remove psql dependency #48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy CF.gov to EKS | |
| on: | |
| push: | |
| jobs: | |
| build: | |
| runs-on: | |
| - codebuild-cfpb-cfgov-cfpb-cfgov-${{ github.run_id }}-${{ github.run_attempt }} | |
| - buildspec-override:true | |
| steps: | |
| - name: Checkout consumerfinance.gov | |
| uses: actions/checkout@v2 | |
| - name: Retrieve Security Scan Secrets | |
| uses: aws-actions/aws-secretsmanager-get-secrets@v2 | |
| with: | |
| secret-ids: | | |
| , ${{ secrets.SECURITY_SCAN}} | |
| DB_URL, ${{secrets.DB}} | |
| parse-json-secrets: true | |
| - name: Build Docker Images | |
| run: | | |
| # Build the CFGOV Image | |
| docker build . -t cfgov | |
| # Build the CFGOV-Apache Image | |
| docker build cfgov/apache/. -t apache | |
| - name: Security With Twistlock | |
| run: | | |
| curl -k -u "$TL_USER:$TL_PASSWORD" "$TL_CONSOLE_URL/api/v1/util/twistcli" --output twistcli | |
| chmod +x twistcli | |
| ./twistcli images scan --details -address "${TL_CONSOLE_URL}" -u "${TL_USER}" -p "${TL_PASSWORD}" cfgov:latest | |
| ./twistcli images scan --details -address "${TL_CONSOLE_URL}" -u "${TL_USER}" -p "${TL_PASSWORD}" apache:latest | |
| - name: Push Images to ECR | |
| run: | | |
| # Login to ECR | |
| aws ecr get-login-password --region ${{ secrets.AWS_REGION }} | docker login --username ${{ secrets.AWS_USERNAME }} --password-stdin ${{ secrets.ECR_REGISTRY }} | |
| # retag the images | |
| docker tag cfgov:latest ${{ secrets.CFGOV_IMAGE }}:$GITHUB_SHA | |
| docker tag apache:latest ${{ secrets.CFGOV_APACHE_IMAGE }}:$GITHUB_SHA | |
| # Push to ECR | |
| docker push ${{ secrets.CFGOV_IMAGE }}:$GITHUB_SHA | |
| docker push ${{ secrets.CFGOV_APACHE_IMAGE }}:$GITHUB_SHA | |
| - name: Install Helm | |
| run: | | |
| curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | |
| chmod 700 get_helm.sh | |
| ./get_helm.sh | |
| - name: Install kubectl | |
| run: | | |
| curl -o ./kubectl https://s3.us-west-2.amazonaws.com/amazon-eks/1.25.14/2023-10-17/bin/linux/amd64/kubectl | |
| curl -o ./kubectl.sha256 https://s3.us-west-2.amazonaws.com/amazon-eks/1.25.14/2023-10-17/bin/linux/amd64/kubectl.sha256 | |
| (diff <(openssl sha256 kubectl | awk {'print $2'}) <(cat kubectl.sha256 | awk {'print $1'}) && | |
| echo 'kubectl checksum matches, enabling usage') || (echo 'kubectl checksum failed, exiting' && exit 1) | |
| chmod +x kubectl | |
| mkdir -p $HOME/bin && mv kubectl $HOME/bin/kubectl && export PATH=$PATH:$HOME/bin | |
| echo 'export PATH=$PATH:$HOME/bin' >> ~/.bashrc | |
| source ~/.bashrc | |
| kubectl version --client | |
| - name: Update kubeconfig | |
| run: | | |
| aws eks update-kubeconfig --name $CLUSTER_NAME --region ${{ secrets.AWS_REGION }} | |
| - name: Deploy to EKS | |
| run: > | |
| helm upgrade --install cfgov ./helm --values ./helm/values.eks.yaml | |
| -n ${{ secrets.NAMESPACE }} | |
| --set initContainers[1].image.repository=${{ secrets.CFGOV_IMAGE }} | |
| --set initContainers[1].image.tag=${GITHUB_SHA} | |
| --set initContainers[1].env[0].value=${DB_URL} | |
| --set containers[0].image.repository=${{ secrets.CFGOV_IMAGE }} | |
| --set containers[0].image.tag=${GITHUB_SHA} | |
| --set containers[0].env[0].value=${DB_URL} | |
| --set containers[1].image.repository=${{ secrets.CFGOV_APACHE_IMAGE }} | |
| --set containers[1].image.tag=${GITHUB_SHA} | |
| --set mapping.host=${{ secrets.HOST }} |