git actions workflow #117
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy | ||
| on: | ||
| push: | ||
| # branches: | ||
| # - master | ||
| # - release/* | ||
| # pull_request: | ||
| # branches: | ||
| # - master | ||
| # - release/* | ||
| branches: | ||
| - azdevops-cicd-migration | ||
| workflow_dispatch: | ||
| inputs: | ||
| branch: | ||
| description: "branch to deploy" | ||
| required: true | ||
| env: | ||
| GO_VERSION: 1.21.6 | ||
| TERRAFORM_VERSION: 1.7.4 | ||
| jobs: | ||
| TestAndBuild: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v2 | ||
| - name: Setup Python | ||
| uses: actions/setup-python@v2 | ||
| with: | ||
| python-version: "3.x" | ||
| - name: Install Terraform | ||
| uses: hashicorp/setup-terraform@v1 | ||
| with: | ||
| terraform_version: ${{ env.TERRAFORM_VERSION }} | ||
| - name: Setup Go | ||
| uses: actions/setup-go@v2 | ||
| with: | ||
| go-version: ${{ env.GO_VERSION }} | ||
| - name: Set up Golang CI Tools | ||
| run: ./scripts/install_ci.sh | ||
| # - name: Run Unit Tests | ||
| # run: | | ||
| # set -euxo pipefail | ||
| # make test | ||
| # - name: Publish code coverage results | ||
| # uses: actions/upload-artifact@v4 | ||
| # with: | ||
| # name: coverage-report | ||
| # path: coverage.xml | ||
| # - name: Publish JUnit test results | ||
| # uses: actions/upload-artifact@v4 | ||
| # with: | ||
| # name: junit-report | ||
| # path: junit-report/*.xml | ||
| Build: | ||
| needs: TestAndBuild | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v2 | ||
| - name: Build Go executables | ||
| run: make build | ||
| - name: Publish build artifacts (bin) | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: bin | ||
| path: bin | ||
| - name: Publish build artifacts (deploy_scripts) | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: deploy_scripts | ||
| path: scripts | ||
| Deploy: | ||
| needs: Build | ||
| runs-on: ubuntu-latest | ||
| environment: "nonprod" | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v2 | ||
| - name: Configure namespace | ||
| run: | | ||
| if [[ "${{ github.event.pull_request.number }}" != "" ]]; then | ||
| NS="github-pr-${{ github.event.pull_request.number }}" | ||
| else | ||
| NS="cd" | ||
| fi | ||
| echo "Namespace is ${NS}" | ||
| echo "namespace=${NS}" >> $GITHUB_ENV | ||
| echo "${NS}" > ./namespace.txt | ||
| - name: Upload namespace file | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: namespace | ||
| path: namespace.txt | ||
| - name: Configure AWS Namespace | ||
| env: | ||
| PR_NUMBER: ${{ github.event.number }} | ||
| # This is the branch name, or the git tag name | ||
| NS_BRANCH_OR_TAG: ${{ github.ref_name }} | ||
| run: | | ||
| echo "PR_NUMBER=${{ env.PR_NUMBER }}" | ||
| echo "NS_BRANCH_OR_TAG=${{ env.NS_BRANCH_OR_TAG }}" | ||
| - name: Set up the Go workspace | ||
| uses: actions/setup-go@v2 | ||
| with: | ||
| go-version: ${{ env.GO_VERSION }} | ||
| go-path: ${{ github.workspace }}/gopath | ||
| go-bin: ${{ github.workspace }}/gopath/bin | ||
| - name: Download pipeline dependencies | ||
| run: | | ||
| set -ex | ||
| echo "${{ github.workspace }}/gopath/bin" >> $GITHUB_PATH | ||
| echo "${{ runner.tool_cache }}/go/bin" >> $GITHUB_PATH | ||
| go install github.com/jstemmer/go-junit-report@latest | ||
| # Download dce-cli | ||
| wget -q https://github.com/Optum/dce-cli/releases/download/v0.5.0/dce_linux_amd64.zip | ||
| # Validate checksum | ||
| expected_sha="cb140c743373e28a6c1bd4ba3fe1b81a7431dd538e1ad430fede3c1aff4508db" | ||
| test $(shasum -a 256 ./dce_linux_amd64.zip | awk '{print $1}') == "${expected_sha}" | ||
| unzip ./dce_linux_amd64.zip -d ./ | ||
| # Lease a DCE account, to use for deploying our PR environment | ||
| # (deploy DCE in DCE) | ||
| - name: Lease DCE Account | ||
| env: | ||
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_DCE_API_ADMIN_NONPROD_ACCESS_KEY_ID }} | ||
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_DCE_API_ADMIN_NONPROD_SECRET_ACCESS_KEY }} | ||
| AWS_DEFAULT_REGION: us-east-1 | ||
| NAMESPACE: ${{ env.namespace }} | ||
| run: | | ||
| set -ex | ||
| echo "Principal ID is ${NAMESPACE}" | ||
| echo "Configuring the dce-cli" | ||
| echo " | ||
| api: | ||
| host: ${{ secrets.DCE_NONPROD_HOSTNAME }} | ||
| basepath: /api | ||
| region: us-east-1 | ||
| " > ./dce.yml | ||
