[Snyk] Upgrade serverless-python-requirements from 5.4.0 to 6.1.1 #5979
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Deploy Experimental" | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| permissions: | |
| id-token: write | |
| contents: read | |
| actions: read | |
| concurrency: ${{ github.workflow }}-${{ github.ref }} | |
| jobs: | |
| deploy-static: | |
| environment: | |
| name: "dev" | |
| url: ${{ steps.deploy-regulations-site-server.outputs.url }} | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| # Checkout the code | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| submodules: true | |
| # Find the PR number. This is not always trivial which is why this uses an existign action | |
| - name: Find PR number | |
| uses: jwalton/gh-find-current-pr@v1 | |
| id: findPr | |
| with: | |
| # Can be "open", "closed", or "all". Defaults to "open". | |
| state: open | |
| # should build first and save the artifact | |
| - name: Setup Node | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18.14 | |
| # setup python | |
| - uses: actions/setup-python@v4 | |
| if: success() && steps.findPr.outputs.number | |
| with: | |
| python-version: "3.12" | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r ./solution/static-assets/requirements.txt | |
| # build the static assets for the website | |
| - name: build static assets | |
| if: success() && steps.findPr.outputs.number | |
| env: | |
| STATIC_URL: http://localhost:8888/ | |
| STATIC_ROOT: ../static-assets/regulations | |
| VITE_ENV: dev${{ steps.findPr.outputs.pr }} | |
| run: | | |
| pushd solution/backend | |
| python manage.py collectstatic --noinput | |
| cd .. | |
| popd | |
| # Configure AWS credentials for GitHub Actions | |
| - name: Configure AWS credentials for GitHub Actions | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }} | |
| aws-region: us-east-1 | |
| # deploy static assets to AWS | |
| - name: deploy static assets | |
| if: success() && steps.findPr.outputs.number | |
| env: | |
| PR: ${{ steps.findPr.outputs.pr }} | |
| run: | | |
| pushd solution/static-assets | |
| npm install serverless@">=3.38.0 <4" -g | |
| npm install | |
| serverless deploy --stage dev${PR} | |
| popd | |
| deploy-text-extractor: | |
| environment: | |
| name: "dev" | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| # Checkout the code | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| submodules: true | |
| # Find the PR number. This is not always trivial which is why this uses an existign action | |
| - name: Find PR number | |
| uses: jwalton/gh-find-current-pr@v1 | |
| id: findPr | |
| with: | |
| # Can be "open", "closed", or "all". Defaults to "open". | |
| state: open | |
| # Configure AWS credentials for GitHub Actions | |
| - name: Configure AWS credentials for GitHub Actions | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }} | |
| aws-region: us-east-1 | |
| # Deploy the text extractor lambda to AWS | |
| - name: Deploy text extractor lambda | |
| id: deploy-text-extractor | |
| if: success() && steps.findPr.outputs.number | |
| env: | |
| PR: ${{ steps.findPr.outputs.pr }} | |
| RUN_ID: ${{ github.run_id }} | |
| run: | | |
| pushd solution/text-extractor | |
| npm install serverless@">=3.38.0 <4" -g | |
| serverless deploy --stage dev${PR} | |
| popd | |
| deploy-django: | |
| environment: | |
| name: "dev" | |
| outputs: | |
| url: ${{ steps.deploy-regulations-site-server.outputs.url }} | |
| runs-on: ubuntu-22.04 | |
| needs: [deploy-static, deploy-text-extractor] | |
| steps: | |
| # Checkout the code | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| submodules: true | |
| # Find the PR number. This is not always trivial which is why this uses an existign action | |
| - name: Find PR number | |
| uses: jwalton/gh-find-current-pr@v1 | |
| id: findPr | |
| with: | |
| # Can be "open", "closed", or "all". Defaults to "open". | |
| state: open | |
| # should build first and save the artifact | |
| - name: Setup Node | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18.14 | |
| # setup python | |
| - uses: actions/setup-python@v4 | |
| if: success() && steps.findPr.outputs.number | |
| with: | |
| python-version: "3.12" | |
| # Configure AWS credentials for GitHub Actions | |
