Skip to content
This repository has been archived by the owner on Sep 30, 2024. It is now read-only.

241 consolidate data and app services #326

Merged
merged 19 commits into from
May 9, 2023
Merged

241 consolidate data and app services #326

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
f8ee938
Move the ETL modules into the API service
esheehan-gsl May 5, 2023
6ff62da
Move ETL tests over to the api service
esheehan-gsl May 5, 2023
0954472
Downgrade to Python 3.9 and update dependencies
esheehan-gsl May 5, 2023
6a45ed2
Update test fixtures
esheehan-gsl May 5, 2023
ad04ccb
Move the Dockerfile for Lambda to the API service
esheehan-gsl May 5, 2023
a59d21f
Remove the data service
esheehan-gsl May 5, 2023
d0e0c3b
Configure coverage to ignore tests/
esheehan-gsl May 5, 2023
6394725
Copy over the dockerignore patterns from data/
esheehan-gsl May 5, 2023
145e807
Eliminate the services/ directory
esheehan-gsl May 5, 2023
9ba23e2
Move Docker files
esheehan-gsl May 8, 2023
fd3d50b
Downgrade app container to Python 3.9 for now
esheehan-gsl May 8, 2023
a98d6d4
Update the COPY command for the webserver config
esheehan-gsl May 8, 2023
c9f520b
Consolidate the api and data workflows
esheehan-gsl May 8, 2023
1fa1f4b
Consolidate the image cleanup workflows
esheehan-gsl May 8, 2023
d74c846
Update the nginx container workflow
esheehan-gsl May 8, 2023
bfdb087
Update triggers for nginx container cleanup
esheehan-gsl May 8, 2023
63243a4
Update prettierignore for new root directory
esheehan-gsl May 8, 2023
10c0540
Run isort over GitHub scripts
esheehan-gsl May 8, 2023
17bccb6
Update CONTRIBUTING docs
esheehan-gsl May 9, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
0 services/data/.coveragerc → .coveragerc
View file
Open in desktop
File renamed without changes.
3 changes: 2 additions & 1 deletion services/data/.dockerignore → .dockerignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
**/__pycache__/
tmp/
node_modules/
/tmp

*.pyc
2 changes: 1 addition & 1 deletion .github/scripts/extract_git_ref.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
#!/usr/bin/env python3

from typing import Optional
import os
import re
from typing import Optional


def get_branch(gh_event: str, gh_ref: str, gh_head_ref: Optional[str]) -> str:
Expand Down
1 change: 0 additions & 1 deletion .github/scripts/extract_git_ref_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
import pytest

from extract_git_ref import get_branch


Expand Down
21 changes: 17 additions & 4 deletions .github/workflows/api-cleanup-pr-images.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,13 @@
name: Cleanup API PR images
name: Cleanup Application PR images

on:
pull_request:
types: [closed]
paths:
- 'services/api/**'
- '.github/workflows/**'
- '.github/scripts/**'
- "src/**/*.py"
- "src/**/*.html"
- ".github/workflows/**"
- ".github/scripts/**"
jobs:
purge-ghcr-images:
name: Cleanup PR images from ghcr.io
Expand All @@ -19,6 +20,13 @@ jobs:
name: unified-graphics/api
token: ${{ secrets.GHCR_CLEANUP_PAT }}
tag: ${{ github.head_ref }}
- name: Cleanup images
uses: bots-house/[email protected]
with:
owner: noaa-gsl
name: unified-graphics/data
token: ${{ secrets.GHCR_CLEANUP_PAT }}
tag: ${{ github.head_ref }}
purge-ecr-images:
name: Cleanup PR images from ECR
runs-on: ubuntu-latest
Expand All @@ -37,3 +45,8 @@ jobs:
aws ecr batch-delete-image \
--repository-name rtma-vis/api \
--image-ids imageTag=${{ github.head_ref }}
- name: Cleanup image
run: |
aws ecr batch-delete-image \
--repository-name rtma-vis/data \
--image-ids imageTag=${{ github.head_ref }}
98 changes: 70 additions & 28 deletions .github/workflows/api.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
name: "API Service Build"
name: "Application Container Builds"
on:
push:
tags:
Expand All @@ -7,17 +7,19 @@ on:
branches: [main]
# Path filters aren't evaluated for tags - https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onpushpull_requestpull_request_targetpathspaths-ignore
paths:
- "services/api/**"
- "src/**/*.py"
- "src/**/*.html"
- ".github/workflows/**"
- ".github/scripts/**"
pull_request:
paths:
- "services/api/**"
- "src/**/*.py"
- "src/**/*.html"
- ".github/workflows/**"
- ".github/scripts/**"
workflow_dispatch: # Manually
env:
REGISTRY: ghcr.io/noaa-gsl/unified-graphics/api
REGISTRY: ghcr.io/noaa-gsl/unified-graphics

