Skip to content

Update OBPG query to include optional creation_date #34

Update OBPG query to include optional creation_date

Update OBPG query to include optional creation_date #34

Workflow file for this run

# Main build pipeline that verifies, builds, and deploys the software
name: Build and Deploy
# Events that trigger the workflow
on:
# Trigger based on push to all branches
push:
branches:
- 'development'
- 'feature/**'
- 'release/**'
- 'main'
tags-ignore:
- '*'
# Run workflow manually from the Actions tab
workflow_dispatch:
# Environment variables
env:
APP_NAME_ENV: 'download-list-creator'
jobs:
build:
name: Build and Deploy
# The type of runner that the job will run on
runs-on: ubuntu-latest
steps:
# SIT environment variables
- name: Set Environment Variables
if: |
startsWith(github.ref, 'refs/heads/development') ||
startsWith(github.ref, 'refs/heads/feature')
run: |
echo "TARGET_ENV=SIT" >> $GITHUB_ENV
echo "PREFIX_ENV=service-generate-sit" >> $GITHUB_ENV
# UAT environment variables
- name: Set Environment Variables
if: startsWith(github.ref, 'refs/heads/release')
run: |
echo "TARGET_ENV=UAT" >> $GITHUB_ENV
echo "PREFIX_ENV=service-generate-uat" >> $GITHUB_ENV
# OPS environment variables
- name: Set Environment Variables
if: startsWith(github.ref, 'refs/heads/main')
run: |
echo "TARGET_ENV=OPS" >> $GITHUB_ENV
echo "PREFIX_ENV=service-generate-ops" >> $GITHUB_ENV
# Check out GitHub repo
- uses: actions/checkout@v3
# SNYK IAC scan and report
- name: Run Snyk IAC to test and report
uses: snyk/actions/iac@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
command: test
args: >
--org=${{ secrets.SNYK_ORG_ID }}
--severity-threshold=high
--report
# SNYK Python
- name: Run Snyk Python to test
uses: snyk/actions/python-3.8@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
command: test
args: >
--org=${{ secrets.SNYK_ORG_ID }}
--project-name=${{ github.repository }}
--severity-threshold=high
--fail-on=all
- name: Run Snyk Python to report
uses: snyk/actions/python-3.8@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
command: monitor
args: >
--org=${{ secrets.SNYK_ORG_ID }}
--project-name=${{ github.repository }}
# Set up Terraform
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2.0.3
with:
terraform_version: 1.3.7
# Validate Terraform file
- name: Validate Terraform
run: terraform validate -no-color
# Configure credentials for ECR and Lambda
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets[format('AWS_ACCESS_KEY_ID_SERVICES_{0}', env.TARGET_ENV)] }}
aws-secret-access-key: ${{ secrets[format('AWS_SECRET_ACCESS_KEY_SERVICES_{0}', env.TARGET_ENV)] }}
aws-region: us-west-2
# Login and define registry, repository, and tag names
- name: Login to AWS ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
with:
mask-password: 'true'
- name: Define ECR registry, repository, and image tag names
run : |
echo "REGISTRY=${{ steps.login-ecr.outputs.registry }}" >> $GITHUB_ENV
echo "REPOSITORY=${PREFIX_ENV}-${APP_NAME_ENV}" >> $GITHUB_ENV
echo "IMAGE_TAG=latest" >> $GITHUB_ENV
# Create ECR repository (if it does not exist)
- name: Create AWS ECR Repository
run: deploy/deploy-ecr.sh $REGISTRY $REPOSITORY
# Build and push Lambda container
- name: Build and Push to AWS ECR
run: |
docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG .
docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG
# Set up TF_VAR environment variables
- name: Define TF_VAR values
run: |
echo "TF_VAR_environment=$TARGET_ENV" >> $GITHUB_ENV
echo "TF_VAR_prefix=$PREFIX_ENV" >> $GITHUB_ENV
# Deploy Terraform
- name: Deploy Terraform
working-directory: terraform/
# Set TF_VAR environment variables, initialize and run terraform
run: |
terraform init -reconfigure \
-backend-config="bucket=${PREFIX_ENV}-tf-state" \
-backend-config="key=${APP_NAME_ENV}.tfstate" \
-backend-config="region=${AWS_DEFAULT_REGION}"
terraform apply -auto-approve
# Deploy Lambda Container Image
- name: Deploy Container Image
run: deploy/deploy-lambda.sh ${PREFIX_ENV}-${APP_NAME_ENV} $REGISTRY/$REPOSITORY:$IMAGE_TAG