diff --git a/.github/workflows/deploy-to-aws-test-uv.yml b/.github/workflows/deploy-to-aws-test-uv.yml new file mode 100644 index 0000000..ec4ee5c --- /dev/null +++ b/.github/workflows/deploy-to-aws-test-uv.yml @@ -0,0 +1,29 @@ +# A test workflow to check that the deploy-to-aws-uv workflow works +name: deploy-to-aws-uv test workflow + +on: + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + # schedules this to run weekly + # schedule: + # - cron: '5 3 * * 0' # At 03:05 on Sunday + push: + branches: [main] + pull_request: + branches: [main] + +jobs: + call-test-workflow: + strategy: + matrix: + node-pkg-manager: [npm, yarn2] + uses: ./.github/workflows/deploy-to-aws-uv.yml + with: + python-version: "3.12" + node-version: 22.22.1 + working-directory: samplePythonProjectUv + aws-login: false + smoketest-query: 'query Query {country(code: "NZ") {capital}}' + smoketest-expected: 'Wellington' + node-pkg-manager: ${{ matrix.node-pkg-manager }} + secrets: inherit diff --git a/.github/workflows/deploy-to-aws-uv.yml b/.github/workflows/deploy-to-aws-uv.yml new file mode 100644 index 0000000..e2e11cc --- /dev/null +++ b/.github/workflows/deploy-to-aws-uv.yml @@ -0,0 +1,208 @@ +name: Deploy to AWS (uv) + +# Reusable workflow for Python projects deploy to AWS (uv variant) +# supports `npm` or `yarn2` package manager ($PakMan) +# Deploys with `$PakMan run-script deploy` +# Any environment variables required to run `$PakMan run-script deploy` must be specified in the AWS_PROD or AWS_TEST environments or at repo level. +# If using serverless v4, please specify the secret `SERVERLESS_ACCESS_KEY` + + +# required secrets: +# - AWS_ACCESS_KEY_ID +# - AWS_SECRET_ACCESS_KEY + +# supported secrets for deployment step: +# - NZSHM22_KORORAA_API_KEY +# - NZSHM22_TOSHI_API_KEY +# - NZSHM22_NSHM_MODEL_API_KEY +# - NZSHM22_SOLVIS_API_KEY +# - NZSHM22_HAZARD_API_KEY +# - SERVERLESS_ACCESS_KEY + +# supported vars for deployment step: +# - NZSHM22_KORORAA_API_URL +# - NZSHM22_TOSHI_API_URL +# - NZSHM22_NSHM_MODEL_API_URL +# - NZSHM22_SOLVIS_API_URL +# - NZSHM22_HAZARD_API_URL +# - ES_HOST (Elastic search specified as an environment variable) + +on: + workflow_call: + inputs: + python-version: + description: The Python version to use. If set to "None", no python features are installed. + required: true + type: string + default: '3.11' + uv-version: + description: The uv version to use + required: false + type: string + default: 'latest' + operating-system: + description: The operating system to use + required: false + type: string + default: 'ubuntu-latest' + node-version: + description: The Node version to use + required: false + type: string + default: '22' + environment: + description: If true, will use AWS_PROD or AWS_TEST environments + required: false + type: boolean + default: false + node-pkg-manager: + description: The node package manager to use, either `npm` or `yarn2` + required: true + type: string + default: 'npm' + docker: + description: If true, prerequisites for a docker deployment are run + required: false + type: boolean + default: false + working-directory: + description: The working directory + required: false + type: string + default: . + aws-login: + description: whether to log in to AWS. Should only be false for testing + required: false + type: boolean + default: true + smoketest-url-prod: + description: Used to overwrite the internal URL for smoke tests + required: false + type: string + smoketest-url-test: + description: Used to overwrite the internal URL for smoke tests + required: false + type: string + smoketest-query: + description: A GraphQL query to sendto the deployed API as a smoke test + required: false + type: string + default: "query {about}" + smoketest-expected: + description: A regex to be used for verifying the result of the smoketest + required: false + type: string + default: "data.*about.