This repository has been archived by the owner on Oct 18, 2023. It is now read-only.
update terraform to provision endpoints #51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This is the main build pipeline that verifies and publishes the software | |
| name: Build | |
| # Controls when the workflow will run | |
| on: | |
| # Triggers the workflow on push events | |
| push: | |
| branches: [ develop, release/**, main, feature/**, issue/**, issues/**, dependabot/** ] | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| # First job in the workflow installs and verifies the software | |
| build: | |
| name: Build, Test, Verify, Publish | |
| # The type of runner that the job will run on | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
| - uses: actions/checkout@v2 | |
| - name: Setup local DynamoDB | |
| run: docker run -d -p 8000:8000 amazon/dynamodb-local | |
| - name: Install Poetry | |
| uses: abatilo/[email protected] | |
| with: | |
| poetry-version: 1.3.2 | |
| - name: Get version | |
| id: get-version | |
| run: | | |
| echo "::set-output name=current_version::$(poetry version | awk '{print $2}')" | |
| echo "pyproject_name=$(poetry version | awk '{print $1}')" >> $GITHUB_ENV | |
| - name: Bump pre-alpha version | |
| # If triggered by push to a feature branch | |
| if: | | |
| ${{ startsWith(github.ref, 'refs/heads/issue') }} || | |
| ${{ startsWith(github.ref, 'refs/heads/dependabot/') }} || | |
| ${{ startsWith(github.ref, 'refs/heads/feature/') }} | |
| run: | | |
| new_ver="${{ steps.get-version.outputs.current_version }}+$(git rev-parse --short ${GITHUB_SHA})" | |
| poetry version $new_ver | |
| echo "software_version=$(poetry version | awk '{print $2}')" >> $GITHUB_ENV | |
| - name: Bump alpha version | |
| # If triggered by push to the develop branch | |
| if: ${{ github.ref == 'refs/heads/develop' }} | |
| run: | | |
| poetry version prerelease | |
| echo "software_version=$(poetry version | awk '{print $2}')" >> $GITHUB_ENV | |
| echo "venue=sit" >> $GITHUB_ENV | |
| - name: Bump rc version | |
| # If triggered by push to a release branch | |
| if: ${{ startsWith(github.ref, 'refs/heads/release/') }} | |
| env: | |
| # True if the version already has a 'rc' pre-release identifier | |
| BUMP_RC: ${{ contains(steps.get-version.outputs.current_version, 'rc') }} | |
| run: | | |
| if [ "$BUMP_RC" = true ]; then | |
| poetry version prerelease | |
| else | |
| poetry version ${GITHUB_REF#refs/heads/release/}rc1 | |
| fi | |
| echo "software_version=$(poetry version | awk '{print $2}')" >> $GITHUB_ENV | |
| echo "venue=uat" >> $GITHUB_ENV | |
| - name: Release version | |
| # If triggered by push to the main branch | |
| if: ${{ startsWith(github.ref, 'refs/heads/main') }} | |
| env: | |
| CURRENT_VERSION: ${{ steps.get-version.outputs.current_version }} | |
| # Remove rc* from end of version string | |
| # The ${string%%substring} syntax below deletes the longest match of $substring from back of $string. | |
| run: | | |
| poetry version ${CURRENT_VERSION%%rc*} | |
| echo "software_version=$(poetry version | awk '{print $2}')" >> $GITHUB_ENV | |
| echo "venue=ops" >> $GITHUB_ENV | |
| - name: Lint and Flake Install | |
| run: | | |
| pip3 install -U pip pylint | |
| pip3 install -U pip flake8 | |
| pip3 install -U pip boto3 | |
| pip3 install -U pip geopandas | |
| pip3 install -U pip pytest | |
| pip3 install -U pip connexion | |
| pip3 install -U pip flask_testing | |
| pip3 install -U pip pytest-dynamodb | |
| - name: Lint | |
| run: | | |
| poetry run pylint hydrocronapi | |
| poetry run flake8 hydrocronapi | |
| - name: Load sample | |
| run: python3 tests/example_load_data.py | |
| - name: Test with pytest | |
| run: pytest tests/test_api.py | |
| # Setup Terraform to Deploy | |
| - name: Configure AWS Credentials as Environment Variables | |
| run: echo "AWS_ACCESS_KEY_ID=${{ secrets[format('AWS_ACCESS_KEY_ID_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }}" >> $GITHUB_ENV | | |
| echo "AWS_SECRET_ACCESS_KEY=${{ secrets[format('AWS_SECRET_ACCESS_KEY_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }}" >> $GITHUB_ENV | |
| - name: Validate AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-region: us-west-2 | |
| role-session-name: GitHubActions | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets[format('AWS_ACCESS_KEY_ID_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets[format('AWS_SECRET_ACCESS_KEY_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }} | |
| - run: aws sts get-caller-identity | |
| - uses: hashicorp/[email protected] | |
| with: | |
| terraform_version: 1.0.3 | |
| - name: Deploy Terraform | |
| if: | | |
| github.ref == 'refs/heads/develop' || | |
| github.ref == 'refs/heads/main' || | |
| startsWith(github.ref, 'refs/heads/release') || | |
| github.event.head_commit.message == '/deploy sit' || | |
| github.event.head_commit.message == '/deploy uat' | |
| working-directory: terraform/ | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets[format('AWS_ACCESS_KEY_ID_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets[format('AWS_SECRET_ACCESS_KEY_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }} | |
| AWS_DEFAULT_REGION: us-west-2 | |
| TF_VAR_hydrocronapi_api_docker_image: "ghcr.io/podaac/hydrocronapi-api:${{ env.DOCKER_METADATA_OUTPUT_VERSION }}" | |
| TF_VAR_EARTH_DATA_LOGIN_CLIENT_ID: ${{ secrets[format('EARTH_DATA_LOGIN_CLIENT_ID_{0}', env.TARGET_ENV_UPPERCASE)] }} | |
| TF_VAR_EARTH_DATA_LOGIN_PASSWORD: ${{ secrets[format('EARTH_DATA_LOGIN_PASSWORD_{0}', env.TARGET_ENV_UPPERCASE)] }} | |
| run: | | |
| source bin/config.sh ${{ env.THE_ENV }} | |
| terraform plan -var-file=tfvars/"${{ env.THE_ENV }}".tfvars -var="app_version=${{ env.THE_VERSION }}" -out="tfplan" | |
| terraform apply -auto-approve tfplan |