.circleci/config.yml from LD4P/sinopia_indexing_pipeline

.circleci/config.yml
Summary

Maintainability

Test Coverage

Issues
version: 2.1
orbs:
  node: circleci/node@5.0.2
  docker: circleci/docker@2.5.0
  aws-cli: circleci/aws-cli@3.1.0
  gh: circleci/github-cli@2.2.0
executors:
  default:
    docker:
      - image: 'cimg/node:20.11'
references:
  publish_params: &publish_params
    docker-password: DOCKER_PASS
    docker-username: DOCKER_USER
  filters:
    branch_only: &branch_only_filter
      branches:
        only:
          - /.*/
      tags:
        ignore:
          - /.*/
    main_only: &main_only_filter
      branches:
        only:
          - main
      tags:
        ignore:
          - /.*/
    release_and_beta_only: &release_and_beta_only_filter
      branches:
        ignore:
          - /.*/
      tags:
        only:
          - /v.[0-9\.]+(-beta)?/
    release_only: &release_only_filter
      branches:
        ignore:
          - /.*/
      tags:
        only:
          - /v.[0-9\.]+/
jobs:
  test:
    executor: default
    steps:
      - checkout
      - node/install-packages
      - run:
          name: Setup Code Climate test-reporter
          command: |
            curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
            chmod +x ./cc-test-reporter
            ./cc-test-reporter before-build
      - run:
          name: Run tests
          command: npm run coverage
      - run:
          name: Send coverage report to Code Climate
          command: |
            ./cc-test-reporter after-build --exit-code $?
  deploy-ecs:
    parameters:
      role-arn:
        type: env_var_name
        default: DEV_ROLE_ARN
      cluster:
        type: string
        default: sinopia-dev
    executor: aws-cli/default
    steps:
      - aws-cli/setup:
          aws-access-key-id: CIRCLE_ACCESS_KEY_ID
          aws-secret-access-key: CIRCLE_SECRET_KEY
          aws-region: AWS_DEFAULT_REGION
      - run:
          name: Deploy to ECS
          command: |
            unset AWS_SESSION_TOKEN
            aws configure set output json
            temp_creds=$(aws sts assume-role --role-session-name DevelopersRole --role-arn ${<< parameters.role-arn >>} --profile default | jq .Credentials)
            export AWS_ACCESS_KEY_ID=$(echo "$temp_creds" | jq .AccessKeyId | xargs)
            export AWS_SECRET_ACCESS_KEY=$(echo "$temp_creds" | jq .SecretAccessKey | xargs)
            export AWS_SESSION_TOKEN=$(echo "$temp_creds" | jq .SessionToken | xargs)
            task_arn=$(aws ecs list-task-definitions --family-prefix sinopia-indexing --sort DESC --max-items 1 | jq -r --exit-status '.taskDefinitionArns[]')
            cluster_arn=$(aws ecs list-clusters | jq --raw-output --exit-status '.clusterArns[] | select(contains(":cluster/<< parameters.cluster >>"))')
            aws ecs update-service --service sinopia-indexing --cluster $cluster_arn --task-definition $task_arn --force-new-deployment
  dependency-update:
    executor: default
    steps:
      - gh/setup
      - gh/clone
      - run:
          name: Update dependencies
          command: |
            git config user.name "dlss-infra-bot"
            git config user.email "dlss-infrastructure-team-owner@lists.stanford.edu"
            git checkout -b update-dependencies
            repo_url=$(echo $CIRCLE_REPOSITORY_URL | sed -e "s/git@github\.com:/https:\/\/github.com\//" -e "s/\.git//")
            git remote set-url origin $repo_url
            git remote show origin
            npm update
            npm audit fix || echo "Outstanding fixes"
            git add package-lock.json package.json && git commit -m "Update NPM dependencies"
            if [ $? -eq 0 ]; then
              git push origin update-dependencies && gh pr create --title "Update dependencies" --body ""
            fi
workflows:
  build:
    jobs:
      - test:
          filters:
            <<: *branch_only_filter
      - node/run:
          name: lint
          npm-run: lint
          filters:
            <<: *branch_only_filter
      - docker/publish:
          <<: *publish_params
          name: publish-dev
          context: ld4p
          image: ld4p/sinopia_indexing_pipeline
          tag: latest
          requires:
            - test
            - lint
          filters:
            <<: *main_only_filter
      - docker/publish:
          <<: *publish_params
          name: publish-stage
          context: ld4p
          image: ld4p/sinopia_indexing_pipeline
          tag: release-stage
          filters:
            <<: *release_and_beta_only_filter
      - docker/publish:
          <<: *publish_params
          name: publish-prod
          context: ld4p
          image: ld4p/sinopia_indexing_pipeline
          tag: release-prod
          filters:
            <<: *release_only_filter
      - deploy-ecs:
          name: deploy-ecs-dev
          context: ld4p
          requires:
            - publish-dev
          filters:
            <<: *main_only_filter
      - deploy-ecs:
          name: deploy-ecs-stage
          context: ld4p
          role-arn: STAGE_ROLE_ARN
          cluster: sinopia-staging
          requires:
            - publish-stage
          filters:
            <<: *release_and_beta_only_filter
      - deploy-ecs:
          name: deploy-ecs-prod
          context: ld4p
          role-arn: PROD_ROLE_ARN
          cluster: sinopia-production
          requires:
            - publish-prod
          filters:
            <<: *release_only_filter
  dependency-update:
    triggers:
      - schedule:
          # Mondays at 1am
          cron: "0 1 * * 1"
          filters:
            branches:
              only:
                - main
    jobs:
      - dependency-update:
          context: ld4p