mirror of
https://github.com/Hestia-Homes/Model.git
synced 2026-06-30 13:10:47 +00:00
ci: disable integration/deploy/protect workflows (Actions minutes)
Comment out the remaining workflows to cut GitHub Actions usage, per request: - integration_tests.yml — rebaselining integration suite (PRs to main) - deploy_fastapi_backend.yml — FastAPI backend deploy (push to dev/prod); deploys must be run manually via `sls deploy` while disabled - protect_releases.yml — main→dev PR-source guardrail Fully commented (not deleted) so each restores by uncommenting. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
f2ace566c3
commit
c49682658a
3 changed files with 231 additions and 222 deletions
343
.github/workflows/deploy_fastapi_backend.yml
vendored
343
.github/workflows/deploy_fastapi_backend.yml
vendored
|
|
@ -1,170 +1,173 @@
|
|||
name: Fast Api Backend Deploy
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ dev, prod ]
|
||||
|
||||
jobs:
|
||||
deploy:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v3
|
||||
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v2
|
||||
with:
|
||||
python-version: 3.10.12
|
||||
|
||||
- name: Install Serverless and plugins
|
||||
run: |
|
||||
npm install -g serverless@^3.38.0
|
||||
npm install -g serverless-domain-manager@^7.3.8
|
||||
npm install -g serverless-python-requirements
|
||||
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
python -m pip install --upgrade pip
|
||||
|
||||
- name: AWS credentials for dev
|
||||
if: github.ref == 'refs/heads/dev'
|
||||
uses: aws-actions/configure-aws-credentials@v1
|
||||
with:
|
||||
aws-access-key-id: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
|
||||
aws-secret-access-key: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
|
||||
aws-region: eu-west-2
|
||||
|
||||
- name: AWS credentials for prod
|
||||
if: github.ref == 'refs/heads/prod'
|
||||
uses: aws-actions/configure-aws-credentials@v1
|
||||
with:
|
||||
aws-access-key-id: ${{ secrets.PROD_AWS_ACCESS_KEY_ID }}
|
||||
aws-secret-access-key: ${{ secrets.PROD_AWS_SECRET_ACCESS_KEY }}
|
||||
aws-region: eu-west-2
|
||||
|
||||
- name: Set domain name
|
||||
id: set_domain
|
||||
run: echo "::set-output name=domain::${{ secrets[format('{0}_DOMAIN_NAME', github.ref_name)] }}"
|
||||
|
||||
- name: Set EPC auth token
|
||||
id: set_auth_token
|
||||
run: echo "::set-output name=auth_token::${{ secrets[format('{0}_EPC_AUTH_TOKEN', github.ref_name)] }}"
|
||||
|
||||
- name: Set Open EPC API token
|
||||
id: set_open_epc_token
|
||||
run: echo "::set-output name=open_epc_token::${{ secrets[format('{0}_OPEN_EPC_API_TOKEN', github.ref_name)] }}"
|
||||
|
||||
# Store port, name and host in github secrets
|
||||
- name: Set DB credentials
|
||||
id: set_db_credentials
|
||||
run: |
|
||||
echo "::set-output name=db_host::${{ secrets[format('{0}_DB_HOST', github.ref_name)] }}"
|
||||
echo "::set-output name=db_port::${{ secrets[format('{0}_DB_PORT', github.ref_name)] }}"
|
||||
echo "::set-output name=db_name::${{ secrets[format('{0}_DB_NAME', github.ref_name)] }}"
|
||||
|
||||
- name: Set ECR credentials
|
||||
id: set_ecr_credentials
|
||||
run: |
|
||||
echo "::set-output name=ecr_uri::${{ secrets[format('{0}_ECR_URI', github.ref_name)] }}"
|
||||
