From b54f05373b63c09182dab0f2b6a249f0ebe1cf8a Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Mon, 26 Feb 2024 13:26:20 -0700 Subject: [PATCH 01/13] convert from Codeship to GitHub Actions --- .dockerignore | 2 +- .github/workflows/test-and-publish.yml | 62 ++++++++++++++++++++++++++ actions-services.yml | 26 +++++++++++ codeship-services.yml | 29 ------------ codeship-steps.yml | 26 ----------- {codeship => scripts}/build.sh | 0 {codeship => scripts}/deploy.sh | 0 {codeship => scripts}/test.sh | 0 8 files changed, 89 insertions(+), 56 deletions(-) create mode 100644 .github/workflows/test-and-publish.yml create mode 100644 actions-services.yml delete mode 100644 codeship-services.yml delete mode 100644 codeship-steps.yml rename {codeship => scripts}/build.sh (100%) rename {codeship => scripts}/deploy.sh (100%) rename {codeship => scripts}/test.sh (100%) diff --git a/.dockerignore b/.dockerignore index 4010e09..63d9bd3 100644 --- a/.dockerignore +++ b/.dockerignore @@ -3,7 +3,7 @@ # Whitelist required files !.env.encrypted -!codeship/* +!scripts/* !lambda/* !server/* !u2fsimulator/* diff --git a/.github/workflows/test-and-publish.yml b/.github/workflows/test-and-publish.yml new file mode 100644 index 0000000..631f757 --- /dev/null +++ b/.github/workflows/test-and-publish.yml @@ -0,0 +1,62 @@ +name: Test and Publish + +on: + push: + +jobs: + tests: + name: Tests + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Test + run: docker-compose -f actions-services.yml run --rm test ./test.sh + + deploy: + name: Tests + needs: tests + runs-on: ubuntu-latest + env: + AWS_REGION: ${{ vars.AWS_REGION }} + STG_AWS_ACCESS_KEY_ID: ${{ vars.STG_AWS_ACCESS_KEY_ID }} + STG_AWS_SECRET_ACCESS_KEY: ${{ secrets.STG_AWS_SECRET_ACCESS_KEY }} + STG_LAMBDA_ROLE: ${{ vars.STG_LAMBDA_ROLE }} + STG_API_KEY_TABLE: ${{ vars.STG_API_KEY_TABLE }} + STG_WEBAUTHN_TABLE: ${{ vars.STG_WEBAUTHN_TABLE }} + PRD_AWS_ACCESS_KEY_ID: ${{ vars.PRD_AWS_ACCESS_KEY_ID }} + PRD_AWS_SECRET_ACCESS_KEY: ${{ secrets.PRD_AWS_SECRET_ACCESS_KEY }} + PRD_LAMBDA_ROLE: ${{ vars.PRD_LAMBDA_ROLE }} + PRD_API_KEY_TABLE: ${{ vars.PRD_API_KEY_TABLE }} + PRD_WEBAUTHN_TABLE: ${{ vars.PRD_WEBAUTHN_TABLE }} + + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Test + run: docker-compose -f actions-services.yml run --rm app ./deploy.sh + + build-and-publish: + name: Build and Publish + needs: tests + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Log in to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.IMAGE_NAME }} + - name: Build and push Docker image + uses: docker/build-push-action@v5 + with: + context: . + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/actions-services.yml b/actions-services.yml new file mode 100644 index 0000000..0c164ff --- /dev/null +++ b/actions-services.yml @@ -0,0 +1,26 @@ +version: "3" + +services: + test: + build: . + environment: + AWS_ENDPOINT: dynamo:8000 + AWS_DEFAULT_REGION: us-east-1 + AWS_DISABLE_SSL: "true" + API_KEY_TABLE: ApiKey + WEBAUTHN_TABLE: WebAuthn + LAMBDA_ROLE: placeholder + depends_on: + - dynamo + + app: + build: . + working_dir: /src + + dynamo: + image: amazon/dynamodb-local + environment: + AWS_ACCESS_KEY_ID: abc123 + AWS_SECRET_ACCESS_KEY: abc123 + AWS_DEFAULT_REGION: us-east-1 + command: "-jar DynamoDBLocal.jar -sharedDb" diff --git a/codeship-services.yml b/codeship-services.yml deleted file mode 100644 index 4285677..0000000 --- a/codeship-services.yml +++ /dev/null @@ -1,29 +0,0 @@ -test: - build: - dockerfile_path: Dockerfile - cached: true - encrypted_env_file: aws.env.encrypted - environment: - AWS_ENDPOINT: dynamo:8000 - AWS_DEFAULT_REGION: us-east-1 - AWS_DISABLE_SSL: "true" - API_KEY_TABLE: ApiKey - WEBAUTHN_TABLE: WebAuthn - LAMBDA_ROLE: placeholder - depends_on: - - dynamo - -app: - build: - dockerfile_path: Dockerfile - cached: true - encrypted_env_file: aws.env.encrypted - working_dir: /src - -dynamo: - image: amazon/dynamodb-local - environment: - AWS_ACCESS_KEY_ID: abc123 - AWS_SECRET_ACCESS_KEY: abc123 - AWS_DEFAULT_REGION: us-east-1 - command: "-jar DynamoDBLocal.jar -sharedDb" diff --git a/codeship-steps.yml b/codeship-steps.yml deleted file mode 100644 index d6e695a..0000000 --- a/codeship-steps.yml +++ /dev/null @@ -1,26 +0,0 @@ -- name: test - service: test - command: ./codeship/test.sh - -- name: deploy - service: app - tag: ^(main|develop) - command: ./codeship/deploy.sh - -- name: push_develop - service: app - type: push - image_name: silintl/serverless-mfa-api-go - image_tag: "{{.Branch}}" - exclude: main - registry: https://index.docker.io/v1/ - encrypted_dockercfg_path: dockercfg.encrypted - -- name: push_production - service: app - type: push - image_name: silintl/serverless-mfa-api-go - image_tag: "latest" - tag: main - registry: https://index.docker.io/v1/ - encrypted_dockercfg_path: dockercfg.encrypted diff --git a/codeship/build.sh b/scripts/build.sh similarity index 100% rename from codeship/build.sh rename to scripts/build.sh diff --git a/codeship/deploy.sh b/scripts/deploy.sh similarity index 100% rename from codeship/deploy.sh rename to scripts/deploy.sh diff --git a/codeship/test.sh b/scripts/test.sh similarity index 100% rename from codeship/test.sh rename to scripts/test.sh From cd00992329b608198498d54fb24fe0e1bedb5875 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Mon, 26 Feb 2024 13:28:29 -0700 Subject: [PATCH 02/13] use the correct path to the test and deploy scripts --- .github/workflows/test-and-publish.yml | 6 +++--- .gitignore | 4 +--- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/test-and-publish.yml b/.github/workflows/test-and-publish.yml index 631f757..b1faa74 100644 --- a/.github/workflows/test-and-publish.yml +++ b/.github/workflows/test-and-publish.yml @@ -11,10 +11,10 @@ jobs: - name: Checkout code uses: actions/checkout@v4 - name: Test - run: docker-compose -f actions-services.yml run --rm test ./test.sh + run: docker-compose -f actions-services.yml run --rm test ./scripts/test.sh deploy: - name: Tests + name: Deploy to AWS Lambda needs: tests runs-on: ubuntu-latest env: @@ -34,7 +34,7 @@ jobs: - name: Checkout code