Migrate CI/CD

.github/workflows/dependencies.yml

@@ -14,9 +14,17 @@ jobs:
  contents: write
  pull-requests: write
  steps:
+ - uses: actions/create-github-app-token@v1
+ id: app-token
+ with:
+ app-id: ${{ vars.APP_ID }}
+ private-key: ${{ secrets.PRIVATE_KEY }}
+
  - uses: actions/checkout@v4
  with:
+ token: ${{ steps.app-token.outputs.token }}
  ref: development
+ persist-credentials: false
 
  - name: Set up Python
  uses: actions/setup-python@v4
@@ -29,14 +37,14 @@ jobs:
 
  - name: Run pre-commit autoupdate
  run: pre-commit autoupdate
- 
+
  - name: Run pip-compile
  run: pip-compile --upgrade
- 
+
  - name: Create Pull Request
  uses: peter-evans/create-pull-request@v6.0.2
  with:
- token: ${{ secrets.GITHUB_TOKEN }}
+ token: ${{ steps.app-token.outputs.token }}
  base: development
  branch: dependency-updates
  delete-branch: true

.github/workflows/deploy.yml

@@ -0,0 +1,86 @@
+name: Deploy
+
+on:
+ push:
+ branches:
+ - development
+ - base
+ workflow_dispatch:
+
+jobs:
+ deploy:
+ runs-on: ubuntu-latest
+ environment:
+ name: ${{ github.ref_name }}
+
+ env:
+ APPLICATION_NAME: zodiac
+ CONTAINER: zodiac-web
+ APPLICATION_PORT: 8001
+
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v4
+
+ - name: Export secrets to environment variables
+ uses: oNaiPs/secrets-to-env-action@v1.5
+ with:
+ secrets: ${{ toJSON(secrets) }}
+
+ - name: Clone deploy scripts if not present
+ run: git clone https://github.com/RockefellerArchiveCenter/deploy_scripts.git;
+
+ - name: Substitute environment variables
+ uses: tvarohohlavy/inplace-envsubst-action@v1.0.0
+ with:
+ files: |
+ $APPLICATION_NAME/config.py.deploy
+ appspec.yml.deploy
+ deploy_scripts/create_apache_config.sh.deploy
+ deploy_scripts/curl_index.sh.deploy
+ deploy_scripts/curl_status_endpoint.sh.deploy
+ deploy_scripts/install_dependencies_django.sh.deploy
+ deploy_scripts/restart_apachectl.sh.deploy
+ deploy_scripts/run_management_commands_django.sh.deploy
+ deploy_scripts/set_permissions.sh.deploy
+ deploy_scripts/stop_cron.sh.deploy
+
+ - name: Rename deploy files
+ run: |
+ mv $APPLICATION_NAME/config.py.deploy $APPLICATION_NAME/config.py
+ mv appspec.yml.deploy appspec.yml
+ mv deploy_scripts/create_apache_config.sh.deploy deploy_scripts/create_apache_config.sh
+ mv deploy_scripts/curl_index.sh.deploy deploy_scripts/curl_index.sh
+ mv deploy_scripts/curl_status_endpoint.sh.deploy deploy_scripts/curl_status_endpoint.sh
+ mv deploy_scripts/install_dependencies_django.sh.deploy deploy_scripts/install_dependencies_django.sh
+ mv deploy_scripts/restart_apachectl.sh.deploy deploy_scripts/restart_apachectl.sh
+ mv deploy_scripts/run_management_commands_django.sh.deploy deploy_scripts/run_management_commands_django.sh
+ mv deploy_scripts/set_permissions.sh.deploy deploy_scripts/set_permissions.sh
+ mv deploy_scripts/stop_cron.sh.deploy deploy_scripts/stop_cron.sh
+
+ - name: Make deploy scripts executable
+ run: chmod +x deploy_scripts/*.sh
+
+ - name: Create deployment zip
+ run: sudo deploy_scripts/make_zip_django.sh $DEPLOY_ZIP_DIR $DEPLOY_ZIP_NAME
+
+ - name: Configure AWS Credentials
+ uses: aws-actions/configure-aws-credentials@v4.0.2
+ with:
+ aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
+ aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
+ role-to-assume: ${{ secrets.AWS_DEPLOY_ROLE }}
+ role-skip-session-tagging: true
+ role-duration-seconds: 900
+ aws-region: ${{ secrets.AWS_REGION }}
+
+ - name: Deploy to S3
+ run: aws s3 cp $DEPLOY_ZIP_DIR s3://$AWS_BUCKET_NAME --recursive
+
+ - name: Deploy to AWS CodeDeploy
+ run: aws deploy create-deployment
+ --region ${{ secrets.AWS_REGION }}
+ --application-name $APPLICATION_NAME
+ --deployment-config-name CodeDeployDefault.OneAtATime
+ --deployment-group-name $DEPLOYMENT_GROUP
+ --s3-location bucket=$AWS_BUCKET_NAME,bundleType=zip,key=$DEPLOY_ZIP_NAME

.github/workflows/enforcer.yml

@@ -0,0 +1,16 @@
+name: 'Check Branch'
+
+on:
+ pull_request:
+ branches:
+ - base
+
+jobs:
+ check_branch:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Check branch
+ if: github.head_ref != 'development'
+ run: |
+ echo "ERROR: You can only merge to base from the development branch."
+ exit 1

.github/workflows/tests.yml

@@ -0,0 +1,53 @@
+name: Tests
+
+on:
+ pull_request:
+ branches:
+ - development
+ workflow_dispatch:
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ environment:
+ name: development
+
+ env:
+ APPLICATION_NAME: zodiac
+ CONTAINER: zodiac-web
+ APPLICATION_PORT: 8001
+
+ services:
+ docker:
+ image: docker:stable
+ options: --privileged
+
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v4
+
+ - name: Set up Python and cache pip
+ uses: actions/setup-python@v5
+ with:
+ python-version: '3.10'
+ cache: 'pip'
+
+ - name: Copy config file
+ run: cp ${{ env.APPLICATION_NAME }}/config.py.example ${{ env.APPLICATION_NAME }}/config.py
+
+ - name: Start Docker containers
+ run: docker compose up -d
+
+ - name: Wait for services to be ready
+ run: ./wait-for-it.sh $CONTAINER:$APPLICATION_PORT -- echo "$CONTAINER is ready"
+
+ - name: Install pre-commit
+ run: |
+ pip install "pre-commit===2.13.0"
+ pre-commit install
+
+ - name: Run pre-commit checks
+ run: pre-commit run --all-files --show-diff-on-failure
+
+ - name: Run tests
+ run: docker compose exec -T $CONTAINER python manage.py test

README.md

@@ -2,8 +2,6 @@
 
 API gateway and administration interface for [Project Electron](https://github.com/RockefellerArchiveCenter/project_electron) microservices, managed via a message queue.
 
-[![Build Status](https://travis-ci.org/RockefellerArchiveCenter/zodiac.svg?branch=base)](https://travis-ci.org/RockefellerArchiveCenter/zodiac)
-
 ## Setup
 
 Install [git](https://git-scm.com/) and clone the repository