Update app version #51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Main build pipeline that verifies, builds, and deploys the software | |
name: Build and Deploy | |
# Events that trigger the workflow | |
on: | |
# Trigger based on push to all branches | |
push: | |
branches: | |
- 'development' | |
- 'feature/**' | |
- 'release/**' | |
- 'main' | |
tags-ignore: | |
- '*' | |
# Run workflow manually from the Actions tab | |
workflow_dispatch: | |
# Environment variables | |
env: | |
APP_NAME_ENV: 'download-list-creator' | |
jobs: | |
build: | |
name: Build and Deploy | |
# The type of runner that the job will run on | |
runs-on: ubuntu-latest | |
steps: | |
# SIT environment variables | |
- name: Set Environment Variables | |
if: | | |
startsWith(github.ref, 'refs/heads/development') || | |
startsWith(github.ref, 'refs/heads/feature') | |
run: | | |
echo "TARGET_ENV=SIT" >> $GITHUB_ENV | |
echo "PREFIX_ENV=service-generate-sit" >> $GITHUB_ENV | |
# UAT environment variables | |
- name: Set Environment Variables | |
if: startsWith(github.ref, 'refs/heads/release') | |
run: | | |
echo "TARGET_ENV=UAT" >> $GITHUB_ENV | |
echo "PREFIX_ENV=service-generate-uat" >> $GITHUB_ENV | |
# OPS environment variables | |
- name: Set Environment Variables | |
if: startsWith(github.ref, 'refs/heads/main') | |
run: | | |
echo "TARGET_ENV=OPS" >> $GITHUB_ENV | |
echo "PREFIX_ENV=service-generate-ops" >> $GITHUB_ENV | |
# Check out GitHub repo | |
- uses: actions/checkout@v4 | |
# SNYK IAC scan and report | |
- name: Run Snyk IAC to test and report | |
uses: snyk/actions/iac@master | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
command: test | |
args: > | |
--org=${{ secrets.SNYK_ORG_ID }} | |
--severity-threshold=high | |
--report | |
# SNYK Python | |
- name: Run Snyk Python to test | |
uses: snyk/actions/python-3.10@master | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
command: test | |
args: > | |
--org=${{ secrets.SNYK_ORG_ID }} | |
--project-name=${{ github.repository }} | |
--severity-threshold=high | |
--fail-on=all | |
- name: Run Snyk Python to report | |
uses: snyk/actions/python-3.10@master | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
command: monitor | |
args: > | |
--org=${{ secrets.SNYK_ORG_ID }} | |
--project-name=${{ github.repository }} | |
# Set up Terraform | |
- name: Setup Terraform | |
uses: hashicorp/setup-terraform@v3 | |
# Validate Terraform file | |
- name: Validate Terraform | |
run: terraform validate -no-color | |
# Configure credentials for ECR and Lambda | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets[format('AWS_ACCESS_KEY_ID_SERVICES_{0}', env.TARGET_ENV)] }} | |
aws-secret-access-key: ${{ secrets[format('AWS_SECRET_ACCESS_KEY_SERVICES_{0}', env.TARGET_ENV)] }} | |
aws-region: us-west-2 | |
# Login and define registry, repository, and tag names | |
- name: Login to AWS ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
with: | |
mask-password: 'true' | |
- name: Define ECR registry, repository, and image tag names | |
run : | | |
echo "REGISTRY=${{ steps.login-ecr.outputs.registry }}" >> $GITHUB_ENV | |
echo "REPOSITORY=${PREFIX_ENV}-${APP_NAME_ENV}" >> $GITHUB_ENV | |
echo "IMAGE_TAG=latest" >> $GITHUB_ENV | |
# Create ECR repository (if it does not exist) | |
- name: Create AWS ECR Repository | |
run: deploy/deploy-ecr.sh $REGISTRY $REPOSITORY | |
# Build and push Lambda container | |
- name: Build and Push to AWS ECR | |
run: | | |
docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG . | |
docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG | |
# Set up TF_VAR environment variables | |
- name: Define TF_VAR values | |
run: | | |
echo "TF_VAR_environment=$TARGET_ENV" >> $GITHUB_ENV | |
echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV | |
# Deploy Terraform | |
- name: Deploy Terraform | |
working-directory: terraform/ | |
# Set TF_VAR environment variables, initialize and run terraform | |
run: | | |
terraform init -reconfigure \ | |
-backend-config="bucket=${PREFIX_ENV}-tf-state" \ | |
-backend-config="key=${APP_NAME_ENV}.tfstate" \ | |
-backend-config="region=${AWS_DEFAULT_REGION}" | |
terraform apply -auto-approve | |
# Deploy Lambda Container Image | |
- name: Deploy Container Image | |
run: deploy/deploy-lambda.sh ${PREFIX_ENV}-${APP_NAME_ENV} $REGISTRY/$REPOSITORY:$IMAGE_TAG |