chore: Create preview apps on ECS (M2-6368) #16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Preview and Test | |
| on: | |
| pull_request: | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| # push: | |
| # branches: | |
| # - "feature/**" | |
| # Only run the latest. Cancel old runs in progress. | |
| concurrency: | |
| cancel-in-progress: true | |
| group: "preview-env-manage-${{ github.ref_name }}" | |
| env: | |
| APP_NAME: ${{ github.event.repository.name }} | |
| VPC_ID: vpc-0a83201b71e854abd | |
| COPILOT_SERVICE: mindlogger-backend | |
| AWS_REGION: us-east-1 | |
| jobs: | |
| # set-env-name: | |
| # uses: ./.github/workflows/env-name.yaml | |
| create-preview-env: | |
| uses: ./.github/workflows/create-preview-env.yaml | |
| with: | |
| env-name: "pr-${{ github.event.number }}" | |
| env-snake-name: "pr_${{ github.event.number }}" | |
| app-name: ${{ github.event.repository.name }} | |
| vpc-id: vpc-0a83201b71e854abd | |
| copilot-service: mindlogger-backend | |
| # name: Create Preview Env | |
| # needs: [set-env-name] | |
| # permissions: | |
| # id-token: write | |
| # contents: read | |
| # pull-requests: write | |
| # discussions: write | |
| # env: | |
| # ENV_NAME: ${{ needs.set-env-name.outputs.env-name }} | |
| # ENV_SNAKE_NAME: ${{ needs.set-env-name.outputs.env-snake-name }} | |
| # | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - name: configure aws credentials | |
| # uses: aws-actions/configure-aws-credentials@v4 | |
| # with: | |
| # role-to-assume: arn:aws:iam::992382368072:role/cmiml-feature-oidc-github-role | |
| # role-session-name: gha-preview-env | |
| # aws-region: ${{ env.AWS_REGION }} | |
| # - name: Install copilot | |
| # run: | | |
| # curl -Lo copilot https://github.com/aws/copilot-cli/releases/latest/download/copilot-linux && chmod +x copilot && | |
| # sudo mv copilot /usr/local/bin/copilot && copilot -v | |
| # - name: Create secrets for environment | |
| # # Each env needs a secret. This is a copilot limitation. So the baseline secret | |
| # # is copied and tagged properly for copilot to pick it up. | |
| # run: | | |
| # SECRET_STRING=$(aws secretsmanager get-secret-value --secret-id cmiml-feature-feature) | |
| # aws secretsmanager create-secret --name cmiml-feature-${{ env.ENV_NAME }} --secret-string '$SECRET_STRING' --kms-key-id alias/aws/secretsmanager --tags "Key=copilot-application,Value=${{ env.APP_NAME }}" "Key=copilot-environment,Value=${{ env.ENV_NAME }}" | |
| # | |
| # - uses: actions/checkout@v4 | |
| # name: Checkout | |
| # - name: Create environment | |
| # run: copilot/scripts/env-init.sh | |
| # - name: Deploy environment | |
| # run: copilot/scripts/env-deploy.sh | |
| # - name: Deploy service | |
| # run: copilot/scripts/svc-deploy.sh | |
| # - name: Get service URL | |
| # id: service-url | |
| # run: echo "SERVICE_URL=$(copilot svc show -n service-a --json | jq -r '.routes[] | select( .environment | contains("${{ env.ENV_NAME }}") ) | .url')" >> $GITHUB_OUTPUT | |
| # - name: Comment on PR | |
| # uses: thollander/actions-comment-pull-request@v2 | |
| # if: ${{ github.event_name == 'pull_request' }} | |
| # with: | |
| # message: | | |
| # :arrow_right: Preview environment created: [Click Me!](${{ steps.service-url.outputs.SERVICE_URL }}) | |
| # reactions: eyes, rocket | |
| # comment_tag: service-url | |
| # outputs: | |
| # service-url: ${{ steps.service-url.outputs.SERVICE_URL }} | |
| run-unit-tests: | |
| needs: [create-preview-env] | |
| uses: ./.github/workflows/tests.yaml | |
| create-database: | |
| needs: [create-preview-env] | |
| name: Create preview env DB | |
| uses: ./.github/workflows/create_db.yaml | |
| with: | |