uses: actions/checkout@v4 - name: Test - run: docker-compose -f actions-services.yml run --rm app ./deploy.sh + run: docker-compose -f actions-services.yml run --rm app ./scripts/deploy.sh build-and-publish: name: Build and Publish diff --git a/.gitignore b/.gitignore index 2892832..9adab16 100644 --- a/.gitignore +++ b/.gitignore @@ -8,10 +8,8 @@ bootstrap dockercfg # credentials and other env files -aws.env *.aes -local.env -.env +*.env .cert/ # dev tools metadata From 42febd88316bd0f327b2df5a75cc63ec7cc8688a Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Mon, 26 Feb 2024 13:36:22 -0700 Subject: [PATCH 03/13] add AWS variables to test job --- .github/workflows/test-and-publish.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/test-and-publish.yml b/.github/workflows/test-and-publish.yml index b1faa74..4539b4e 100644 --- a/.github/workflows/test-and-publish.yml +++ b/.github/workflows/test-and-publish.yml @@ -7,6 +7,12 @@ jobs: tests: name: Tests runs-on: ubuntu-latest + env: + AWS_REGION: ${{ vars.AWS_REGION }} + STG_AWS_ACCESS_KEY_ID: ${{ vars.STG_AWS_ACCESS_KEY_ID }} + STG_AWS_SECRET_ACCESS_KEY: ${{ secrets.STG_AWS_SECRET_ACCESS_KEY }} + PRD_AWS_ACCESS_KEY_ID: ${{ vars.PRD_AWS_ACCESS_KEY_ID }} + PRD_AWS_SECRET_ACCESS_KEY: ${{ secrets.PRD_AWS_SECRET_ACCESS_KEY }} steps: - name: Checkout code uses: actions/checkout@v4 From 9f5c76f9fb2ee90d8e81af10cabc42fd7ad73bb5 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Mon, 26 Feb 2024 13:48:50 -0700 Subject: [PATCH 04/13] pass environment variables into containers --- actions-services.yml | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/actions-services.yml b/actions-services.yml index 0c164ff..0899f8e 100644 --- a/actions-services.yml +++ b/actions-services.yml @@ -5,17 +5,33 @@ services: build: . environment: AWS_ENDPOINT: dynamo:8000 - AWS_DEFAULT_REGION: us-east-1 AWS_DISABLE_SSL: "true" API_KEY_TABLE: ApiKey WEBAUTHN_TABLE: WebAuthn LAMBDA_ROLE: placeholder + AWS_REGION: $AWS_REGION + STG_AWS_ACCESS_KEY_ID: $STG_AWS_ACCESS_KEY_ID + STG_AWS_SECRET_ACCESS_KEY: $STG_AWS_SECRET_ACCESS_KEY + PRD_AWS_ACCESS_KEY_ID: $PRD_AWS_ACCESS_KEY_ID + PRD_AWS_SECRET_ACCESS_KEY: $PRD_AWS_SECRET_ACCESS_KEY depends_on: - dynamo app: build: . working_dir: /src + environment: + AWS_REGION: ${AWS_REGION} + STG_AWS_ACCESS_KEY_ID: ${STG_AWS_ACCESS_KEY_ID} + STG_AWS_SECRET_ACCESS_KEY: ${STG_AWS_SECRET_ACCESS_KEY} + STG_LAMBDA_ROLE: ${STG_LAMBDA_ROLE} + STG_API_KEY_TABLE: ${STG_API_KEY_TABLE} + STG_WEBAUTHN_TABLE: ${STG_WEBAUTHN_TABLE} + PRD_AWS_ACCESS_KEY_ID: ${PRD_AWS_ACCESS_KEY_ID} + PRD_AWS_SECRET_ACCESS_KEY: ${PRD_AWS_SECRET_ACCESS_KEY} + PRD_LAMBDA_ROLE: ${PRD_LAMBDA_ROLE} + PRD_API_KEY_TABLE: ${PRD_API_KEY_TABLE} + PRD_WEBAUTHN_TABLE: ${PRD_WEBAUTHN_TABLE} dynamo: image: amazon/dynamodb-local From c53c6c4dc45c4d34ca4e93ffdf82dd3e5e60912c Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Mon, 26 Feb 2024 13:57:55 -0700 Subject: [PATCH 05/13] use vars.IMAGE_NAME for docker image (not env.IMAGE_NAME) --- .github/workflows/test-and-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test-and-publish.yml