Skip to content

chore(deps): bump sentry-sdk from 2.5.1 to 2.19.2 in /backend/requirements #3930

chore(deps): bump sentry-sdk from 2.5.1 to 2.19.2 in /backend/requirements

chore(deps): bump sentry-sdk from 2.5.1 to 2.19.2 in /backend/requirements #3930

Workflow file for this run

name: CI
on:
push:
branches:
- main
paths-ignore:
- api/**
pull_request:
paths-ignore:
- api/**
env:
AWS_REGION: eu-north-1 # Set this to our AWS region
jobs:
lint:
name: Lint
runs-on: ubuntu-20.04
strategy:
matrix:
linter: [black, flake8]
include:
- linter: black
command: --check
- linter: flake8
command: --append-config=backend/tox.ini
fail-fast: false
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.9.7"
- name: Install ${{ matrix.linter }}
run: pip install ${{ matrix.linter }}
- name: ${{ matrix.linter }}
run: ${{ matrix.linter }} backend ${{ matrix.command }}
build:
name: Build backend
runs-on: ubuntu-20.04
env:
dockerfile: backend-production
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
mask-aws-account-id: false
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Set image tag
id: image-tag
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: indokweb-backend
IMAGE_TAG: ${{ github.sha }}
run: echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
- name: Build backend image
id: build-image
uses: docker/build-push-action@v5
with:
context: backend
file: backend/Dockerfile.prod
outputs: type=docker,dest=/tmp/${{ env.dockerfile }}.tar
tags: |
backend:production
${{ steps.image-tag.outputs.image }}
push: false
build-args: |
APP_ENV=production
- name: Push backend image
id: push-image
# If this is run on the main branch, and is a production image, it should be pushed to ECR
if: ${{ github.ref == 'refs/heads/main' }}
uses: docker/build-push-action@v5
with:
context: backend
file: backend/Dockerfile.prod
tags: ${{ steps.image-tag.outputs.image }}
push: true
build-args: |
APP_ENV=production
- name: Upload artifact
uses: actions/upload-artifact@v3
with:
name: ${{ env.dockerfile }}
path: /tmp/${{ env.dockerfile }}.tar
if-no-files-found: error
retention-days: 1
api:
name: API tests
runs-on: ubuntu-20.04
needs: build
services:
postgres:
image: postgres
env:
POSTGRES_PASSWORD: postgres
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Download image from previous job
uses: actions/download-artifact@v3
with:
name: backend-production
path: /tmp
- name: Load Docker images
run: |
docker load --input /tmp/backend-production.tar
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: Run API tests
run: |
docker run \
-v $GITHUB_WORKSPACE/backend:/usr/src/app \
--env DJANGO_READ_DOT_ENV_FILE=true \
--env DJANGO_DOT_ENV_FILES=.env.test \
--env DATAPORTEN_SECRET=${{ secrets.DATAPORTEN_SECRET }} \
--env GOOGLE_DRIVE_API_KEY=${{ secrets.GOOGLE_DRIVE_API_KEY }} \
--env VIPPS_SECRET=${{ secrets.VIPPS_SECRET }} \
--env VIPPS_SUBSCRIPTION_KEY=${{ secrets.VIPPS_SUBSCRIPTION_KEY }} \
--network ${{ job.container.network }} \
--entrypoint /usr/src/app/entrypoints/test.sh \
backend:production
- name: Upload coverage
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }} # not required for public repos
files: coverage.xml
flags: apitests
fail_ci_if_error: true
prepare:
runs-on: ubuntu-20.04
outputs:
uuid: ${{ steps.uuid.outputs.value }}
steps:
- name: Generate unique ID 💎
id: uuid
# take the current commit + timestamp together
# the typical value would be something like
# "sha-5d3fe...35d3-time-1620841214"
run: echo "::set-output name=value::sha-$GITHUB_SHA-time-$(date +"%s")"
build-frontend:
name: Build frontend
runs-on: ubuntu-20.04
env:
dockerfile: frontend-test
