-
Notifications
You must be signed in to change notification settings - Fork 0
148 lines (127 loc) · 4.27 KB
/
ci-cd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
name: CI/CD
on:
push:
tags: ["v*"]
branches:
- main
pull_request:
branches:
- main
permissions: read-all
# https://github.com/marketplace/actions/docker-layer-caching
jobs:
code-quality:
runs-on: ubuntu-latest
permissions:
# For trunk to post annotations
checks: write
# For repo checkout
contents: read
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "3.9"
- name: Install dependencies
run: |
python -m pip install "poetry==1.6.1"
poetry config virtualenvs.create false
poetry install --no-cache
poetry install --only-root
- name: Export PYTHONPATH
run: |
poetry show
echo "PYTHONPATH=$(pwd)" >> $GITHUB_ENV
- name: Trunk Check
uses: trunk-io/trunk-action@v1
- name: Check code contains no FIXME's
run: |
git grep -r --no-color ${case_sensitive} --line-number -e "FIXME" :^.github
if [[ $? -eq 0 ]]; then
# if we found any FIXME entries in checked in files, fail on main
exit 1
else
exit 0
fi
shell: bash {0}
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Configure test env variables
run: cp .env.example .env
- name: Build docker compose
run: make build_dev
- name: Run Unit Tests
run: make unit_test
- name: Run Integration Tests
run: make integration_test
build:
if: ${{ ! startsWith(github.ref, 'refs/tags') }}
runs-on: ubuntu-latest
needs:
- code-quality
- test
steps:
- uses: actions/checkout@v4
- name: Build
run: make build
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: eu-west-1
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Publish initial image based on branch to ECR
env:
DOCKER_REGISTRY: ${{ secrets.DOCKER_REGISTRY }}
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
shell: bash
run: |
if [[ "${GITHUB_REF}" == "refs/heads"* ]]; then
branch="${GITHUB_REF/refs\/heads\//}"
if [[ "${branch}" = "main" ]]; then
docker_tag=latest
docker tag navigator-admin-backend "$ECR_REGISTRY/navigator-admin-backend:${docker_tag}"
docker push "$ECR_REGISTRY/navigator-admin-backend:${docker_tag}"
fi
elif [[ "${GITHUB_REF}" != "refs/tags"* ]]; then
echo "Assuming '${GITHUB_HEAD_REF}' is a branch"
if [[ -n "${GITHUB_HEAD_REF}" ]]; then
branch="$(echo ${GITHUB_HEAD_REF}| tr -c '[0-9,A-Z,a-z]' '-')"
timestamp=$(date --utc -Iseconds | cut -c1-19 | tr -c '[0-9]T\n' '-')
short_sha=${GITHUB_SHA:0:8}
docker_tag="${branch}-${timestamp}-${short_sha}"
docker tag navigator-admin-backend "$ECR_REGISTRY/navigator-admin-backend:${docker_tag}"
docker push "$ECR_REGISTRY/navigator-admin-backend:${docker_tag}"
fi
fi
manual-semver:
needs:
- code-quality
- test
if: ${{ startsWith(github.ref, 'refs/tags') }}
uses: climatepolicyradar/reusable-workflows/.github/workflows/semver.yml@main
secrets: inherit
with:
repo-name: navigator-admin-backend
semver-tag: main-${GITHUB_SHA::8}
tag:
needs: build
uses: climatepolicyradar/reusable-workflows/.github/workflows/tag.yml@main
with:
repo-name: navigator-admin-backend
semver-tag: main-${GITHUB_SHA::8}
secrets:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
DOCKER_REGISTRY: ${{ secrets.DOCKER_REGISTRY }}
release:
needs: tag
uses: climatepolicyradar/reusable-workflows/.github/workflows/release.yml@main
with:
new_tag: ${{ needs.tag.outputs.new_tag }}