|
||||
- name: Set Secrets
|
||||
id: set_api_secrets
|
||||
run: |
|
||||
echo "::set-output name=sap_predictions_bucket::${{ secrets[format('{0}_SAP_PREDICTIONS_BUCKET', github.ref_name)] }}"
|
||||
echo "::set-output name=carbon_predictions_bucket::${{ secrets[format('{0}_CARBON_PREDICTIONS_BUCKET', github.ref_name)] }}"
|
||||
echo "::set-output name=heat_predictions_bucket::${{ secrets[format('{0}_HEAT_PREDICTIONS_BUCKET', github.ref_name)] }}"
|
||||
echo "::set-output name=lighting_cost_predictions_bucket::${{ secrets[format('{0}_LIGHTING_COST_PREDICTIONS_BUCKET', github.ref_name)] }}"
|
||||
echo "::set-output name=heating_cost_predictions_bucket::${{ secrets[format('{0}_HEATING_COST_PREDICTIONS_BUCKET', github.ref_name)] }}"
|
||||
echo "::set-output name=hot_water_cost_predictions_bucket::${{ secrets[format('{0}_HOT_WATER_COST_PREDICTIONS_BUCKET', github.ref_name)] }}"
|
||||
echo "::set-output name=heating_kwh_predictions_bucket::${{ secrets[format('{0}_HEATING_KWH_PREDICTIONS_BUCKET', github.ref_name)] }}"
|
||||
echo "::set-output name=hotwater_kwh_predictions_bucket::${{ secrets[format('{0}_HOTWATER_KWH_PREDICTIONS_BUCKET', github.ref_name)] }}"
|
||||
echo "::set-output name=energy_asessments_bucket::${{ secrets[format('{0}_ENERGY_ASSESSMENTS_BUCKET', github.ref_name)] }}"
|
||||
echo "::set-output name=google_solar_api_key::${{ secrets[format('{0}_GOOGLE_SOLAR_API_KEY', github.ref_name)] }}"
|
||||
echo "::set-output name=sap_baseline_predictions_bucket::${{ secrets[format('{0}_SAP_BASELINE_PREDICTIONS_BUCKET', github.ref_name)] }}"
|
||||
echo "::set-output name=carbon_baseline_predictions_bucket::${{ secrets[format('{0}_CARBON_BASELINE_PREDICTIONS_BUCKET', github.ref_name)] }}"
|
||||
echo "::set-output name=heat_baseline_predictions_bucket::${{ secrets[format('{0}_HEAT_BASELINE_PREDICTIONS_BUCKET', github.ref_name)] }}"
|
||||
|
||||
- name: Setup Docker
|
||||
uses: docker/setup-buildx-action@v1
|
||||
|
||||
# - name: Setup Docker Buildx
|
||||
# run: |
|
||||
# docker buildx create --use
|
||||
|
||||
- name: Build Docker Image For Engine
|
||||
run: |
|
||||
docker buildx build \
|
||||
--platform linux/amd64 \
|
||||
--provenance=false \
|
||||
--output=type=docker \
|
||||
-t fastapi-lambda-image:${{ github.sha }} \
|
||||
-f backend/docker/engine.Dockerfile \
|
||||
.
|
||||
|
||||
- name: Login to ECR
|
||||
run: |
|
||||
aws ecr get-login-password --region eu-west-2 | docker login --username AWS --password-stdin ${{ steps.set_ecr_credentials.outputs.ecr_uri }}
|
||||
|
||||
- name: Tag and Push Docker Image to ECR
|
||||
run: |
|
||||
docker tag fastapi-lambda-image:${{ github.sha }} ${{ steps.set_ecr_credentials.outputs.ecr_uri }}:${{ github.sha }}
|
||||
docker push ${{ steps.set_ecr_credentials.outputs.ecr_uri }}:${{ github.sha }}
|
||||
|
||||
- name: Deploy to AWS Lambda via Serverless
|
||||
env:
|
||||
API_KEY: ${{ secrets.FASTAPI_API_KEY }}
|
||||
ENVIRONMENT: ${{ github.ref_name }}
|
||||
SECRET_KEY: ${{ secrets.NEXTAUTH_SECRET }}
|
||||
PLAN_TRIGGER_BUCKET: 'retrofit-plan-inputs-${{ github.ref_name }}'
|
||||
DATA_BUCKET: 'retrofit-data-${{ github.ref_name }}'
|
||||
PREDICTIONS_BUCKET: 'retrofit-sap-predictions-${{ github.ref_name }}'
|
||||
