Skip to content

feat(mes-aides): integration aides permis velo #356

feat(mes-aides): integration aides permis velo

feat(mes-aides): integration aides permis velo #356

Workflow file for this run

# References
# https://docs.docker.com/build/ci/github-actions/
# https://docs.github.com/en/actions/publishing-packages/publishing-docker-images
name: build_deploy
on:
push:
branches: [main]
pull_request:
branches: [main]
# default types + ready_for_review
types: [opened, synchronize, repopened, ready_for_review]
jobs:
build:
runs-on: ubuntu-latest
if: ${{ !(github.event_name == 'pull_request' && github.event.pull_request.draft) }}
strategy:
matrix:
service: ["api", "datawarehouse", "pipeline"]
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}-${{ matrix.service }}
permissions:
contents: read
packages: write
defaults:
run:
working-directory: ${{ matrix.service }}
steps:
- uses: actions/checkout@v4
- name: Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=tag
type=ref,event=pr
type=sha,format=long,prefix=
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and export to Docker
uses: docker/build-push-action@v5
with:
context: ./${{ matrix.service }}
load: true
tags: ${{ steps.meta.outputs.tags }}
cache-from: type=gha
cache-to: type=gha,mode=max
labels: ${{ steps.meta.outputs.labels }}
- name: Run tests
if: matrix.service == 'api'
env:
API_ENV: test
run: |
docker compose run --entrypoint pytest api -p no:cacheprovider -vv
- name: Run tests
if: matrix.service == 'pipeline'
run: |
echo #TODO
- name: Push image to GitHub registry
uses: docker/build-push-action@v5
with:
context: ./${{ matrix.service }}
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
deploy:
needs: build
runs-on: ubuntu-latest
strategy:
matrix:
environment: [staging, prod]
# prevent deployment failure in an environment to interrupt other deployments
fail-fast: true
environment: ${{ matrix.environment }}
env:
ENV: ${{ vars.ENVIRONMENT }}
AWS_ACCESS_KEY_ID: ${{ vars.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
TF_VARS_BASE64: ${{ secrets.TF_VARS_BASE64 }}
TF_VAR_stack_version: ${{ github.sha }}
defaults:
run:
working-directory: deployment
steps:
- uses: actions/checkout@v4
- uses: hashicorp/setup-terraform@v3
with:
terraform_version: "1.8.1"
- name: mask tf variables
run: |
echo "${TF_VARS_BASE64}" \
| base64 --decode \
| jq 'to_entries | map(.value // empty) | .[]' \
| xargs -I{} echo '::add-mask::{}'
- name: tf init
run: |
terraform init \
-backend-config "bucket=data-inclusion-tf-states" \
-backend-config "key=${ENV}"
- name: tf validate
run: |
terraform validate
- name: tf plan
run: |
trap "rm -f terraform.tfvars.json" EXIT
echo "${TF_VARS_BASE64}" | base64 --decode > terraform.tfvars.json
terraform plan -input=false
- name: tf apply
run: |
trap "rm -f terraform.tfvars.json" EXIT
echo "${TF_VARS_BASE64}" | base64 --decode > terraform.tfvars.json
terraform apply -input=false -auto-approve