
COPY lang ./lang
COPY docker/event-received/aws-lambda-rie ./aws-lambda-rie
COPY --link lang ./lang
COPY --link docker/event-received/aws-lambda-rie ./aws-lambda-rie

ENTRYPOINT ["./event-received"]

Expand All @@ -29,6 +29,6 @@ RUN curl -O https://lambda-insights-extension.s3-ap-northeast-1.amazonaws.com/am
rm -f lambda-insights-extension.rpm ;

COPY --from=build /app/event-received ./event-received
COPY lang ./lang
COPY --link lang ./lang

ENTRYPOINT ["./event-received"]
Loading

0 comments on commit 49930e8

Please sign in to comment.