b/.github/workflows/test-and-publish.yml index 4539b4e..1d64c9d 100644 --- a/.github/workflows/test-and-publish.yml +++ b/.github/workflows/test-and-publish.yml @@ -58,7 +58,7 @@ jobs: id: meta uses: docker/metadata-action@v5 with: - images: ${{ env.IMAGE_NAME }} + images: ${{ vars.IMAGE_NAME }} - name: Build and push Docker image uses: docker/build-push-action@v5 with: From 5f3b41731d549b6f7aa3f77ce00942246523bc91 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Mon, 26 Feb 2024 13:58:33 -0700 Subject: [PATCH 06/13] use GITHUB_REF instead of CI_BRANCH --- scripts/deploy.sh | 2 +- scripts/test.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/deploy.sh b/scripts/deploy.sh index 3002e74..b7f6577 100755 --- a/scripts/deploy.sh +++ b/scripts/deploy.sh @@ -11,7 +11,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" "$DIR"/build.sh # export appropriate env vars -if [ "${CI_BRANCH}" == "develop" ]; +if [ "${GITHUB_REF}" == "develop" ]; then STAGE="dev" export AWS_ACCESS_KEY_ID="${STG_AWS_ACCESS_KEY_ID}" diff --git a/scripts/test.sh b/scripts/test.sh index 4fcb4a5..2f05435 100755 --- a/scripts/test.sh +++ b/scripts/test.sh @@ -7,7 +7,7 @@ set -e set -x # export appropriate AWS credentials for `serverless info` -if [ "${CI_BRANCH}" == "main" ]; +if [ "${GITHUB_REF}" == "main" ]; then STAGE="production" export AWS_ACCESS_KEY_ID="${PRD_AWS_ACCESS_KEY_ID}" From 91704babb824b46fe6d32501402ab1ba999fc7d4 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Mon, 26 Feb 2024 13:58:46 -0700 Subject: [PATCH 07/13] don't fail if branch isn't develop or main --- scripts/deploy.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/deploy.sh b/scripts/deploy.sh index b7f6577..0ecdc0d 100755 --- a/scripts/deploy.sh +++ b/scripts/deploy.sh @@ -33,7 +33,7 @@ then export WEBAUTHN_TABLE="${PRD_WEBAUTHN_TABLE}" else echo "deployments only happen from develop and main branches (branch: ${CI_BRANCH})" - exit 1 + exit fi # Print the Serverless version in the logs From 2f616091062e1b917de0e4c6298451a0187c03b1 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Mon, 26 Feb 2024 14:01:35 -0700 Subject: [PATCH 08/13] pass GITHUB_REF into containers (and fix bad syntax) --- actions-services.yml | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/actions-services.yml b/actions-services.yml index 0899f8e..e7e5d93 100644 --- a/actions-services.yml +++ b/actions-services.yml @@ -10,6 +10,7 @@ services: WEBAUTHN_TABLE: WebAuthn LAMBDA_ROLE: placeholder AWS_REGION: $AWS_REGION + GITHUB_REF: $GITHUB_REF STG_AWS_ACCESS_KEY_ID: $STG_AWS_ACCESS_KEY_ID STG_AWS_SECRET_ACCESS_KEY: $STG_AWS_SECRET_ACCESS_KEY PRD_AWS_ACCESS_KEY_ID: $PRD_AWS_ACCESS_KEY_ID @@ -21,17 +22,18 @@ services: build: . working_dir: /src environment: - AWS_REGION: ${AWS_REGION} - STG_AWS_ACCESS_KEY_ID: ${STG_AWS_ACCESS_KEY_ID} - STG_AWS_SECRET_ACCESS_KEY: ${STG_AWS_SECRET_ACCESS_KEY} - STG_LAMBDA_ROLE: ${STG_LAMBDA_ROLE} - STG_API_KEY_TABLE: ${STG_API_KEY_TABLE} - STG_WEBAUTHN_TABLE: ${STG_WEBAUTHN_TABLE} - PRD_AWS_ACCESS_KEY_ID: ${PRD_AWS_ACCESS_KEY_ID} - PRD_AWS_SECRET_ACCESS_KEY: ${PRD_AWS_SECRET_ACCESS_KEY} - PRD_LAMBDA_ROLE: ${PRD_LAMBDA_ROLE} - PRD_API_KEY_TABLE: ${PRD_API_KEY_TABLE} - PRD_WEBAUTHN_TABLE: ${PRD_WEBAUTHN_TABLE} + AWS_REGION: $AWS_REGION + GITHUB_REF: $GITHUB_REF + STG_AWS_ACCESS_KEY_ID: $STG_AWS_ACCESS_KEY_ID + STG_AWS_SECRET_ACCESS_KEY: $STG_AWS_SECRET_ACCESS_KEY + STG_LAMBDA_ROLE: $STG_LAMBDA_ROLE + STG_API_KEY_TABLE: $STG_API_KEY_TABLE + STG_WEBAUTHN_TABLE: $STG_WEBAUTHN_TABLE + PRD_AWS_ACCESS_KEY_ID: $PRD_AWS_ACCESS_KEY_ID + PRD_AWS_SECRET_ACCESS_KEY: $PRD_AWS_SECRET_ACCESS_KEY + PRD_LAMBDA_ROLE: $PRD_LAMBDA_ROLE + PRD_API_KEY_TABLE: $PRD_API_KEY_TABLE + PRD_WEBAUTHN_TABLE: $PRD_WEBAUTHN_TABLE dynamo: image: amazon/dynamodb-local From 1f98c21f085da993082e0407de06565f039a4f35 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Mon, 26 Feb 2024 14:03:58 -0700 Subject: [PATCH 09/13] more CI_BRANCH replacements --- .github/workflows/test-and-publish.yml | 2 +- scripts/deploy.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test-and-publish.yml b/.github/workflows/test-and-publish.yml index 1d64c9d..764ebd0 100644 --- a/.github/workflows/test-and-publish.yml +++ b/.github/workflows/test-and-publish.yml @@ -39,7 +39,7 @@ jobs: steps: - name: Checkout code uses: actions/checkout@v4 - - name: Test + - name: Deploy run: docker-compose -f actions-services.yml run --rm app ./scripts/deploy.sh build-and-publish: diff --git a/scripts/deploy.sh b/scripts/deploy.sh index 0ecdc0d..3067a4c 100755 --- a/scripts/deploy.sh +++ b/scripts/deploy.sh @@ -21,7 +21,7 @@ then export LAMBDA_ROLE="${STG_LAMBDA_ROLE}" export API_KEY_TABLE="${STG_API_KEY_TABLE}" export WEBAUTHN_TABLE="${STG_WEBAUTHN_TABLE}" -elif [ "${CI_BRANCH}" == "main" ]; +elif [ "${GITHUB_REF}" == "main" ]; then STAGE="production" export AWS_ACCESS_KEY_ID="${PRD_AWS_ACCESS_KEY_ID}" @@ -32,7 +32,7 @@ then export API_KEY_TABLE="${PRD_API_KEY_TABLE}" export WEBAUTHN_TABLE="${PRD_WEBAUTHN_TABLE}" else - echo "deployments only happen from develop and main branches (branch: ${CI_BRANCH})" + echo "deployments only happen from develop and main branches (branch: ${GITHUB_REF})" exit fi From 2031a81bf8ae5cbc5210a7b2b047f08469f2328b Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Mon, 26 Feb 2024 14:05:29 -0700 Subject: [PATCH 10/13] change GITHUB_REF to GITHUB_REF_NAME --- actions-services.yml | 4 ++-- scripts/deploy.sh | 6 +++--- scripts/test.sh | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/actions-services.yml b/actions-services.yml index e7e5d93..072df68 100644 --- a/actions-services.yml +++ b/actions-services.yml @@ -10,7 +10,7 @@ services: WEBAUTHN_TABLE: WebAuthn LAMBDA_ROLE: placeholder AWS_REGION: $AWS_REGION - GITHUB_REF: $GITHUB_REF + GITHUB_REF_NAME: $GITHUB_REF_NAME STG_AWS_ACCESS_KEY_ID: $STG_AWS_ACCESS_KEY_ID STG_AWS_SECRET_ACCESS_KEY: $STG_AWS_SECRET_ACCESS_KEY PRD_AWS_ACCESS_KEY_ID: $PRD_AWS_ACCESS_KEY_ID @@ -23,7 +23,7 @@ services: working_dir: /src environment: AWS_REGION: $AWS_REGION - GITHUB_REF: $GITHUB_REF + GITHUB_REF_NAME: $GITHUB_REF_NAME STG_AWS_ACCESS_KEY_ID: $STG_AWS_ACCESS_KEY_ID STG_AWS_SECRET_ACCESS_KEY: $STG_AWS_SECRET_ACCESS_KEY STG_LAMBDA_ROLE: $STG_LAMBDA_ROLE diff --git a/scripts/deploy.sh b/scripts/deploy.sh index 3067a4c..1b49f50 100755 --- a/scripts/deploy.sh +++ b/scripts/deploy.sh @@ -11,7 +11,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" "$DIR"/build.sh # export appropriate env vars -if [ "${GITHUB_REF}" == "develop" ]; +if [ "${GITHUB_REF_NAME}" == "develop" ]; then STAGE="dev" export AWS_ACCESS_KEY_ID="${STG_AWS_ACCESS_KEY_ID}" @@ -21,7 +21,7 @@ then export LAMBDA_ROLE="${STG_LAMBDA_ROLE}" export API_KEY_TABLE="${STG_API_KEY_TABLE}" export WEBAUTHN_TABLE="${STG_WEBAUTHN_TABLE}" -elif [ "${GITHUB_REF}" == "main" ]; +elif [ "${GITHUB_REF_NAME}" == "main" ]; then STAGE="production" export AWS_ACCESS_KEY_ID="${PRD_AWS_ACCESS_KEY_ID}" @@ -32,7 +32,7 @@ then export API_KEY_TABLE="${PRD_API_KEY_TABLE}" export WEBAUTHN_TABLE="${PRD_WEBAUTHN_TABLE}" else - echo "deployments only happen from develop and main branches (branch: ${GITHUB_REF})" + echo "deployments only happen from develop and main branches (branch: ${GITHUB_REF_NAME})" exit fi diff --git a/scripts/test.sh b/scripts/test.sh index 2f05435..f0140f0 100755 --- a/scripts/test.sh +++ b/scripts/test.sh @@ -7,7 +7,7 @@ set -e set -x # export appropriate AWS credentials for `serverless info` -if [ "${GITHUB_REF}" == "main" ]; +if [ "${GITHUB_REF_NAME}" == "main" ]; then STAGE="production" export AWS_ACCESS_KEY_ID="${PRD_AWS_ACCESS_KEY_ID}" From 7cab88688a20b3867032d765265db6cf1b35de4f Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Mon, 26 Feb 2024 14:14:02 -0700 Subject: [PATCH 11/13] break Lambda deployment into a separate workflow --- .github/workflows/deploy.yml | 28 ++++++++++++++++++++++++++ .github/workflows/test-and-publish.yml | 23 --------------------- scripts/deploy.sh | 2 +- 3 files changed, 29 insertions(+), 24 deletions(-) create mode 100644 .github/workflows/deploy.yml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 0000000..15593af --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,28 @@ +name: Deploy + +on: + push: + branches: [main, develop] + +jobs: + deploy: + name: Deploy to AWS Lambda + needs: tests + runs-on: ubuntu-latest + env: + AWS_REGION: ${{ vars.AWS_REGION }} + STG_AWS_ACCESS_KEY_ID: ${{ vars.STG_AWS_ACCESS_KEY_ID }} + STG_AWS_SECRET_ACCESS_KEY: ${{ secrets.STG_AWS_SECRET_ACCESS_KEY }} + STG_LAMBDA_ROLE: ${{ vars.STG_LAMBDA_ROLE }} + STG_API_KEY_TABLE: ${{ vars.STG_API_KEY_TABLE }} + STG_WEBAUTHN_TABLE: ${{ vars.STG_WEBAUTHN_TABLE }} + PRD_AWS_ACCESS_KEY_ID: ${{ vars.PRD_AWS_ACCESS_KEY_ID }} + PRD_AWS_SECRET_ACCESS_KEY: ${{ secrets.PRD_AWS_SECRET_ACCESS_KEY }} + PRD_LAMBDA_ROLE: ${{ vars.PRD_LAMBDA_ROLE }} + PRD_API_KEY_TABLE: ${{ vars.PRD_API_KEY_TABLE }} + PRD_WEBAUTHN_TABLE: ${{ vars.PRD_WEBAUTHN_TABLE }} + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Deploy + run: docker-compose -f actions-services.yml run --rm app ./scripts/deploy.sh diff --git a/.github/workflows/test-and-publish.yml