Merge pull request #99 from no10ds/fix/image-scan #66
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: rAPId Deployment | |
on: | |
push: | |
branches: [main] | |
workflow_dispatch: | |
jobs: | |
setup: | |
runs-on: self-hosted | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Log commit SHA | |
run: echo $GITHUB_SHA | |
security-check: | |
needs: | |
- setup | |
runs-on: self-hosted | |
steps: | |
- name: Setup Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
cache: 'pip' | |
- run: pip install -r requirements.txt | |
- name: Run security checks | |
run: make security-check | |
api-deployment: | |
needs: | |
- setup | |
- security-check | |
runs-on: self-hosted | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Populate .env with additional vars | |
run: | | |
cp ./.github/.github.env .env | |
echo AWS_ACCOUNT=${{ secrets.AWS_ACCOUNT }} >> .env | |
echo AWS_REGION=${{ secrets.AWS_REGION }} >> .env | |
echo AWS_DEFAULT_REGION=${{ secrets.AWS_REGION }} >> .env | |
- name: Build API Image | |
run: make api/create-image | |
- name: Setup Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
cache: 'pip' | |
- name: Setup API environment | |
run: make api/setup | |
- name: API Static Analysis | |
run: make api/lint | |
- name: API Tests | |
run: make api/test | |
- name: API Tag and Upload | |
run: make api/tag-and-upload | |
- name: API Check Image Scan for Vulnerabilities | |
run: make api/scan-for-vulns-and-tag | |
- name: API Tag PROD Candidate | |
run: make api/tag-prod-candidate | |
- name: API Deploy Image to Prod | |
run: make api/app-live-in-prod | |
- name: API Allow for Application to Start | |
run: sleep 120 | |
- name: API Wait for Running Application | |
id: await-running-app | |
run: make api/check-app-is-running | |
- name: API E2E Tests | |
id: e2e-tests | |
env: | |
E2E_DOMAIN_NAME: ${{ secrets.E2E_DOMAIN_NAME }} | |
E2E_RESOURCE_PREFIX: ${{ secrets.E2E_RESOURCE_PREFIX }} | |
run: | | |
# Export AWS credentials to env for e2e tests | |
eval "$(aws configure export-credentials --format env)" | |
make api/test-e2e | |
- name: API Tag Image as Failure | |
if: always() && steps.await-running-app.conclusion == 'failure' || steps.e2e-tests.conclusion == 'failure' | |
run: make api/tag-prod-failure | |
cleanup: | |
needs: | |
- setup | |
- security-check | |
- api-deployment | |
runs-on: self-hosted | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Clean Docker Context | |
if: always() | |
run: make api/clean-docker |