Skip to content

fix: requirements.txt to reduce vulnerabilities #232

fix: requirements.txt to reduce vulnerabilities

fix: requirements.txt to reduce vulnerabilities #232

Workflow file for this run

name: Deploy cases
on:
push:
paths:
- '**.tf'
- 'infra/api/**'
- 'html/**'
- 'infra/templates/**'
- '.github/workflows/deploy_push.yml'
- 'requirements.txt'
jobs:
deploy:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
env:
# All TF variables are define din Terraform Cloud
API_KEY_TEST_MAIL: ${{secrets.API_KEY_TEST_MAIL}}
TEST_MAIL_NAMESPACE: ${{secrets.TEST_MAIL_NAMESPACE}}
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
TFE_TOKEN: ${{ secrets.TFE_TOKEN }}
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 # ratchet:aws-actions/configure-aws-credentials@v1
with:
role-to-assume: arn:aws:iam::053932140667:role/mongulu-github
role-session-name: mtchoun-mouh-deployment
aws-region: eu-central-1
- name: Checkout
uses: actions/checkout@e2f20e631ae6d7dd3b768f56a5d2af784dd54791 # ratchet:actions/checkout@v2
- name: Install terraform
uses: hashicorp/setup-terraform@d22444889af304a44b997011fbabb81ff705a7b4 # ratchet:hashicorp/[email protected]
with:
terraform_wrapper: false
- name: Install tfcmt
uses: shmokmt/actions-setup-tfcmt@v2
- name: Install github-comments
uses: shmokmt/actions-setup-github-comment@v2
- name: Terraform fmt
id: fmt
run: terraform fmt -check
continue-on-error: false
- name: Create Terraform Workspace
run: |
PAYLOAD=$(cat <<EOF
{
"data": {
"type": "workspaces",
"attributes": {
"name": "mtchoun-mouh-$GITHUB_REF_NAME",
"auto-apply": false
},
"relationships": {
"project": {
"data": {
"type": "projects",
"id": "prj-85RQA1k2XSPQiwqJ"
}
}
}
}
}
EOF
)
curl \
--header "Authorization: Bearer ${{ secrets.TF_API_TOKEN }}" \
--header "Content-Type: application/vnd.api+json" \
--request POST \
--data "$PAYLOAD" \
https://app.terraform.io/api/v2/organizations/tfc-mongulu-cm/workspaces
env:
TF_API_TOKEN: ${{ secrets.TFE_TOKEN }}
- name: Terraform Init
id: init
run: |
cd infra
export TF_WORKSPACE=$GITHUB_REF_NAME
terraform init -backend-config="token=$TFE_TOKEN"
- name: setup workspace
id: workspace
run: |
cd infra
terraform workspace new $GITHUB_REF_NAME || terraform workspace select $GITHUB_REF_NAME
- name: List workspace
run: |
cd infra
terraform workspace list
- name: Terraform Validate
id: validate
run: |
cd infra
terraform validate
- name: Terratag by env0
run: |
curl -O -L https://github.com/env0/terratag/releases/download/v0.1.48/terratag_0.1.48_linux_amd64.tar.gz
tar -xvf terratag_0.1.48_linux_amd64.tar.gz
./terratag -tags="project=mtchoun-mouh,environment=$GITHUB_REF_NAME" -dir=infra/ -rename=false
- name: Terraform Plan
id: plan
run: |
cd infra
tfcmt plan -- terraform plan -no-color
- name: Terraform Plan Status
if: steps.plan.outcome == 'failure'
run: exit 1
- name: Terraform Apply
run: |
cd infra
tfcmt apply -- terraform apply -auto-approve -no-color
- name: Website URL
id: websiteUrl
run: |
cd infra
echo "website_url=$(terraform output -json website_url | jq -r .)" >> $GITHUB_ENV
echo "register_table=$(terraform output -json register_table | jq -r .)" >> $GITHUB_ENV
- name: Test
run: echo "$website_url" && echo "$register_table"
- name: Copy Site files
if: github.ref_name == 'master'
run: |
cd infra
aws s3 sync ../html s3://mtchoun-mouh.mongulu.cm --exclude "index.html" --delete
- name: Copy Site files
if: github.ref_name != 'master'
run: |
cd infra
aws s3 sync ../html s3://mtchoun-mouh-$GITHUB_REF_NAME-mtchoun-mouh.mongulu.cm --exclude "index.html" --delete
- name: "website: check readiness"
uses: APina03/wait_for_response@master
with:
url: ${{ env.website_url }}
responseCode: 200
timeout: 2000
interval: 500
- name: Set up Python
uses: actions/setup-python@7f80679172b057fc5e90d70d197929d454754a5a # ratchet:actions/setup-python@v2
with:
python-version: "3.10"
- name: Install software
run: sudo apt-get install -y chromium-browser
- name: Install Python dependencies
run: |
pip install -r requirements.txt
pip install -r infra/api/requirements.txt
- name: "website: check liveness"
env:
WEBSITE_URL_MAIL_NAMESPACE: ${{ env.website_url }}
REGISTERS_TABLE: ${{ env.register_table }}
run: "pytest infra/api/test_liveness_mtchoun-mouh.py"