-
Notifications
You must be signed in to change notification settings - Fork 0
171 lines (163 loc) · 5.17 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
name: HLS LPDAAC Reconciliation Report
on:
workflow_dispatch:
release:
types:
- published
push:
branches:
- main
- develop
tags-ignore:
- "*"
paths:
- ".github/workflows/*"
- "cdk/**"
- "src/**"
- "cdk.json"
- "Makefile"
- "setup.py"
- "tox.ini"
pull_request:
types:
- edited
- opened
- reopened
- synchronize
branches:
- main
- develop
paths:
- ".github/workflows/*"
- "cdk/**"
- "src/**"
- "cdk.json"
- "Makefile"
- "setup.py"
- "tox.ini"
# See https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#updating-your-github-actions-workflow
permissions:
id-token: write # required for requesting the JWT
contents: read # required for actions/checkout
defaults:
run:
shell: bash
jobs:
config:
# This is a hack to work around the lack of support for two other possiblities for
# avoiding duplication of configuration values:
#
# (1) YAML anchors (https://yaml.org/spec/1.1/current.html#id899912) and aliases
# (https://yaml.org/spec/1.1/current.html#id902561)
# (2) Availability of `env` context within `jobs.<job-id>.with.<with-id>` (see
# https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability)
#
# Alternative hack: https://github.com/actions/runner/issues/1182#issuecomment-1262870831
runs-on: ubuntu-22.04
outputs:
PYTHON_VERSION: "${{ steps.python.outputs.PYTHON_VERSION }}"
TOX_MIN_VERSION: "${{ steps.tox.outputs.TOX_MIN_VERSION }}"
steps:
- id: python
name: Set Python version
run: echo "PYTHON_VERSION=3.12" >> "$GITHUB_OUTPUT"
- id: tox
name: Set minimum tox version
# `allowlist_externals` replaces `whitelist_externals`
run: echo "TOX_MIN_VERSION=3.18.0" >> "$GITHUB_OUTPUT"
unit-tests:
runs-on: ubuntu-22.04
needs: config
steps:
- name: Checkout source
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "${{ needs.config.outputs.PYTHON_VERSION }}"
cache: pip
cache-dependency-path: setup.py
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install "tox>=${{ needs.config.outputs.TOX_MIN_VERSION }}"
- name: Run unit tests
run: |
make unit-tests
integration-tests:
runs-on: ubuntu-22.04
environment: dev
needs: config
steps:
- name: Checkout source
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: "${{ needs.config.outputs.PYTHON_VERSION }}"
cache: pip
cache-dependency-path: setup.py
- name: Install dependencies
run: |
python -m pip install --upgrade pip
python -m pip install "tox>=${{ needs.config.outputs.TOX_MIN_VERSION }}"
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ vars.AWS_DEFAULT_REGION }}
role-to-assume: ${{ vars.AWS_ROLE_TO_ASSUME_ARN }}
role-session-name: ${{ github.actor }}
- name: Convert secrets to environment variables
env:
SECRETS_JSON: ${{ toJson(secrets) }}
run: |
while read -rd $'' line; do
echo "$line" >> $GITHUB_ENV
done < <(
jq -r <<<"$SECRETS_JSON" 'to_entries|map("\(.key)=\(.value)\u0000")[]'
)
- name: Convert vars to environment variables
env:
VARS_JSON: ${{ toJson(vars) }}
run: |
while read -rd $'' line; do
echo "$line" >> $GITHUB_ENV
done < <(
jq -r <<<"$VARS_JSON" 'to_entries|map("\(.key)=\(.value)\u0000")[]'
)
- name: Deploy integration test stack
run: |
make deploy-it
- name: Run integration tests
run: |
make integration-tests
- name: Destroy integration test stack
if: "${{ !cancelled() }}"
run: |
make destroy-it
deploy-dev:
# Deploy to Dev only on push (including merged PR) to `develop` branch
if: github.event_name == 'push' && github.event.ref == 'refs/heads/develop'
needs:
- config
- unit-tests
- integration-tests
uses: ./.github/workflows/deploy.yml
with:
environment: dev
PYTHON_VERSION: "${{ needs.config.outputs.PYTHON_VERSION }}"
TOX_MIN_VERSION: "${{ needs.config.outputs.TOX_MIN_VERSION }}"
secrets: inherit
deploy-prod:
# Deploy to Prod only on publishing a release (tag) on `main` branch
if: github.event_name == 'release' && github.event.action == 'published'
needs:
- config
- unit-tests
- integration-tests
uses: ./.github/workflows/deploy.yml
with:
environment: prod
PYTHON_VERSION: "${{ needs.config.outputs.PYTHON_VERSION }}"
TOX_MIN_VERSION: "${{ needs.config.outputs.TOX_MIN_VERSION }}"
secrets: inherit