fix: dependency-conflicts between werkzeug moto MarkupSafe #348
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy cases | |
on: | |
push: | |
paths: | |
- 'infra/api/**.py' | |
- 'infra/**.tf' | |
- 'html/**' | |
- '.github/workflows/deploy_push.yml' | |
- 'requirements.txt' | |
jobs: | |
deploy: | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
contents: read | |
env: | |
# All TF variables are define din Terraform Cloud | |
API_KEY_TEST_MAIL: ${{secrets.API_KEY_TEST_MAIL}} | |
TEST_MAIL_NAMESPACE: ${{secrets.TEST_MAIL_NAMESPACE}} | |
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} | |
TFE_TOKEN: ${{ secrets.TFE_TOKEN }} | |
steps: | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 # ratchet:aws-actions/configure-aws-credentials@v1 | |
with: | |
role-to-assume: arn:aws:iam::053932140667:role/mongulu-github | |
role-session-name: mtchoun-mouh-deployment | |
aws-region: eu-central-1 | |
- name: Checkout | |
uses: actions/checkout@e2f20e631ae6d7dd3b768f56a5d2af784dd54791 # ratchet:actions/checkout@v2 | |
- name: Install terraform | |
uses: hashicorp/setup-terraform@d22444889af304a44b997011fbabb81ff705a7b4 # ratchet:hashicorp/[email protected] | |
with: | |
terraform_wrapper: false | |
- name: Install tfcmt | |
uses: shmokmt/actions-setup-tfcmt@v2 | |
- name: Install github-comments | |
uses: shmokmt/actions-setup-github-comment@v2 | |
- name: Terraform fmt | |
id: fmt | |
run: terraform fmt -check | |
continue-on-error: false | |
- name: Create Terraform Workspace | |
run: | | |
PAYLOAD=$(cat <<EOF | |
{ | |
"data": { | |
"type": "workspaces", | |
"attributes": { | |
"name": "mtchoun-mouh-$GITHUB_REF_NAME", | |
"auto-apply": false | |
}, | |
"relationships": { | |
"project": { | |
"data": { | |
"type": "projects", | |
"id": "prj-85RQA1k2XSPQiwqJ" | |
} | |
} | |
} | |
} | |
} | |
EOF | |
) | |
curl \ | |
--header "Authorization: Bearer ${{ secrets.TF_API_TOKEN }}" \ | |
--header "Content-Type: application/vnd.api+json" \ | |
--request POST \ | |
--data "$PAYLOAD" \ | |
https://app.terraform.io/api/v2/organizations/tfc-mongulu-cm/workspaces | |
env: | |
TF_API_TOKEN: ${{ secrets.TFE_TOKEN }} | |
- name: Terraform Init | |
id: init | |
run: | | |
cd infra | |
export TF_WORKSPACE=$GITHUB_REF_NAME | |
terraform init -backend-config="token=$TFE_TOKEN" | |
- name: setup workspace | |
id: workspace | |
run: | | |
cd infra | |
terraform workspace new $GITHUB_REF_NAME || terraform workspace select $GITHUB_REF_NAME | |
- name: List workspace | |
run: | | |
cd infra | |
terraform workspace list | |
- name: Terraform Validate | |
id: validate | |
run: | | |
cd infra | |
terraform validate | |
- name: Terratag by env0 | |
run: | | |
curl -O -L https://github.com/env0/terratag/releases/download/v0.1.48/terratag_0.1.48_linux_amd64.tar.gz | |
tar -xvf terratag_0.1.48_linux_amd64.tar.gz | |
./terratag -tags="project=mtchoun-mouh,environment=$GITHUB_REF_NAME" -dir=infra/ -rename=false | |
- name: Build python lambda layer | |
id: build | |
run: | | |
cd infra/make_lamda_layer | |
chmod +x runner.sh | |
./runner.sh | |
- name: Terraform Plan | |
id: plan | |
run: | | |
cd infra | |
tfcmt plan -- terraform plan -no-color | |
- name: Terraform Plan Status | |
if: steps.plan.outcome == 'failure' | |
run: exit 1 | |
- name: Terraform Apply | |
run: | | |
cd infra | |
tfcmt apply -- terraform apply -auto-approve -no-color | |
if [ "$(terraform workspace show)" == "default" ]; then | |
echo "Deleting aws_lambda_function.scan resource as workspace is default" | |
terraform destroy --target aws_lambda_function.scan | |
terraform destroy --target aws_cloudwatch_event_target.target | |
fi | |
- name: Website URL | |
id: websiteUrl | |
run: | | |
cd infra | |
echo "website_url=$(terraform output -json website_url | jq -r .)" >> $GITHUB_ENV | |
echo "register_table=$(terraform output -json register_table | jq -r .)" >> $GITHUB_ENV | |
- name: Test | |
run: echo "$website_url" && echo "$register_table" | |
- name: Copy Site files | |
if: github.ref_name == 'master' | |
run: | | |
cd infra | |
aws s3 sync ../html s3://mtchoun-mouh.mongulu.cm --exclude "index.html" --delete | |
- name: Copy Site files | |
if: github.ref_name != 'master' | |
run: | | |
cd infra | |
aws s3 sync ../html s3://mtchoun-mouh-$GITHUB_REF_NAME-mtchoun-mouh.mongulu.cm --exclude "index.html" --delete | |
- name: "website: check readiness" | |
uses: APina03/wait_for_response@master | |
with: | |
url: ${{ env.website_url }} | |
responseCode: 200 | |
timeout: 2000 | |
interval: 500 | |
- name: Set up Python | |
uses: actions/setup-python@7f80679172b057fc5e90d70d197929d454754a5a # ratchet:actions/setup-python@v2 | |
with: | |
python-version: "3.10" | |
- name: Install software | |
run: sudo apt-get install -y chromium-browser | |
- name: Install Python dependencies | |
run: | | |
pip install -r requirements.txt | |
pip install -r infra/api/requirements.txt | |
- name: "website: check liveness" | |
env: | |
WEBSITE_URL_MAIL_NAMESPACE: ${{ env.website_url }} | |
REGISTERS_TABLE: ${{ env.register_table }} | |
run: "pytest infra/api/test_liveness_mtchoun-mouh.py" |