refactor: cleanup for detroit 2025 #164
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
env: | |
POETRY_VIRTUALENVS_IN_PROJECT: true | |
VITE_PUBLIC_URL: "" | |
VITE_BASE_URL: "" | |
ENVIRONMENT: local | |
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
permissions: | |
id-token: write | |
contents: read | |
on: | |
pull_request: | |
types: [opened, synchronize] | |
push: | |
workflow_dispatch: | |
jobs: | |
python-checks: | |
runs-on: ubuntu-latest | |
services: | |
postgres: | |
image: kartoza/postgis:13.0 | |
env: | |
POSTGRES_USER: ptap | |
POSTGRES_PASSWORD: postgres | |
POSTGRES_DB: ptap | |
ports: | |
# will assign a random free host port | |
- 5432/tcp | |
# needed because the postgres container does not provide a healthcheck | |
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 | |
steps: | |
- uses: actions/checkout@v2 | |
- run: pipx install poetry | |
- uses: actions/setup-python@v4 | |
id: py | |
with: | |
python-version: 3.11 | |
cache: poetry | |
- run: poetry install --no-interaction | |
- run: poetry run black . --check | |
- run: poetry run ruff check . | |
- name: Download and restore database | |
env: | |
S3_BUCKET: ptap-dev-assets | |
DATABASE_URL: postgresql://ptap:postgres@localhost:${{ job.services.postgres.ports[5432] }}/ptap | |
run: | | |
make download-data | |
make restore | |
- env: | |
DATABASE_URL: postgresql://ptap:postgres@localhost:${{ job.services.postgres.ports[5432] }}/ptap | |
run: poetry run pytest | |
js-checks: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: actions/setup-node@v1 | |
with: | |
node-version: "17.x" | |
- uses: actions/cache@v1 | |
with: | |
path: ~/.npm | |
key: npm-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
npm- | |
- run: npm ci --prefer-offline --no-audit --no-optional | |
- run: npm run lint | |
- run: npm run prettier | |
- run: npm run build | |
cypress: | |
runs-on: ubuntu-latest | |
services: | |
postgres: | |
image: kartoza/postgis:13.0 | |
env: | |
POSTGRES_USER: ptap | |
POSTGRES_PASSWORD: postgres | |
POSTGRES_DB: ptap | |
ports: | |
# will assign a random free host port | |
- 5432/tcp | |
# needed because the postgres container does not provide a healthcheck | |
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 | |
steps: | |
- uses: actions/checkout@v2 | |
- run: pipx install poetry | |
- uses: actions/setup-python@v4 | |
id: py | |
with: | |
python-version: 3.11 | |
cache: poetry | |
- run: poetry install --no-interaction | |
- uses: actions/setup-node@v1 | |
with: | |
node-version: "17.x" | |
- uses: actions/cache@v1 | |
with: | |
path: ~/.npm | |
key: npm-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
npm- | |
- run: npm ci --prefer-offline --no-audit --no-optional | |
- run: npx cypress install | |
- name: Install GDAL dependencies | |
run: sudo apt-get update -y && sudo apt-get install -y gdal-bin | |
- name: Download and restore database | |
env: | |
S3_BUCKET: ptap-dev-assets | |
DATABASE_URL: postgresql://ptap:postgres@localhost:${{ job.services.postgres.ports[5432] }}/ptap | |
run: | | |
make download-data | |
make restore | |
- uses: cypress-io/github-action@v4.1.0 | |
env: | |
VITE_BASE_URL: "http://localhost:5000" | |
VITE_PUBLIC_URL: "" | |
DATABASE_URL: postgresql://ptap:postgres@localhost:${{ job.services.postgres.ports[5432] }}/ptap | |
with: | |
config-file: cypress.config.js | |
build: npm run build | |
start: make start-py | |
wait-on: "http://localhost:5000" | |
wait-on-timeout: 60 | |
browser: chrome | |
headless: true | |
- uses: actions/upload-artifact@v3 | |
if: failure() | |
with: | |
name: cypress-screenshots | |
path: cypress/screenshots | |
if-no-files-found: ignore | |
- uses: actions/upload-artifact@v3 | |
if: failure() | |
with: | |
name: cypress-videos | |
path: cypress/videos | |
if-no-files-found: ignore | |
deploy: | |
needs: [python-checks, js-checks, cypress] | |
if: github.repository_owner == 'PropertyTaxProject' && github.ref == 'refs/heads/master' && github.event_name == 'push' | |
runs-on: ubuntu-latest | |
env: | |
DEPLOY_ENV: ${{ github.ref == 'refs/heads/master' && 'prod' || 'prod' }} | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: arn:aws:iam::${{ vars.AWS_ACCOUNT_ID }}:role/ptap-terraform-github-role | |
aws-region: us-east-1 | |
- uses: actions/setup-node@v1 | |
with: | |
node-version: "17.x" | |
- uses: actions/cache@v1 | |
with: | |
path: ~/.npm | |
key: npm-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
npm- | |
- run: pipx install poetry | |
- uses: actions/setup-python@v4 | |
id: py | |
with: | |
python-version: 3.11 | |
cache: poetry | |
- name: Build assets for ${{ env.DEPLOY_ENV }} | |
env: | |
S3_BUCKET: ptap-${{ env.DEPLOY_ENV }}-assets | |
VITE_PUBLIC_URL: https://ptap-${{ env.DEPLOY_ENV }}-assets.s3.amazonaws.com | |
VITE_BASE_URL: "" | |
run: | | |
npm ci --prefer-offline --no-audit --no-optional | |
npm run build | |
- env: | |
S3_BUCKET: ptap-${{ env.DEPLOY_ENV }}-assets | |
run: aws s3 cp ./dist/ s3://$S3_BUCKET/ --cache-control no-cache --recursive | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: Check if ECR image exists | |
id: container-exists | |
continue-on-error: true | |
env: | |
REPOSITORY: ptap | |
IMAGE_TAG: ${{ env.DEPLOY_ENV }}-${{ github.sha }} | |
run: aws ecr describe-images --repository-name=$REPOSITORY --image-ids=imageTag=$IMAGE_TAG | |
- name: Build, tag, and push docker image to ECR | |
if: steps.container-exists.outcome != 'success' | |
env: | |
REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
REPOSITORY: ptap | |
IMAGE_TAG: ${{ env.DEPLOY_ENV }}-${{ github.sha }} | |
run: | | |
docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG . | |
docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG | |
- uses: hashicorp/setup-terraform@v2 | |
with: | |
terraform_version: 1.1.7 | |
- name: Update Lambda with Terraform | |
working-directory: ./tf/${{ env.DEPLOY_ENV }} | |
env: | |
TF_VAR_lambda_image_tag: ${{ env.DEPLOY_ENV }}-${{ github.sha }} | |
run: | | |
terraform init | |
terraform apply -auto-approve |