SAP_PREDICTIONS_BUCKET: ${{ steps.set_api_secrets.outputs.sap_predictions_bucket }}
|
||||
CARBON_PREDICTIONS_BUCKET: ${{ steps.set_api_secrets.outputs.carbon_predictions_bucket }}
|
||||
HEAT_PREDICTIONS_BUCKET: ${{ steps.set_api_secrets.outputs.heat_predictions_bucket }}
|
||||
LIGHTING_COST_PREDICTIONS_BUCKET: ${{ steps.set_api_secrets.outputs.lighting_cost_predictions_bucket }}
|
||||
HEATING_COST_PREDICTIONS_BUCKET: ${{ steps.set_api_secrets.outputs.heating_cost_predictions_bucket }}
|
||||
HOT_WATER_COST_PREDICTIONS_BUCKET: ${{ steps.set_api_secrets.outputs.hot_water_cost_predictions_bucket }}
|
||||
HEATING_KWH_PREDICTIONS_BUCKET: ${{ steps.set_api_secrets.outputs.heating_kwh_predictions_bucket }}
|
||||
HOTWATER_KWH_PREDICTIONS_BUCKET: ${{ steps.set_api_secrets.outputs.hotwater_kwh_predictions_bucket }}
|
||||
ENERGY_ASSESSMENTS_BUCKET: ${{ steps.set_api_secrets.outputs.energy_asessments_bucket }}
|
||||
GOOGLE_SOLAR_API_KEY: ${{ steps.set_api_secrets.outputs.google_solar_api_key }}
|
||||
DOMAIN_NAME: ${{ steps.set_domain.outputs.domain }}
|
||||
EPC_AUTH_TOKEN: ${{ steps.set_auth_token.outputs.auth_token }}
|
||||
OPEN_EPC_API_TOKEN: ${{ steps.set_open_epc_token.outputs.open_epc_token }}
|
||||
DB_HOST: ${{ steps.set_db_credentials.outputs.db_host }}
|
||||
DB_PORT: ${{ steps.set_db_credentials.outputs.db_port }}
|
||||
DB_NAME: ${{ steps.set_db_credentials.outputs.db_name }}
|
||||
ECR_URI: ${{ steps.set_ecr_credentials.outputs.ecr_uri }}
|
||||
GITHUB_SHA: ${{ github.sha }}
|
||||
SAP_BASELINE_PREDICTIONS_BUCKET: ${{ steps.set_api_secrets.outputs.sap_baseline_predictions_bucket }}
|
||||
CARBON_BASELINE_PREDICTIONS_BUCKET: ${{ steps.set_api_secrets.outputs.carbon_baseline_predictions_bucket }}
|
||||
HEAT_BASELINE_PREDICTIONS_BUCKET: ${{ steps.set_api_secrets.outputs.heat_baseline_predictions_bucket }}
|
||||
run: |
|
||||
# Fetch database credentials from AWS Secrets Manager
|
||||
SECRET_VALUE=$(aws secretsmanager get-secret-value --secret-id ${{ github.ref_name }}/assessment_model/db_credentials --query SecretString)
|
||||
DB_USERNAME=$(echo "$SECRET_VALUE" | jq -r '. | fromjson | .db_assessment_model_username')
|
||||
DB_PASSWORD=$(echo "$SECRET_VALUE" | jq -r '. | fromjson | .db_assessment_model_password')
|
||||
|
||||
# Set the database credentials as environment variables
|
||||
export DB_USERNAME
|
||||
export DB_PASSWORD
|
||||
|
||||
# Deploy to AWS Lambda via Serverless
|
||||
sls deploy --stage ${{ github.ref_name }} --verbose
|
||||
|
||||
- name: Smoke test deployed /health
|
||||
env:
|
||||
EXPECTED_SHA: ${{ github.sha }}
|
||||
HEALTH_URL: https://api.${{ steps.set_domain.outputs.domain }}/health
|
||||
run: |
|
||||
set -euo pipefail
|
||||
echo "Probing $HEALTH_URL"
|
||||
RESPONSE=$(curl -fsSL --max-time 30 --retry 3 --retry-delay 5 --retry-connrefused "$HEALTH_URL")
|
||||
echo "Response: $RESPONSE"
|
||||
ACTUAL_SHA=$(echo "$RESPONSE" | jq -r '.sha')
|
||||
if [[ "$ACTUAL_SHA" != "$EXPECTED_SHA" ]]; then
|
||||
echo "::error::SHA mismatch. expected=$EXPECTED_SHA actual=$ACTUAL_SHA"
|
||||
exit 1
|
||||
fi
|
||||
echo "Health check passed. sha=$ACTUAL_SHA"
|
||||
# Temporarily disabled — the FastAPI backend deploy pipeline (deploys must be run manually via `sls deploy` while disabled).
