Update pipeline (#65) #40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Pipeline | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
branches: [ main ] | |
jobs: | |
setup: | |
runs-on: ubuntu-latest | |
outputs: | |
DB_USERNAME: ${{ steps.get-secrets.outputs.db_username }} | |
DB_PASSWORD: ${{ steps.get-secrets.outputs.db_password }} | |
DB_HOST: ${{ steps.get-secrets.outputs.db_host }} | |
DB_NAME: ${{ steps.get-secrets.outputs.db_name }} | |
DJANGO_KEY: ${{ steps.get-secrets.outputs.django_key }} | |
AWS_STORAGE_BUCKET_NAME: ${{ steps.get-secrets.outputs.aws_storage_bucket_name }} | |
AWS_S3_REGION_NAME: ${{ steps.get-secrets.outputs.aws_s3_region_name }} | |
COGNITO_USER_POOL_ID: ${{ steps.get-secrets.outputs.cognito_user_pool_Id }} | |
COGNITO_APP_CLIENT_ID: ${{ steps.get-secrets.outputs.cognito_app_client_id }} | |
COGNITO_APP_CLIENT_SECRET: ${{ steps.get-secrets.outputs.congito_app_client_secret }} | |
steps: | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ap-southeast-1 | |
- name: Retrieve secrets from AWS Secrets Manager | |
id: get-secrets | |
run: | | |
DB_SECRET_STRING=$(aws secretsmanager get-secret-value --secret-id db_credentials --query SecretString --output text) | |
echo "db_username=$(echo $DB_SECRET_STRING | jq -r .username)" >> $GITHUB_OUTPUT | |
echo "db_password=$(echo $DB_SECRET_STRING | jq -r .password)" >> $GITHUB_OUTPUT | |
echo "db_host=$(echo $DB_SECRET_STRING | jq -r .host)" >> $GITHUB_OUTPUT | |
echo "db_name=$(echo $DB_SECRET_STRING | jq -r .dbname)" >> $GITHUB_OUTPUT | |
SECRET_STRING=$(aws secretsmanager get-secret-value --secret-id secrets --query SecretString --output text) | |
echo "django_key=$(echo $SECRET_STRING | jq -r .DJANGO_KEY)" >> $GITHUB_OUTPUT | |
echo "aws_storage_bucket_name=$(echo $SECRET_STRING | jq -r .AWS_STORAGE_BUCKET_NAME)" >> $GITHUB_OUTPUT | |
echo "aws_s3_region_name=$(echo $SECRET_STRING | jq -r .AWS_S3_REGION_NAME)" >> $GITHUB_OUTPUT | |
echo "cognito_user_pool_Id=$(echo $SECRET_STRING | jq -r .COGNITO_USER_POOL_ID)" >> $GITHUB_OUTPUT | |
echo "cognito_app_client_id=$(echo $SECRET_STRING | jq -r .COGNITO_APP_CLIENT_ID)" >> $GITHUB_OUTPUT | |
echo "congito_app_client_secret=$(echo $SECRET_STRING | jq -r .COGNITO_APP_CLIENT_SECRET)" >> $GITHUB_OUTPUT | |
python_django: | |
needs: setup | |
name: Build Django Backend | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
shell: bash | |
working-directory: ./backend | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
DB_USERNAME: ${{ needs.setup.outputs.DB_USERNAME }} | |
DB_PASSWORD: ${{ needs.setup.outputs.DB_PASSWORD }} | |
DB_HOST: ${{ needs.setup.outputs.DB_HOST }} | |
DB_NAME: ${{ needs.setup.outputs.DB_NAME }} | |
SECRET_KEY: ${{ needs.setup.outputs.DJANGO_KEY }} | |
AWS_STORAGE_BUCKET_NAME: ${{ needs.setup.outputs.AWS_STORAGE_BUCKET_NAME }} | |
AWS_S3_REGION_NAME: ${{ needs.setup.outputs.AWS_S3_REGION_NAME }} | |
COGNITO_USER_POOL_ID: ${{ needs.setup.outputs.COGNITO_USER_POOL_ID }} | |
COGNITO_APP_CLIENT_ID: ${{ needs.setup.outputs.COGNITO_APP_CLIENT_ID }} | |
COGNITO_APP_CLIENT_SECRET: ${{ needs.setup.outputs.COGNITO_APP_CLIENT_SECRET }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python | |
uses: actions/setup-python@v3 | |
with: | |
python-version: '3.10' | |
- name: Install pipenv | |
run: python -m pip install --upgrade pipenv wheel | |
- uses: actions/cache@v3 | |
with: | |
path: ~/.local/share/virtualenvs | |
key: ${{ runner.os }}-pipenv-${{ hashFiles('**/Pipfile.lock') }} | |
- name: Install dependencies | |
run: pipenv install --deploy --dev | |
- name: Run linting | |
run: pipenv run flake8 | |
- name: Makes sure it runs | |
run: pipenv run python manage.py check | |
- name: Run tests | |
run: pipenv run python manage.py test | |
node_react: | |
name: Build React Frontend | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
shell: bash | |
working-directory: ./frontend | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Use Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: '20.x' | |
- run: npm install | |
- run: npm run lint | |
- run: npm run build --if-present | |
- run: npm test | |
terraform: | |
env: | |
TF_CLOUD_ORGANIZATION: "microvan" | |
TF_API_TOKEN: "${{ secrets.TF_API_TOKEN }}" | |
TF_WORKSPACE: "microvan" | |
CONFIG_DIRECTORY: "./terraform" | |
name: "Terraform Plan" | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
pull-requests: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Upload Configuration | |
uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
id: plan-upload | |
with: | |
workspace: ${{ env.TF_WORKSPACE }} | |
directory: ${{ env.CONFIG_DIRECTORY }} | |
speculative: true | |
- name: Create Plan Run | |
uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
id: plan-run | |
with: | |
workspace: ${{ env.TF_WORKSPACE }} | |
configuration_version: ${{ steps.plan-upload.outputs.configuration_version_id }} | |
plan_only: true | |
- name: Get Plan Output | |
uses: hashicorp/tfc-workflows-github/actions/[email protected] | |
id: plan-output | |
with: | |
plan: ${{ fromJSON(steps.plan-run.outputs.payload).data.relationships.plan.data.id }} | |
- name: Update PR | |
if: github.event_name == 'pull_request' | |
uses: actions/github-script@v6 | |
id: plan-comment | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
script: | | |
// 1. Retrieve existing bot comments for the PR | |
const { data: comments } = await github.rest.issues.listComments({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
issue_number: context.issue.number, | |
}); | |
const botComment = comments.find(comment => { | |
return comment.user.type === 'Bot' && comment.body.includes('Terraform Cloud Plan Output') | |
}); | |
const output = `#### Terraform Cloud Plan Output | |
\`\`\` | |
Plan: ${{ steps.plan-output.outputs.add }} to add, ${{ steps.plan-output.outputs.change }} to change, ${{ steps.plan-output.outputs.destroy }} to destroy. | |
\`\`\` | |
[Terraform Cloud Plan](${{ steps.plan-run.outputs.run_link }}) | |
`; | |
// 3. Delete previous comment so PR timeline makes sense | |
if (botComment) { | |
github.rest.issues.deleteComment({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
comment_id: botComment.id, | |
}); | |
} | |
github.rest.issues.createComment({ | |
issue_number: context.issue.number, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
body: output | |
}); |