chore(deps): bump pre-commit from 3.3.1 to 3.3.3 #239
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Deploy Terraform | |
| on: | |
| workflow_dispatch: | |
| push: | |
| paths-ignore: | |
| - '**md' | |
| pull_request: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - '**md' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS_DEFAULT_REGION: eu-west-1 | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| S3_BUCKET_NAME: simple-test-versioned-bucket | |
| ECR_REPO_NAME: db-data-import-ecr | |
| CI_VERSION: snapshot.${{github.sha}} | |
| jobs: | |
| Deploy: | |
| name: Deploy | |
| runs-on: ubuntu-latest | |
| if: ${{ github.actor != 'dependabot[bot]' }} | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@v3 | |
| - uses: actions/setup-python@v4 | |
| id: setup-python | |
| with: | |
| python-version: '3.10' | |
| - name: Install Poetry | |
| uses: snok/install-poetry@v1 | |
| with: | |
| virtualenvs-create: true | |
| virtualenvs-in-project: true | |
| installer-parallel: true | |
| - name: Load cached venv | |
| id: cached-dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| .venv | |
| ~/.cache/pre-commit | |
| ci/cache/docker/python-image | |
| key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}pre-commit|${{ env.PY }}|${{ | |
| hashFiles('.pre-commit-config.yaml') }}cache-docker-python | |
| - name: Install dependencies | |
| if: steps.cached-dependencies.outputs.cache-hit != 'true' | |
| run: poetry install --no-interaction --no-root | |
| - name: Install pre-commit hooks | |
| if: steps.cached-dependencies.outputs.cache-hit != 'true' | |
| run: | | |
| source .venv/bin/activate | |
| pre-commit install-hooks | |
| - name: Run pre-commit | |
| run: | | |
| source .venv/bin/activate | |
| SKIP=terraform_tflint pre-commit run --all-files | |
| - name: Create lambda layer | |
| run: | | |
| poetry export -f requirements.txt --output requirements.txt --only lambda | |
| mkdir python/lib/python3.9/site-packages | |
| - name: Pull Docker image for layer zip creation | |
| run: | | |
| docker pull public.ecr.aws/sam/build-python3.9:1.81.0 && mkdir -p ci/cache/docker/python-image && docker image save public.ecr.aws/sam/build-python3.9:1.81.0 --output ./ci/cache/docker/python-image/build-python3.9-1.81.0.tar | |
| - name: Populate dependencies | |
| if: steps.cached-dependencies.outputs.cache-hit != 'true' | |
| run: | | |
| docker image load --input ./ci/cache/docker/python-image/build-python3.9-1.81.0.tar | |
| docker run -v "$PWD":/var/task "public.ecr.aws/sam/build-python3.9" /bin/sh -c "pip install -r requirements.txt -t python/lib/python3.9/site-packages/; exit" | |
| zip -r terraform/src/mypythonlibs.zip python > /dev/null | |
| - name: Initialize Terraform | |
| run: | | |
| cd terraform/src | |
| terraform init -backend-config=backend.hcl | |
| - name: Terraform Plan | |
| run: | | |
| cd terraform/src | |
| terraform plan \ | |
| -var 'db_username=${{ secrets.DB_USERNAME }}' \ | |
| -var 'db_password=${{ secrets.DB_PASSWORD }}' \ | |
| -var 'my_ip_addresses=${{ secrets.IP_ADDRESSES }}' \ | |
| -out=terraform.plan | |
| - name: Terraform Apply | |
| run: | | |
| cd terraform/src && | |
| terraform apply terraform.plan | |
| # Expose useful environment variables to the action such as env.CI_ACTION_REF_NAME_SLUG and env.CI_SHA_SHORT | |
| - uses: FranzDiebold/github-env-vars-action@v2 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v2 # More information on this action can be found below in the 'AWS Credentials' section | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_DEFAULT_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Cache Docker layers | |
| uses: actions/cache@v3 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx- | |
| - name: Build docker | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| file: Dockerfile | |
| push: true | |
| build-args: | | |
| USER=${{ secrets.DB_USERNAME }} | |
| PASSWORD=${{ secrets.DB_PASSWORD }} | |
| DATABASE=mydb | |
| HOST=my-sql-demo-db.cbppkiwouxgk.eu-west-1.rds.amazonaws.com | |
| PORT=3306 | |
| FILE=hero_attribute.csv | |
| TABLE=hero_attribute | |
| tags: | | |
| ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPO_NAME }}:${{ env.CI_ACTION_REF_NAME_SLUG }}.${{ env.CI_SHA_SHORT }} | |
| ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPO_NAME }}:latest | |
| labels: repository=${{ github.repository }} gh_job=${{ github.job }} | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache | |
| s3_sync: | |
| name: Sync Data in S3 | |
| runs-on: ubuntu-latest | |
| needs: [Deploy] | |
| if: ${{ github.actor != 'dependabot[bot]' }} | |
| steps: | |
| - name: Checkout Repo | |
| uses: actions/checkout@v3 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.10' | |
| - name: Install AWS CLI | |
| run: | | |
| python -m pip install --upgrade pip setuptools wheel | |
| pip install awscli | |
| - name: Sync Data in S3 | |
| run: | | |
| echo "S3_BUCKET_NAME=${S3_BUCKET_NAME}" >> $GITHUB_ENV | |
| echo "s3://${{ env.S3_BUCKET_NAME }}" | |
| aws s3 sync test-bucket-data 's3://${{ env.S3_BUCKET_NAME }}' --delete |