This repository has been archived by the owner on Oct 18, 2023. It is now read-only.
implementing the lambda function #400
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# IMAGESTAT | |
# This is the main build pipeline that verifies and publishes the software | |
name: Build | |
# Controls when the workflow will run | |
on: | |
# Triggers the workflow on push events | |
push: | |
branches: [ develop, release/**, main, feature/**, issue/**, dependabot/** ] | |
tags-ignore: | |
- '*' | |
paths-ignore: | |
- 'pyproject.toml' | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
env: | |
POETRY_VERSION: "1.3.1" | |
PYTHON_VERSION: "3.10" | |
PROJECT_ NAME: podaac/hydrocron | |
REGISTRY: ghcr.io | |
IMAGE_NAME: ${{ github.repository }} | |
jobs: | |
# First job in the workflow installs and verifies the software | |
build: | |
name: Build, Test, Verify, Publish | |
# The type of runner that the job will run on | |
runs-on: ubuntu-latest | |
steps: | |
- uses: getsentry/action-github-app-token@v2 | |
name: podaac cicd token | |
id: podaac-cicd | |
with: | |
app_id: ${{ secrets.CICD_APP_ID }} | |
private_key: ${{ secrets.CICD_APP_PRIVATE_KEY }} | |
- uses: actions/checkout@v3 | |
with: | |
repository: ${{ github.repository }} | |
token: ${{ steps.podaac-cicd.outputs.token }} | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
- name: Install Poetry | |
uses: abatilo/actions-poetry@v2 | |
with: | |
poetry-version: ${{ env.POETRY_VERSION }} | |
- name: Get version | |
id: get-version | |
run: | | |
echo "current_version=$(poetry version | awk '{print $2}')" >> $GITHUB_OUTPUT | |
echo "pyproject_name=$(poetry version | awk '{print $1}')" >> $GITHUB_ENV | |
- name: Bump pre-alpha version | |
# If triggered by push to a feature branch | |
if: | | |
startsWith(github.ref, 'refs/heads/feature') || | |
startsWith(github.ref, 'refs/heads/issue') || | |
startsWith(github.ref, 'refs/heads/dependabot') | |
run: | | |
new_ver="${{ steps.get-version.outputs.current_version }}+$(git rev-parse --short ${GITHUB_SHA})" | |
poetry version $new_ver | |
echo "software_version=$(poetry version | awk '{print $2}')" >> $GITHUB_ENV | |
- name: Bump alpha version | |
# If triggered by push to the develop branch | |
if: ${{ github.ref == 'refs/heads/develop' }} | |
run: | | |
poetry version prerelease | |
echo "software_version=$(poetry version | awk '{print $2}')" >> $GITHUB_ENV | |
echo "venue=sit" >> $GITHUB_ENV | |
- name: Bump rc version | |
# If triggered by push to a release branch | |
if: ${{ startsWith(github.ref, 'refs/heads/release/') }} | |
env: | |
# True if the version already has a 'rc' pre-release identifier | |
BUMP_RC: ${{ contains(steps.get-version.outputs.current_version, 'rc') }} | |
run: | | |
if [ "$BUMP_RC" = true ]; then | |
poetry version prerelease | |
else | |
poetry version ${GITHUB_REF#refs/heads/release/}-rc.1 | |
fi | |
echo "software_version=$(poetry version | awk '{print $2}')" >> $GITHUB_ENV | |
echo "venue=uat" >> $GITHUB_ENV | |
- name: Release version | |
# If triggered by push to the main branch | |
if: ${{ startsWith(github.ref, 'refs/heads/main') }} | |
env: | |
CURRENT_VERSION: ${{ steps.get-version.outputs.current_version }} | |
# Remove -rc.* from end of version string | |
# The ${string%%substring} syntax below deletes the longest match of $substring from back of $string. | |
run: | | |
poetry version ${CURRENT_VERSION%%-rc.*} | |
echo "software_version=$(poetry version | awk '{print $2}')" >> $GITHUB_ENV | |
echo "venue=ops" >> $GITHUB_ENV | |
- name: Install hydrocron | |
if: ${{ startsWith(github.ref, 'test') }} | |
run: poetry install | |
- name: Lint | |
if: ${{ startsWith(github.ref, 'test') }} | |
run: | | |
poetry run pylint hydrocronapi | |
poetry run flake8 hydrocronapi | |
- name: Install external libraries | |
if: ${{ startsWith(github.ref, 'test') }} | |
run: | | |
pip3 install boto3 | |
pip3 install geopandas | |
pip3 install pytest | |
pip3 install connexion | |
pip3 install flask_testing | |
npm install | |
- name: Run Snyk as a blocking step | |
if: ${{ startsWith(github.ref, 'test') }} | |
uses: snyk/actions/python-3.9@master | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
command: test | |
args: > | |
--org=${{ secrets.SNYK_ORG_ID }} | |
--project-name=${{ github.repository }} | |
--severity-threshold=high | |
--fail-on=all | |
- name: Run Snyk on Python | |
if: ${{ startsWith(github.ref, 'test') }} | |
uses: snyk/actions/python-3.9@master | |
env: | |
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }} | |
with: | |
command: monitor | |
args: > | |
--org=${{ secrets.SNYK_ORG_ID }} | |
--project-name=${{ github.repository }} | |
- name: Commit Version Bump | |
# If building develop, a release branch, or main then we commit the version bump back to the repo | |
if: | | |
github.ref == 'refs/heads/develop' || | |
github.ref == 'refs/heads/main' || | |
startsWith(github.ref, 'refs/heads/release') | |
run: | | |
git config user.name "${GITHUB_ACTOR}" | |
git config user.email "${GITHUB_ACTOR}@users.noreply.github.com" | |
git commit -am "/version ${{ env.software_version }}" | |