| - name: Configure AWS credentials for GitHub Actions | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }} | |
| aws-region: us-east-1 | |
| # Deploy the regulation site to AWS | |
| - name: deploy regulations site server | |
| id: deploy-regulations-site-server | |
| if: success() && steps.findPr.outputs.number | |
| env: | |
| PR: ${{ steps.findPr.outputs.pr }} | |
| RUN_ID: ${{ github.run_id }} | |
| run: | | |
| pushd solution/backend | |
| npm install serverless@">=3.38.0 <4" -g | |
| npm install | |
| serverless deploy --config ./serverless-experimental.yml --stage dev${PR} | tee output.log | |
| serverless invoke --config ./serverless-experimental.yml --function create_database --stage dev${PR} | |
| serverless invoke --config ./serverless-experimental.yml --function reg_core_migrate --stage dev${PR} | |
| serverless invoke --config ./serverless-experimental.yml --function create_su --stage dev${PR} | |
| url=$(cat output.log | grep -m1 'ANY -' | cut -c 9-) | |
| url=${url%/} | |
| echo "url=$(echo $url)" >> $GITHUB_OUTPUT | |
| popd | |
| test-python: | |
| needs: [deploy-django] | |
| runs-on: ubuntu-22.04 | |
| env: | |
| STATIC_URL: http://localhost:8888/ | |
| DB_HOST: localhost | |
| DB_NAME: eregs | |
| DB_USER: eregs | |
| DB_PASSWORD: sgere | |
| DB_PORT: 5432 | |
| HTTP_AUTH_USER: ${{ secrets.HTTP_AUTH_USER }} | |
| HTTP_AUTH_PASSWORD: ${{ secrets.HTTP_AUTH_PASSWORD }} | |
| services: | |
| postgres: | |
| image: postgres | |
| env: | |
| STATIC_URL: http://localhost:8888/ | |
| POSTGRES_HOST: localhost | |
| POSTGRES_DB: eregs | |
| POSTGRES_USER: eregs | |
| POSTGRES_PASSWORD: sgere | |
| ports: | |
| - 5432:5432 | |
| # needed because the postgres container does not provide a healthcheck | |
| options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 | |
| steps: | |
| # checkout the code | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| submodules: true | |
| # setup Python | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: "3.12" | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r ./solution/static-assets/requirements.txt | |
| # run Python unit tests | |
| - name: Run Python unit tests | |
| working-directory: ./solution/backend | |
| run: | | |
| DJANGO_SETTINGS_MODULE="cmcs_regulations.settings.test_settings" pytest -vv | |
| build-and-deploy-vue: | |
| environment: | |
| name: "dev" | |
| runs-on: ubuntu-22.04 | |
| needs: deploy-django | |
| steps: | |
| # Checkout the code | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| submodules: true | |
| # Find the PR number. This is not always trivial which is why this uses an existing action | |
| - name: Find PR number | |
| uses: jwalton/gh-find-current-pr@v1 | |
| id: findPr | |
| with: | |
| # Can be "open", "closed", or "all". Defaults to "open". | |
| state: open | |
| # Setup node environment | |
| - name: Setup Node | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: | |
| 18.14 | |
| # setup python | |
| - uses: actions/setup-python@v4 | |
| if: success() && steps.findPr.outputs.number | |
| with: | |
| python-version: "3.12" | |
| - name: Make envfile | |
| uses: SpicyPizza/[email protected] | |
| with: | |
| envkey_VITE_API_URL: ${{ needs.deploy-django.outputs.url }} | |
| directory: solution/ui/regulations/eregs-vite | |
| file_name: .env | |
| # build the static assets for the website | |
| - name: build static assets | |
| if: success() && steps.findPr.outputs.number | |
| env: | |
| STATIC_URL: http://localhost:8888/ | |
| STATIC_ROOT: ../static-assets/regulations | |
| VITE_ENV: dev${{ steps.findPr.outputs.pr }} | |
| run: | | |
| pushd solution | |
| make regulations | |
| popd | |
| # Configure AWS credentials for GitHub Actions | |
| - name: Configure AWS credentials for GitHub Actions | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }} | |
| aws-region: us-east-1 | |
| # deploy static assets to AWS | |
| - name: deploy static assets | |
| if: success() && steps.findPr.outputs.number | |
| env: | |
| PR: ${{ steps.findPr.outputs.pr }} | |
| run: | | |
| pushd solution/static-assets | |
| npm install serverless@">=3.38.0 <4" -g | |
| npm install | |
| serverless deploy --stage dev${PR} | |
| popd | |
| deploy-go: | |
