Skip to content

Wfdm 910 create script to delete security classification b c and green reports #60

Wfdm 910 create script to delete security classification b c and green reports

Wfdm 910 create script to delete security classification b c and green reports #60

Workflow file for this run

# This workflow deploys the code tagged with 'deploy-int*'
name: deploy_int
# Controls when the action will run.
on:
pull_request_target:
types:
- closed
branches:
- 'main'
paths:
- .github/**
- aws-lambda-layer-base/**
- terraform/**
- terragrunt/**
- wfdm-file-scan-service/**
- wfdm-clamav-service/**
- wfdm-file-index-initializer/**
- wfdm-file-index-service/**
- wfdm-file-reindexer/**
env:
TF_VERSION: 1.1.0
TG_VERSION: 0.29.2
TARGET_ENV: int
permissions:
id-token: write
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "deploy"
deploy:
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Production GitHub repo environment
environment:
name: int
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v2
with:
ref: ${{ github.event.workflow_run.head_branch }}
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'adopt'
#Compile lambda functions
- name: Compile lambda
run: |
mvn --batch-mode install -f aws-lambda-layer-base/pom.xml
mvn --batch-mode install -f wfdm-clamav-service/wfdm-clamav-scan-handler/pom.xml
mvn --batch-mode install -f wfdm-file-index-initializer/pom.xml
mvn --batch-mode install -f wfdm-file-index-service/pom.xml
- name: Create zip file structure
run: |
mkdir java
mkdir java/lib
find /home/runner/.m2/repository/ca/bc/gov/nrs/wfdm/aws-lambda-layer-base -name *.jar -exec mv {} ./java/lib/aws-lambda-layer-base.jar \;
- uses: montudor/action-zip@v1
with:
args: zip -qq -r java.zip java
- name: Make directory, copy in jar files and zip file
run: mkdir staging && find /home/runner/.m2/repository/ca/bc/gov/nrs/wfdm -name '*.jar' -exec cp -prv '{}' 'staging' ';' && cp java.zip staging/java.zip
- name: Get source code hash of jar files
run: |
openssl sha256 staging/wfdm-clamav-scan-handler* > staging/wfdm-clamav-scan-handler-hash.txt
openssl sha256 staging/wfdm-file-index-initializer* > staging/wfdm-file-index-initializer-hash.txt
openssl sha256 staging/wfdm-opensearch-indexing* > staging/wfdm-opensearch-indexing-hash.txt
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.AWS_TERRAFORM_ROLE_TO_ASSUME }}
role-session-name: wfdm-terraform
aws-region: ca-central-1
- name: Upload S3
id: S3
run:
aws s3 cp ./staging s3://wfdm-s3-bucket-int --recursive
# Install the latest version of Terraform CLI and configure the Terraform CLI configuration file with a Terraform Cloud user API token
- name: Setup Terraform
uses: hashicorp/setup-terraform@v1
with:
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
# Install/Setup terragrunt CLI
- uses: peter-murray/terragrunt-github-action@v1.0.0
with:
terragrunt_version: ${{ env.TG_VERSION }}
# Apply changes
- name: Terragrunt Apply
working-directory: terragrunt/INT
env:
app_image: ${{ env.IMAGE_ID }}:${{ github.event.workflow_run.head_branch}}
opensearch_password: ${{ secrets.OPENSEARCH_PASSWORD_INT }}
opensearch_user: ${{ secrets.OPENSEARCH_USER_INT }}
run: terragrunt run-all apply --terragrunt-non-interactive