git push | |
- name: Push Tag | |
#if: | | |
# github.ref == 'refs/heads/develop' || | |
# github.ref == 'refs/heads/main' || | |
# startsWith(github.ref, 'refs/heads/release') | |
run: | | |
git config user.name "${GITHUB_ACTOR}" | |
git config user.email "${GITHUB_ACTOR}@users.noreply.github.com" | |
git tag -a "${{ env.software_version }}" -m "Version ${{ env.software_version }}" | |
git push origin "${{ env.software_version }}" | |
- name: Build Python Artifact | |
run: | | |
poetry build | |
# HYDROCRON | |
- name: Setup local DynamoDB | |
if: ${{ startsWith(github.ref, 'test') }} | |
run: docker run -d -p 8000:8000 amazon/dynamodb-local | |
- name: Load sample | |
if: ${{ startsWith(github.ref, 'test') }} | |
run: python3 tests/example_load_data.py | |
- name: Test with pytest | |
if: ${{ startsWith(github.ref, 'test') }} | |
run: pytest tests/test_api.py | |
# HITIDE | |
## Set environment variables | |
- name: Configure Initial YAML file and environment variables | |
run: | | |
echo "THE_VERSION=${{ env.software_version }}" >> $GITHUB_ENV; | |
echo "GIT_BRANCH=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV; | |
GITHUB_REF_READABLE="${GITHUB_REF//\//-}" | |
echo "GITHUB_REF_READABLE=${GITHUB_REF_READABLE}" >> $GITHUB_ENV | |
echo "THE_ENV=sit" >> $GITHUB_ENV | |
echo "TARGET_ENV_UPPERCASE=SIT" >> $GITHUB_ENV | |
# Setup Node to install and test | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 14 | |
- name: NPM install & NPM Lint | |
run: | |
npm install | |
npm run lint | |
# Setup Terraform to Deploy | |
- name: Configure AWS Credentials as Environment Variables | |
run: echo "AWS_ACCESS_KEY_ID=${{ secrets[format('AWS_ACCESS_KEY_ID_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }}" >> $GITHUB_ENV | | |
echo "AWS_SECRET_ACCESS_KEY=${{ secrets[format('AWS_SECRET_ACCESS_KEY_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }}" >> $GITHUB_ENV | |
- name: Validate AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-region: us-west-2 | |
role-session-name: GitHubActions | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets[format('AWS_ACCESS_KEY_ID_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets[format('AWS_SECRET_ACCESS_KEY_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }} | |
- run: aws sts get-caller-identity | |
- uses: hashicorp/[email protected] | |
with: | |
terraform_version: 1.0.3 | |
# -- Build -- | |
- name: Build lambda package | |
run: ./build.sh | |
- name: Upload packaged zip | |
uses: actions/[email protected] | |
with: | |
name: dist | |
path: dist/*.zip | |
- name: Deploy Terraform | |
#if: | | |
# github.ref == 'refs/heads/develop' || | |
# github.ref == 'refs/heads/main' || | |
# startsWith(github.ref, 'refs/heads/release') || | |
# github.event.head_commit.message == '/deploy sit' || | |
# github.event.head_commit.message == '/deploy uat' | |
working-directory: terraform/ | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets[format('AWS_ACCESS_KEY_ID_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets[format('AWS_SECRET_ACCESS_KEY_SERVICES_{0}', env.TARGET_ENV_UPPERCASE)] }} | |
AWS_DEFAULT_REGION: us-west-2 | |
run: | | |
echo "--------" | |
echo ${{ env.THE_ENV }} | |
echo ${{ env.THE_VERSION }} | |
source bin/config.sh ${{ env.THE_ENV }} | |
aws iam list-instance-profiles | |
aws iam list-roles | |
aws iam list-policies | |
#aws iam list-policy-versions --policy-arn arn:aws:iam::206226843404:policy/service-hydrocron-api-sit-service-policy | |
aws iam list-instance-profiles-for-role --role-name service-hydrocron-api-sit-service-role | |
#aws iam delete-policy-version --policy-arn arn:aws:iam::206226843404:policy/service-hydrocron-api-sit-service-policy --version-id v1 | |
aws iam remove-role-from-instance-profile --instance-profile-name service-hydrocron-api-sit-instance-profile --role-name service-hydrocron-api-sit-service-role | |
#aws iam delete-instance-profile --instance-profile-name service-hydrocron-api-sit-instance-profile | |
aws iam detach-role-policy --role-name service-hydrocron-api-sit-service-role --policy-arn arn:aws:iam::206226843404:policy/service-hydrocron-api-sit-service-policy | |
#aws iam delete-policy --policy-arn arn:aws:iam::206226843404:policy/service-hydrocron-api-sit-service-policy | |
aws iam delete-role --role-name service-hydrocron-api-sit-service-role | |
#aws iam delete-policy --policy-arn arn:aws:iam::206226843404:policy/service-hydrocron-api-sit-service-policy | |
#aws iam delete-role --role-name service-hydrocron-api-sit-service-role | |
#aws iam delete-role --role-name hydrocron-service-role | |
#aws iam delete-instance-profile --instance-profile-name service-hydrocron-api-sit-instance-profile | |
aws lambda delete-function --function-name arn:aws:lambda:us-west-2:206226843404:function:service-hydrocron-api-sit-function | |
terraform init -reconfigure -backend-config="bucket=podaac-services-${{ env.THE_ENV }}-terraform" -backend-config="region=us-west-2" | |
terraform plan -var-file=tfvars/${{ env.THE_ENV }}.tfvars -var="app_version=${{ env.THE_VERSION }}" -out="tfplan" | |
terraform apply -auto-approve tfplan |