Merge pull request #244 from RockefellerArchiveCenter/development

Implements GitHub actions
RockefellerArchiveCenter · Nov 19, 2024 · 4ab9292 · 4ab9292
2 parents bbcba39 + b1630c0
commit 4ab9292
Show file tree

Hide file tree

Showing 5 changed files with 100 additions and 35 deletions.
diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml
@@ -14,12 +14,20 @@ jobs:
       contents: write
       pull-requests: write
     steps:
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.PRIVATE_KEY }}
+
       - uses: actions/checkout@v4
         with:
+          token: ${{ steps.app-token.outputs.token }}
           ref: development
+          persist-credentials: false
 
       - name: Set up Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: '3.11'
           cache: pip
@@ -36,7 +44,7 @@ jobs:
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v6.0.2
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ steps.app-token.outputs.token }}
           base: development
           branch: dependency-updates
           delete-branch: true

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,74 @@
+name: Build and Deploy
+
+on:
+  push:
+    branches:
+      - base
+      - development
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    environment:
+      name: ${{ github.ref_name }}
+
+    env:
+      APP_NAME: docs-build
+      LAMBDA_NAME: build_docs_site
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4.0.2
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          role-to-assume: ${{ secrets.AWS_DEPLOY_ROLE }}
+          role-skip-session-tagging: true
+          role-duration-seconds: 900
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        uses: aws-actions/amazon-ecr-login@v2.0.1
+        with:
+          registries: ${{ secrets.ECR_REGISTRIES }}
+
+      - name: Set environment variables
+        run: |
+          echo "DATE=$(date +'%Y%m%dT%H%M%S')" >> $GITHUB_ENV
+
+      - name: Copy config file
+        run: cp theme/_config.yml.example theme/config.yml
+
+      - name: Build Docker image
+        run: docker build -t ${{ env.APP_NAME }} .
+
+      - name: Tag and push latest to ECR
+        if: github.ref == 'refs/heads/base'
+        run: |
+          docker tag ${{ env.APP_NAME }} "${{ secrets.AWS_ACCOUNT_ID }}".dkr.ecr."${{ secrets.AWS_REGION }}".amazonaws.com/"${{ env.APP_NAME }}":latest
+          docker push "${{ secrets.AWS_ACCOUNT_ID }}".dkr.ecr."${{ secrets.AWS_REGION }}".amazonaws.com/"${{ env.APP_NAME }}":latest
+      - name: Tag and push dev to ECR
+        if: github.ref == 'refs/heads/development'
+        run: |
+          docker tag ${{ env.APP_NAME }} "${{ secrets.AWS_ACCOUNT_ID }}".dkr.ecr."${{ secrets.AWS_REGION }}".amazonaws.com/"${{ env.APP_NAME }}":dev
+          docker push "${{ secrets.AWS_ACCOUNT_ID }}".dkr.ecr."${{ secrets.AWS_REGION }}".amazonaws.com/"${{ env.APP_NAME }}":dev
+      - name: Tag and push versioned image to ECR
+        if: github.ref == 'refs/heads/development'
+        run: |
+          docker tag ${{ env.APP_NAME }} "${{ secrets.AWS_ACCOUNT_ID }}".dkr.ecr."${{ secrets.AWS_REGION }}".amazonaws.com/"${{ env.APP_NAME }}":"${{ env.DATE }}"-"${{ github.sha }}"
+          docker push "${{ secrets.AWS_ACCOUNT_ID }}".dkr.ecr."${{ secrets.AWS_REGION }}".amazonaws.com/"${{ env.APP_NAME }}":"${{ env.DATE }}"-"${{ github.sha }}"
+      - name: Tag image for production (base branch)
+        if: github.ref == 'refs/heads/base'
+        run: |
+          MANIFEST=$(aws ecr batch-get-image --registry-id ${{ secrets.AWS_ACCOUNT_ID }} --repository-name ${{ env.APP_NAME }} --image-ids imageTag=dev --output json | jq -c --join-output '.images[0].imageManifest')
+          aws ecr put-image --registry-id ${{ secrets.AWS_ACCOUNT_ID }} --repository-name ${{ env.APP_NAME }} --image-tag prod --image-manifest "$MANIFEST"
+      - name: Deploy lambda
+        if: github.ref == 'refs/heads/base'
+        run: aws lambda update-function-code
+          --function-name arn:aws:lambda:$AWS_REGION:${{ secrets.AWS_ACCOUNT_ID }}:function:$LAMBDA_NAME
+          --image-uri ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/${{ env.APP_NAME }}:prod
diff --git a/.github/workflows/enforcer.yml b/.github/workflows/enforcer.yml
@@ -0,0 +1,16 @@
+name: 'Check Branch'
+
+on:
+  pull_request:
+    branches:
+      - base
+
+jobs:
+  check_branch:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check branch
+        if: github.head_ref != 'development'
+        run: |
+          echo "ERROR: You can only merge to base from the development branch."
+          exit 1
diff --git a/.travis.yml b/.travis.yml
diff --git a/README.md b/README.md
@@ -4,8 +4,6 @@ Theme file along with a Python script which retrieves updates for documentation
 repositories, and builds internal and external-facing sites. Requires at
 least one documentation repository (see [processing-manual](https://github.com/RockefellerArchiveCenter/processing-manual)).
 
-[![Build Status](https://app.travis-ci.com/RockefellerArchiveCenter/docs-build.svg?branch=base)](https://app.travis-ci.com/RockefellerArchiveCenter/docs-build)
-
 ## Quick Start
 
 A Dockerfile for local development (`Dockerfile-local`) is included in this repository so you can quickly spin up a sample site on your computer. With git and Docker installed, run: