README updated #66
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker CD | |
| on: | |
| push: | |
| branches: | |
| - dev | |
| pull_request: | |
| branches: | |
| - dev | |
| types: [opened, synchronize, reopened] | |
| jobs: | |
| code-test: | |
| # Kicks off the workflow and prepares Github to run coverage test using a ubuntu-latest container. | |
| name: Code Test | |
| runs-on: ubuntu-latest | |
| env: | |
| OS: ubuntu-latest | |
| PYTHON: '3.9' | |
| steps: | |
| - uses: actions/checkout@v2 | |
| - name: Setup Python | |
| uses: actions/setup-python@v2 | |
| with: | |
| python-version: 3.9 | |
| # Install dependencies required for tests | |
| - name: Install Dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install libxml2-dev libxmlsec1-dev -y --no-install-recommends | |
| python -m pip install --upgrade pip | |
| pip install -r ./requirements.txt | |
| # Start running test scripts and generate the coverage report | |
| - name: Generate Coverage Report | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }} | |
| CERT_VOLUME: ${{ secrets.CERT_VOLUME }} | |
| run: | | |
| echo "Cloning private repository" | |
| git clone https://openlxp-host:${{ secrets.ACCESS_TOKEN }}@github.com/OpenLXP/openlxp-private.git | |
| echo "Private repository cloned successfully" | |
| echo "Copying .env file from openlxp-private to current working directory" | |
| cp ./openlxp-private/openlxp-xss-env/.env . | |
| echo "Copied .env file successfully" | |
| echo "Create openlxp docker network" | |
| docker network create openlxp | |
| echo "Docker network successfully created" | |
| echo "Running coverage unit test" | |
| docker compose --env-file ./.env run app sh -c "python manage.py waitdb && coverage run manage.py test --tag=unit && flake8 && coverage report && coverage report --fail-under=80" | |
| # sonarcloud: | |
| # name: SonarCloud | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - uses: actions/checkout@v2 | |
| # with: | |
| # fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
| # - name: SonarCloud Scan | |
| # uses: SonarSource/sonarcloud-github-action@master | |
| # env: | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any | |
| # SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| build: | |
| # require dependency from step above | |
| needs: code-test | |
| name: Build Docker Image | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v2 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| with: | |
| mask-password: 'true' | |
| - name: Build, tag, and push image to Amazon ECR | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| ECR_REPOSITORY: ${{ secrets.ECR_REPO }} | |
| IMAGE_TAG: xss | |
| run: | | |
| echo "Starting docker build" | |
| docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . | |
| echo "Pushing image to ECR..." | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG |