Skip to content

Merge pull request #99 from no10ds/fix/image-scan #66

Merge pull request #99 from no10ds/fix/image-scan

Merge pull request #99 from no10ds/fix/image-scan #66

Workflow file for this run

name: rAPId Deployment
on:
push:
branches: [main]
workflow_dispatch:
jobs:
setup:
runs-on: self-hosted
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Log commit SHA
run: echo $GITHUB_SHA
security-check:
needs:
- setup
runs-on: self-hosted
steps:
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: '3.10'
cache: 'pip'
- run: pip install -r requirements.txt
- name: Run security checks
run: make security-check
api-deployment:
needs:
- setup
- security-check
runs-on: self-hosted
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Populate .env with additional vars
run: |
cp ./.github/.github.env .env
echo AWS_ACCOUNT=${{ secrets.AWS_ACCOUNT }} >> .env
echo AWS_REGION=${{ secrets.AWS_REGION }} >> .env
echo AWS_DEFAULT_REGION=${{ secrets.AWS_REGION }} >> .env
- name: Build API Image
run: make api/create-image
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: '3.10'
cache: 'pip'
- name: Setup API environment
run: make api/setup
- name: API Static Analysis
run: make api/lint
- name: API Tests
run: make api/test
- name: API Tag and Upload
run: make api/tag-and-upload
- name: API Check Image Scan for Vulnerabilities
run: make api/scan-for-vulns-and-tag
- name: API Tag PROD Candidate
run: make api/tag-prod-candidate
- name: API Deploy Image to Prod
run: make api/app-live-in-prod
- name: API Allow for Application to Start
run: sleep 120
- name: API Wait for Running Application
id: await-running-app
run: make api/check-app-is-running
- name: API E2E Tests
id: e2e-tests
env:
E2E_DOMAIN_NAME: ${{ secrets.E2E_DOMAIN_NAME }}
E2E_RESOURCE_PREFIX: ${{ secrets.E2E_RESOURCE_PREFIX }}
run: |
# Export AWS credentials to env for e2e tests
eval "$(aws configure export-credentials --format env)"
make api/test-e2e
- name: API Tag Image as Failure
if: always() && steps.await-running-app.conclusion == 'failure' || steps.e2e-tests.conclusion == 'failure'
run: make api/tag-prod-failure
cleanup:
needs:
- setup
- security-check
- api-deployment
runs-on: self-hosted
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Clean Docker Context
if: always()
run: make api/clean-docker