Merge pull request #255 from RockefellerArchiveCenter/development

Migrate from Travis CI to Github Actions
RockefellerArchiveCenter · Sep 10, 2024 · 0be8b76 · 0be8b76
2 parents d2f472b + 72a811b
commit 0be8b76
Show file tree

Hide file tree

Showing 6 changed files with 170 additions and 63 deletions.
diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml
@@ -14,9 +14,17 @@ jobs:
       contents: write
       pull-requests: write
     steps:
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.PRIVATE_KEY }}
+
       - uses: actions/checkout@v4
         with:
+          token: ${{ steps.app-token.outputs.token }}
           ref: development
+          persist-credentials: false
 
       - name: Set up Python
         uses: actions/setup-python@v4
@@ -29,16 +37,16 @@ jobs:
 
       - name: Run pre-commit autoupdate
         run: pre-commit autoupdate
-      
+
       - name: Run pip-compile
         run: pip-compile --upgrade
-      
+
       - name: Create Pull Request
         uses: peter-evans/[email protected]
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ steps.app-token.outputs.token }}
           base: development
           branch: dependency-updates
           delete-branch: true
           title: Dependency Updates
-          commit-message: Dependency updates
+          commit-message: Dependency updates
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,86 @@
+name: Deploy
+
+on:
+  push:
+    branches:
+      - development
+      - base
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment:
+      name: ${{ github.ref_name }}
+
+    env:
+      APPLICATION_NAME: aquarius
+      CONTAINER: aquarius-web
+      APPLICATION_PORT: 8002
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Export secrets to environment variables
+        uses: oNaiPs/[email protected]
+        with:
+          secrets: ${{ toJSON(secrets) }}
+
+      - name: Clone deploy scripts if not present
+        run: git clone https://github.com/RockefellerArchiveCenter/deploy_scripts.git;
+
+      - name: Substitute environment variables
+        uses: tvarohohlavy/[email protected]
+        with:
+          files: |
+            $APPLICATION_NAME/config.py.deploy
+            appspec.yml.deploy
+            deploy_scripts/create_apache_config.sh.deploy
+            deploy_scripts/curl_index.sh.deploy
+            deploy_scripts/curl_status_endpoint.sh.deploy
+            deploy_scripts/install_dependencies_django.sh.deploy
+            deploy_scripts/restart_apachectl.sh.deploy
+            deploy_scripts/run_management_commands_django.sh.deploy
+            deploy_scripts/set_permissions.sh.deploy
+            deploy_scripts/stop_cron.sh.deploy
+
+      - name: Rename deploy files
+        run: |
+          mv $APPLICATION_NAME/config.py.deploy $APPLICATION_NAME/config.py
+          mv appspec.yml.deploy appspec.yml
+          mv deploy_scripts/create_apache_config.sh.deploy deploy_scripts/create_apache_config.sh
+          mv deploy_scripts/curl_index.sh.deploy deploy_scripts/curl_index.sh
+          mv deploy_scripts/curl_status_endpoint.sh.deploy deploy_scripts/curl_status_endpoint.sh
+          mv deploy_scripts/install_dependencies_django.sh.deploy deploy_scripts/install_dependencies_django.sh
+          mv deploy_scripts/restart_apachectl.sh.deploy deploy_scripts/restart_apachectl.sh
+          mv deploy_scripts/run_management_commands_django.sh.deploy deploy_scripts/run_management_commands_django.sh
+          mv deploy_scripts/set_permissions.sh.deploy deploy_scripts/set_permissions.sh
+          mv deploy_scripts/stop_cron.sh.deploy deploy_scripts/stop_cron.sh
+
+      - name: Make deploy scripts executable
+        run: chmod +x deploy_scripts/*.sh
+
+      - name: Create deployment zip
+        run: sudo deploy_scripts/make_zip_django.sh $DEPLOY_ZIP_DIR $DEPLOY_ZIP_NAME
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/[email protected]
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
+          role-to-assume: ${{ secrets.AWS_DEPLOY_ROLE }}
+          role-skip-session-tagging: true
+          role-duration-seconds: 900
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Deploy to S3
+        run: aws s3 cp $DEPLOY_ZIP_DIR s3://$AWS_BUCKET_NAME --recursive
+
+      - name: Deploy to AWS CodeDeploy
+        run: aws deploy create-deployment
+          --region ${{ secrets.AWS_REGION }}
+          --application-name $APPLICATION_NAME
+          --deployment-config-name CodeDeployDefault.OneAtATime
+          --deployment-group-name $DEPLOYMENT_GROUP
+          --s3-location bucket=$AWS_BUCKET_NAME,bundleType=zip,key=$DEPLOY_ZIP_NAME
diff --git a/.github/workflows/enforcer.yml b/.github/workflows/enforcer.yml
@@ -0,0 +1,16 @@
+name: 'Check Branch'
+
+on:
+  pull_request:
+    branches:
+      - base
+
+jobs:
+  check_branch:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check branch
+        if: github.head_ref != 'development'
+        run: |
+          echo "ERROR: You can only merge to base from the development branch."
+          exit 1
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -0,0 +1,56 @@
+name: Tests
+
+on:
+  pull_request:
+    branches:
+      - development
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    environment:
+      name: development
+
+    env:
+      APPLICATION_NAME: aquarius
+      CONTAINER: aquarius-web
+      APPLICATION_PORT: 8002
+
+    services:
+      docker:
+        image: docker:stable
+        options: --privileged
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python and cache pip
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.10'
+          cache: 'pip'
+
+      - name: Copy config file
+        run: cp ${{ env.APPLICATION_NAME }}/config.py.example ${{ env.APPLICATION_NAME }}/config.py
+
+      - name: Login to Docker
+        run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin
+
+      - name: Start Docker containers
+        run: docker compose up -d
+
+      - name: Wait for services to be ready
+        run: ./wait-for-it.sh $CONTAINER:$APPLICATION_PORT -- echo "$CONTAINER is ready"
+
+      - name: Install pre-commit
+        run: |
+          pip install "pre-commit===2.13.0"
+          pre-commit install
+
+      - name: Run pre-commit checks
+        run: pre-commit run --all-files --show-diff-on-failure
+
+      - name: Run tests
+        run: docker compose exec -T $CONTAINER python manage.py test
diff --git a/.travis.yml b/.travis.yml
diff --git a/README.md b/README.md
@@ -4,9 +4,6 @@ A microservice to transform and deliver Accessions, Archival Objects and Digital
 
 aquarius is part of [Project Electron](https://github.com/RockefellerArchiveCenter/project_electron), an initiative to build sustainable, open and user-centered infrastructure for the archival management of digital records at the [Rockefeller Archive Center](http://rockarch.org/).
 
-[![Build Status](https://app.travis-ci.com/RockefellerArchiveCenter/aquarius.svg?branch=base)](https://app.travis-ci.com/RockefellerArchiveCenter/aquarius)
-![GitHub (pre-)release](https://img.shields.io/github/release/RockefellerArchiveCenter/aquarius/all.svg)
-
 ## Setup
 
 Install [git](https://git-scm.com/) and clone the repository