ci: remove secrets #144
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| push: | |
| branches: | |
| - main | |
| - dev | |
| paths: | |
| - 'src/**' | |
| - 'tests/**' | |
| - '.github/workflows/**' | |
| - 'template.yml' | |
| - 'samconfig.toml' | |
| - 'requirements.txt' | |
| - 'docker/**' | |
| - 'apprunner.yaml' | |
| - 'server.py' | |
| jobs: | |
| test: | |
| # Containers must run in Linux based operating systems | |
| runs-on: ubuntu-latest | |
| # Docker Hub image that `container-job` executes in | |
| # Service containers to run with `container-job` | |
| services: | |
| # Label used to access the service container | |
| postgres: | |
| # Docker Hub image | |
| image: postgres | |
| # Provide the password for postgres | |
| env: | |
| POSTGRES_PASSWORD: postgres | |
| # Set health checks to wait until postgres has started | |
| options: >- | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| ports: | |
| # Maps tcp port 5432 on service container to the host | |
| - 5432:5432 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python 3.12 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| cache: 'pip' | |
| - name: Execute unit tests and coverage report | |
| run: | | |
| python -m pip install --upgrade pip | |
| if [ -f requirements.txt ]; then pip install -r tests/requirements.txt; fi | |
| - name: Run unit tests | |
| run: python -m coverage run -m unittest -v tests/*.py | |
| env: | |
| # The hostname used to communicate with the PostgreSQL service container | |
| POSTGRES_HOST: localhost | |
| # The default PostgreSQL port | |
| POSTGRES_PORT: 5432 | |
| POSTGRES_USER: postgres | |
| POSTGRES_DB: postgres | |
| POSTGRES_PASSWORD: postgres | |
| STAGE: local | |
| - name: Run coverage report | |
| run: python -m coverage report -m | |
| build-and-deploy: | |
| runs-on: ubuntu-latest | |
| needs: test | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.12' | |
| cache: 'pip' | |
| - uses: aws-actions/setup-sam@v2 | |
| with: | |
| use-installer: true | |
| - uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: Set environment for branch | |
| run: | | |
| if [[ $GITHUB_REF_NAME == 'main' ]]; then | |
| echo "ENV_STAGE=prod" >> "$GITHUB_ENV" | |
| else | |
| echo "ENV_STAGE=dev" >> "$GITHUB_ENV" | |
| fi | |
| # sam build | |
| - name: Run SAM Build | |
| run: sam build | |
| # sam deploy | |
| - name: Run SAM Deploy | |
| run: | | |
| sam deploy --s3-bucket ${{ secrets.AWS_ARTIFACTS_BUCKET_NAME }} \ | |
| --stack-name stori-transactions-email-sender-${{ env.ENV_STAGE }} \ | |
| --parameter-overrides \ | |
| BucketName=${{ secrets.AWS_BUCKET_NAME_FILES_PREFIX }}-${{ env.ENV_STAGE }} \ | |
| SecretName=${{ secrets.AWS_SECRET_NAME }} \ | |
| Stage=${{ env.ENV_STAGE }} \ | |
| AppRunnerConnectionArn=${{ secrets.AWS_APP_RUNNER_CONNECTION_ARN }} \ | |
| --no-confirm-changeset --no-fail-on-empty-changeset |