.github/workflows/main.yml

name: rAPId Deployment

on:
  push:
    branches: [main]

  workflow_dispatch:

jobs:
  setup:
    runs-on: self-hosted
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Log commit SHA
        run: echo $GITHUB_SHA

  security-check:
    needs:
      - setup
    runs-on: self-hosted
    steps:
      - name: Setup Python
        uses: actions/setup-python@v4
        with:
          python-version: '3.10'
          cache: 'pip'

      - run: pip install -r requirements.txt

      - name: Run security checks
        run: make security-check

  api-deployment:
    needs:
      - setup
      - security-check
    runs-on: self-hosted
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Populate .env with additional vars
        run: |
          cp ./.github/.github.env .env
          echo AWS_ACCOUNT=${{ secrets.AWS_ACCOUNT }} >> .env
          echo AWS_REGION=${{ secrets.AWS_REGION }} >> .env
          echo AWS_DEFAULT_REGION=${{ secrets.AWS_REGION }} >> .env

      - name: Build API Image
        run: make api-create-image

      - name: API Static Analysis
        run: make api-lint

      - name: API Tests
        run: make api-test

      - name: API Tag and Upload
        run: make api-tag-and-upload

      - name: API Check Image Scan for Vulnerabilities
        run: make api-scan-for-vulns-and-tag

      - name: API Tag PROD Candidate
        run: make api-tag-prod-candidate

      - name: API Deploy Image to Prod
        run: make api-app-live-in-prod

      - name: API Allow for Application to Start
        run: sleep 120

      - name: API Wait for Running Application
        id: await-running-app
        run: make api-check-app-is-running

      - name: API E2E Tests
        id: e2e-tests
        env:
          E2E_DOMAIN_NAME: ${{ secrets.E2E_DOMAIN_NAME }}
          E2E_DATA_BUCKET: ${{ secrets.E2E_DATA_BUCKET }}
          E2E_RESOURCE_PREFIX: ${{ secrets.E2E_RESOURCE_PREFIX }}
        run: |
          # Export AWS credentials to env for e2e tests
          eval "$(aws configure export-credentials --format env)"
          make api-test-e2e

      - name: API Tag Image as Failure
        if: always() && steps.await-running-app.conclusion == 'failure' || steps.e2e-tests.conclusion == 'failure'
        run: make api-tag-prod-failure

  cleanup:
    needs:
      - setup
      - security-check
      - api-deployment
    runs-on: self-hosted
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Clean Docker Context
        if: always()
        run: make clean-pipeline-docker-context