Refactoring python project #49
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CloudFormation-CI | |
| on: | |
| # Changing trigger to pull_request to be able to test before merging to main | |
| # TODO: set pull_request_target once the fix is working | |
| pull_request: | |
| branches: | |
| - main | |
| - "[0-9]+.[0-9]+" | |
| types: [opened, synchronize, reopened] | |
| paths: | |
| - deploy/cloudformation/*.yml | |
| - .github/workflows/cloudformation-ci.yml | |
| env: | |
| WORKING_DIR: deploy/test-environments | |
| INTEGRATIONS_SETUP_DIR: tests/integrations_setup | |
| # DEPLOYMENT_NAME: DEPLOY_PR${{ github.event.number }} | |
| # CNVM_STACK_NAME: cnvm-stack-pr${{ github.event.number }} | |
| TF_VAR_ec_api_key: ${{ secrets.EC_API_KEY }} | |
| jobs: | |
| Deploy-CloudFormation: | |
| name: "Deploy CloudFormation" | |
| runs-on: ubuntu-20.04 | |
| timeout-minutes: 40 | |
| defaults: | |
| run: | |
| working-directory: ${{ env.WORKING_DIR }} | |
| steps: | |
| - name: Check out the repo | |
| uses: actions/checkout@v4 | |
| - name: Init Hermit | |
| run: ./bin/hermit env -r >> $GITHUB_ENV | |
| working-directory: ./ | |
| - name: Set up unique deployment names | |
| run: | | |
| suffix="$(date +%s | tail -c 3)" | |
| echo "TF_VAR_deployment_name=DEPLOY_PR${{ github.event.number }}-$suffix" >> $GITHUB_ENV | |
| echo "CNVM_STACK_NAME=cnvm-stack-pr${{ github.event.number }}-$suffix" >> $GITHUB_ENV | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.9' | |
| - name: Install Poetry | |
| run: | | |
| curl -sSL https://install.python-poetry.org | python3 - | |
| poetry --version | |
| - name: Install Fleet API dependencies | |
| id: fleet-api-deps | |
| working-directory: ./tests | |
| run: | | |
| poetry install | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: "eu-west-1" | |
| - name: Provision Elastic Cloud Environment | |
| id: apply | |
| if: success() | |
| env: | |
| TF_VAR_stack_version: ${{ env.ELK_VERSION }} | |
| TF_VAR_ess_region: "gcp-us-west2" | |
| run: | | |
| terraform init | |
| terraform validate | |
| # To address the conditional statement outputting stack values in the deployment stack, | |
| # we need to specify both targets: ec_project and ec_deployment. | |
| terraform apply --auto-approve -target=module.ec_deployment -target="module.ec_project" | |
| - name: Set Environment Output | |
| id: env-output | |
| run: | | |
| echo "KIBANA_URL=$(terraform output -raw kibana_url)" >> $GITHUB_ENV | |
| echo "ES_URL=$(terraform output -raw elasticsearch_url)" >> $GITHUB_ENV | |
| echo "ES_USER=$(terraform output -raw elasticsearch_username)" >> $GITHUB_ENV | |
| export ES_PASSWORD=$(terraform output -raw elasticsearch_password) | |
| echo "::add-mask::$ES_PASSWORD" | |
| echo "ES_PASSWORD=$ES_PASSWORD" >> $GITHUB_ENV | |
| - name: Install integrations | |
| working-directory: ${{ env.INTEGRATIONS_SETUP_DIR }} | |
| env: | |
| STACK_VERSION: ${{ env.ELK_VERSION }} | |
| run: | | |
| poetry run python ./install_cnvm_integration.py | |
| - name: Deploy CNVM agent | |
| env: | |
| STACK_NAME: "${{ env.CNVM_STACK_NAME}}" | |
| run: | | |
| just deploy-cloudformation | |
| - name: Wait for CloudFormation stack | |
| id: wait-for-cfn | |
| run: | | |
| aws cloudformation wait stack-create-complete --stack-name ${{ env.CNVM_STACK_NAME }} | |
| - name: Wait for agents to enroll | |
| id: wait-for-agents | |
| working-directory: ${{ env.INTEGRATIONS_SETUP_DIR }} | |
| timeout-minutes: 1 | |
| run: | | |
| poetry run python ./agents_enrolled.py | |
| - name: Cleanup Environment | |
| if: always() | |
| run: | | |
| terraform destroy --auto-approve -target="module.ec_deployment" -target="module.ec_project" | |
| # TODO: Uncomment after debugging | |
| # aws cloudformation delete-stack --stack-name ${{ env.CNVM_STACK_NAME }} | |
| # aws cloudformation wait stack-delete-complete --stack-name ${{ env.CNVM_STACK_NAME }} |