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
mask-aws-account-id: false
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v3
- name: Build frontend image
id: build-image
uses: docker/build-push-action@v5
with:
context: frontend
file: frontend/Dockerfile.prod
outputs: type=docker,dest=/tmp/${{ env.dockerfile }}.tar
tags: |
frontend:test
push: false
build-args: |
APP_ENV=test
- name: Upload artifact
uses: actions/upload-artifact@v3
with:
name: ${{ env.dockerfile }}
path: /tmp/${{ env.dockerfile }}.tar
if-no-files-found: error
retention-days: 1
e2e:
needs: [prepare, build, build-frontend]
name: E2E Tests
runs-on: ubuntu-20.04
strategy:
fail-fast: false
matrix:
# Containers for parallelization, increase if necessary
containers: [1, 2, 3]
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Download image from previous job
uses: actions/download-artifact@v3
with:
path: /tmp
- name: Load Docker images
run: |
docker load --input /tmp/backend-production/backend-production.tar
docker load --input /tmp/frontend-test/frontend-test.tar
- name: Build and run the Application
env:
DATAPORTEN_SECRET: ${{ secrets.DATAPORTEN_SECRET }}
GOOGLE_DRIVE_API_KEY: ${{ secrets.GOOGLE_DRIVE_API_KEY }}
VIPPS_SECRET: ${{ secrets.VIPPS_SECRET }}
VIPPS_SUBSCRIPTION_KEY: ${{ secrets.VIPPS_SUBSCRIPTION_KEY }}
run: docker compose -f docker-compose.integration.yml up -d
- name: Run Cypress
uses: cypress-io/[email protected]
with:
record: true
parallel: true
group: "E2E"
working-directory: frontend
browser: chrome
ci-build-id: ${{ needs.prepare.outputs.uuid }}
wait-on: "http://localhost:8000/-/health, http://localhost:3000/api/health"
env:
# pass the Dashboard record key as an environment variable
CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}
# Recommended: pass the GitHub token lets this action correctly
# determine the unique run id necessary to re-run the checks
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
deploy:
name: Deploy to ECS
runs-on: ubuntu-20.04
needs: [api, e2e]
if: github.ref == 'refs/heads/main'
environment: production
concurrency: backend
env:
ECS_TASK_DEFINITION: .aws/task-definition.backend.json
ECS_SERVICE: indokweb-backend-fg-service
ECS_REPOSITORY: indokweb-backend
SENTRY_PROJECT: indokweb-backend
CONTAINER_NAME: backend
ECS_CLUSTER: indokweb-cluster # Set this to our ECS cluster name, e.g. indokweb-cluster
SENTRY_ORG: rbberdk
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_DEPLOY_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_DEPLOY_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
mask-aws-account-id: false
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Set image tag
id: image-tag
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: indokweb-backend
IMAGE_TAG: ${{ github.sha }}
run: echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
- name: Update task definition
id: task-def
uses: aws-actions/amazon-ecs-render-task-definition@master
with:
task-definition: ${{ env.ECS_TASK_DEFINITION }}
container-name: ${{ env.CONTAINER_NAME }}
image: ${{ steps.image-tag.outputs.image }}
environment-variables: |
GIT_COMMIT_SHA=${{ github.sha }}
- name: Deploy Amazon ECS task definition
uses: aws-actions/amazon-ecs-deploy-task-definition@v2
with:
task-definition: ${{ steps.task-def.outputs.task-definition }}
service: ${{ env.ECS_SERVICE }}
cluster: ${{ env.ECS_CLUSTER }}
wait-for-service-stability: true
- name: Sentry release
uses: getsentry/[email protected]
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: ${{ env.SENTRY_ORG }}
SENTRY_PROJECT: ${{ env.SENTRY_PROJECT }}
with:
environment: production
finalize: true
version: ${{ github.sha }}