Merge pull request #2291 from cisagov/AL-pe-SQS #3052
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Backend Pipeline | |
on: | |
push: | |
branches: | |
- master | |
- production | |
paths: | |
- 'backend/**' | |
- '.github/workflows/backend.yml' | |
pull_request: | |
branches: | |
- master | |
- production | |
paths: | |
- 'backend/**' | |
- '.github/workflows/backend.yml' | |
defaults: | |
run: | |
working-directory: ./backend | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: '18' | |
- name: Restore npm cache | |
uses: actions/cache@v3 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
- name: Install dependencies | |
run: npm ci | |
- name: Lint | |
run: npm run lint | |
test: | |
runs-on: ubuntu-latest | |
timeout-minutes: 20 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: '18' | |
- name: Restore npm cache | |
uses: actions/cache@v3 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ hashFiles('package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
- name: Install dependencies | |
run: npm ci | |
- name: Run site locally | |
run: | | |
cp dev.env.example .env | |
docker-compose up -d db backend es | |
npm install -g wait-port | |
wait-port -t 3000 5432 9200 9300 | |
working-directory: ./ | |
- name: Sync database | |
run: npm run syncdb | |
working-directory: ./backend | |
- name: Test | |
run: npm run test -- --collectCoverage --silent | |
- name: Package | |
run: npx sls package | |
env: | |
SLS_DEBUG: '*' | |
test_worker: | |
runs-on: ubuntu-latest | |
timeout-minutes: 20 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: '18' | |
- name: Restore npm cache | |
uses: actions/cache@v3 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ hashFiles('package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
- name: Install dependencies | |
run: npm ci | |
- name: Build | |
run: npx webpack --config webpack.worker.config.js | |
- name: Run db locally | |
run: | | |
cp dev.env.example .env | |
docker-compose up -d db | |
npm install -g wait-port | |
wait-port -t 3000 5432 | |
working-directory: ./ | |
- name: Test | |
run: node dist/worker.bundle.js | |
env: | |
CROSSFEED_COMMAND_OPTIONS: '{"scanName": "test"}' | |
DB_USERNAME: crossfeed | |
DB_PASSWORD: password | |
test_python: | |
runs-on: ubuntu-latest | |
timeout-minutes: 20 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Python 3.10 | |
uses: actions/[email protected] | |
with: | |
python-version: '3.10' | |
- uses: actions/cache@v3 | |
with: | |
path: ~/.cache/pip | |
key: pip-${{ hashFiles('**/requirements.txt') }} | |
restore-keys: | | |
pip- | |
- run: pip install -r worker/requirements.txt | |
- run: pytest | |
build_worker: | |
runs-on: ubuntu-latest | |
timeout-minutes: 90 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: '18' | |
- name: Restore npm cache | |
uses: actions/cache@v3 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
- name: Install dependencies | |
run: npm ci | |
- name: Build worker container | |
run: npm run build-worker | |
working-directory: ./backend | |
deploy_staging: | |
needs: [build_worker, lint, test, test_worker, test_python] | |
runs-on: ubuntu-latest | |
environment: staging | |
concurrency: 1 | |
if: github.event_name == 'push' && github.ref == 'refs/heads/master' | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: '18' | |
- name: Restore npm cache | |
uses: actions/cache@v3 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
- name: Install dependencies | |
run: npm ci | |
- name: Ensure domain exists | |
run: npx sls create_domain --stage=staging | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
SLS_DEBUG: '*' | |
- name: Deploy backend | |
run: npx sls deploy --stage=staging | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
SLS_DEBUG: '*' | |
- name: Deploy worker | |
run: npm run deploy-worker-staging | |
working-directory: backend | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
- name: Run syncdb | |
run: aws lambda invoke --function-name crossfeed-staging-syncdb --region us-east-1 /dev/stdout | |
working-directory: backend | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
deploy_prod: | |
needs: [build_worker, lint, test, test_python] | |
runs-on: ubuntu-latest | |
environment: production | |
concurrency: 1 | |
if: github.event_name == 'push' && github.ref == 'refs/heads/production' | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: '18' | |
- name: Restore npm cache | |
uses: actions/cache@v3 | |
with: | |
path: ~/.npm | |
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
- name: Install dependencies | |
run: npm ci | |
- name: Ensure domain exists | |
run: npx sls create_domain --stage=prod | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
SLS_DEBUG: '*' | |
- name: Deploy backend | |
run: npx sls deploy --stage=prod | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
SLS_DEBUG: '*' | |
- name: Deploy worker | |
run: npm run deploy-worker-prod | |
working-directory: backend | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
- name: Run syncdb | |
run: aws lambda invoke --function-name crossfeed-prod-syncdb --region us-east-1 /dev/stdout | |
working-directory: backend | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |