feat(infra): loading service env vars and secrets from 1P (#640)

* feat: reworking workflow * fix: config for docker build * fix: using test actions * feat: adding test step * fix: test action path * feat: moving test job into workflow * feat: loading secrets in test job from 1pasword * feat: adding OP_SERVICE_ACCOUNT_TOKEN to job * fix: proper paths to ci secrets * feat: adding build steps for all repos * fix: naming dependent jobs * fix: path to Dockerfile * fix: testing fixes build_and_push action * fix: adjusting workflows to latest changes in gh-workflows, adding back ci.yml * feat(infra): loading service env vars and secrets from 1P - WIP * feat(infra): finished sourcing secrets/env from 1P * feat(infra): updated to use latest version of infra-libs * fix: stack name for deploy & preview actions * fix: loading config vars for pulumi from 1P * fix: use only DOCKER_IMAGE_TAG as env input for pulumi, remove unused tasks, fix target name for verifier image in workflow * fix: pulumi script bugs * fix: removing unused vars from infra/aws/index.ts * feat: adding reusable test_generic workflow and release workflow * fix: name cc-auhenticate-0 * fix: remove unused workflows, rework deployment if interface * fix: adding dependency to test job in workflows * fix: host specification in deploing interface * feat: adding workflows to deploy interface to any env * fix: specify required permission for interface deploy step * fix: removed test steps temporarily to test deploy to branch easier * fix: add required permission to all interface workflows * fix: add push to main trigger for workflow that deploys backend to review * fix: remove unused files --------- Co-authored-by: Gerald Iakobinyi-Pich <nutrina9@gmail.com>
passportxyz · Jul 26, 2024 · 2f6c790 · 2f6c790
1 parent 803412b
commit 2f6c790
Show file tree

Hide file tree

Showing 30 changed files with 6,040 additions and 2,367 deletions.
diff --git a/.github/actions/test/action.yml b/.github/actions/test/action.yml
@@ -0,0 +1,99 @@
+name: Deploy to AWS
+inputs:
+  docker_tag:
+    description: "Commit short SHA"
+    required: true
+    type: string
+  stack_name:
+    required: true
+    type: string
+  aws_region:
+    required: true
+    type: string
+  pulumi_command:
+    type: string
+    default: up
+  pulumi_diff:
+    default: "false"
+  PULUMI_ACCESS_TOKEN:
+    required: true
+  AWS_ACCESS_KEY_ID:
+    required: true
+  AWS_SECRET_ACCESS_KEY:
+    required: true
+  OP_SERVICE_ACCOUNT_TOKEN:
+    required: true
+runs:
+  using: composite
+  services:
+    redis:
+      image: redis
+      # Set health checks to wait until redis has started
+      options: >-
+        --health-cmd "redis-cli ping"
+        --health-interval 10s
+        --health-timeout 5s
+        --health-retries 5
+      ports:
+        - 6379:6379
+
+    postgres:
+      image: postgres:12.3-alpine
+      env:
+        POSTGRES_USER: passport_scorer
+        POSTGRES_PASSWORD: passport_scorer_pwd
+        POSTGRES_DB: passport_scorer
+
+      ports:
+        - 5432:5432
+      options: >-
+        --health-cmd pg_isready
+        --health-interval 10s
+        --health-timeout 5s
+        --health-retries 5
+
+  steps:
+    - uses: actions/setup-python@v4
+      with:
+        python-version: "3.11"
+
+    - name: Install pipenv
+      run: pip3 install pipenv
+
+    - name: Generate requirements.txt
+      working-directory: ./api
+      run: pipenv requirements --dev > requirements.txt
+
+    - name: Install API dependencies
+      working-directory: ./api
+      run: pip3 install -r requirements.txt
+
+    - name: Django Check
+      working-directory: ./api
+      env:
+        CERAMIC_CACHE_SCORER_ID: ""
+        SECRET_KEY: secret-test-value
+      run: python manage.py check
+
+    - name: URL Monitoring Check
+      working-directory: ./api
+      shell: bash
+      env:
+        CERAMIC_CACHE_SCORER_ID: ""
+        SECRET_KEY: secret-test-value
+        UPTIME_ROBOT_READONLY_API_KEY: ${{ secrets.UPTIME_ROBOT_READONLY_API_KEY }}
+        IGNORE_UNMONITORED_URLS: ${{ vars.IGNORE_UNMONITORED_URLS }}
+      run:
+        python manage.py show_urls -f json > urls.json &&
+        python manage.py get_unmonitored_urls --urls urls.json --base-url https://api.scorer.gitcoin.co --out unmonitored.json --allow-paused True &&
+        [ -f unmonitored.json ] && [ `cat unmonitored.json | wc -m` -eq 2 ]
+
+    - name: Run API unittests
+      working-directory: ./api
+      run: pytest
+      env:
+        CERAMIC_CACHE_SCORER_ID: ""
+        SECRET_KEY: secret-test-value
+        DATABASE_URL: postgres://passport_scorer:passport_scorer_pwd@localhost:5432/passport_scorer
+        DATA_MODEL_DATABASE_URL: postgres://passport_scorer:passport_scorer_pwd@localhost:5432/passport_scorer
+        FF_API_ANALYTICS: on
diff --git a/.github/workflows/api-ci-review.yml b/.github/workflows/api-ci-review.yml