-
Notifications
You must be signed in to change notification settings - Fork 0
153 lines (133 loc) · 4.75 KB
/
ci-cd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
name: CI/CD
on:
push:
tags: ["v*"]
branches:
- main
pull_request:
branches:
- main
permissions: read-all
# https://github.com/marketplace/actions/docker-layer-caching
jobs:
code-quality:
permissions:
# For trunk to post annotations
checks: write
# For repo checkout
contents: read
uses: climatepolicyradar/reusable-workflows/.github/workflows/python-precommit-validator.yml@main
test:
runs-on: ubuntu-latest
steps:
- name: Install latest Docker Compose
uses: ndeloof/[email protected]
with:
legacy: false
- uses: actions/checkout@v4
- name: Configure test env variables
run: cp .env.example .env
- name: Build docker compose
run: make build_dev
- name: Run Unit Tests
run: make unit_test
- name: Run Integration Tests
run: make integration_test
check-auto-tagging-will-work:
if: ${{ ! startsWith(github.ref, 'refs/tags') && ! startsWith(github.ref, 'refs/heads/main') }}
runs-on: ubuntu-latest
steps:
- name: Dump GitHub context
shell: sh
env:
PR_BODY: "${{ github.event.pull_request.body }}"
PR_NUMBER: "${{ github.event.pull_request.number }}"
run: |
echo "$PR_BODY"
echo "$PR_NUMBER"
- name: Determine new tag version
id: determine_next_tag_from_pr
uses: climatepolicyradar/get-next-tag-from-pr-body@main
# User controlled input needs to be santitised beforehand e.g., by adding an
# intermediate env var to prevent the workflow being exposed to a critical
# command injection attack
env:
PR_BODY: "${{ github.event.pull_request.body }}"
PR_NUMBER: "${{ github.event.pull_request.number }}"
with:
pr_body: "${{ env.pr_body }}"
pr_number: ${{ env.pr_number }}
# - name: Echo next tag
# run: echo ${{ steps.determine_next_tag_from_pr.outputs.new_tag }}
build:
if: ${{ ! startsWith(github.ref, 'refs/tags') }}
runs-on: ubuntu-latest
needs:
- code-quality
- test
steps:
- uses: actions/checkout@v4
- name: Build
run: make build
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-west-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Publish initial image based on branch to ECR
env:
DOCKER_REGISTRY: ${{ secrets.DOCKER_REGISTRY }}
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
shell: bash
run: |
if [[ "${GITHUB_REF}" == "refs/heads"* ]]; then
branch="${GITHUB_REF/refs\/heads\//}"
if [[ "${branch}" = "main" ]]; then
docker_tag=latest
docker tag navigator-admin-backend "$ECR_REGISTRY/navigator-admin-backend:${docker_tag}"
docker push "$ECR_REGISTRY/navigator-admin-backend:${docker_tag}"
fi
elif [[ "${GITHUB_REF}" != "refs/tags"* ]]; then
echo "Assuming '${GITHUB_HEAD_REF}' is a branch"
if [[ -n "${GITHUB_HEAD_REF}" ]]; then
branch="$(echo ${GITHUB_HEAD_REF}| tr -c '[0-9,A-Z,a-z]' '-')"
timestamp=$(date --utc -Iseconds | cut -c1-19 | tr -c '[0-9]T\n' '-')
short_sha=${GITHUB_SHA:0:8}
docker_tag="${branch}-${timestamp}-${short_sha}"
docker tag navigator-admin-backend "$ECR_REGISTRY/navigator-admin-backend:${docker_tag}"
docker push "$ECR_REGISTRY/navigator-admin-backend:${docker_tag}"
fi
fi
manual-semver:
needs:
- code-quality
- test
if: ${{ startsWith(github.ref, 'refs/tags') }}
uses: climatepolicyradar/reusable-workflows/.github/workflows/semver.yml@main
secrets: inherit
with:
repo-name: navigator-admin-backend
semver-tag: main-${GITHUB_SHA::8}
tag:
needs: build
permissions:
contents: write
uses: climatepolicyradar/reusable-workflows/.github/workflows/tag.yml@main
with:
repo-name: navigator-admin-backend
semver-tag: main-${GITHUB_SHA::8}
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
DOCKER_REGISTRY: ${{ secrets.DOCKER_REGISTRY }}
release:
needs: tag
permissions:
contents: write
uses: climatepolicyradar/reusable-workflows/.github/workflows/release.yml@main
with:
new_tag: ${{ needs.tag.outputs.new_tag }}