| environment: | |
| name: "dev" | |
| runs-on: ubuntu-22.04 | |
| needs: deploy-django | |
| steps: | |
| # Checkout the code | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| submodules: true | |
| # Find the PR number. This is not always trivial which is why this uses an existign action | |
| - name: Find PR number | |
| uses: jwalton/gh-find-current-pr@v1 | |
| id: findPr | |
| with: | |
| # Can be "open", "closed", or "all". Defaults to "open". | |
| state: open | |
| # Configure AWS credentials for GitHub Actions | |
| - name: Configure AWS credentials for GitHub Actions | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }} | |
| aws-region: us-east-1 | |
| # deploy and run eCFR parser | |
| - name: deploy and run eCFR parser | |
| id: deploy-run-ecfr-parser | |
| timeout-minutes: 20 | |
| env: | |
| PR: ${{ steps.findPr.outputs.pr }} | |
| run: | | |
| pushd solution/parser | |
| npm install serverless@">=3.38.0 <4" -g | |
| npm install | |
| serverless deploy --stage dev${PR} --config ./serverless-ecfr.yml | |
| AWS_CLIENT_TIMEOUT=360000 serverless invoke --function ecfr_parser --stage dev${PR} --config ./serverless-ecfr.yml | |
| popd | |
| # deploy and run Federal Register parser | |
| - name: deploy and run FR parser | |
| id: deploy-run-fr-parser | |
| env: | |
| PR: ${{ steps.findPr.outputs.pr }} | |
| run: | | |
| pushd solution/parser | |
| npm install serverless@">=3.38.0 <4" -g | |
| npm install | |
| serverless deploy --stage dev${PR} --config ./serverless-fr.yml | |
| AWS_CLIENT_TIMEOUT=360000 serverless invoke --function fr_parser --stage dev${PR} --config ./serverless-fr.yml | |
| popd | |
| notify: | |
| permissions: | |
| pull-requests: write | |
| runs-on: ubuntu-22.04 | |
| needs: [deploy-go, deploy-django] | |
| steps: | |
| - name: Find PR number | |
| uses: jwalton/gh-find-current-pr@v1 | |
| id: findPr | |
| with: | |
| # Can be "open", "closed", or "all". Defaults to "open". | |
| state: open | |
| # Notify github that this is deployed and ready to look at | |
| - name: Create deployment comment | |
| uses: peter-evans/create-or-update-comment@v2 | |
| env: | |
| django_url: ${{ needs.deploy-django.outputs.url }} | |
| with: | |
| issue-number: ${{ steps.findPr.outputs.pr }} | |
| body: | | |
| :sparkles: See the Django Site [in action][1] :sparkles: | |
| [1]: ${{ env.django_url }} | |
| reactions: "+1" | |
| test-cypress: | |
| environment: | |
| name: "dev" | |
| runs-on: ubuntu-22.04 | |
| needs: [deploy-django, build-and-deploy-vue] | |
| #needs: [deploy-go, deploy-django, build-and-deploy-vue] | |
| steps: | |
| # Checkout the code | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| with: | |
| submodules: true | |
| # Configure AWS credentials for GitHub Actions | |
| - name: Configure AWS credentials for GitHub Actions | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_OIDC_ROLE_TO_ASSUME }} | |
| aws-region: us-east-1 | |
| # Get test user credentials from AWS Parameter Store | |
| - name: Get test user credentials | |
| uses: dkershner6/aws-ssm-getparameters-action@v1 | |
| with: | |
| parameterPairs: "/eregulations/http/user = CYPRESS_TEST_USERNAME, | |
| /eregulations/http/password = CYPRESS_TEST_PASSWORD, | |
| /eregulations/http/reader_user = CYPRESS_READER_USERNAME, | |
| /eregulations/http/reader_password = CYPRESS_READER_PASSWORD" | |
| withDecryption: "true" # defaults to true | |
| # Setup node environment | |
| - name: Setup Node | |
| uses: actions/setup-node@v3 | |
| with: | |
| node-version: 18.14 | |
| # Run the cypress tests | |
| - name: end-to-end tests | |
| uses: cypress-io/github-action@v5 | |
| with: | |
| working-directory: solution/ui/e2e | |
| config: baseUrl=${{ needs.deploy-django.outputs.url }} | |
| env: | |
| CYPRESS_DEPLOYING: true | |
| - uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: cypress-screenshots | |
| path: /home/runner/work/cmcs-eregulations/cmcs-eregulations/solution/ui/e2e/cypress/screenshots/*/* | |
| # Test run video was always captured, so this action uses "always()" condition | |
| - uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: cypress-videos | |
| path: /home/runner/work/cmcs-eregulations/cmcs-eregulations/solution/ui/e2e/cypress/videos/* |