*Hello" + +jobs: + + deploy: + runs-on: ${{inputs.operating-system}} + defaults: + run: + shell: bash + working-directory: ${{ inputs.working-directory }} + environment: ${{ (inputs.environment && ((github.ref == 'refs/heads/main') && 'AWS_PROD' || 'AWS_TEST')) || '' }} + steps: + - uses: actions/checkout@v5 + + - name: Install uv and Python + if: ${{ inputs.python-version != 'None' }} + uses: astral-sh/setup-uv@v6 + with: + version: ${{ inputs.uv-version }} + python-version: ${{ inputs.python-version }} + enable-cache: true + cache-dependency-glob: ${{ inputs.working-directory }}/uv.lock + + - name: Ensure latest requirements.txt + if: ${{ inputs.docker && inputs.python-version != 'None' }} + run: | + uv export --no-hashes --format requirements-txt > requirements.txt + + - name: Use Node.js ${{ inputs.node-version }} + uses: actions/setup-node@v4 + with: + node-version: ${{ inputs.node-version }} + check-latest: true + registry-url: https://npm.pkg.github.com/ + scope: '@gns-science' + + - name: Setup NPM package manager, install and list dependencies + if: ${{ inputs.node-pkg-manager == 'npm' }} + run: | + npm install --location=global npm@latest + npm ci + npm ls + + - name: Setup Yarn2 package manager, install and list dependencies + if: ${{ inputs.node-pkg-manager == 'yarn2' }} + run: | + corepack enable + yarn set version berry + yarn install --immutable + yarn info + + - name: Configure AWS Credentials + if: ${{ inputs.aws-login }} + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID || secrets.AWS_TOSHI_ACCESS_KEY_ID}} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY || secrets.AWS_TOSHI_SECRET_ACCESS_KEY}} + aws-region: ap-southeast-2 + + - name: Login to ECR + if: ${{ inputs.docker }} + uses: docker/login-action@v3 + with: + registry: 461564345538.dkr.ecr.ap-southeast-2.amazonaws.com + + - name: Serverless Deploy (NPM) + env: + # secrets + NZSHM22_KORORAA_API_KEY: ${{ secrets.NZSHM22_KORORAA_API_KEY }} + NZSHM22_TOSHI_API_KEY: ${{ secrets.NZSHM22_TOSHI_API_KEY }} + NZSHM22_NSHM_MODEL_API_KEY: ${{ secrets.NZSHM22_NSHM_MODEL_API_KEY }} + NZSHM22_SOLVIS_API_KEY: ${{ secrets.NZSHM22_SOLVIS_API_KEY }} + NZSHM22_HAZARD_API_KEY: ${{ secrets.NZSHM22_HAZARD_API_KEY }} + SERVERLESS_ACCESS_KEY: ${{ secrets.SERVERLESS_ACCESS_KEY }} + # vars + NZSHM22_KORORAA_API_URL: ${{ vars.NZSHM22_KORORAA_API_URL }} + NZSHM22_TOSHI_API_URL: ${{ vars.NZSHM22_TOSHI_API_URL }} + NZSHM22_NSHM_MODEL_API_URL: ${{ vars.NZSHM22_NSHM_MODEL_API_URL }} + NZSHM22_SOLVIS_API_URL: ${{ vars.NZSHM22_SOLVIS_API_URL }} + NZSHM22_HAZARD_API_URL: ${{ vars.NZSHM22_HAZARD_API_URL }} + ES_HOST: ${{ vars.ES_HOST }} + + if: ${{ inputs.node-pkg-manager == 'npm' }} + run: | + STAGE=${{ (github.ref == 'refs/heads/main') && 'prod' || 'test'}} REGION=ap-southeast-2 npm run-script deploy 2>&1 | tee deploy.out + + - name: Serverless Deploy (Yarn2) + env: + # secrets + NZSHM22_KORORAA_API_KEY: ${{ secrets.NZSHM22_KORORAA_API_KEY }} + NZSHM22_TOSHI_API_KEY: ${{ secrets.NZSHM22_TOSHI_API_KEY }} + NZSHM22_NSHM_MODEL_API_KEY: ${{ secrets.NZSHM22_NSHM_MODEL_API_KEY }} + NZSHM22_SOLVIS_API_KEY: ${{ secrets.NZSHM22_SOLVIS_API_KEY }} + NZSHM22_HAZARD_API_KEY: ${{ secrets.NZSHM22_HAZARD_API_KEY }} + SERVERLESS_ACCESS_KEY: ${{ secrets.SERVERLESS_ACCESS_KEY }} + # vars + NZSHM22_KORORAA_API_URL: ${{ vars.NZSHM22_KORORAA_API_URL }} + NZSHM22_TOSHI_API_URL: ${{ vars.NZSHM22_TOSHI_API_URL }} + NZSHM22_NSHM_MODEL_API_URL: ${{ vars.NZSHM22_NSHM_MODEL_API_URL }} + NZSHM22_SOLVIS_API_URL: ${{ vars.NZSHM22_SOLVIS_API_URL }} + NZSHM22_HAZARD_API_URL: ${{ vars.NZSHM22_HAZARD_API_URL }} + ES_HOST: ${{ vars.ES_HOST }} + + if: ${{ inputs.node-pkg-manager == 'yarn2' }} + run: | + STAGE=${{ (github.ref == 'refs/heads/main') && 'prod' || 'test'}} REGION=ap-southeast-2 yarn run deploy 2>&1 | tee deploy.out + + - name: Smoke Test + uses: GNS-Science/nshm-github-actions/.github/actions/apiSmokeTest@main + with: + query: ${{ inputs.smoketest-query }} + expected-regex: ${{ inputs.smoketest-expected }} + working-directory: ${{ inputs.working-directory}} + url: ${{ (github.ref == 'refs/heads/main') && inputs.smoketest-url-prod || inputs.smoketest-url-test }} diff --git a/.github/workflows/deploy-to-aws.yml b/.github/workflows/deploy-to-aws.yml index fdfcf7e..6d751bf 100644 --- a/.github/workflows/deploy-to-aws.yml +++ b/.github/workflows/deploy-to-aws.yml @@ -119,7 +119,7 @@ jobs: run: | poetry self add poetry-plugin-export - - name: Ensure latest requiremments.txt + - name: Ensure latest requirements.txt if: ${{ inputs.docker && inputs.python-version != 'None'}} run: | poetry export --without-hashes --format=requirements.txt > requirements.txt diff --git a/samplePythonProject/package.json b/samplePythonProject/package.json index c6f939f..211c51a 100644 --- a/samplePythonProject/package.json +++ b/samplePythonProject/package.json @@ -5,6 +5,5 @@ "scripts": { "deploy": "poetry run python deploy_check.py --stage ${STAGE} --region ${REGION}" }, - "dependencies": {}, - "devDependencies": {} -} \ No newline at end of file + "packageManager": "yarn@4.14.1" +} diff --git a/samplePythonProject/yarn.lock b/samplePythonProject/yarn.lock index 045245b..5bad5b6 100644 --- a/samplePythonProject/yarn.lock +++ b/samplePythonProject/yarn.lock @@ -2,7 +2,7 @@ # Manual changes might be lost - proceed with caution! __metadata: - version: 8 + version: 9 cacheKey: 10c0 "samplepythonproject@workspace:.": diff --git a/samplePythonProjectUv/deploy_check.py b/samplePythonProjectUv/deploy_check.py new file mode 100644 index 0000000..29dc6f1 --- /dev/null +++ b/samplePythonProjectUv/deploy_check.py @@ -0,0 +1,34 @@ +import sys +# import os + +# for name, value in os.environ.items(): +# print("{0}: {1}".format(name, value)) + +stage = sys.argv[2] +region = sys.argv[4] + +if stage != "prod" and stage != "test": + print("unexpected stage: " + stage) + sys.exit(1) + +if region != "ap-southeast-2": + print("unexpected region: " + region) + sys.exit(1) + +print( + + """> nshm-model-graphql-api@0.3.0 deploy +> serverless deploy --stage + + +api keys: + TempApiKey-nzshm22-model-graphql-api-test: the-totally-real-api-key Api key until we have an auth function +endpoints: + OPTIONS - https://countries.trevorblades.com/graphql + POST - https://fu7kuwh.execute-api.ap-southeast-2.amazonaws.com/test/graphql + GET - https://fu7kuwh.execute-api.ap-southeast-2.amazonaws.com/test/graphql + GET - https://fu7kuwh.execute-api.ap-southeast-2.amazonaws.com/test/graphql/{proxy+} + GET - https://fu7kuwh.execute-api.ap-southeast-2.amazonaws.com/test/static/{proxy+} +functions: + app: nzshm22-model-graphql-api-test-app (18 MB)""" +) diff --git a/samplePythonProjectUv/package-lock.json b/samplePythonProjectUv/package-lock.json new file mode 100644 index 0000000..bf1bd12 --- /dev/null +++ b/samplePythonProjectUv/package-lock.json @@ -0,0 +1,13 @@ +{ + "name": "samplepythonprojectuv", + "version": "0.0.1", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "samplepythonprojectuv", + "version": "0.0.1", + "devDependencies": {} + } + } +} diff --git a/samplePythonProjectUv/package.json b/samplePythonProjectUv/package.json new file mode 100644 index 0000000..3902c8f --- /dev/null +++ b/samplePythonProjectUv/package.json @@ -0,0 +1,9 @@ +{ + "name": "samplepythonprojectuv", + "version": "0.0.1", + "description": "Used for testing workflows (uv variant).", + "scripts": { + "deploy": "uv run python deploy_check.py --stage ${STAGE} --region ${REGION}" + }, + "packageManager": "yarn@4.14.1" +} diff --git a/samplePythonProjectUv/yarn.lock b/samplePythonProjectUv/yarn.lock new file mode 100644 index 0000000..9c66dff --- /dev/null +++ b/samplePythonProjectUv/yarn.lock @@ -0,0 +1,12 @@ +# This file is generated by running "yarn install" inside your project. +# Manual changes might be lost - proceed with caution! + +__metadata: + version: 9 + cacheKey: 10c0 + +"samplepythonprojectuv@workspace:.": + version: 0.0.0-use.local + resolution: "samplepythonprojectuv@workspace:." + languageName: unknown + linkType: soft