jobs:
lint:
Expand All @@ -28,20 +30,16 @@ jobs:
run: pipx install poetry
- uses: actions/setup-python@v4
with:
python-version: "3.11"
python-version: "3.9"
- name: Install dependencies
working-directory: services/api
run: |
poetry env use 3.11
poetry env use 3.9
poetry install
- name: Lint with Black
working-directory: services/api
run: poetry run black --check .
- name: Lint with Flake8
working-directory: services/api
run: poetry run flake8 --count --show-source --statistics .
- name: Lint with isort
working-directory: services/api
run: poetry run isort --check .
type-check:
runs-on: ubuntu-latest
Expand All @@ -51,14 +49,12 @@ jobs:
run: pipx install poetry
- uses: actions/setup-python@v4
with:
python-version: "3.11"
python-version: "3.9"
- name: Install dependencies
working-directory: services/api
run: |
poetry env use 3.11
poetry env use 3.9
poetry install
- name: Check Types with mypy
working-directory: services/api
run: poetry run mypy src/
test:
runs-on: ubuntu-latest
Expand All @@ -70,14 +66,12 @@ jobs:
run: pipx install poetry
- uses: actions/setup-python@v4
with:
python-version: "3.11"
python-version: "3.9"
- name: Install dependencies
working-directory: services/api
run: |
poetry env use 3.11
poetry env use 3.9
poetry install
- name: Test
working-directory: services/api
run: |
poetry run coverage run -m pytest
poetry run coverage report
Expand All @@ -86,7 +80,7 @@ jobs:
uses: irongut/[email protected]
with:
header: API Coverage
filename: services/api/coverage.xml
esheehan-gsl marked this conversation as resolved.
Show resolved Hide resolved
filename: coverage.xml
badge: true
fail_below_min: true
format: markdown
Expand All @@ -101,7 +95,7 @@ jobs:
with:
recreate: true
path: code-coverage-results.md
build:
build_app:
runs-on: ubuntu-latest
needs: [lint, type-check, test]
permissions:
Expand All @@ -112,7 +106,7 @@ jobs:
run: python3 ./.github/scripts/extract_git_ref.py # Provides env.BRANCH
- name: Build & tag image
run: |
docker build -t ${{ env.REGISTRY }}:${{ env.BRANCH }} services/api
docker build -t ${{ env.REGISTRY }}/api:${{ env.BRANCH }} -f docker/app/Dockerfile .
- name: Login to GHCR
uses: docker/login-action@v2
with:
Expand All @@ -121,18 +115,63 @@ jobs:
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push image
run: |
docker push ${{ env.REGISTRY }}:${{ env.BRANCH }}
scan:
docker push ${{ env.REGISTRY }}/api:${{ env.BRANCH }}
build_diag_etl:
runs-on: ubuntu-latest
needs: build
needs: [lint, type-check, test]
permissions:
packages: write
steps:
- uses: actions/checkout@v3
- name: Extract branch/tag name
run: python3 ./.github/scripts/extract_git_ref.py # Provides env.BRANCH
- name: Build & tag image
run: |
docker build -t ${{ env.REGISTRY }}/data:${{ env.BRANCH }} -f docker/diag-etl/Dockerfile .
- name: Login to GHCR
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Push image
run: |
docker push ${{ env.REGISTRY }}/data:${{ env.BRANCH }}
scan_app:
runs-on: ubuntu-latest
needs: build_app
steps:
- uses: actions/checkout@v3
- name: Extract branch/tag name
run: python3 ./.github/scripts/extract_git_ref.py # Provides env.BRANCH
- name: Scan image with Trivy
uses: aquasecurity/trivy-action@master
with:
image-ref: "${{ env.REGISTRY }}/api:${{ env.BRANCH }}"
format: "sarif"
output: "trivy-results.sarif"
ignore-unfixed: true
severity: "CRITICAL,HIGH"
exit-code: "1"
env:
TRIVY_USERNAME: ${{ github.actor }}
TRIVY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
- name: Upload Trivy scan results to GitHub Security tab
if: always()
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: "trivy-results.sarif"
scan_diag_etl:
runs-on: ubuntu-latest
needs: build_diag_etl
steps:
- uses: actions/checkout@v3
- name: Extract branch/tag name
run: python3 ./.github/scripts/extract_git_ref.py # Provides env.BRANCH
- name: Scan image with Trivy
uses: aquasecurity/trivy-action@master
with:
image-ref: "${{ env.REGISTRY }}:${{ env.BRANCH }}"
image-ref: "${{ env.REGISTRY }}/data:${{ env.BRANCH }}"
format: "sarif"
output: "trivy-results.sarif"
ignore-unfixed: true
Expand All @@ -151,7 +190,7 @@ jobs:
runs-on: ubuntu-latest
environment: vlab
concurrency: vlab
needs: scan
needs: [scan_app, scan_diag_etl]
steps:
- uses: actions/checkout@v3
- name: Extract branch/tag name
Expand All @@ -172,6 +211,9 @@ jobs:
uses: aws-actions/amazon-ecr-login@v1
- name: retag image and push
run: |
docker pull ${{ env.REGISTRY }}:${{ env.BRANCH }}
docker tag ${{ env.REGISTRY }}:${{ env.BRANCH }} ${{ secrets.AWS_REGISTRY }}/api:${{ env.BRANCH }}
docker pull ${{ env.REGISTRY }}/api:${{ env.BRANCH }}
docker tag ${{ env.REGISTRY }}/api:${{ env.BRANCH }} ${{ secrets.AWS_REGISTRY }}/api:${{ env.BRANCH }}
docker push ${{ secrets.AWS_REGISTRY }}/api:${{ env.BRANCH }}
docker pull ${{ env.REGISTRY }}/data:${{ env.BRANCH }}
docker tag ${{ env.REGISTRY }}/data:${{ env.BRANCH }} ${{ secrets.AWS_REGISTRY }}/data:${{ env.BRANCH }}
docker push ${{ secrets.AWS_REGISTRY }}/data:${{ env.BRANCH }}
39 changes: 0 additions & 39 deletions .github/workflows/data-cleanup-pr-images.yaml
View file
Open in desktop

This file was deleted.

Loading