-
Notifications
You must be signed in to change notification settings - Fork 23
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[ISSUE 300]: Set up back-end infrastructure in AWS (#508)
- Loading branch information
1 parent
d3ff8b5
commit f1f20a9
Showing
109 changed files
with
2,982 additions
and
1,355 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| name: Deploy API | ||
| # Need to set a default value for when the workflow is triggered from a git push | ||
| # which bypasses the default configuration for inputs | ||
| run-name: Deploy ${{ github.ref_name }} to API ${{ inputs.environment || 'dev' }} | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - "main" | ||
| paths: | ||
| - "api/**" | ||
| - "bin/**" | ||
| - "infra/**" | ||
| release: | ||
| types: [published] | ||
| workflow_dispatch: | ||
| inputs: | ||
| app_name: | ||
| description: "name of application folder under infra directory" | ||
| required: true | ||
| type: string | ||
| environment: | ||
| description: "target environment" | ||
| required: true | ||
| default: "dev" | ||
| type: choice | ||
| options: | ||
| - dev | ||
| - prod | ||
|
|
||
| jobs: | ||
| wait-for-checks: | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v3 | ||
|
|
||
| - name: Authenticate GitHub CLI | ||
| run: echo "${{ github.token }}" | gh auth login --with-token | ||
|
|
||
| - name: Run verify-checks script | ||
| env: | ||
| CURRENT_GITHUB_RUN_ID: ${{ github.run_id }} | ||
| SHA: ${{ github.sha }} | ||
| REPO: "hhs/grants-equity" | ||
| run: | | ||
| ${{ github.workspace }}/bin/verify-checks.sh | ||
| deploy: | ||
| name: Deploy | ||
| needs: wait-for-checks | ||
| uses: ./.github/workflows/deploy.yml | ||
| with: | ||
| app_name: ${{ inputs.app_name || 'api' }} | ||
| environment: ${{ inputs.environment || (github.event_name == 'release' && 'prod') || 'dev' }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,50 @@ | ||
| name: CI Infra Service Checks | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - main | ||
| paths: | ||
| - infra/*/service/** | ||
| - infra/test/** | ||
| - .github/workflows/ci-infra-service.yml | ||
| pull_request: | ||
| paths: | ||
| - infra/*/service/** | ||
| - infra/test/** | ||
| - .github/workflows/ci-infra-service.yml | ||
| workflow_dispatch: | ||
|
|
||
| env: | ||
| APP_NAME: frontend | ||
|
|
||
| jobs: | ||
| infra-test-e2e: | ||
| name: Test service | ||
| runs-on: ubuntu-latest | ||
|
|
||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v3 | ||
|
|
||
| - uses: hashicorp/setup-terraform@v2 | ||
| with: | ||
| terraform_version: 1.2.1 | ||
| terraform_wrapper: false | ||
|
|
||
| - uses: actions/setup-go@v3 | ||
| with: | ||
| go-version: ">=1.19.0" | ||
|
|
||
| - name: Configure AWS credentials | ||
| uses: ./.github/actions/configure-aws-credentials | ||
| with: | ||
| app_name: ${{ env.APP_NAME }} | ||
| # Run infra CI on dev environment | ||
| environment: dev | ||
|
|
||
| - name: Run Terratest | ||
| run: make APP_NAME=${{ env.APP_NAME }} infra-test-service |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -5,18 +5,37 @@ on: | |
| branches: | ||
| - main | ||
| paths: | ||
| - bin/** | ||
| - infra/** | ||
| - .github/workflows/ci-infra.yml | ||
| - .github/workflows/** | ||
| pull_request: | ||
| paths: | ||
| - bin/** | ||
| - infra/** | ||
| - test/** | ||
| - .github/workflows/ci-infra.yml | ||
|
|
||
| env: | ||
| APP_NAME: frontend | ||
| - .github/workflows/** | ||
|
|
||
| jobs: | ||
| lint-github-actions: | ||
| # Lint github actions files using https://github.com/rhysd/actionlint | ||
| # This job configuration is largely copied from https://github.com/rhysd/actionlint/blob/main/docs/usage.md#use-actionlint-on-github-actions | ||
| name: Lint GitHub Actions workflows | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| - name: Download actionlint | ||
| id: get_actionlint | ||
| run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) | ||
| shell: bash | ||
| - name: Check workflow files | ||
| run: ${{ steps.get_actionlint.outputs.executable }} -color | ||
| shell: bash | ||
| lint-scripts: | ||
| name: Lint scripts | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: actions/checkout@v3 | ||
| - name: Shellcheck | ||
| run: make infra-lint-scripts | ||
| check-terraform-format: | ||
| name: Check Terraform format | ||
| runs-on: ubuntu-latest | ||
|
|
@@ -26,10 +45,10 @@ jobs: | |
| with: | ||
| terraform_version: 1.4.6 | ||
| terraform_wrapper: false | ||
| - name: Run infra-lint | ||
| - name: Run infra-lint-terraform | ||
| run: | | ||
| echo "If this fails, run 'make infra-format'" | ||
| make infra-lint | ||
| make infra-lint-terraform | ||
| validate-terraform: | ||
| name: Validate Terraform modules | ||
| runs-on: ubuntu-latest | ||
|
|
@@ -39,8 +58,8 @@ jobs: | |
| with: | ||
| terraform_version: 1.4.6 | ||
| terraform_wrapper: false | ||
| - name: Run infra-validate | ||
| run: make infra-validate | ||
| - name: Validate | ||
| run: make infra-validate-modules | ||
| check-compliance-with-checkov: | ||
| name: Check compliance with checkov | ||
| runs-on: ubuntu-latest | ||
|
|
@@ -74,33 +93,3 @@ jobs: | |
| uses: aquasecurity/[email protected] | ||
| with: | ||
| github_token: ${{ github.token }} | ||
|
|
||
| infra-test-e2e: | ||
| name: End-to-end tests | ||
| runs-on: ubuntu-latest | ||
|
|
||
| permissions: | ||
| contents: read | ||
| id-token: write | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v3 | ||
|
|
||
| - uses: hashicorp/setup-terraform@v2 | ||
| with: | ||
| terraform_version: 1.2.1 | ||
| terraform_wrapper: false | ||
|
|
||
| - uses: actions/setup-go@v3 | ||
| with: | ||
| go-version: ">=1.19.0" | ||
|
|
||
| - name: Configure AWS credentials | ||
| uses: ./.github/actions/configure-aws-credentials | ||
| with: | ||
| app_name: frontend | ||
| # Run infra CI on dev environment | ||
| environment: dev | ||
|
|
||
| - name: Run Terratest | ||
| run: make APP_NAME=${{ env.APP_NAME }} infra-test | ||
Oops, something went wrong.