From 5af263569f0e23f3881261e2f478544c1f4eecd3 Mon Sep 17 00:00:00 2001 From: Patrick Date: Tue, 5 Nov 2024 10:12:22 -0500 Subject: [PATCH 1/3] Add GHA support Updates dependency workflow. Adds enforcer, test, and deploy workflows. Removes TravisCI support --- .github/workflows/dependencies.yml | 14 ++++-- .github/workflows/deploy.yml | 76 ++++++++++++++++++++++++++++++ .github/workflows/enforcer.yml | 16 +++++++ .github/workflows/tests.yml | 32 +++++++++++++ .travis.yml | 31 ------------ 5 files changed, 135 insertions(+), 34 deletions(-) create mode 100644 .github/workflows/deploy.yml create mode 100644 .github/workflows/enforcer.yml create mode 100644 .github/workflows/tests.yml delete mode 100644 .travis.yml diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index b0cae23..b76d580 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -14,9 +14,17 @@ jobs: contents: write pull-requests: write steps: + - uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ vars.APP_ID }} + private-key: ${{ secrets.PRIVATE_KEY }} + - uses: actions/checkout@v4 with: - ref: base + token: ${{ steps.app-token.outputs.token }} + ref: development + persist-credentials: false - name: Set up Python uses: actions/setup-python@v4 @@ -36,8 +44,8 @@ jobs: - name: Create Pull Request uses: peter-evans/create-pull-request@v6.0.2 with: - token: ${{ secrets.GITHUB_TOKEN }} - base: base + token: ${{ steps.app-token.outputs.token }} + base: development branch: dependency-updates delete-branch: true title: Dependency Updates diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 0000000..3b8abc4 --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,76 @@ + +name: Build and Deploy + +on: + push: + branches: + - base + - development + workflow_dispatch: + +jobs: + build: + runs-on: ubuntu-latest + + environment: + name: ${{ github.ref_name }} + + env: + APP_NAME: newly_published_collections + LAMBDA_NAME: newly_published_collections + BASENAME: handle_digitized_av_notifications.py + + steps: + - name: Checkout Repository + uses: actions/checkout@v4 + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4.0.2 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + role-to-assume: ${{ secrets.AWS_DEPLOY_ROLE }} + role-skip-session-tagging: true + role-duration-seconds: 900 + aws-region: ${{ secrets.AWS_REGION }} + + - name: Login to Amazon ECR + uses: aws-actions/amazon-ecr-login@v2.0.1 + with: + registries: ${{ secrets.ECR_REGISTRIES }} + + - name: Set environment variables + run: | + echo "DATE=$(date +'%Y%m%dT%H%M%S')" >> $GITHUB_ENV + + - name: Build Docker image + run: docker build -t ${{ env.APP_NAME }} --target build . + + - name: Tag and push latest to ECR + if: github.ref == 'refs/heads/base' + run: | + docker tag ${{ env.APP_NAME }} "${{ secrets.AWS_ACCOUNT_ID }}".dkr.ecr."${{ secrets.AWS_REGION }}".amazonaws.com/"${{ env.APP_NAME }}":latest + docker push "${{ secrets.AWS_ACCOUNT_ID }}".dkr.ecr."${{ secrets.AWS_REGION }}".amazonaws.com/"${{ env.APP_NAME }}":latest + + - name: Tag and push dev to ECR + if: github.ref == 'refs/heads/development' + run: | + docker tag ${{ env.APP_NAME }} "${{ secrets.AWS_ACCOUNT_ID }}".dkr.ecr."${{ secrets.AWS_REGION }}".amazonaws.com/"${{ env.APP_NAME }}":dev + docker push "${{ secrets.AWS_ACCOUNT_ID }}".dkr.ecr."${{ secrets.AWS_REGION }}".amazonaws.com/"${{ env.APP_NAME }}":dev + + - name: Tag and push versioned image to ECR + if: github.ref == 'refs/heads/development' + run: | + docker tag ${{ env.APP_NAME }} "${{ secrets.AWS_ACCOUNT_ID }}".dkr.ecr."${{ secrets.AWS_REGION }}".amazonaws.com/"${{ env.APP_NAME }}":"${{ env.DATE }}"-"${{ github.sha }}" + docker push "${{ secrets.AWS_ACCOUNT_ID }}".dkr.ecr."${{ secrets.AWS_REGION }}".amazonaws.com/"${{ env.APP_NAME }}":"${{ env.DATE }}"-"${{ github.sha }}" + + - name: Tag image for production (base branch) + if: github.ref == 'refs/heads/base' + run: | + MANIFEST=$(aws ecr batch-get-image --registry-id ${{ secrets.AWS_ACCOUNT_ID }} --repository-name ${{ env.APP_NAME }} --image-ids imageTag=dev --output json | jq -c --join-output '.images[0].imageManifest') + aws ecr put-image --registry-id ${{ secrets.AWS_ACCOUNT_ID }} --repository-name ${{ env.APP_NAME }} --image-tag prod --image-manifest "$MANIFEST" + + - name: Deploy lambda + run: aws lambda update-function-code + --function-name arn:aws:lambda:$AWS_REGION:$AWS_LAMBDA_ACCOUNT_ID:function:$LAMBDA_NAME + --image-uri ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/${{ env.APP_NAME }}:prod diff --git a/.github/workflows/enforcer.yml b/.github/workflows/enforcer.yml new file mode 100644 index 0000000..1fc567f --- /dev/null +++ b/.github/workflows/enforcer.yml @@ -0,0 +1,16 @@ +name: 'Check Branch' + +on: + pull_request: + branches: + - base + +jobs: + check_branch: + runs-on: ubuntu-latest + steps: + - name: Check branch + if: github.head_ref != 'development' + run: | + echo "ERROR: You can only merge to base from the development branch." + exit 1 diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml new file mode 100644 index 0000000..14900b1 --- /dev/null +++ b/.github/workflows/tests.yml @@ -0,0 +1,32 @@ +name: Test + +on: + pull_request: + branches: + - development + workflow_dispatch: + +jobs: + test: + runs-on: ubuntu-latest + + environment: + name: development + + steps: + - name: Checkout Repository + uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.11' + cache: 'pip' + + - name: Install dependencies + run: | + python -m pip install --upgrade pip + pip install tox + + - name: Run tests + run: tox diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 3bda71e..0000000 --- a/.travis.yml +++ /dev/null @@ -1,31 +0,0 @@ -language: python -dist: focal -python: - - "3.10" -services: - - docker -env: - global: - - TIMESTAMP: $(date '+%Y%m%d%H%M%S') -cache: - directories: - - $HOME/.cache/pip - - $HOME/.cache/pre-commit -before_install: - - pip install awscli - - export PATH=$PATH:$HOME/.local/bin -install: - - pip install tox -script: - - tox -before_deploy: - - if [ ! -d deploy_scripts ]; then git clone https://github.com/RockefellerArchiveCenter/deploy_scripts.git; fi - - docker build -t ${DOCKER_REPO} . - - bash deploy_scripts/containers/push_image_to_ecr.sh ${DOCKER_REPO} -deploy: - provider: script - script: bash deploy_scripts/containers/deploy_image_lambda.sh - on: - branch: base -notifications: - email: false From 211ef4d3bc76e799a9587d744dc578c024d40566 Mon Sep 17 00:00:00 2001 From: Patrick Date: Thu, 7 Nov 2024 14:37:27 -0500 Subject: [PATCH 2/3] Update deploy Removes unused/incorrect environment variable. --- .github/workflows/deploy.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 3b8abc4..9da7cef 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -18,7 +18,6 @@ jobs: env: APP_NAME: newly_published_collections LAMBDA_NAME: newly_published_collections - BASENAME: handle_digitized_av_notifications.py steps: - name: Checkout Repository From c6e90520a5819ca089195e98afd6fbada2eff1f4 Mon Sep 17 00:00:00 2001 From: Patrick Date: Fri, 15 Nov 2024 11:35:04 -0500 Subject: [PATCH 3/3] Update dependency workflow Updates setup-python version --- .github/workflows/dependencies.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index b76d580..3f5cb66 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -27,7 +27,7 @@ jobs: persist-credentials: false - name: Set up Python - uses: actions/setup-python@v4 + uses: actions/setup-python@v5 with: python-version: '3.10' cache: pip