Skip to content
Integrate

figuring out endpoint #301

Sign in to view logs

figuring out endpoint

figuring out endpoint #301

Workflow file for this run

.github/workflows/integrate.yml at 7e9f855
name: Integrate
on:
push:
pull_request:
types:
- opened
- reopened
- synchronize
- ready_for_review
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
NAMESPACE: ida
ENVIRONMENT: >
${{ github.ref_name == 'master' && 'production' || github.ref_name == 'development.v2' && 'staging' || 'staging' }}
CI_TAG: dev
PYTHON: 3.11
SKIP_APP: |
eslint,prettier,tf-fmt,tf-hclfmt,tf-lint,tf-validate,tf-docs,tfsec,docs
SKIP_TF: |
ruff,ruff-format,eslint,prettier,docs
SKIP_UI: |
ruff,ruff-format,tf-fmt,tf-hclfmt,tf-lint,tf-validate,tf-docs,tfsec,docs
TFLINT_PLUGIN_CACHE: .terraform.d/plugin-cache/.tflint.d/plugins
TF_ROOT: ./tf
TF_VERSION: 1.6
TG_VERSION: 0.67.16
permissions:
checks: write
contents: write
id-token: write # OIDC permission.
pull-requests: write
jobs:
integrate_app:
name: 'Integrate App'
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
services:
postgres:
image: postgres:16
env:
POSTGRES_DB: ida
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
options: >-
--health-cmd="pg_isready -d ida -U postgres"
--health-interval=10s
--health-timeout=10s
--health-retries=10
ports:
- 5432:5432
mysql:
image: mysql:5.7.27
env:
MYSQL_DATABASE: resourcespace
MYSQL_USER: dalme
MYSQL_PASSWORD: dalme
MYSQL_ROOT_PASSWORD: root
ports:
- 3306:3306
options: >-
--health-cmd="mysqladmin ping -h 127.0.0.1 -u dalme --password=dalme --ssl-mode=DISABLED"
--health-interval=10s
--health-timeout=5s
--health-retries=3
elasticsearch:
image: elasticsearch:7.8.0
env:
ES_JAVA_OPTS: -Xms512m -Xmx512m
bootstrap.memory_lock: true
discovery.type: single-node
xpack.security.enabled: false
ports:
- 9200:9200
options: >-
--health-cmd="curl http://elasticsearch:9200/_cluster/health"
--health-interval=10s
--health-timeout=5s
--health-retries=10
steps:
- name: Wait for PostgreSQL to be ready
run: |
for i in {1..30}; do
pg_isready -h localhost -p 5432 -U postgres && exit 0
echo "Waiting for PostgreSQL..."
sleep 4 # Retain 4-second intervals
done
echo "PostgreSQL failed to start in time" >&2
exit 1
- name: Wait for MySQL to be ready
run: |
for i in {1..30}; do
mysqladmin ping -h 127.0.0.1 -u dalme --password=dalme --ssl-mode=DISABLED && exit 0
echo "Waiting for MySQL..."
sleep 4
done
echo "MySQL failed to start in time" >&2
exit 1
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON }}
- uses: docker/build-push-action@v5
with:
context: .
file: config/docker/Dockerfile.app
build-args: |
BUILD=${{ github.sha }}
load: false
push: false
cache-from: |
type=gha,scope=app.base
cache-to: |
type=gha,scope=app.base,mode=max
target: base
- uses: docker/build-push-action@v5
with:
context: .
file: config/docker/Dockerfile.app
load: false
push: false
cache-from: |
type=gha,scope=app.dev-reqs
type=gha,scope=app.base
cache-to: |
type=gha,scope=app.dev-reqs,mode=max
target: dev-reqs
- uses: docker/build-push-action@v5
with:
context: .
file: config/docker/Dockerfile.app
load: false
push: false
cache-from: |
type=gha,scope=app.install-dev
type=gha,scope=app.dev-reqs
type=gha,scope=app.base
cache-to: |
type=gha,scope=app.install-dev,mode=max
target: install-dev
- uses: docker/build-push-action@v5
with:
context: .
file: config/docker/Dockerfile.app
build-args: |
DAM_DB_NAME=resourcespace
DAM_DB_USER=dalme
DAM_DB_PASSWORD=dalme
DAM_DB_HOST=172.17.0.1
'DAM_DB_PORT=${{ job.services.mysql.ports[3306] }}'
POSTGRES_DB=ida
POSTGRES_USER=postgres
POSTGRES_PASSWORD=postgres
POSTGRES_HOST=172.17.0.1
'POSTGRES_PORT=${{ job.services.postgres.ports[5432] }}'
ELASTICSEARCH_ENDPOINT=172.17.0.1:9200
load: true
push: false
cache-from: |
type=gha,scope=app.ci
type=gha,scope=app.install-dev
type=gha,scope=app.dev-reqs
type=gha,scope=app.base
cache-to: |
type=gha,scope=app.ci,mode=max
target: ci
tags: ${{ env.NAMESPACE }}.app:${{ env.CI_TAG }}
- uses: pre-commit/[email protected]
env:
SKIP: ${{ env.SKIP_APP }}
- id: test
name: Test
uses: mathiasvr/[email protected]
env:
TRAP: >
trap 'echo "exit-code=$?" >> "$GITHUB_OUTPUT"' EXIT
TEST: >
docker run
-e ENV=ci
-e DJANGO_CONFIGURATION='CI'
-v /tmp:/tmp
--rm ${{ env.NAMESPACE }}.app:${{ env.CI_TAG }}
pytest
--cov=.
--cov-report=term-missing:skip-covered
--hypothesis-show-statistics
--junitxml=/tmp/pytest.xml
| tee /tmp/pytest-coverage.txt
with:
run: |
${{ env.TRAP }}
${{ env.TEST }}
- uses: MishaKav/[email protected]
with:
coverage-path-prefix: app/
junitxml-path: /tmp/pytest.xml
pytest-coverage-path: /tmp/pytest-coverage.txt
integrate_ui:
name: 'Integrate UI'
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON }}
- uses: docker/setup-buildx-action@v3
- uses: docker/build-push-action@v5
with:
context: .
file: config/docker/Dockerfile.ui
load: false
push: false
cache-from: |
type=gha,scope=ui.base
cache-to: |
type=gha,scope=ui.base,mode=max
target: base
- uses: docker/build-push-action@v5
with:
context: .
file: config/docker/Dockerfile.ui
load: false
push: false
cache-from: |
type=gha,scope=ui.reqs
type=gha,scope=ui.base
cache-to: |
type=gha,scope=ui.reqs,mode=max
target: reqs
- uses: docker/build-push-action@v5
with:
context: .
file: config/docker/Dockerfile.ui
load: true
push: false
cache-from: |
type=gha,scope=ui.ci
type=gha,scope=ui.reqs
type=gha,scope=ui.base
cache-to: |
type=gha,scope=ui.ci,mode=max
target: ci
tags: ${{ env.NAMESPACE }}.ui:${{ env.CI_TAG }}
- uses: pre-commit/[email protected]
env:
SKIP: ${{ env.SKIP_UI }}
- name: Test
run: >
docker run --rm ${{ env.NAMESPACE }}.ui:${{ env.CI_TAG }}
yarn test:unit:ci
integrate_docs:
name: 'Integrate Docs'
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON }}
- uses: docker/setup-buildx-action@v3
- uses: docker/build-push-action@v5
with:
context: .
file: config/docker/Dockerfile.docs
load: false
push: false
cache-from: |
type=gha,scope=docs.base
cache-to: |
type=gha,scope=docs.base,mode=max
target: base
- uses: docker/build-push-action@v5
with:
context: .
file: config/docker/Dockerfile.docs
load: false
push: false
cache-from: |
type=gha,scope=docs.reqs
type=gha,scope=docs.base
cache-to: |
type=gha,scope=docs.reqs,mode=max
target: reqs
- uses: docker/build-push-action@v5
with:
context: .
file: config/docker/Dockerfile.docs
load: false
push: false
cache-from: |
type=gha,scope=docs.install
type=gha,scope=docs.reqs
type=gha,scope=docs.base
cache-to: |
type=gha,scope=docs.install,mode=max
target: install
- uses: docker/build-push-action@v5
with:
context: .
file: config/docker/Dockerfile.docs
load: false
push: false
cache-from: |
type=gha,scope=docs.render
type=gha,scope=docs.install
type=gha,scope=docs.reqs
type=gha,scope=docs.base
target: render
integrate_terraform:
name: 'Integrate Terraform'
if: github.event.pull_request.draft == false
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- id: create-caches
run: |
mkdir -p ~/${{ env.TFLINT_PLUGIN_CACHE }}
- uses: actions/cache@v4
with:
path: ~/${{ env.TFLINT_PLUGIN_CACHE }}
key: ${{ runner.os }}-tflint-plugin-cache-${{ hashFiles('tf/.tflint.hcl') }}
- uses: actions/setup-python@v4
with:
python-version: ${{ env.PYTHON }}
- uses: docker/setup-buildx-action@v3
- uses: docker/build-push-action@v5
with:
context: .
file: config/docker/Dockerfile.deploy
load: false
push: false
cache-from: |
type=gha,scope=terraform.base
cache-to: |
type=gha,scope=terraform.base,mode=max
target: base
- uses: docker/build-push-action@v5
with:
context: .
file: config/docker/Dockerfile.deploy
load: false
push: false
cache-from: |
type=gha,scope=terraform.iamlive
type=gha,scope=terraform.base
cache-to: |
type=gha,scope=terraform.iamlive,mode=max
target: iamlive
- uses: docker/build-push-action@v5