| # Check to see if there's an active lease for this PR | ||
| lease_id=$( | ||
| ./dce --config=dce.yml leases list \ | ||
| -p ${NAMESPACE} -s Active | \ | ||
| jq -r '.[].id' | ||
| ) | ||
| if [ ! "${lease_id}" ]; then | ||
| echo "No lease exists for ${NAMESPACE}. Creating one..." | ||
| created_lease=$( | ||
| ./dce --config=dce.yml leases create \ | ||
| --principal-id ${NAMESPACE} \ | ||
| --expires-on 2d \ | ||
| --budget-amount 100 --budget-currency USD \ | ||
| --email noreply@example.com | ||
| ) | ||
| echo "Created lease: ${created_lease}" | ||
| lease_id=$(echo "${created_lease}" | jq -r .id) | ||
| fi | ||
| echo "Using lease for PrincipalId=${NAMESPACE}, Id=${lease_id}" | ||
| echo "Logging into the DCE account" | ||
| ./dce --config=dce.yml leases login ${lease_id} | ||
| # Save the lease ID to a file, so we can reference it later | ||
| # (note that we can't assign variables across jobs in different stages) | ||
| echo "${lease_id}" > ./lease_id.txt | ||
| # Install Terraform | ||
| - name: Install Terraform | ||
| uses: hashicorp/setup-terraform@v1 | ||
| with: | ||
| terraform_version: ${{ env.TERRAFORM_VERSION }} | ||
| # Configure the Terraform backend | ||
| - name: Configure Terraform Backend | ||
| run: | | ||
| lease_id=$(cat lease_id.txt) | ||
| ./scripts/create-tf-backend.sh ${lease_id} | ||
| # terraform init | ||
| - name: Terraform Init/Apply | ||
| env: | ||
| NAMESPACE: ${{ env.namespace }} | ||
| NOTIFY_EMAIL: ${{secrets.NOTIFY_EMAIL }} | ||
| run: | | ||
| set -ex | ||
| cd modules | ||
| cat ./backend.tf | ||
| terraform init -input=false | ||
| terraform plan \ | ||
| -var="namespace=${NAMESPACE}" \ | ||
| -var="budget_notification_from_email=${NOTIFY_EMAIL}" \ | ||
| -var="reset_nuke_toggle=false" | ||
| terraform apply \ | ||
| -auto-approve \ | ||
| -input=false \ | ||
| -var="namespace=${NAMESPACE}" \ | ||
| -var="budget_notification_from_email=${NOTIFY_EMAIL}" \ | ||
| -var="reset_nuke_toggle=false" | ||
| # Build and Deploy Application Code to AWS | ||
| - name: Set up Node.js | ||
| uses: actions/setup-node@v2 | ||
| with: | ||
| node-version: '14' | ||
| - name: Install dependencies | ||
| run: npm install | ||
| - name: Build artifacts | ||
| run: | | ||
| echo "Running build script" | ||
| ./scripts/build.sh | ||
| # Deploy Application Code to AWS -- > TODO ARTIFACTS_BUCKET_NAME and NAMESPACE values are hardcoded as -raw flag or jq are throwing errors | ||
| - name: Deploy Application Code | ||
| run: | | ||
| echo "Running terraform output for artifacts_bucket_name" | ||
| ARTIFACTS_BUCKET_NAME=$(cd modules && terraform output -raw artifacts_bucket_name) | ||
| echo "output bucket: ${ARTIFACTS_BUCKET_NAME}" | ||
| echo "Running terraform output for namespace" | ||
| NAMESPACE=$(cd modules && terraform output -raw namespace) | ||
| echo "Output namespace: ${NAMESPACE}" | ||
| ./scripts/deploy.sh \ | ||
| /home/runner/work/dce/dce/bin/build_artifacts.zip \ | ||
| cd \ | ||
| 000879607493-dce-artifacts-cd | ||
| # Functional Tests --> TODO need to fix the test failures | ||
| # - name: Functional Tests | ||
| # run: | | ||
| # set -euxo pipefail | ||
| # mkdir -p junit-report | ||
| # # Run functional tests | ||
| # go get github.com/jstemmer/go-junit-report | ||
| # go test -v ./tests/... -test.timeout 50m 2>&1 | tee >(go-junit-report > junit-report/functional.xml) | ||
| # Publish junit test results (for unit and functional tests) -- > TODO need to fix the test failures | ||
| # - name: Publish Test Results | ||
| # if: always() | ||
| # uses: actions/upload-artifact@v4 | ||
| # with: | ||
| # name: Functional Tests | ||
| # path: ${{ github.workspace }}/junit-report/*.xml | ||
| # Publish the dce-cli executable, so we can use | ||
| # it in our Cleanup stage | ||
| - name: Upload dce-cli Artifact | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: dce-cli | ||
| path: ${{ github.workspace }}/dce | ||
| - name: Upload dce-yml Artifact | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: dce-yml | ||
| path: ${{ github.workspace }}/dce.yml | ||
| - name: Upload lease_id Artifact | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: lease_id | ||
| path: ${{ github.workspace }}/lease_id.txt | ||
| # - name: Upload namespace Artifact | ||
| # uses: actions/upload-artifact@v4 | ||
| # with: | ||
| # name: namespace | ||
| # path: ${{ github.workspace }}/namespace.txt | ||
| - name: Upload backend-tf Artifact | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: backend-tf | ||
| path: ${{ github.workspace }}/modules/backend.tf | ||
| - name: Checkout the git repo code | ||
| uses: actions/checkout@v2 | ||
| - name: Download dce-cli artifact | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: dce-cli | ||
| path: ${{ github.workspace }}/dce-cli | ||
| - name: Download dce-yml artifact | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: dce-yml | ||
| path: ${{ github.workspace }}/dce-yml | ||
| - name: Download lease_id artifact | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: lease_id | ||
| path: ${{ github.workspace }}/lease_id | ||
| - name: Download namespace artifact | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: namespace | ||
| path: ${{ github.workspace }}/namespace | ||
| - name: Download backend-tf artifact | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: backend-tf | ||
| path: ${{ github.workspace }}/backend-tf | ||
| - name: Copy Artifacts to Working Dir | ||
| run: | | ||
| set -ex | ||
| # GitHub Actions wraps artifact files inside a directory | ||
| # in the github.workspace dir (which is different than our working dir...) | ||
| # Extract these out into our working dir, for easier access | ||
| cp ${{ github.workspace }}/dce-cli/dce ./ | ||
| cp ${{ github.workspace }}/dce-yml/dce.yml ./ | ||
| cp ${{ github.workspace }}/lease_id/lease_id.txt ./ | ||
| cp ${{ github.workspace }}/namespace/namespace.txt ./ | ||
| cp ${{ github.workspace }}/backend-tf/backend.tf ./modules/ | ||
| chmod +x ./dce | ||
| # Login to our DCE lease | ||
| - name: DCE Lease Login | ||
| env: | ||
| AWS_DEFAULT_REGION: us-east-1 | ||
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_DCE_API_ADMIN_NONPROD_ACCESS_KEY_ID }} | ||
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_DCE_API_ADMIN_NONPROD_SECRET_ACCESS_KEY }} | ||
| run: | | ||
| set -ex | ||
| lease_id=$(cat ./lease_id.txt) | ||
| echo "Logging into lease ${lease_id}" | ||
| cat ./dce.yml | ||
| ./dce --config=./dce.yml leases login ${lease_id} | ||
| # Install Terraform | ||
| - name: Install Terraform | ||
| uses: hashicorp/setup-terraform@v1 | ||
| with: | ||
| terraform_version: ${{ env.TERRAFORM_VERSION }} | ||
| - name: Terraform destroy | ||
| run: | | ||
| set -ex | ||
| export TF_VAR_namespace=$(cat ./namespace.txt) | ||
| export TF_VAR_budget_notification_from_email=${{ env.NOTIFY_EMAIL }} | ||
| cd modules | ||
| terraform init -input=false | ||
| terraform destroy -auto-approve | ||
| # End the DCE lease | ||
| - name: End DCE Lease | ||
| env: | ||
| AWS_DEFAULT_REGION: us-east-1 | ||
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_DCE_API_ADMIN_NONPROD_ACCESS_KEY_ID }} | ||
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_DCE_API_ADMIN_NONPROD_SECRET_ACCESS_KEY }} | ||
| run: | | ||
| set -ex | ||
| lease_id=$(cat ./lease_id.txt) | ||
| namespace=$(cat ./namespace.txt) | ||
| leases=$( | ||
| ./dce --config=dce.yml leases list -s Active \ | ||
| ) | ||
| account_id=$( | ||
| echo $leases | \ | ||
| jq -r \ | ||
| --arg Id "${lease_id}" \ | ||
| '.[] | select( .id==$Id ) | .accountId' | ||
| ) | ||
| echo "Ending lease ${lease_id}" | ||
| ./dce --config=./dce.yml leases end \ | ||
| -p ${namespace} \ | ||
| -a ${account_id} | ||
| Release: | ||
| needs: Deploy | ||
| runs-on: ubuntu-latest | ||
| environment: "nonprod" | ||
| steps: | ||
| - name: Download bin artifact | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: bin | ||
| path: ${{ github.workspace }}/bin | ||
| - name: Download deploy_scripts artifact | ||
| uses: actions/download-artifact@v4 | ||
| with: | ||
| name: deploy_scripts | ||
| path: ${{ github.workspace }}/deploy_scripts | ||
| - name: Create GitHub Release | ||
| uses: actions/create-release@v1 | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| with: | ||
| tag_name: ${{ github.ref_name }} | ||
| release_name: Release ${{ github.ref_name }} | ||
| draft: false | ||
| prerelease: false | ||
| files: | | ||
| ${{ github.workspace }}/bin/build_artifacts.zip | ||
| ${{ github.workspace }}/bin/terraform_artifacts.zip | ||
| ${{ github.workspace }}/deploy_scripts/deploy.sh | ||
| ${{ github.workspace }}/deploy_scripts/restore_db.sh | ||
