main action

no10ds · Jul 5, 2023 · 8c8ea4b · 8c8ea4b
1 parent d7d0fff
commit 8c8ea4b
Show file tree

Hide file tree

Showing 4 changed files with 126 additions and 106 deletions.
diff --git a/.github/workflows/api-main.yml b/.github/workflows/api-main.yml
diff --git a/.github/workflows/dev.yml b/.github/workflows/dev.yml
@@ -7,15 +7,8 @@ on:
 
   workflow_dispatch:
 
-env:
-  AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }}
-  AWS_REGION: ${{ secrets.AWS_REGION }}
-  AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
-  DOMAIN_NAME: ${{ secrets.DOMAIN_NAME }}
-  DATA_BUCKET: ${{ secrets.DATA_BUCKET }}
-
 jobs:
-  set-vars:
+  setup:
     runs-on: self-hosted
     steps:
       - name: Checkout
@@ -26,7 +19,7 @@ jobs:
 
   security-check:
     needs:
-      - set-vars
+      - setup
     runs-on: self-hosted
     steps:
       - name: Setup Python
@@ -42,7 +35,7 @@ jobs:
 
   api-dev:
     needs:
-      - set-vars
+      - setup
       - security-check
     runs-on: self-hosted
     steps:
@@ -52,6 +45,11 @@ jobs:
       - name: Populate .env with additional vars
         run: |
           cp ./.github/.github.env .env
+          echo DOMAIN_NAME=${{ secrets.DOMAIN_NAME }} >> .env
+          echo DATA_BUCKET=${{ secrets.DATA_BUCKET }} >> .env
+          echo AWS_ACCOUNT=${{ secrets.AWS_ACCOUNT }} >> .env
+          echo AWS_REGION=${{ secrets.AWS_REGION }} >> .env
+          echo AWS_DEFAULT_REGION=${{ secrets.AWS_REGION }} >> .env
 
       - name: Build API Image
         run: make api-create-image
@@ -67,7 +65,7 @@ jobs:
 
   sdk-dev:
     needs:
-      - set-vars
+      - setup
       - security-check
     runs-on: self-hosted
     steps:
@@ -99,7 +97,7 @@ jobs:
 
   ui-dev:
     needs:
-      - set-vars
+      - setup
       - security-check
     runs-on: self-hosted
     steps:
@@ -119,7 +117,7 @@ jobs:
 
   cleanup:
     needs:
-      - set-vars
+      - setup
       - security-check
       - api-dev
       - sdk-dev
@@ -129,6 +127,6 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
 
-      - name: Clean Docker context
+      - name: Clean Docker Context
         if: always()
         run: make clean-pipeline-docker-context
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -0,0 +1,105 @@
+name: rAPId Deployment
+
+on:
+  push:
+    branches: [main]
+
+  workflow_dispatch:
+
+jobs:
+  setup:
+    runs-on: self-hosted
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Log commit SHA
+        run: echo $GITHUB_SHA
+
+  security-check:
+    needs:
+      - setup
+    runs-on: self-hosted
+    steps:
+      - name: Setup Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.10"
+          cache: "pip"
+
+      - run: pip install -r requirements.txt
+
+      - name: Run security checks
+        run: make security-check
+
+  api-deployment:
+    needs:
+      - setup
+      - security-check
+    runs-on: self-hosted
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Populate .env with additional vars
+        run: |
+          cp ./.github/.github.env .env
+          echo DOMAIN_NAME=${{ secrets.DOMAIN_NAME }} >> .env
+          echo DATA_BUCKET=${{ secrets.DATA_BUCKET }} >> .env
+          echo AWS_ACCOUNT=${{ secrets.AWS_ACCOUNT }} >> .env
+          echo AWS_REGION=${{ secrets.AWS_REGION }} >> .env
+          echo AWS_DEFAULT_REGION=${{ secrets.AWS_REGION }} >> .env
+
+      - name: Build API Image
+        run: make api-create-image
+
+      - name: API Static Analysis
+        run: make api-lint
+
+      - name: API Tests
+        run: make api-test
+
+      - name: API Tag and Upload
+        run: make api-tag-and-upload
+
+      - name: API Check Image Scan for Vulnerabilities
+        run: make api-scan-for-vulns-and-tag
+
+      - name: API Tag PROD Candidate
+        run: make api-tag-prod-candidate
+
+      - name: API Deploy Image to Prod
+        run: make api-tag-live-in-prod
+
+      - name: API Allow for Application to Start
+        run: sleep 120
+
+      - name: API Wait for Running Application
+        id: await-running-app
+        run: make api-check-app-is-running
+
+      - name: API E2E Tests
+        id: e2e-tests
+        env:
+          COGNITO_USER_POOL_ID: ${{ secrets.COGNITO_USER_POOL_ID }}
+          RESOURCE_PREFIX: ${{ secrets.RESOURCE_PREFIX }}
+          ALLOWED_EMAIL_DOMAINS: ${{ secrets.ALLOWED_EMAIL_DOMAINS }}
+        run: make api-test-e2e
+
+      - name: API Tag Image as Failure
+        if: always() && steps.await-running-app.conclusion == 'failure' || steps.e2e-tests.conclusion == 'failure'
+        run: make
+
+  cleanup:
+    needs:
+      - setup
+      - security-check
+      - api-deployment
+    runs-on: self-hosted
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Clean Docker Context
+        if: always()
+        run: make clean-pipeline-docker-context
diff --git a/Makefile b/Makefile
@@ -82,6 +82,15 @@ api-format:			## Run the api code format with black
 api-tag-and-upload:		## Tag and upload the latest api image
 	@cd api/; $(MAKE) tag-and-upload
 
+api-tag-prod-candidate:		## Tag the uploaded api image as a candidate for PROD deployment
+	@cd api/; $(MAKE) tag-prod-candidate
+
+api-tag-live-in-prod:		## Deploy the latest version of the api
+	@cd api/; $(MAKE) tag-live-in-prod
+
+api-check-app-is-running:
+	@cd api/; $(MAKE) check-app-is-running
+
 ##
 clean-pipeline-docker-context:
 	@cd api/; $(MAKE) clean-docker