with:
context: .
file: config/docker/Dockerfile.deploy
load: false
push: false
cache-from: |
type=gha,scope=terraform.terragrunt
type=gha,scope=terraform.iamlive
type=gha,scope=terraform.base
cache-to: |
type=gha,scope=terraform.terragrunt,mode=max
target: terragrunt
- uses: docker/build-push-action@v5
with:
context: .
file: config/docker/Dockerfile.deploy
load: false
push: false
cache-from: |
type=gha,scope=terraform.tfdocs
type=gha,scope=terraform.terragrunt
type=gha,scope=terraform.iamlive
type=gha,scope=terraform.base
cache-to: |
type=gha,scope=terraform.tfdocs,mode=max
target: tfdocs
- uses: docker/build-push-action@v5
with:
context: .
file: config/docker/Dockerfile.deploy
load: false
push: false
cache-from: |
type=gha,scope=terraform.tfupdate
type=gha,scope=terraform.tfdocs
type=gha,scope=terraform.terragrunt
type=gha,scope=terraform.iamlive
type=gha,scope=terraform.base
cache-to: |
type=gha,scope=terraform.tfupdate,mode=max
target: tfupdate
- uses: docker/build-push-action@v5
with:
context: .
file: config/docker/Dockerfile.deploy
load: true
push: false
cache-from: |
type=gha,scope=terraform.tf
type=gha,scope=terraform.tfupdate
type=gha,scope=terraform.tfdocs
type=gha,scope=terraform.terragrunt
type=gha,scope=terraform.iamlive
type=gha,scope=terraform.base
cache-to: |
type=gha,scope=terraform.tf,mode=max
target: tf
tags: ${{ env.NAMESPACE }}.deploy
- uses: pre-commit/[email protected]
env:
SKIP: ${{ env.SKIP_TF }}
IN_CI: 1
# Necessary for the runner to have permissions to remove certain cached
# files created by the container in the course of the run.
- id: chown-globbed
run: >
sudo chown -R $USER:$USER
${{ env.TF_ROOT }}/environments/${{ env.ENVIRONMENT }}
# If you've setup the github app integration for infracost on your
# organization then there's no need to run this job as well, so adjust
# the repository owner check below to suit your needs (we can't use an
# env value in an if statement unfortunately to make this clearer). See:
# https://www.infracost.io/docs/integrations/github_app/
# infracost:
# name: 'Infracost'
# if: >
# github.repository_owner != 'ocp' &&
# github.event_name == 'pull_request' &&
# github.event.pull_request.draft == false
# runs-on: ubuntu-latest
# needs: integrate_terraform
# permissions:
# contents: read
# pull-requests: write
# steps:
# - uses: actions/checkout@v4
# with:
# ref: '${{ github.event.pull_request.base.ref }}'
# # If you use private modules, add an environment variable or secret
# # called GIT_SSH_KEY with your private key, so Infracost can access
# # private repositories.
# # - name: add GIT_SSH_KEY
# # run: |
# # ssh-agent -a /tmp/ssh_agent.sock
# # mkdir -p ~/.ssh
# # echo '${{ secrets.GIT_SSH_KEY }}' | tr -d '\r' | ssh-add -
# # ssh-keyscan github.com >> ~/.ssh/known_hosts
# - uses: infracost/actions/setup@v2
# with:
# api-key: ${{ secrets.INFRACOST_API_KEY }}
# - run: >
# infracost breakdown
# --path=${{ env.TF_ROOT }}
# --format=json
# --out-file=/tmp/infracost-base.json
# - uses: actions/checkout@v4
# - run: >
# infracost diff
# --path=${{ env.TF_ROOT }}
# --format=json
# --compare-to=/tmp/infracost-base.json
# --out-file=/tmp/infracost.json
# # Posts a comment to the PR using the 'update' behavior.
# # This creates a single comment and updates it. The 'quietest' option.
# # The other valid behaviors are:
# # delete-and-new - Delete previous comments and create a new one.
# # hide-and-new - Minimize previous comments and create a new one.
# # new - Create a new cost estimate comment on every push.
# # See https://www.infracost.io/docs/features/cli_commands/#comment-on-pull-requests for other options.
# - run: >
# infracost comment github
# --path=/tmp/infracost.json
# --repo=$GITHUB_REPOSITORY
# --github-token=${{ github.token }}
# --pull-request=${{ github.event.pull_request.number }}
# --behavior=hide-and-new