b/.github/workflows/test-and-publish.yml index 764ebd0..bd2c72f 100644 --- a/.github/workflows/test-and-publish.yml +++ b/.github/workflows/test-and-publish.yml @@ -19,29 +19,6 @@ jobs: - name: Test run: docker-compose -f actions-services.yml run --rm test ./scripts/test.sh - deploy: - name: Deploy to AWS Lambda - needs: tests - runs-on: ubuntu-latest - env: - AWS_REGION: ${{ vars.AWS_REGION }} - STG_AWS_ACCESS_KEY_ID: ${{ vars.STG_AWS_ACCESS_KEY_ID }} - STG_AWS_SECRET_ACCESS_KEY: ${{ secrets.STG_AWS_SECRET_ACCESS_KEY }} - STG_LAMBDA_ROLE: ${{ vars.STG_LAMBDA_ROLE }} - STG_API_KEY_TABLE: ${{ vars.STG_API_KEY_TABLE }} - STG_WEBAUTHN_TABLE: ${{ vars.STG_WEBAUTHN_TABLE }} - PRD_AWS_ACCESS_KEY_ID: ${{ vars.PRD_AWS_ACCESS_KEY_ID }} - PRD_AWS_SECRET_ACCESS_KEY: ${{ secrets.PRD_AWS_SECRET_ACCESS_KEY }} - PRD_LAMBDA_ROLE: ${{ vars.PRD_LAMBDA_ROLE }} - PRD_API_KEY_TABLE: ${{ vars.PRD_API_KEY_TABLE }} - PRD_WEBAUTHN_TABLE: ${{ vars.PRD_WEBAUTHN_TABLE }} - - steps: - - name: Checkout code - uses: actions/checkout@v4 - - name: Deploy - run: docker-compose -f actions-services.yml run --rm app ./scripts/deploy.sh - build-and-publish: name: Build and Publish needs: tests diff --git a/scripts/deploy.sh b/scripts/deploy.sh index 1b49f50..29053b2 100755 --- a/scripts/deploy.sh +++ b/scripts/deploy.sh @@ -33,7 +33,7 @@ then export WEBAUTHN_TABLE="${PRD_WEBAUTHN_TABLE}" else echo "deployments only happen from develop and main branches (branch: ${GITHUB_REF_NAME})" - exit + exit 1 fi # Print the Serverless version in the logs From 9b41a78a4b55d2f578c499d181d3957c53fc1257 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Mon, 26 Feb 2024 14:17:48 -0700 Subject: [PATCH 12/13] Revert "break Lambda deployment into a separate workflow" This reverts commit 7cab88688a20b3867032d765265db6cf1b35de4f. --- .github/workflows/deploy.yml | 28 -------------------------- .github/workflows/test-and-publish.yml | 23 +++++++++++++++++++++ scripts/deploy.sh | 2 +- 3 files changed, 24 insertions(+), 29 deletions(-) delete mode 100644 .github/workflows/deploy.yml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml deleted file mode 100644 index 15593af..0000000 --- a/.github/workflows/deploy.yml +++ /dev/null @@ -1,28 +0,0 @@ -name: Deploy - -on: - push: - branches: [main, develop] - -jobs: - deploy: - name: Deploy to AWS Lambda - needs: tests - runs-on: ubuntu-latest - env: - AWS_REGION: ${{ vars.AWS_REGION }} - STG_AWS_ACCESS_KEY_ID: ${{ vars.STG_AWS_ACCESS_KEY_ID }} - STG_AWS_SECRET_ACCESS_KEY: ${{ secrets.STG_AWS_SECRET_ACCESS_KEY }} - STG_LAMBDA_ROLE: ${{ vars.STG_LAMBDA_ROLE }} - STG_API_KEY_TABLE: ${{ vars.STG_API_KEY_TABLE }} - STG_WEBAUTHN_TABLE: ${{ vars.STG_WEBAUTHN_TABLE }} - PRD_AWS_ACCESS_KEY_ID: ${{ vars.PRD_AWS_ACCESS_KEY_ID }} - PRD_AWS_SECRET_ACCESS_KEY: ${{ secrets.PRD_AWS_SECRET_ACCESS_KEY }} - PRD_LAMBDA_ROLE: ${{ vars.PRD_LAMBDA_ROLE }} - PRD_API_KEY_TABLE: ${{ vars.PRD_API_KEY_TABLE }} - PRD_WEBAUTHN_TABLE: ${{ vars.PRD_WEBAUTHN_TABLE }} - steps: - - name: Checkout code - uses: actions/checkout@v4 - - name: Deploy - run: docker-compose -f actions-services.yml run --rm app ./scripts/deploy.sh diff --git a/.github/workflows/test-and-publish.yml b/.github/workflows/test-and-publish.yml index bd2c72f..764ebd0 100644 --- a/.github/workflows/test-and-publish.yml +++ b/.github/workflows/test-and-publish.yml @@ -19,6 +19,29 @@ jobs: - name: Test run: docker-compose -f actions-services.yml run --rm test ./scripts/test.sh + deploy: + name: Deploy to AWS Lambda + needs: tests + runs-on: ubuntu-latest + env: + AWS_REGION: ${{ vars.AWS_REGION }} + STG_AWS_ACCESS_KEY_ID: ${{ vars.STG_AWS_ACCESS_KEY_ID }} + STG_AWS_SECRET_ACCESS_KEY: ${{ secrets.STG_AWS_SECRET_ACCESS_KEY }} + STG_LAMBDA_ROLE: ${{ vars.STG_LAMBDA_ROLE }} + STG_API_KEY_TABLE: ${{ vars.STG_API_KEY_TABLE }} + STG_WEBAUTHN_TABLE: ${{ vars.STG_WEBAUTHN_TABLE }} + PRD_AWS_ACCESS_KEY_ID: ${{ vars.PRD_AWS_ACCESS_KEY_ID }} + PRD_AWS_SECRET_ACCESS_KEY: ${{ secrets.PRD_AWS_SECRET_ACCESS_KEY }} + PRD_LAMBDA_ROLE: ${{ vars.PRD_LAMBDA_ROLE }} + PRD_API_KEY_TABLE: ${{ vars.PRD_API_KEY_TABLE }} + PRD_WEBAUTHN_TABLE: ${{ vars.PRD_WEBAUTHN_TABLE }} + + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Deploy + run: docker-compose -f actions-services.yml run --rm app ./scripts/deploy.sh + build-and-publish: name: Build and Publish needs: tests diff --git a/scripts/deploy.sh b/scripts/deploy.sh index 29053b2..1b49f50 100755 --- a/scripts/deploy.sh +++ b/scripts/deploy.sh @@ -33,7 +33,7 @@ then export WEBAUTHN_TABLE="${PRD_WEBAUTHN_TABLE}" else echo "deployments only happen from develop and main branches (branch: ${GITHUB_REF_NAME})" - exit 1 + exit fi # Print the Serverless version in the logs From 72e4ca02096e035f2f3d80c64bd4032fd0e6cb07 Mon Sep 17 00:00:00 2001 From: briskt <3172830+briskt@users.noreply.github.com> Date: Mon, 26 Feb 2024 14:19:59 -0700 Subject: [PATCH 13/13] only deploy on main and develop --- .../{test-and-publish.yml => test-deploy-publish.yml} | 3 ++- scripts/deploy.sh | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) rename .github/workflows/{test-and-publish.yml => test-deploy-publish.yml} (95%) diff --git a/.github/workflows/test-and-publish.yml b/.github/workflows/test-deploy-publish.yml similarity index 95% rename from .github/workflows/test-and-publish.yml rename to .github/workflows/test-deploy-publish.yml index 764ebd0..94d8a19 100644 --- a/.github/workflows/test-and-publish.yml +++ b/.github/workflows/test-deploy-publish.yml @@ -1,4 +1,4 @@ -name: Test and Publish +name: Test, Deploy, Publish on: push: @@ -22,6 +22,7 @@ jobs: deploy: name: Deploy to AWS Lambda needs: tests + if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop' runs-on: ubuntu-latest env: AWS_REGION: ${{ vars.AWS_REGION }} diff --git a/scripts/deploy.sh b/scripts/deploy.sh index 1b49f50..29053b2 100755 --- a/scripts/deploy.sh +++ b/scripts/deploy.sh @@ -33,7 +33,7 @@ then export WEBAUTHN_TABLE="${PRD_WEBAUTHN_TABLE}" else echo "deployments only happen from develop and main branches (branch: ${GITHUB_REF_NAME})" - exit + exit 1 fi # Print the Serverless version in the logs