Bump flask-cors from 3.0.10 to 4.0.1 #371
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: apigee-release-pipeline | |
defaults: | |
run: | |
shell: bash # Explicitly sets pipeline to fail if any subprocess fails | |
on: | |
push | |
permissions: read-all | |
jobs: | |
deploy-hello-world: | |
runs-on: ubuntu-latest | |
env: | |
PROXYGEN_PRIVATE_KEY: ${{ secrets.ENCODED_HELLO_WORLD_PROXYGEN_PRIVATE_KEY }} | |
PROXYGEN_KID: ${{ secrets.HELLO_WORLD_PROXYGEN_KID }} | |
PROXYGEN_CLIENT_ID: ${{ secrets.HELLO_WORLD_PROXYGEN_CLIENT_ID }} | |
PROXYGEN_API_NAME: hello-world | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
- name: Get Pull Request Number | |
id: pr | |
if: github.ref != 'refs/heads/master' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
pr_number=$(gh pr view --json number -q .number || echo "") | |
if test -z "$pr_number" | |
then | |
echo "Pipeline can't be run on branch other than master without PR number" | |
exit 1 | |
else | |
echo PR number - $pr_number | |
echo "PR_NUMBER=$pr_number" >> $GITHUB_ENV | |
fi | |
- name: Set Instance as Temporary | |
if: github.ref != 'refs/heads/master' | |
run: | | |
python scripts/set_temporary_instance.py < specification/hello-world.yaml > temporary-specification.yaml | |
cat temporary-specification.yaml > specification/hello-world.yaml | |
- name: Setup environment | |
env: | |
BUILD_NUMBER: ${{github.run_number}} | |
STATUS_ENDPOINT_API_KEY: ${{ secrets.STATUS_ENDPOINT_API_KEY }} | |
run: | | |
echo "STATUS_ENDPOINT_API_KEY=$STATUS_ENDPOINT_API_KEY" >> $GITHUB_ENV | |
echo "DOCKER_REGISTRY=958002497996.dkr.ecr.eu-west-2.amazonaws.com" >> $GITHUB_ENV | |
echo "DOCKER_TAG=${BUILD_NUMBER}-$(uuidgen)" >> $GITHUB_ENV | |
echo "DOCKER_IMAGE=${PROXYGEN_API_NAME}" >> $GITHUB_ENV | |
# Set INSTANCE name | |
if [ -z "$PR_NUMBER" ] | |
then | |
echo "INSTANCE=$PROXYGEN_API_NAME" >> $GITHUB_ENV | |
else | |
echo "INSTANCE=$PROXYGEN_API_NAME-$PR_NUMBER" >> $GITHUB_ENV | |
fi | |
echo "TITLE=Hello World API" >> $GITHUB_ENV | |
- name: Update apt repositories | |
run: sudo apt update | |
- name: Install oathtool | |
run: sudo apt-get install --yes oathtool | |
- name: Get Apigee token | |
env: | |
APIGEE_USERNAME: ${{ secrets.APIGEE_USERNAME_NONPROD }} | |
APIGEE_PASSWORD: ${{ secrets.APIGEE_PASSWORD_NONPROD }} | |
APIGEE_OTP_KEY: ${{ secrets.APIGEE_OTP_KEY_NONPROD }} | |
run: | | |
MFA_CODE=`oathtool --totp -b "$APIGEE_OTP_KEY"` | |
# basic auth value here is an apigee public value .. https://docs.apigee.com/api-platform/system-administration/management-api-tokens (not secret) # | |
curl -X POST https://login.apigee.com/oauth/token \ | |
-H "Content-Type: application/x-www-form-urlencoded" \ | |
-H "Accept: application/json;charset=utf-8" \ | |
-H "Authorization: Basic ZWRnZWNsaTplZGdlY2xpc2VjcmV0" \ | |
-d "username=${APIGEE_USERNAME}&password=${APIGEE_PASSWORD}&mfa_token=${MFA_CODE}&grant_type=password" \ | |
--fail | jq .access_token > .token | |
# Remove quotes and set token into variable # | |
token=$(cat .token) | |
token="${token%\"}" | |
token="${token#\"}" | |
echo "APIGEE_ACCESS_TOKEN=$token" >> $GITHUB_ENV | |
- name: Install Python 3.9 | |
uses: actions/setup-python@v1 | |
with: | |
python-version: 3.9 | |
- name: Upgrade python packaging tools | |
run: python -m pip install --upgrade pip cryptography | |
- name: Install poetry | |
run: pip install poetry | |
- name: Cache poetry packages | |
uses: actions/cache@v3 | |
with: | |
path: ~/.cache/pypoetry | |
key: ${{ runner.os }}-build-cache-poetry-packages-${{ hashFiles('**/poetry.lock') }} | |
- name: Install python dependencies | |
run: poetry install | |
- name: Install Proxygen client | |
run: | | |
# Install proxygen cli in isolated environment with pipx | |
pip install pipx | |
pipx install proxygen-cli | |
# Setup proxygen auth and settings | |
mkdir -p ${HOME}/.proxygen | |
echo -n $PROXYGEN_PRIVATE_KEY | base64 --decode > ${HOME}/.proxygen/key | |
envsubst < ./.github/proxygen-credentials-template.yaml > ${HOME}/.proxygen/credentials.yaml | |
envsubst < ./.github/proxygen-credentials-template.yaml | cat | |
envsubst < ./.github/proxygen-settings.yaml > ${HOME}/.proxygen/settings.yaml | |
envsubst < ./.github/proxygen-settings.yaml | cat | |
- name: Build and push Docker image | |
working-directory: ./docker | |
run: | | |
# Login with Docker | |
proxygen docker get-login | bash | |
# Build and push image to registry # | |
docker build -t $DOCKER_IMAGE:$DOCKER_TAG hello-world-sandbox | |
docker tag $DOCKER_IMAGE:$DOCKER_TAG $DOCKER_REGISTRY/hello-world:$DOCKER_TAG | |
docker push $DOCKER_REGISTRY/hello-world:$DOCKER_TAG | |
# Create the yaml ref file for the spec | |
echo -e tag: $DOCKER_TAG \\nname: hello-world >> ../specification/components/docker_image.yaml | |
- name: Deploy to Internal Dev Sandbox | |
run: | | |
proxygen instance deploy internal-dev-sandbox $INSTANCE specification/hello-world.yaml --no-confirm | |
- name: Run Internal Dev Sandbox tests | |
run: | | |
export ENVIRONMENT="internal-dev-sandbox" | |
export SPEC_HASH=$(proxygen instance list | grep $INSTANCE | grep $ENVIRONMENT | tr -s ' ' | cut -d ' ' -f4) | |
make test | |
- name: Deploy to Internal QA Sandbox | |
run: | | |
proxygen instance deploy internal-qa-sandbox $INSTANCE specification/hello-world.yaml --no-confirm | |
- name: Run Internal QA Sandbox tests | |
run: | | |
export ENVIRONMENT="internal-qa-sandbox" | |
export SPEC_HASH=$(proxygen instance list | grep $INSTANCE | grep $ENVIRONMENT | tr -s ' ' | cut -d ' ' -f4) | |
make test | |
- name: Deploy to Sandbox | |
if: github.ref == 'refs/heads/master' | |
run: | | |
proxygen instance deploy sandbox $INSTANCE specification/hello-world.yaml --no-confirm | |
# TO DO - Run Sandbox smoke tests. Cannot use test-utils 2.0 currently |