Fix Bugs with Application #126
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Workflow references https://stackoverflow.com/questions/59166099/github-action-aws-cli, | |
# https://stackoverflow.com/questions/51028677/create-aws-ecr-repository-if-it-doesnt-exist, | |
# https://github.com/aws-actions/amazon-ecr-login and | |
# https://medium.com/@octavio/ecs-deployments-with-github-actions-dd34beed6528 | |
# https://stackoverflow.com/questions/75546117/github-action-how-to-edit-a-json-objects-with-github-repository-secrets | |
name: Run Tests and Deploy to AWS | |
on: | |
pull_request: | |
# pull_request_review: | |
# types: | |
# - submitted | |
push: | |
env: | |
PYTHON_VERSION: "3.12" | |
AWS_REGION: "ap-southeast-1" | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
jobs: | |
test: | |
strategy: | |
matrix: | |
os: [ ubuntu-latest, windows-latest, macOS-latest ] | |
name: Test on ${{ matrix.os }} | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Set up Python ${{ env.PYTHON_VERSION }} | |
uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ env.PYTHON_VERSION }} | |
cache: "pip" | |
- name: Install dependencies | |
working-directory: ./SSG-API-Testing-Application-v2/app | |
run: pip install -r requirements.txt | |
- name: Run tests | |
working-directory: ./SSG-API-Testing-Application-v2/app | |
run: python test_runner.py | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v4.0.1 | |
with: | |
files: ./SSG-API-Testing-Application-v2/app/coverage.xml | |
token: ${{ secrets.CODECOV_TOKEN }} | |
fail_ci_if_error: false | |
terrascan: | |
runs-on: ubuntu-latest | |
name: Scan Terraform Scripts | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Set up Terraform | |
uses: hashicorp/setup-terraform@v3 | |
- name: Scan Terraform Script | |
id: terrascan | |
uses: tenable/terrascan-action@main | |
with: | |
iac_type: "terraform" | |
iac_version: "v14" | |
policy_type: "aws" | |
only_warn: true | |
sarif_upload: true | |
iac_dir: "./SSG-API-Testing-Application-v2/deploy" | |
- name: Upload SARIF to CodeQL | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: terrascan.sarif | |
setup: | |
needs: | |
- test | |
runs-on: ubuntu-latest | |
name: Setup Terraform Backend | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Set up Terraform | |
uses: hashicorp/setup-terraform@v3 | |
- name: Verify Terraform Script | |
id: create-backend-verify | |
working-directory: ./SSG-API-Testing-Application-v2/deploy/create-backend | |
run: | | |
terraform fmt | |
terraform fmt -check | |
- name: Initialise Backend | |
id: init-backend | |
working-directory: ./SSG-API-Testing-Application-v2/deploy/create-backend | |
run: terraform init | |
- name: Validate Terraform Script | |
id: create-backend-validate | |
working-directory: ./SSG-API-Testing-Application-v2/deploy/create-backend | |
run: terraform validate | |
- name: View Backend Plan | |
id: plan-backend | |
working-directory: ./SSG-API-Testing-Application-v2/deploy/create-backend | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_REGION: ${{ env.AWS_REGION }} | |
run: terraform plan | |
- name: Apply Terraform Plan | |
id: apply-backend | |
working-directory: ./SSG-API-Testing-Application-v2/deploy/create-backend | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_REGION: ${{ env.AWS_REGION }} | |
run: terraform apply -auto-approve | |
continue-on-error: true # possible errors are to do with the presence of the bucket | |
ecr: | |
needs: | |
- setup | |
runs-on: ubuntu-latest | |
name: Setup ECR Repository | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Set up Terraform | |
uses: hashicorp/setup-terraform@v3 | |
- name: Verify Terraform Script | |
id: create-backend-verify | |
working-directory: ./SSG-API-Testing-Application-v2/deploy/create-ecr | |
run: | | |
terraform fmt | |
terraform fmt -check | |
- name: Initialise Backend | |
id: init-backend | |
working-directory: ./SSG-API-Testing-Application-v2/deploy/create-ecr | |
run: terraform init | |
- name: Validate Terraform Script | |
id: create-backend-validate | |
working-directory: ./SSG-API-Testing-Application-v2/deploy/create-ecr | |
run: terraform validate | |
- name: View Backend Plan | |
id: plan-backend | |
working-directory: ./SSG-API-Testing-Application-v2/deploy/create-ecr | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_REGION: ${{ env.AWS_REGION }} | |
run: terraform plan | |
- name: Apply Terraform Plan | |
id: apply-backend | |
working-directory: ./SSG-API-Testing-Application-v2/deploy/create-ecr | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_REGION: ${{ env.AWS_REGION }} | |
run: terraform apply -auto-approve | |
continue-on-error: true # possible errors are to do with the presence of the repo | |
main-infra: | |
environment: production | |
needs: | |
- ecr | |
runs-on: ubuntu-latest | |
name: Create/Maintain Main Infrastructure | |
steps: | |
- name: Checkout Repository | |
uses: actions/checkout@v4 | |
- name: Set up Terraform | |
uses: hashicorp/setup-terraform@v3 | |
- name: Verify Terraform Script | |
id: create-main-verify | |
working-directory: ./SSG-API-Testing-Application-v2/deploy/main-infrastructure | |
run: | | |
terraform fmt | |
terraform fmt -check | |
- name: Initialise Main Infrastructure | |
id: init-main | |
working-directory: ./SSG-API-Testing-Application-v2/deploy/main-infrastructure | |
run: | | |
terraform init -backend-config="access_key=$AWS_ACCESS_KEY_ID" -backend-config="secret_key=$AWS_SECRET_ACCESS_KEY" | |
- name: Validate Terraform Script | |
id: create-main-validate | |
working-directory: ./SSG-API-Testing-Application-v2/deploy/main-infrastructure | |
run: terraform validate | |
- name: View Main Infrastructure Plan | |
id: plan-main | |
working-directory: ./SSG-API-Testing-Application-v2/deploy/main-infrastructure | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_REGION: ${{ env.AWS_REGION }} | |
run: terraform plan | |
- name: Apply Terraform Plan | |
id: apply-main | |
working-directory: ./SSG-API-Testing-Application-v2/deploy/main-infrastructure | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_REGION: ${{ env.AWS_REGION }} | |
run: terraform apply -auto-approve |