| db-name: "mindlogger_backend_pr_${{ github.event.number }}" | |
| run-int-tests: | |
| name: Run E2E Test Suite | |
| needs: [create-preview-env, run-unit-tests] | |
| if: ${{ always() && (needs.run-unit-tests.result == 'success') }} | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: read | |
| pull-requests: write | |
| discussions: write | |
| steps: | |
| - name: configure aws credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: arn:aws:iam::992382368072:role/cmiml-feature-oidc-github-role | |
| role-session-name: gha-preview-env | |
| aws-region: ${{ env.AWS_REGION }} | |
| - uses: actions/checkout@v4 | |
| name: Checkout | |
| with: | |
| repository: ChildMindInstitute/MindLogger-TAF | |
| # Matching deploy key in TAF repo | |
| ssh-key: ${{ secrets.TAF_PRIVATE_KEY }} | |
| ref: release | |
| - name: Install | |
| run: npm install | |
| - name: Setup Environment | |
| run: | | |
| sed -i 's/API_DOMAIN.*//' .env ; | |
| echo 'API_DOMAIN=${{ needs.create-preview-env.outputs.service-url }}' >> .env | |
| - name: Get Secrets by Name and by ARN | |
| uses: aws-actions/aws-secretsmanager-get-secrets@v2 | |
| with: | |
| secret-ids: | | |
| taf/dev | |
| parse-json-secrets: true | |
| - name: Run tests | |
| run: npm run test:api | |
| continue-on-error: true | |
| id: taf-tests | |
| - name: Comment on PR with test success | |
| if: steps.taf-tests.outcome == 'success' && github.event_name == 'pull_request' | |
| uses: thollander/actions-comment-pull-request@v2 | |
| with: | |
| message: | | |
| :white_check_mark: Unit/Integration tests passed! | |
| comment_tag: taf-results | |
| - name: Comment on PR with test failure | |
| if: steps.taf-tests.outcome != 'success' && github.event_name == 'pull_request' | |
| uses: thollander/actions-comment-pull-request@v2 | |
| with: | |
| message: | | |
| :x: Integration tests failed | |
| comment_tag: taf-results | |
| - name: Fail | |
| if: steps.taf-tests.outcome != 'success' && github.event_name == 'pull_request' | |
| uses: actions/github-script@v3 | |
| with: | |
| script: | | |
| core.setFailed('Unit tests failed') | |
| - name: Collect artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: taf-results | |
| path: test-results/api | |
| if-no-files-found: error | |
| - name: Fail if tests failed | |
| if: steps.taf-tests.outcome != 'success' | |
| uses: actions/github-script@v3 | |
| with: | |
| script: | | |
| core.setFailed('Unit/Int tests failed') | |
| publish-report: | |
| name: Publish Report | |
| needs: [run-int-tests] | |
| if: ${{ always() && github.event_name == 'pull_request' && (needs.run-int-tests.result == 'success') }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| name: Checkout | |
| with: | |
| ref: gh-pages | |
| path: gh-pages | |
| - name: Fetch results | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: taf-results | |
| path: test-results/api | |
| - name: Build test report | |
| uses: simple-elf/allure-report-action@master | |
| if: always() | |
| with: | |
| allure_results: test-results/api | |
| gh_pages: gh-pages | |
| allure_history: allure-history | |
| keep_reports: 20 | |
| - name: Deploy report to Github Pages | |
| if: always() | |
| uses: peaceiris/actions-gh-pages@v3 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| publish_dir: allure-history | |
| - name: Post the link to the report | |
| if: always() | |
| uses: Sibz/github-status-action@v1 | |
| with: | |
| authToken: ${{secrets.GITHUB_TOKEN}} | |
| context: 'Test report' | |
| state: 'success' | |
| sha: ${{ github.event.pull_request.head.sha }} | |
| target_url: https://childmindinstitute.github.io/preview-app-demo/${{ github.run_number }} | |