[ETL-590] Fitbit ecg (#102) #20

Workflow file for this run

.github/workflows/upload-and-deploy-to-prod-main.yaml at ffaad2f

	name: upload-and-deploy-to-prod-main

	on:
	push:
	tags:
	- "v[0-9]+.[0-9]+.[0-9]+"

	env:
	NAMESPACE: main
	PYTHON_VERSION: 3.9

	jobs:

	pre-commit:
	name: Run pre-commit hooks against all files
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3
	- uses: actions/setup-python@v4
	- uses: pre-commit/[email protected]


	upload-files:
	name: Upload files to S3 bucket in prod/main
	runs-on: ubuntu-latest
	needs: pre-commit
	# These permissions are needed to interact with GitHub's OIDC Token endpoint.
	permissions:
	id-token: write
	contents: read
	environment: prod
	steps:

	- name: Setup code, pipenv, aws
	uses: Sage-Bionetworks/action-pipenv-aws-setup@v3
	with:
	role_to_assume: ${{ vars.AWS_CREDENTIALS_IAM_ROLE }}
	role_session_name: GitHubActions-${{ github.repository_owner }}-${{ github.event.repository.name }}-${{ github.run_id }}
	python_version: ${{ env.PYTHON_VERSION }}

	- name: Copy files to templates bucket
	run: python src/scripts/manage_artifacts/artifacts.py --upload --namespace $NAMESPACE --cfn_bucket ${{ vars.CFN_BUCKET }}


	sceptre-deploy-main:
	name: Deploys to prod/main using sceptre
	runs-on: ubuntu-latest
	needs: [pre-commit, upload-files]
	environment: prod
	# These permissions are needed to interact with GitHub's OIDC Token endpoint.
	permissions:
	id-token: write
	contents: read

	steps:
	- name: Setup code, pipenv, aws
	uses: Sage-Bionetworks/action-pipenv-aws-setup@v3
	with:
	role_to_assume: ${{ vars.AWS_CREDENTIALS_IAM_ROLE }}
	role_session_name: GitHubActions-${{ github.repository_owner }}-${{ github.event.repository.name }}-${{ github.run_id }}
	python_version: ${{ env.PYTHON_VERSION }}

	- name: Create directory for remote sceptre templates
	run: mkdir -p templates/remote/

	- name: Deploy sceptre stacks to prod/main
	run: pipenv run sceptre --var "namespace=${{ env.NAMESPACE }}" launch prod --yes

	- name: Configure S3 to Glue lambda with S3 trigger
	uses: gagoar/invoke-aws-lambda@v3
	with:
	AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
	AWS_SESSION_TOKEN: ${{ env.AWS_SESSION_TOKEN }}
	REGION: ${{ env.AWS_REGION }}
	FunctionName: ${{ env.NAMESPACE }}-S3EventConfig
	Payload: '{"RequestType": "Create"}'
	LogType: Tail


	sts-access-test:
	name: Runs STS access tests on prod synapse folders
	runs-on: ubuntu-latest
	needs: sceptre-deploy-main
	environment: prod
	# These permissions are needed to interact with GitHub's OIDC Token endpoint.
	permissions:
	id-token: write
	contents: read

	steps:
	- name: Setup code, pipenv, aws
	uses: Sage-Bionetworks/action-pipenv-aws-setup@v3
	with:
	role_to_assume: ${{ vars.AWS_CREDENTIALS_IAM_ROLE }}
	role_session_name: ${{ github.event.repository.name }}-${{ github.run_id }}-nonglue-unit-tests
	python_version: ${{ env.PYTHON_VERSION }}

	- name: Test prod synapse folders for STS access with pytest
	run: >
	pipenv run python -m pytest tests/test_setup_external_storage.py
	--test-bucket recover-input-data
	--test-synapse-folder-id syn51714264
	--namespace $NAMESPACE
	--test-sts-permission read_only
	-v

	pipenv run python -m pytest tests/test_setup_external_storage.py
	--test-bucket recover-processed-data
	--test-synapse-folder-id syn51406699
	--namespace $NAMESPACE/parquet
	--test-sts-permission read_write
	-v

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[ETL-590] Fitbit ecg (#102) #20

Workflow file

[ETL-590] Fitbit ecg (#102) #20

Jobs

Run details

Workflow file for this run