diff --git a/.github/workflows/docker-build-develop.yml b/.github/workflows/docker-build-develop.yml index 4912ddd..7d0a6f9 100644 --- a/.github/workflows/docker-build-develop.yml +++ b/.github/workflows/docker-build-develop.yml @@ -1,30 +1,100 @@ -name: Build Docker Image +name: "CI - Development" on: push: branches: - - develop + - "develop" +env: + TERM: 'xterm' + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} jobs: - build: + node-lint: + name: Lint Node.js runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Use Node.js + uses: actions/setup-node@v4 + with: + node-version: '20.x' + + - name: Install dependencies + run: npm ci + - name: Lint Code + run: npm run lint + + node-audit: + name: Critical Vulnerability Check + runs-on: ubuntu-latest steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - - name: Log in to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - - name: Build and push Docker image - uses: docker/build-push-action@v2 - with: - context: . - push: true - tags: jonfairbanks/yo:develop + - name: Checkout code + uses: actions/checkout@v4 + + - name: Use Node.js + uses: actions/setup-node@v4 + with: + node-version: '20.x' + + - name: Install dependencies + run: npm ci + + - name: Check for critical vulnerabilities + run: npm audit --audit-level=critical + + docker-build: + name: Docker Build + needs: [node-lint, node-audit] + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Define sha_short + id: vars + run: echo "::set-output name=sha_short::$(git rev-parse --short HEAD)" + + - name: Set up QEMU + id: setup-qemu + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v3 + + - name: Cache Docker layers + uses: actions/cache@v4 + with: + path: /tmp/.buildx-cache/${{ runner.os }}-${{ steps.setup-buildx.outputs.name }}-${{ hashFiles('**/Dockerfile') }} + key: ${{ runner.os }}-buildx-${{ steps.vars.outputs.sha_short }}-{{ hashFiles('**/Dockerfile') }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Login to DockerHub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_ACCESS_TOKEN }} + + - name: Build & Push Base Image + id: docker_build + uses: docker/build-push-action@v6 + with: + builder: ${{ steps.buildx.outputs.name }} + context: ./ + platforms: linux/amd64,linux/arm64 + file: ./Dockerfile + push: true + tags: ${{ github.repository }}:develop + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache + + - name: Notify Slack + uses: act10ns/slack@v2 + with: + status: ${{ job.status }} + steps: ${{ toJson(steps) }} + if: always() \ No newline at end of file diff --git a/.github/workflows/terraform-aws-lambda-deploy.yml b/.github/workflows/terraform-aws-lambda-deploy.yml deleted file mode 100644 index 50addd8..0000000 --- a/.github/workflows/terraform-aws-lambda-deploy.yml +++ /dev/null @@ -1,70 +0,0 @@ -name: Deploy AWS Lambda via Terraform - -on: - pull_request: - types: - - closed - branches: - - develop - - main - -jobs: - deploy: - environment: ${{ github.ref == 'refs/heads/main' && 'production' || github.ref == 'refs/heads/develop' && 'development' }} - if: github.event.pull_request.merged == true - runs-on: ubuntu-latest - steps: - - name: Check out code - uses: actions/checkout@v4 - - - name: Setup deployment variables - id: setup-vars - run: | - BRANCH_NAME=$(echo "${{ github.ref }}" | sed 's|refs/heads/||') - echo "Branch: $BRANCH_NAME" - if [ "$BRANCH_NAME" = "develop" ]; then - echo "Using Development" - echo "environment=development" >> $GITHUB_OUTPUT - echo "aws_key=${{ secrets.aws_access_key_id }}" >> $GITHUB_OUTPUT - echo "aws_secret=${{ secrets.aws_secret_access_key }}" >> $GITHUB_OUTPUT - elif [ "$BRANCH_NAME" = "main" ]; then - echo "Using Production" - echo "environment=production" >> $GITHUB_OUTPUT - echo "aws_key=${{ secrets.aws_access_key_id }}" >> $GITHUB_OUTPUT - echo "aws_secret=${{ secrets.aws_secret_access_key }}" >> $GITHUB_OUTPUT - fi - - - name: Verify credentials - run: | - echo "Selected Environment: ${{ steps.setup-vars.outputs.environment }}" - echo "Selected Key: ${{ steps.setup-vars.outputs.aws_key }}" - echo "Selected Secret: ${{ steps.setup-vars.outputs.aws_secret }}" - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ steps.setup-vars.outputs.aws_key }} - aws-secret-access-key: ${{ steps.setup-vars.outputs.aws_secret }} - aws-region: us-east-1 - - - name: Setup Terraform - uses: hashicorp/setup-terraform@v3 - - - name: Setup TFLint - uses: terraform-linters/setup-tflint@v4 - with: - tflint_version: v0.52.0 - - - name: Init TFLint - run: tflint --init - env: - GITHUB_TOKEN: ${{ github.token }} - - - name: Run TFLint - run: tflint -f compact - - - name: Run Deploy Script - run: | - cd .tf/ - echo "Deploying to environment: ${{ steps.setup-vars.outputs.environment }}" - ./deploy.sh "${{ steps.setup-vars.outputs.environment }}" \ No newline at end of file