Merge pull request #118 from materials-data-facility/deployment_docs #317
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| # Controls when the action will run. Triggers the workflow on push or pull request | |
| # events but only for the master branch | |
| on: | |
| push: | |
| branches: | |
| - "dev" | |
| - "prod" | |
| workflow_dispatch: | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| jobs: | |
| # Run unit tests, flake8 and safety checks | |
| test: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| # Check out the schema repo to package up the JSON schema with lambda function | |
| - name: Checkout schema repo | |
| uses: actions/checkout@v2 | |
| with: | |
| repository: materials-data-facility/data-schemas | |
| ref: automate | |
| path: schemas | |
| - name: Set up Python | |
| uses: actions/setup-python@v2 | |
| with: | |
| python-version: '3.10' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip wheel | |
| pip install -r aws/requirements.txt | |
| pip install boto3 | |
| # Avoid vulnerable setuptools pulled in by one of our dependencies | |
| pip install --upgrade setuptools | |
| pip list | |
| - name: Check for vulnerabilities in libraries | |
| # Safety is a tool that checks your installed dependencies for known security vulnerabilities. | |
| # The free version stopped working with 3.0 | |
| run: | | |
| pip install safety==2.3.5 | |
| pip freeze | safety check | |
| - name: Test with pytest | |
| run: | | |
| pip install -r aws/tests/requirements-test.txt | |
| pip list | |
| PYTHONPATH=aws/ python -m pytest aws/tests | |
| # Build docker images for each of the lambda functions and publish to docker hub | |
| publish: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # Loop over each lambda function | |
| lambda: ["auth", "submit", "status", "submissions"] | |
| needs: test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Use branch name to determine image tag | |
| shell: bash | |
| run: echo "imagetag=$(echo ${GITHUB_REF##*/})" >> $GITHUB_OUTPUT | |
| id: extract_tag_name | |
| # Check out the schema repo to package up the JSON schemae with function | |
| - name: Checkout schema repo | |
| uses: actions/checkout@v2 | |
| with: | |
| repository: materials-data-facility/data-schemas | |
| ref: automate | |
| path: aws/schemas | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::557062710055:role/MDF-Connect2GithubActionsRole | |
| role-session-name: mdfconnect-backend-deployer | |
| aws-region: us-east-1 | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/[email protected] | |
| - name: Set up QEMU | |
| uses: docker/[email protected] | |
| - name: Set up Docker Buildx | |
| uses: docker/[email protected] | |
| - name: Build and push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./aws | |
| platforms: linux/amd64 | |
| provenance: false | |
| push: true | |
| tags: ${{ steps.login-ecr.outputs.registry }}/mdf-lambdas/${{ matrix.lambda }}:${{ steps.extract_tag_name.outputs.imagetag }} | |
| file: ./aws/Dockerfile | |
| build-args: LAMBDA_SCRIPT=${{ matrix.lambda }} | |
| - name: Update lambda functions w/ the new containers | |
| uses: materials-data-facility/deploy-lambda-action@v0 | |
| with: | |
| function-name: MDF-Connect2-${{ matrix.lambda }}-${{ steps.extract_tag_name.outputs.imagetag }} | |
| image-uri: ${{ steps.login-ecr.outputs.registry }}/mdf-lambdas/${{ matrix.lambda }}:${{ steps.extract_tag_name.outputs.imagetag }} |