adding dependabot in the workflow (#134) #176
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| build-and-deploy-to-dev: | |
| environment: development # Points to the set of environment secrets kept in GitHub secrets | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read # This is required for actions/checkout | |
| steps: | |
| - name: Checkout Github Repository | |
| uses: actions/checkout@v4 | |
| - name: Build and test the code | |
| uses: './.github/build-and-test' | |
| - name: Run Snyk security suite | |
| uses: './.github/snyk-scan' | |
| env: | |
| SNYK_TOKEN: ${{ secrets.SNYK_TOKEN}} | |
| - name: Set Spring profile | |
| run: echo "SPRING_PROFILES_ACTIVE=dev" >> $GITHUB_ENV | |
| - uses: './.github/login-to-aws' | |
| env: | |
| ROLE: ${{ secrets.ECR_ROLE_TO_ASSUME }} | |
| AWS_REGION: ${{ vars.ECR_REGION }} | |
| - name: Login to container repository | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| id: login-ecr | |
| - name: Build the docker image and push it to the repository | |
| uses: './.github/build-push-docker-image' | |
| env: | |
| REPOSITORY: ${{ vars.ECR_REPOSITORY }} | |
| IMAGE_TAG: ${{ github.sha }} | |
| REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| - name: Generate Kubernetes files from templates | |
| env: | |
| IMAGE_TAG: ${{ github.sha }} # Tags ECR image with commit sha | |
| REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| REPOSITORY: ${{ vars.ECR_REPOSITORY }} | |
| NAMESPACE: ${{ secrets.KUBE_NAMESPACE_DEV }} | |
| ALERT_SEVERITY: laa-get-legal-aid-data-dev | |
| run: | | |
| cat deployments/development/deployment.tpl | envsubst > deployments/development/deployment.yml | |
| cat deployments/development/ingress.tpl | envsubst > deployments/development/ingress.yml | |
| cat deployments/development/service.tpl | envsubst > deployments/development/service.yml | |
| cat deployments/development/service-monitor.tpl | envsubst > deployments/development/service-monitor.yml | |
| cat deployments/development/network-policy.tpl | envsubst > deployments/development/network-policy.yml | |
| cat deployments/development/prometheus-rules.tpl | envsubst > deployments/development/prometheus-rules.yml | |
| - name: Authenticate with Cloud Platform and Deploy | |
| env: | |
| KUBE_NAMESPACE: ${{ secrets.KUBE_NAMESPACE_DEV }} | |
| KUBE_CLUSTER: ${{ secrets.KUBE_CLUSTER_DEV }} | |
| run: | | |
| echo "${{ secrets.KUBE_CERT_DEV }}" > ca.crt | |
| kubectl config set-cluster ${KUBE_CLUSTER} --certificate-authority=./ca.crt --server=https://${KUBE_CLUSTER} | |
| kubectl config set-credentials deploy-user --token=${{ secrets.KUBE_TOKEN_DEV }} | |
| kubectl config set-context ${KUBE_CLUSTER} --cluster=${KUBE_CLUSTER} --user=deploy-user --namespace=${KUBE_NAMESPACE} | |
| kubectl config use-context ${KUBE_CLUSTER} | |
| kubectl -n ${KUBE_NAMESPACE} apply -f deployments/development/ |