Skip to content

Fixup initContainer to run migrations #49

Fixup initContainer to run migrations

Fixup initContainer to run migrations #49

name: Deploy Friendly-Umbrella
on:
push:
jobs:
build:
runs-on:
- codebuild-cfpb-cfgov-testing-gha-${{ github.run_id }}-${{ github.run_attempt }}
steps:
- name: Checkout Friendly-Umbrella
uses: actions/checkout@v2
- name: Retrieve Security Scan Secrets
uses: aws-actions/aws-secretsmanager-get-secrets@v2
with:
secret-ids: |
, ${{ secrets.SECURITY_SCAN_SECRET }}
, ${{ secrets.RDS_CREDS_SECRET }}
parse-json-secrets: true
- name: Build Docker Image
run: |
# Build Friendly-Umbrella Image
docker build -t ${{ secrets.ECR_REPO }}:$GITHUB_SHA .
- name: Security Scan with Twistlock
run: |
curl -k -u "$TL_USER:$TL_PASSWORD" "$TL_CONSOLE_URL/api/v1/util/twistcli" --output twistcli
chmod +x twistcli
./twistcli images scan --details -address "${TL_CONSOLE_URL}" -u "${TL_USER}" -p "${TL_PASSWORD}" ${{ secrets.ECR_REPO }}:$GITHUB_SHA tee twistcli.log; EXITCODE=$?
- name: Push to ECR
run: |
# Login to ECR
aws ecr get-login-password --region ${{ secrets.AWS_REGION }} | docker login --username ${{ secrets.AWS_USERNAME }} --password-stdin ${{ secrets.ECR_REGISTRY }}
# Push to ECR
docker push ${{ secrets.ECR_REPO }}:$GITHUB_SHA
- name: Install K8s/Helm
run: |
# Install Helm
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh
# Install kubectl
curl -o ./kubectl https://s3.us-west-2.amazonaws.com/amazon-eks/1.25.14/2023-10-17/bin/linux/amd64/kubectl
curl -o ./kubectl.sha256 https://s3.us-west-2.amazonaws.com/amazon-eks/1.25.14/2023-10-17/bin/linux/amd64/kubectl.sha256
(diff <(openssl sha256 kubectl | awk {'print $2'}) <(cat kubectl.sha256 | awk {'print $1'}) &&
echo 'kubectl checksum matches, enabling usage') || (echo 'kubectl checksum failed, exiting' && exit 1)
chmod +x kubectl
mkdir -p $HOME/bin && mv kubectl $HOME/bin/kubectl && export PATH=$PATH:$HOME/bin
echo 'export PATH=$PATH:$HOME/bin' >> ~/.bashrc
source ~/.bashrc
kubectl version --client
# Update kubeconfig to point to EKS Cluster
aws eks update-kubeconfig --name $CLUSTER_NAME --region us-east-1
- name: Install Helm Chart on EKS
run: >
helm upgrade --install friendly-umbrella ./helm
-n ${{ secrets.NAMESPACE }} -f ./helm/values.yaml
--set initContainers[0].image.repository=${{ secrets.ECR_REPO }}
--set initContainers[0].image.tag=$GITHUB_SHA
--set containers[0].image.repository=${{ secrets.ECR_REPO }}
--set containers[0].image.tag=$GITHUB_SHA
--set mapping.host=${{ secrets.HOST }}
--set serviceAccount.name=${{ secrets.K8S_SERVICE_ACCOUNT }}
--set config.AWS_STORAGE_BUCKET_NAME=${{ secrets.BUCKET_NAME }}
--set config.DATABASE_URL=$DATABASE_URL