fix: ommitted rows log at info level instead of warn level #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy a Dockerized Application with Terraform | |
| on: | |
| push: | |
| branches: [dev, prd] | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| env: | |
| node_version: "20.x" | |
| tf_version: "1.6.6" # must match value in iac/*/api/main.tf | |
| application_name: "watchtower" | |
| jobs: | |
| env: | |
| name: Set Env Vars | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Set up DEV Environment Variables | |
| if: github.ref == 'refs/heads/dev' | |
| run: | | |
| matrix='{ | |
| "env":[ | |
| { | |
| "environment_name":"dev", | |
| "tf_working_dir":"./iac/dev/watchtower", | |
| "aws_account":"543804410856", | |
| "aws_gha_role":"watchtower-dev-gha", | |
| "rfc_key_name":"standard_change_production_client_key", | |
| "rfc_secret_name":"standard_change_production_client_secret", | |
| "rfc_template_id":"??" | |
| } | |
| ] | |
| }' | |
| echo matrix=`echo $matrix | jq -c .` >> $GITHUB_ENV | |
| - name: Set up PRD Environment Variables | |
| if: github.ref == 'refs/heads/prd' | |
| run: | | |
| matrix='{ | |
| "env":[ | |
| { | |
| "environment_name":"prd", | |
| "tf_working_dir":"./iac/prd/watchtower", | |
| "aws_account":"543804410856", | |
| "aws_gha_role":"watchtower-prd-gha", | |
| "rfc_key_name":"standard_change_production_client_key", | |
| "rfc_secret_name":"standard_change_production_client_secret", | |
| "rfc_template_id":"??" | |
| } | |
| ] | |
| }' | |
| echo matrix=`echo $matrix | jq -c .` >> $GITHUB_ENV | |
| outputs: | |
| matrix: ${{ env.matrix }} | |
| test: | |
| name: Test App | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.node_version }} | |
| cache: npm | |
| cache-dependency-path: '**/package-lock.json' | |
| - name: npm ci | |
| working-directory: './' | |
| run: npm ci --prefer-offline | |
| - name: npm test | |
| working-directory: './' | |
| run: npm test | |
| - name: Report test coverage to Codecov | |
| uses: codecov/codecov-action@v4 | |
| if: env.CODECOV_TOKEN | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| audit: | |
| name: Audit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.node_version }} | |
| # We don't need to install deps to audit them | |
| - name: npm audit | |
| working-directory: './' | |
| run: npm audit --audit-level=critical | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: ${{ env.node_version }} | |
| cache: npm | |
| cache-dependency-path: '**/package-lock.json' | |
| - name: npm ci | |
| working-directory: './' | |
| run: npm ci --prefer-offline | |
| - name: npm lint | |
| working-directory: './' | |
| run: npm run lint --if-present | |
| hadolint: | |
| name: Lint Docker | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # Hadolint follows semantic versioning, but doesn't have a @v2 release | |
| - name: Lint Dockerfile | |
| uses: hadolint/hadolint-action@v3.1.0 | |
| with: | |
| dockerfile: './Dockerfile' | |
| failure-threshold: error | |
| format: | |
| name: Terraform Format | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Terraform Setup | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: ${{ env.tf_version }} | |
| - name: Terraform Format | |
| working-directory: './iac' | |
| run: terraform fmt -check -recursive | |
| build_and_deploy: | |
| name: Build and Deploy | |
| runs-on: ubuntu-latest | |
| needs: [ env, test, audit, lint, hadolint, format ] | |
| strategy: | |
| matrix: ${{ fromJson(needs.env.outputs.matrix) }} | |
| fail-fast: false | |
| environment: | |
| name: ${{ matrix.env.environment_name }} | |
| url: https://${{ steps.terraform-outputs.outputs.url }} | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Check out | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: "arn:aws:iam::${{ matrix.env.aws_account }}:role/${{ matrix.env.aws_gha_role }}" | |
| role-session-name: ${{ github.sha }} | |
| aws-region: us-west-2 | |
| - name: Log into Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Get Current Timestamp | |
| id: date | |
| run: echo "timestamp=$(date +'%Y-%m-%d_%H-%M-%S')" >> $GITHUB_OUTPUT | |
| - name: Setup Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and push Docker Image | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| ECR_REPO: ${{ env.application_name }}-${{ matrix.env.environment_name }} | |
| IMAGE_TAG: ${{ steps.date.outputs.timestamp }} | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: './' | |
| platforms: linux/amd64 | |
| provenance: false | |
| push: true | |
| tags: ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPO }}:${{ env.IMAGE_TAG }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Terraform Setup | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: ${{ env.tf_version }} | |
| terraform_wrapper: false | |
| - name: Terraform Init | |
| working-directory: ${{ matrix.env.tf_working_dir }} | |
| run: terraform init | |
| - name: Terraform Plan | |
| working-directory: ${{ matrix.env.tf_working_dir }} | |
| run: terraform plan -var 'image_tag=${{ steps.date.outputs.timestamp }}' -input=false -out=plan | |
| - name: Analyze Terraform Plan | |
| uses: byu-oit/github-action-tf-plan-analyzer@v2 | |
| if: github.repository_owner == 'byu-oit' | |
| # If you're at BYU, but outside the byu-oit GitHub org, you may be able to obtain credentials by contacting cloudoffice@byu.edu | |
| with: | |
| working-directory: ${{ matrix.env.tf_working_dir }} | |
| terraform-plan-file: plan | |
| divvycloud-username: ${{ secrets.DIVVYCLOUD_USERNAME }} | |
| divvycloud-password: ${{ secrets.DIVVYCLOUD_PASSWORD }} | |
| # TODO: get an rfc template | |
| # - name: Start Standard Change | |
| # if: github.event_name != 'workflow_dispatch' | |
| # uses: byu-oit/github-action-start-standard-change@v1 | |
| # id: start-standard-change | |
| # with: | |
| # client-key: ${{ secrets[matrix.env.rfc_key_name] }} | |
| # client-secret: ${{ secrets[matrix.env.rfc_secret_name] }} | |
| # template-id: ${{ matrix.env.rfc_template_id }} | |
| - name: Terraform Apply | |
| working-directory: ${{ matrix.env.tf_working_dir }} | |
| run: terraform apply plan | |
| # - name: End Standard Change | |
| # uses: byu-oit/github-action-end-standard-change@v1 | |
| # if: github.event_name != 'workflow_dispatch' && always() && steps.start-standard-change.outcome == 'success' # Run if RFC started, even if the deploy failed | |
| # with: | |
| # client-key: ${{ secrets[matrix.env.rfc_key_name] }} | |
| # client-secret: ${{ secrets[matrix.env.rfc_secret_name] }} | |
| # change-sys-id: ${{ steps.start-standard-change.outputs.change-sys-id }} | |
| # work-start: ${{ steps.start-standard-change.outputs.work-start }} | |
| # success: ${{ job.status == 'success' }} | |
| # TODO: get teams channel to send notifications | |
| # - name: Teams Notification | |
| # uses: byu-oit/github-action-teams@v3 | |
| # if: github.event_name != 'workflow_dispatch' && always() | |
| # with: | |
| # status: ${{ job.status }} | |
| # webhook-url: ${{ secrets.MS_TEAMS_WEBHOOK_URL }} |