Enterprise-CMCS/macpro-mako

View on GitHub
.github/workflows/deploy.yml

Summary

Maintainability
Test Coverage
name: Deploy

on:
  push:
    branches:
      - "*"
      - "!skipci*"

concurrency:
  group: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}-group

env:
  STAGE_NAME: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}

permissions:
  id-token: write
  contents: write
  issues: write
  pull-requests: write

jobs:
  init:
    runs-on: ubuntu-20.04
    steps:
      - name: Validate stage name
        run: |
          if [[ ! $STAGE_NAME =~ ^[a-z][a-z0-9-]*$ ]]; then
              echo "ERROR:  Your branch name, $STAGE_NAME, is not a valid Serverless Framework stage name." && exit 1
          fi

  deploy:
    runs-on: ubuntu-20.04
    needs:
      - init
    environment:
      name: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}
    outputs:
      app-url: ${{ steps.deployment-data.outputs.APPURL }}
      kibana-url: ${{ steps.deployment-data.outputs.KIBANAURL }}
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - uses: ./.github/actions/setup

      - uses: docker/setup-qemu-action@v2
        with:
          platforms: "amd64"

      - uses: docker/setup-buildx-action@v2

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }}
          aws-region: us-east-1
          role-duration-seconds: 10800

      - name: Deploy
        run: run deploy --stage $STAGE_NAME

      - name: Set Application URLs
        id: deployment-data
        run: |
          secret_value=$(aws ssm get-parameter \
            --region us-east-1 \
            --name "/$PROJECT/$STAGE_NAME/deployment-output" \
            --query Parameter.Value \
            --output text)
          application_endpoint_url=$(echo $secret_value | jq -r '.applicationEndpointUrl')
          echo "APPURL=$application_endpoint_url" >> $GITHUB_OUTPUT
          kibana_url=$(echo $secret_value | jq -r '.kibanaUrl')
          echo "KIBANAURL=$kibana_url" >> $GITHUB_OUTPUT

  application-url:
    runs-on: ubuntu-20.04
    needs:
      - deploy
    environment:
      name: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}-app
      url: ${{ needs.deploy.outputs.app-url }}
    steps:
      - name: Display App URL
        run: |
          echo "App URL: ${{ needs.deploy.outputs.app-url }}"

  kibana-url:
    runs-on: ubuntu-20.04
    needs:
      - deploy
    environment:
      name: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}-kibana
      url: ${{ needs.deploy.outputs.kibana-url }}
    steps:
      - name: Display Kibana URL
        run: |
          echo "Kibana URL: ${{ needs.deploy.outputs.kibana-url }}"

  test:
    runs-on: ubuntu-20.04
    needs:
      - init
    environment:
      name: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - uses: ./.github/actions/setup

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }}
          aws-region: us-east-1
          role-duration-seconds: 10800

      - name: Test
        run: run test --coverage
      - name: Upload Coverage
        uses: actions/upload-artifact@v4
        with:
          name: coverage
          path: coverage
      - name: Report coverage to Code Climate
        uses: paambaati/codeclimate-action@v8.0.0
        env:
          CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
        with:
          coverageLocations: coverage/lcov.info:lcov

  e2e:
    runs-on: ubuntu-20.04
    needs:
      - deploy
    environment:
      name: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}
    if: ${{ github.ref != 'refs/heads/production' }}
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - name: Setup
        uses: ./.github/actions/setup
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }}
          aws-region: us-east-1
          role-duration-seconds: 10800
      - name: Run e2e tests
        run: run e2e
      - uses: actions/upload-artifact@v3
        if: always()
        with:
          name: playwright-report
          path: test/e2e/playwright-report/index.html
          retention-days: 30

  cfn-nag:
    runs-on: ubuntu-20.04
    needs:
      - deploy
    environment:
      name: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - uses: ./.github/actions/setup

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }}
          aws-region: us-east-1
          role-duration-seconds: 10800

      - name: Get CloudFormation templates
        id: getCfts
        run: |
          mkdir -p cftemplates
          stackList=(`aws cloudformation describe-stacks --query "Stacks[?Tags[?Key=='STAGE' && Value=='$STAGE_NAME'] && Tags[?Key=='PROJECT' && Value=='$PROJECT']].StackName" --output text`)
          for stack in "${stackList[@]}"; do
            aws cloudformation get-template --stack-name "$stack" --query TemplateBody > "cftemplates/${stack}.json"
          done

      - name: Stelligent cfn_nag
        uses: stelligent/cfn_nag@v0.8.6
        with:
          input_path: cftemplates
  resources:
    runs-on: ubuntu-20.04
    needs:
      - deploy
    environment:
      name: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - uses: ./.github/actions/setup

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }}
          aws-region: us-east-1
          role-duration-seconds: 10800

      - name: Get AWS Stage Resources
        id: stage-resources
        run: |
          mkdir -p resources
          resourceData=()
          stackList=(`aws cloudformation describe-stacks --query "Stacks[?Tags[?Key=='STAGE' && Value=='$STAGE_NAME'] && Tags[?Key=='PROJECT' && Value=='$PROJECT']].StackName" --output text`)
          for stack in "${stackList[@]}"; do
            resources=$(aws cloudformation list-stack-resources --stack-name "$stack" --query "StackResourceSummaries[].{PhysicalResourceId:PhysicalResourceId, ResourceType:ResourceType, ResourceStatus:ResourceStatus, LogicalResourceId:LogicalResourceId, LastUpdatedTimestamp:LastUpdatedTimestamp}" --output json)
            resourceData+=( $(echo "$resources" | jq -c --arg stack_name "$stack" '.[] + { StackName: $stack_name }') )
          done
          join_by() { local IFS="$1"; shift; echo "$*"; }
          echo "["$(join_by "," "${resourceData[@]}")"]" > "resources/aws-resources.json"
      - name: Archive stage resources
        uses: actions/upload-artifact@v3
        with:
          name: aws-resources-${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }}
          path: resources/aws-resources.json

  release:
    runs-on: ubuntu-20.04
    needs:
      - test
      - e2e
      - cfn-nag
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - uses: ./.github/actions/setup

      - name: Install
        run: bun install

      - name: Release
        run: bun semantic-release
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}