Merge pull request #28 from RockefellerArchiveCenter/workflow-updates

Add GHA support
RockefellerArchiveCenter · Nov 15, 2024 · 4651277 · 4651277
2 parents 111d0a4 + c6e9052
commit 4651277
Show file tree

Hide file tree

Showing 5 changed files with 135 additions and 35 deletions.
diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml
@@ -14,12 +14,20 @@ jobs:
       contents: write
       pull-requests: write
     steps:
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.PRIVATE_KEY }}
+
       - uses: actions/checkout@v4
         with:
-          ref: base
+          token: ${{ steps.app-token.outputs.token }}
+          ref: development
+          persist-credentials: false
 
       - name: Set up Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: '3.10'
           cache: pip
@@ -36,8 +44,8 @@ jobs:
       - name: Create Pull Request
         uses: peter-evans/[email protected]
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          base: base
+          token: ${{ steps.app-token.outputs.token }}
+          base: development
           branch: dependency-updates
           delete-branch: true
           title: Dependency Updates

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,75 @@
+
+name: Build and Deploy
+
+on:
+  push:
+    branches:
+      - base
+      - development
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    environment:
+      name: ${{ github.ref_name }}
+
+    env:
+      APP_NAME: newly_published_collections
+      LAMBDA_NAME: newly_published_collections
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/[email protected]
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          role-to-assume: ${{ secrets.AWS_DEPLOY_ROLE }}
+          role-skip-session-tagging: true
+          role-duration-seconds: 900
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        uses: aws-actions/[email protected]
+        with:
+          registries: ${{ secrets.ECR_REGISTRIES }}
+
+      - name: Set environment variables
+        run: |
+          echo "DATE=$(date +'%Y%m%dT%H%M%S')" >> $GITHUB_ENV
+
+      - name: Build Docker image
+        run: docker build -t ${{ env.APP_NAME }} --target build .
+
+      - name: Tag and push latest to ECR
+        if: github.ref == 'refs/heads/base'
+        run: |
+          docker tag ${{ env.APP_NAME }} "${{ secrets.AWS_ACCOUNT_ID }}".dkr.ecr."${{ secrets.AWS_REGION }}".amazonaws.com/"${{ env.APP_NAME }}":latest
+          docker push "${{ secrets.AWS_ACCOUNT_ID }}".dkr.ecr."${{ secrets.AWS_REGION }}".amazonaws.com/"${{ env.APP_NAME }}":latest
+
+      - name: Tag and push dev to ECR
+        if: github.ref == 'refs/heads/development'
+        run: |
+          docker tag ${{ env.APP_NAME }} "${{ secrets.AWS_ACCOUNT_ID }}".dkr.ecr."${{ secrets.AWS_REGION }}".amazonaws.com/"${{ env.APP_NAME }}":dev
+          docker push "${{ secrets.AWS_ACCOUNT_ID }}".dkr.ecr."${{ secrets.AWS_REGION }}".amazonaws.com/"${{ env.APP_NAME }}":dev
+
+      - name: Tag and push versioned image to ECR
+        if: github.ref == 'refs/heads/development'
+        run: |
+          docker tag ${{ env.APP_NAME }} "${{ secrets.AWS_ACCOUNT_ID }}".dkr.ecr."${{ secrets.AWS_REGION }}".amazonaws.com/"${{ env.APP_NAME }}":"${{ env.DATE }}"-"${{ github.sha }}"
+          docker push "${{ secrets.AWS_ACCOUNT_ID }}".dkr.ecr."${{ secrets.AWS_REGION }}".amazonaws.com/"${{ env.APP_NAME }}":"${{ env.DATE }}"-"${{ github.sha }}"
+
+      - name: Tag image for production (base branch)
+        if: github.ref == 'refs/heads/base'
+        run: |
+          MANIFEST=$(aws ecr batch-get-image --registry-id ${{ secrets.AWS_ACCOUNT_ID }} --repository-name ${{ env.APP_NAME }} --image-ids imageTag=dev --output json | jq -c --join-output '.images[0].imageManifest')
+          aws ecr put-image --registry-id ${{ secrets.AWS_ACCOUNT_ID }} --repository-name ${{ env.APP_NAME }} --image-tag prod --image-manifest "$MANIFEST"
+
+      - name: Deploy lambda
+        run: aws lambda update-function-code
+          --function-name arn:aws:lambda:$AWS_REGION:$AWS_LAMBDA_ACCOUNT_ID:function:$LAMBDA_NAME
+          --image-uri ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/${{ env.APP_NAME }}:prod
diff --git a/.github/workflows/enforcer.yml b/.github/workflows/enforcer.yml
@@ -0,0 +1,16 @@
+name: 'Check Branch'
+
+on:
+  pull_request:
+    branches:
+      - base
+
+jobs:
+  check_branch:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check branch
+        if: github.head_ref != 'development'
+        run: |
+          echo "ERROR: You can only merge to base from the development branch."
+          exit 1
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -0,0 +1,32 @@
+name: Test
+
+on:
+  pull_request:
+    branches:
+      - development
+  workflow_dispatch:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    environment:
+      name: development
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+          cache: 'pip'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install tox
+
+      - name: Run tests
+        run: tox
diff --git a/.travis.yml b/.travis.yml