-
Notifications
You must be signed in to change notification settings - Fork 0
149 lines (130 loc) · 4.79 KB
/
deploy-generate.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
# Main build pipeline that verifies, builds, and deploys the software
name: Build and Deploy
# Events that trigger the workflow
on:
# Trigger based on push to all branches
push:
branches:
- 'development'
- 'feature/**'
- 'release/**'
- 'main'
tags-ignore:
- '*'
# Run workflow manually from the Actions tab
workflow_dispatch:
# Environment variables
env:
APP_NAME_ENV: 'download-list-creator'
jobs:
build:
name: Build and Deploy
# The type of runner that the job will run on
runs-on: ubuntu-latest
steps:
# SIT environment variables
- name: Set Environment Variables
if: |
startsWith(github.ref, 'refs/heads/development') ||
startsWith(github.ref, 'refs/heads/feature')
run: |
echo "TARGET_ENV=SIT" >> $GITHUB_ENV
echo "PREFIX_ENV=service-generate-sit" >> $GITHUB_ENV
# UAT environment variables
- name: Set Environment Variables
if: startsWith(github.ref, 'refs/heads/release')
run: |
echo "TARGET_ENV=UAT" >> $GITHUB_ENV
echo "PREFIX_ENV=service-generate-uat" >> $GITHUB_ENV
# OPS environment variables
- name: Set Environment Variables
if: startsWith(github.ref, 'refs/heads/main')
run: |
echo "TARGET_ENV=OPS" >> $GITHUB_ENV
echo "PREFIX_ENV=service-generate-ops" >> $GITHUB_ENV
# Check out GitHub repo
- uses: actions/checkout@v4
# SNYK IAC scan and report
- name: Run Snyk IAC to test and report
uses: snyk/actions/iac@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
command: test
args: >
--org=${{ secrets.SNYK_ORG_ID }}
--severity-threshold=high
--report
# SNYK Python
- name: Run Snyk Python to test
uses: snyk/actions/python-3.10@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
command: test
args: >
--org=${{ secrets.SNYK_ORG_ID }}
--project-name=${{ github.repository }}
--severity-threshold=high
--fail-on=all
- name: Run Snyk Python to report
uses: snyk/actions/python-3.10@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
command: monitor
args: >
--org=${{ secrets.SNYK_ORG_ID }}
--project-name=${{ github.repository }}
# Set up Terraform
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
with:
terraform_version: 1.3.7
# Validate Terraform file
- name: Validate Terraform
run: terraform validate -no-color
# Configure credentials for ECR and Lambda
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets[format('AWS_ACCESS_KEY_ID_SERVICES_{0}', env.TARGET_ENV)] }}
aws-secret-access-key: ${{ secrets[format('AWS_SECRET_ACCESS_KEY_SERVICES_{0}', env.TARGET_ENV)] }}
aws-region: us-west-2
# Login and define registry, repository, and tag names
- name: Login to AWS ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
with:
mask-password: 'true'
- name: Define ECR registry, repository, and image tag names
run : |
echo "REGISTRY=${{ steps.login-ecr.outputs.registry }}" >> $GITHUB_ENV
echo "REPOSITORY=${PREFIX_ENV}-${APP_NAME_ENV}" >> $GITHUB_ENV
echo "IMAGE_TAG=latest" >> $GITHUB_ENV
# Create ECR repository (if it does not exist)
- name: Create AWS ECR Repository
run: deploy/deploy-ecr.sh $REGISTRY $REPOSITORY
# Build and push Lambda container
- name: Build and Push to AWS ECR
run: |
docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG .
docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG
# Set up TF_VAR environment variables
- name: Define TF_VAR values
run: |
echo "TF_VAR_environment=$TARGET_ENV" >> $GITHUB_ENV
echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV
# Deploy Terraform
- name: Deploy Terraform
working-directory: terraform/
# Set TF_VAR environment variables, initialize and run terraform
run: |
terraform init -reconfigure \
-backend-config="bucket=${PREFIX_ENV}-tf-state" \
-backend-config="key=${APP_NAME_ENV}.tfstate" \
-backend-config="region=${AWS_DEFAULT_REGION}"
terraform apply -auto-approve
# Deploy Lambda Container Image
- name: Deploy Container Image
run: deploy/deploy-lambda.sh ${PREFIX_ENV}-${APP_NAME_ENV} $REGISTRY/$REPOSITORY:$IMAGE_TAG