Skip to content

Update pipeline (#65) #40

Update pipeline (#65)

Update pipeline (#65) #40

Workflow file for this run

name: Build Pipeline
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
jobs:
setup:
runs-on: ubuntu-latest
outputs:
DB_USERNAME: ${{ steps.get-secrets.outputs.db_username }}
DB_PASSWORD: ${{ steps.get-secrets.outputs.db_password }}
DB_HOST: ${{ steps.get-secrets.outputs.db_host }}
DB_NAME: ${{ steps.get-secrets.outputs.db_name }}
DJANGO_KEY: ${{ steps.get-secrets.outputs.django_key }}
AWS_STORAGE_BUCKET_NAME: ${{ steps.get-secrets.outputs.aws_storage_bucket_name }}
AWS_S3_REGION_NAME: ${{ steps.get-secrets.outputs.aws_s3_region_name }}
COGNITO_USER_POOL_ID: ${{ steps.get-secrets.outputs.cognito_user_pool_Id }}
COGNITO_APP_CLIENT_ID: ${{ steps.get-secrets.outputs.cognito_app_client_id }}
COGNITO_APP_CLIENT_SECRET: ${{ steps.get-secrets.outputs.congito_app_client_secret }}
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-southeast-1
- name: Retrieve secrets from AWS Secrets Manager
id: get-secrets
run: |
DB_SECRET_STRING=$(aws secretsmanager get-secret-value --secret-id db_credentials --query SecretString --output text)
echo "db_username=$(echo $DB_SECRET_STRING | jq -r .username)" >> $GITHUB_OUTPUT
echo "db_password=$(echo $DB_SECRET_STRING | jq -r .password)" >> $GITHUB_OUTPUT
echo "db_host=$(echo $DB_SECRET_STRING | jq -r .host)" >> $GITHUB_OUTPUT
echo "db_name=$(echo $DB_SECRET_STRING | jq -r .dbname)" >> $GITHUB_OUTPUT
SECRET_STRING=$(aws secretsmanager get-secret-value --secret-id secrets --query SecretString --output text)
echo "django_key=$(echo $SECRET_STRING | jq -r .DJANGO_KEY)" >> $GITHUB_OUTPUT
echo "aws_storage_bucket_name=$(echo $SECRET_STRING | jq -r .AWS_STORAGE_BUCKET_NAME)" >> $GITHUB_OUTPUT
echo "aws_s3_region_name=$(echo $SECRET_STRING | jq -r .AWS_S3_REGION_NAME)" >> $GITHUB_OUTPUT
echo "cognito_user_pool_Id=$(echo $SECRET_STRING | jq -r .COGNITO_USER_POOL_ID)" >> $GITHUB_OUTPUT
echo "cognito_app_client_id=$(echo $SECRET_STRING | jq -r .COGNITO_APP_CLIENT_ID)" >> $GITHUB_OUTPUT
echo "congito_app_client_secret=$(echo $SECRET_STRING | jq -r .COGNITO_APP_CLIENT_SECRET)" >> $GITHUB_OUTPUT
python_django:
needs: setup
name: Build Django Backend
runs-on: ubuntu-latest
defaults:
run:
shell: bash
working-directory: ./backend
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
DB_USERNAME: ${{ needs.setup.outputs.DB_USERNAME }}
DB_PASSWORD: ${{ needs.setup.outputs.DB_PASSWORD }}
DB_HOST: ${{ needs.setup.outputs.DB_HOST }}
DB_NAME: ${{ needs.setup.outputs.DB_NAME }}
SECRET_KEY: ${{ needs.setup.outputs.DJANGO_KEY }}
AWS_STORAGE_BUCKET_NAME: ${{ needs.setup.outputs.AWS_STORAGE_BUCKET_NAME }}
AWS_S3_REGION_NAME: ${{ needs.setup.outputs.AWS_S3_REGION_NAME }}
COGNITO_USER_POOL_ID: ${{ needs.setup.outputs.COGNITO_USER_POOL_ID }}
COGNITO_APP_CLIENT_ID: ${{ needs.setup.outputs.COGNITO_APP_CLIENT_ID }}
COGNITO_APP_CLIENT_SECRET: ${{ needs.setup.outputs.COGNITO_APP_CLIENT_SECRET }}
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v3
with:
python-version: '3.10'
- name: Install pipenv
run: python -m pip install --upgrade pipenv wheel
- uses: actions/cache@v3
with:
path: ~/.local/share/virtualenvs
key: ${{ runner.os }}-pipenv-${{ hashFiles('**/Pipfile.lock') }}
- name: Install dependencies
run: pipenv install --deploy --dev
- name: Run linting
run: pipenv run flake8
- name: Makes sure it runs
run: pipenv run python manage.py check
- name: Run tests
run: pipenv run python manage.py test
node_react:
name: Build React Frontend
runs-on: ubuntu-latest
defaults:
run:
shell: bash
working-directory: ./frontend
steps:
- uses: actions/checkout@v4
- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: '20.x'
- run: npm install
- run: npm run lint
- run: npm run build --if-present
- run: npm test
terraform:
env:
TF_CLOUD_ORGANIZATION: "microvan"
TF_API_TOKEN: "${{ secrets.TF_API_TOKEN }}"
TF_WORKSPACE: "microvan"
CONFIG_DIRECTORY: "./terraform"
name: "Terraform Plan"
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Upload Configuration
uses: hashicorp/tfc-workflows-github/actions/[email protected]
id: plan-upload
with:
workspace: ${{ env.TF_WORKSPACE }}
directory: ${{ env.CONFIG_DIRECTORY }}
speculative: true
- name: Create Plan Run
uses: hashicorp/tfc-workflows-github/actions/[email protected]
id: plan-run
with:
workspace: ${{ env.TF_WORKSPACE }}
configuration_version: ${{ steps.plan-upload.outputs.configuration_version_id }}
plan_only: true
- name: Get Plan Output
uses: hashicorp/tfc-workflows-github/actions/[email protected]
id: plan-output
with:
plan: ${{ fromJSON(steps.plan-run.outputs.payload).data.relationships.plan.data.id }}
- name: Update PR
if: github.event_name == 'pull_request'
uses: actions/github-script@v6
id: plan-comment
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
// 1. Retrieve existing bot comments for the PR
const { data: comments } = await github.rest.issues.listComments({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: context.issue.number,
});
const botComment = comments.find(comment => {
return comment.user.type === 'Bot' && comment.body.includes('Terraform Cloud Plan Output')
});
const output = `#### Terraform Cloud Plan Output
\`\`\`
Plan: ${{ steps.plan-output.outputs.add }} to add, ${{ steps.plan-output.outputs.change }} to change, ${{ steps.plan-output.outputs.destroy }} to destroy.
\`\`\`
[Terraform Cloud Plan](${{ steps.plan-run.outputs.run_link }})
`;
// 3. Delete previous comment so PR timeline makes sense
if (botComment) {
github.rest.issues.deleteComment({
owner: context.repo.owner,
repo: context.repo.repo,
comment_id: botComment.id,
});
}
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: output
});