Github action for deploying the Django project to Elastic beanstalk after running some basic continuous integrations.

This GitHub Action will deploy your Django project to AWS Elastic beanstalk. It can be configured to upload your production-ready code into any branch you'd like, and even make multiple deployments it to different environments like staging or uat environments. You can also run linting, testing and security checks before deploying. And also you can download the reports of the coverage and the security checks as artifacts.

This action has the following features:

• Deploy Django project to elasticbeanstalk.
• Run unit tests.
• Download coverage reports.
• Run security checks using bandit.
• Download security checks report.
• Run linting using flake8.

Usage

It is important to have the Elastic beanstalk config.yml of your project with its AWS credentials.

    - name: Django aws eb deployment
      uses: joel-hanson/[email protected]
      with:
        python_version: ${{ matrix.python_version }}
        flake8: true
        aws_access_key_id: ${{ secrets.aws_access_key_id }}
        aws_secret_access_key: ${{ secrets.aws_secret_access_key }}
        django_path: sample_project
        unit_testing: true
        deploy: true
        min_coverage: 10
        postgresql_required: true
        security_check: true
        flake8_config_file: "sample_project/.flake8"

Getting Started ✈️

You can include the action in your workflow to trigger on any event that GitHub actions supports. If the remote branch that you wish to deploy to doesn't already exist the action will create it for you. Your workflow will also need to include the actions/checkout step before this workflow runs in order for the deployment to work.

Example

You can view an example of this below.

name: Build and Deployment

on: push

jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python_version: [3.7.17]

    steps:
    - uses: actions/checkout@v2
    - name: Django aws eb deployment
      uses: joel-hanson/[email protected]
      with:
        python_version: ${{ matrix.python_version }}
        flake8: true
        aws_access_key_id: ${{ secrets.aws_access_key_id }}
        aws_secret_access_key: ${{ secrets.aws_secret_access_key }}
        django_path: sample_project
        unit_testing: true
        deploy: true
        min_coverage: 10
        postgresql_required: true
        security_check: true
        flake8_config_file: "sample_project/.flake8"

If you'd like to make it so the workflow only triggers on push events to specific branches then you can modify the on section.

on:
  push:
    branches:
      - master

Configuration 📁

The with portion of the workflow must be configured before the action will work. You can add these in the with section found in the examples above. Any secrets must be referenced using the bracket syntax and stored in the GitHub repositories Settings/Secrets menu. You can learn more about setting environment variables with GitHub actions here.

Required Setup

One of the following deployment options must be configured.

Key	Value Information	Type	Required
AWS_ACCESS_KEY_ID	You should enter the AWS access key if ID. if you don't have one please learn more about how to generate one here This should be stored as a secret.'	secrets	Yes
AWS_SECRET_ACCESS_KEY	The AWS secret access key. This should be stored as a secret.	secrets	Yes

In addition to the deployment options you must also configure the following.

Key	Value Information	Type	Required	Default
FLAKE8	This boolean flag to whether to run flake8 linting for our project.	with	No	false
PYTHON_VERSION	Version range or exact version of a Python version to use, using SemVer's version range syntax.	with	Yes	3.7.17
FLAKE8_CONFIG_FILE	The flake8 config path relative to the github repository (this requires input flake8 to be true).	with	No	".flake8"
DEPLOY	Deploy to AWS Elastic beanstalk.	with	Yes	true

Optional Choices

Key	Value Information	Type	Required	Default
DJANGO_PATH	This is the path at which the your django project is located in you github repo.	with	No	"."
UNIT_TESTING	Whether to run unit tests.	with	No	false
MIN_COVERAGE	Minimum code coverage required.	with	No	0
POSTGRESQL_REQUIRED	Run unit tests with postgresql.	with	No	false
SECURITY_CHECK	Security oriented static analyser for python code using bandit.	with	No	false
FLAKE8_CONFIG_FILE	The flake8 config path relative to the github repository (this requires input flake8 to be true).	with	No	true

With the action correctly configured you should see the workflow trigger the deployment under the configured conditions.

---

Operating System Support 💿

This action is primarily developed using Ubuntu. In your workflow job configuration it's recommended to set the runs-on property to ubuntu-latest.

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest

---

Artifacts 📁

You can get the report for the coverage and the bandit security checks reports for you django project. learn more about artifacts.

Bandit report (security checks report) 👮‍♂️

The following is an bandit report for a django project. learn more about bandit.

Run started:2020-03-22 18:12:42.386731

Test results:
>> Issue: [B105:hardcoded_password_string] Possible hardcoded password: '(2h1-*yec9^6xz6y920vco%zdd+!7m6j6$!gi@)3amkbduup%d'
   Severity: Low   Confidence: Medium
   Location: ./sample_project/settings.py:25
   More Info: https://bandit.readthedocs.io/en/latest/plugins/b105_hardcoded_password_string.html
24      # SECURITY WARNING: keep the secret key used in production secret!
25      SECRET_KEY = "(2h1-*yec9^6xz6y920vco%zdd+!7m6j6$!gi@)3amkbduup%d"
26
27      # SECURITY WARNING: don't run with debug turned on in production!
28      DEBUG = True

--------------------------------------------------

Test results:
	No issues identified.

Code scanned:
	Total lines of code: 138
	Total lines skipped (#nosec): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0.0
		Low: 0.0
		Medium: 0.0
		High: 0.0
	Total issues (by confidence):
		Undefined: 0.0
		Low: 0.0
		Medium: 0.0
		High: 0.0
Files skipped (0):

This can be achieved by add the following to your job

    - name: Security check report artifacts
      uses: actions/upload-artifact@v1
      if: failure()
      with:
        name: bandit
        path: output/security_report.txt

Coverage report 👮‍♂️

The following is an example coverage report done for a sample django project by running unit tests. learn more about coverage

Name                                Stmts   Miss  Cover
-------------------------------------------------------
manage.py                              12      2    83%
sample_app/__init__.py                  0      0   100%
sample_app/admin.py                     1      1     0%
sample_app/apps.py                      3      3     0%
sample_app/migrations/__init__.py       0      0   100%
sample_app/models.py                    1      1     0%
sample_app/tests.py                     1      0   100%
sample_app/views.py                     1      1     0%
sample_project/__init__.py              0      0   100%
sample_project/asgi.py                  4      4     0%
sample_project/settings.py             18      0   100%
sample_project/urls.py                  3      0   100%
sample_project/wsgi.py                  4      4     0%
-------------------------------------------------------
TOTAL                                  48     16    67%

This can be achieved by add the following to your job

    - name: Coverage report artifacts
      uses: actions/upload-artifact@v1
      if: failure()
      with:
        name: coverage report
        path: output/coverage_report.txt

    - name: Coverage report artifacts if failed
      uses: actions/upload-artifact@v1
      if: failure()
      with:
        name: coverage report if failed
        path: output/coverage_report.txt

The following is the full workflow file that you can use:

name: Deployment

on:
  push:
    branches:
      - master
jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python_version: [3.7.17]

    steps:
    - uses: actions/checkout@v2
    - name: Django aws eb deployment
      uses: joel-hanson/[email protected]
      with:
        python_version: ${{ matrix.python_version }}
        flake8: true
        aws_access_key_id: ${{ secrets.aws_access_key_id }}
        aws_secret_access_key: ${{ secrets.aws_secret_access_key }}
        django_path: sample_project
        unit_testing: true
        deploy: true
        min_coverage: 10
        postgresql_required: true
        security_check: true
        flake8_config_file: "sample_project/.flake8"

    - name: Coverage report artifacts
      uses: actions/upload-artifact@v1
      with:
        name: coverage report
        path: output/coverage_report.txt

    - name: Coverage report artifacts if failed
      uses: actions/upload-artifact@v1
      if: failure()
      with:
        name: coverage report if failed
        path: output/coverage_report.txt

    - name: Security check report artifacts
      uses: actions/upload-artifact@v1
      if: failure()
      with:
        name: bandit
        path: output/security_report.txt

---

License 👨🏻‍💻

The Dockerfile and associated scripts and documentation in this project are released under the MIT License.

Container images built with this project include third party materials. As with all Docker images, these likely also contain other software which may be under other licenses. It is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.