Merge pull request #10 from DHEPLab/feat/add-accounts-script #283

Workflow file for this run

	name: AIM AHEAD API CI

	on:
	push:
	branches: [ main ]
	pull_request:
	branches: [ main ]

	jobs:
	init:
	runs-on: ubuntu-latest

	steps:
	- uses: arduino/setup-task@v2
	- uses: actions/checkout@v4
	- name: Set up Environment & Install dependencies
	run: \|
	task install

	test:
	needs: init
	runs-on: ubuntu-latest

	steps:
	- uses: arduino/setup-task@v2
	- uses: actions/checkout@v4
	- name: format
	run: \|
	task format
	- name: check-secrets
	uses: secret-scanner/[email protected]
	- name: Lint with flake8
	run: \|
	task lint
	- name: Run tests
	run: \|
	task test

	codeql:
	needs: init
	runs-on: ubuntu-latest
	timeout-minutes: 360
	permissions:
	security-events: write
	packages: read
	strategy:
	fail-fast: false

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Initialize CodeQL
	uses: github/codeql-action/init@v3
	with:
	languages: python
	build-mode: none

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/analyze@v3
	with:
	category: "/language:python"

	build-and-push:
	needs: test
	runs-on: ubuntu-latest
	env:
	ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }}
	ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
	AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	IMAGE_TAG: latest
	permissions:
	contents: read
	id-token: write
	security-events: write

	steps:
	- uses: actions/checkout@v4

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	aws-region: us-east-1

	- name: Login to Amazon ECR
	uses: aws-actions/amazon-ecr-login@v2
	with:
	mask-password: true

	- name: Build image
	run: \|
	docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .

	- name: Image scan
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: '${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }}'
	format: 'sarif'
	output: 'trivy-image-results.sarif'
	ignore-unfixed: true
	severity: 'CRITICAL,HIGH'
	limit-severities-for-sarif: true

	- name: Upload Trivy scan results to GitHub Security tab
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: 'trivy-image-results.sarif'
	category: trivy-image

	- name: Push image to Amazon ECR
	run: \|
	docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG

	- name: Deploy to Amazon ECS
	run: \|
	aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	aws ecs update-service --cluster aim-ahead-cluster-dev --service aim-ahead-api-service-dev --force-new-deployment 2>&1 > /dev/null
	env:
	AWS_REGION: us-east-1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Merge pull request #10 from DHEPLab/feat/add-accounts-script #283

Workflow file

Merge pull request #10 from DHEPLab/feat/add-accounts-script #283

Uh oh!

Jobs

Run details

Workflow file for this run