|
||||
# Commented out to cut GitHub Actions minutes; uncomment to re-enable.
|
||||
#
|
||||
# name: Fast Api Backend Deploy
|
||||
#
|
||||
# on:
|
||||
# push:
|
||||
# branches: [ dev, prod ]
|
||||
#
|
||||
# jobs:
|
||||
# deploy:
|
||||
# runs-on: ubuntu-latest
|
||||
#
|
||||
# steps:
|
||||
# - name: Checkout code
|
||||
# uses: actions/checkout@v3
|
||||
#
|
||||
# - name: Set up Python
|
||||
# uses: actions/setup-python@v2
|
||||
# with:
|
||||
# python-version: 3.10.12
|
||||
#
|
||||
# - name: Install Serverless and plugins
|
||||
# run: |
|
||||
# npm install -g serverless@^3.38.0
|
||||
# npm install -g serverless-domain-manager@^7.3.8
|
||||
# npm install -g serverless-python-requirements
|
||||
#
|
||||
# - name: Install dependencies
|
||||
# run: |
|
||||
# python -m pip install --upgrade pip
|
||||
#
|
||||
# - name: AWS credentials for dev
|
||||
# if: github.ref == 'refs/heads/dev'
|
||||
# uses: aws-actions/configure-aws-credentials@v1
|
||||
# with:
|
||||
# aws-access-key-id: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
|
||||
# aws-secret-access-key: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
|
||||
# aws-region: eu-west-2
|
||||
#
|
||||
# - name: AWS credentials for prod
|
||||
# if: github.ref == 'refs/heads/prod'
|
||||
# uses: aws-actions/configure-aws-credentials@v1
|
||||
# with:
|
||||
# aws-access-key-id: ${{ secrets.PROD_AWS_ACCESS_KEY_ID }}
|
||||
# aws-secret-access-key: ${{ secrets.PROD_AWS_SECRET_ACCESS_KEY }}
|
||||
# aws-region: eu-west-2
|
||||
#
|
||||
# - name: Set domain name
|
||||
# id: set_domain
|
||||
# run: echo "::set-output name=domain::${{ secrets[format('{0}_DOMAIN_NAME', github.ref_name)] }}"
|
||||
#
|
||||
# - name: Set EPC auth token
|
||||
# id: set_auth_token
|
||||
# run: echo "::set-output name=auth_token::${{ secrets[format('{0}_EPC_AUTH_TOKEN', github.ref_name)] }}"
|
||||
#
|
||||
# - name: Set Open EPC API token
|
||||
# id: set_open_epc_token
|
||||
# run: echo "::set-output name=open_epc_token::${{ secrets[format('{0}_OPEN_EPC_API_TOKEN', github.ref_name)] }}"
|
||||
#
|
||||
# # Store port, name and host in github secrets
|
||||
# - name: Set DB credentials
|
||||
# id: set_db_credentials
|
||||
# run: |
|
||||
# echo "::set-output name=db_host::${{ secrets[format('{0}_DB_HOST', github.ref_name)] }}"
|
||||
# echo "::set-output name=db_port::${{ secrets[format('{0}_DB_PORT', github.ref_name)] }}"
|
||||
# echo "::set-output name=db_name::${{ secrets[format('{0}_DB_NAME', github.ref_name)] }}"
|
||||
#
|
||||
# - name: Set ECR credentials
|
||||
# id: set_ecr_credentials
|
||||
# run: |
|
||||
# echo "::set-output name=ecr_uri::${{ secrets[format('{0}_ECR_URI', github.ref_name)] }}"
|
||||
#
|
||||
# - name: Set Secrets
|
||||
# id: set_api_secrets
|
||||
# run: |
|
||||
# echo "::set-output name=sap_predictions_bucket::${{ secrets[format('{0}_SAP_PREDICTIONS_BUCKET', github.ref_name)] }}"
|
||||
# echo "::set-output name=carbon_predictions_bucket::${{ secrets[format('{0}_CARBON_PREDICTIONS_BUCKET', github.ref_name)] }}"
|
||||
# echo "::set-output name=heat_predictions_bucket::${{ secrets[format('{0}_HEAT_PREDICTIONS_BUCKET', github.ref_name)] }}"
|
||||
# echo "::set-output name=lighting_cost_predictions_bucket::${{ secrets[format('{0}_LIGHTING_COST_PREDICTIONS_BUCKET', github.ref_name)] }}"
|
||||
# echo "::set-output name=heating_cost_predictions_bucket::${{ secrets[format('{0}_HEATING_COST_PREDICTIONS_BUCKET', github.ref_name)] }}"
|
||||
# echo "::set-output name=hot_water_cost_predictions_bucket::${{ secrets[format('{0}_HOT_WATER_COST_PREDICTIONS_BUCKET', github.ref_name)] }}"
|
||||
# echo "::set-output name=heating_kwh_predictions_bucket::${{ secrets[format('{0}_HEATING_KWH_PREDICTIONS_BUCKET', github.ref_name)] }}"
|
||||
# echo "::set-output name=hotwater_kwh_predictions_bucket::${{ secrets[format('{0}_HOTWATER_KWH_PREDICTIONS_BUCKET', github.ref_name)] }}"
|
||||
# echo "::set-output name=energy_asessments_bucket::${{ secrets[format('{0}_ENERGY_ASSESSMENTS_BUCKET', github.ref_name)] }}"
|
||||
# echo "::set-output name=google_solar_api_key::${{ secrets[format('{0}_GOOGLE_SOLAR_API_KEY', github.ref_name)] }}"
|
||||
# echo "::set-output name=sap_baseline_predictions_bucket::${{ secrets[format('{0}_SAP_BASELINE_PREDICTIONS_BUCKET', github.ref_name)] }}"
|
||||
# echo "::set-output name=carbon_baseline_predictions_bucket::${{ secrets[format('{0}_CARBON_BASELINE_PREDICTIONS_BUCKET', github.ref_name)] }}"
|
||||
# echo "::set-output name=heat_baseline_predictions_bucket::${{ secrets[format('{0}_HEAT_BASELINE_PREDICTIONS_BUCKET', github.ref_name)] }}"
|
||||
#
|
||||
# - name: Setup Docker
|
||||
# uses: docker/setup-buildx-action@v1
|
||||
#
|
||||
# # - name: Setup Docker Buildx
|
||||
# # run: |
|
||||
# # docker buildx create --use
|
||||
#
|
||||
# - name: Build Docker Image For Engine
|
||||
# run: |
|
||||
# docker buildx build \
|
||||
# --platform linux/amd64 \
|
||||
# --provenance=false \
|
||||
# --output=type=docker \
|
||||
# -t fastapi-lambda-image:${{ github.sha }} \
|
||||
# -f backend/docker/engine.Dockerfile \
|
||||
# .
|
||||
#
|
||||
# - name: Login to ECR
|
||||
# run: |
|
||||
# aws ecr get-login-password --region eu-west-2 | docker login --username AWS --password-stdin ${{ steps.set_ecr_credentials.outputs.ecr_uri }}
|
||||
#
|
||||
# - name: Tag and Push Docker Image to ECR
|
||||
# run: |
|
||||
# docker tag fastapi-lambda-image:${{ github.sha }} ${{ steps.set_ecr_credentials.outputs.ecr_uri }}:${{ github.sha }}
|
||||
# docker push ${{ steps.set_ecr_credentials.outputs.ecr_uri }}:${{ github.sha }}
|
||||
#
|
||||
# - name: Deploy to AWS Lambda via Serverless
|
||||
# env:
|
||||
# API_KEY: ${{ secrets.FASTAPI_API_KEY }}
|
||||
# ENVIRONMENT: ${{ github.ref_name }}
|
||||
# SECRET_KEY: ${{ secrets.NEXTAUTH_SECRET }}
|
||||
# PLAN_TRIGGER_BUCKET: 'retrofit-plan-inputs-${{ github.ref_name }}'
|
||||
# DATA_BUCKET: 'retrofit-data-${{ github.ref_name }}'
|
||||
# PREDICTIONS_BUCKET: 'retrofit-sap-predictions-${{ github.ref_name }}'
|
||||
# SAP_PREDICTIONS_BUCKET: ${{ steps.set_api_secrets.outputs.sap_predictions_bucket }}
|
||||
# CARBON_PREDICTIONS_BUCKET: ${{ steps.set_api_secrets.outputs.carbon_predictions_bucket }}
|
||||
# HEAT_PREDICTIONS_BUCKET: ${{ steps.set_api_secrets.outputs.heat_predictions_bucket }}
|
||||
# LIGHTING_COST_PREDICTIONS_BUCKET: ${{ steps.set_api_secrets.outputs.lighting_cost_predictions_bucket }}
|
||||
# HEATING_COST_PREDICTIONS_BUCKET: ${{ steps.set_api_secrets.outputs.heating_cost_predictions_bucket }}
|
||||
# HOT_WATER_COST_PREDICTIONS_BUCKET: ${{ steps.set_api_secrets.outputs.hot_water_cost_predictions_bucket }}
|
||||
# HEATING_KWH_PREDICTIONS_BUCKET: ${{ steps.set_api_secrets.outputs.heating_kwh_predictions_bucket }}
|
||||
# HOTWATER_KWH_PREDICTIONS_BUCKET: ${{ steps.set_api_secrets.outputs.hotwater_kwh_predictions_bucket }}
|
||||
# ENERGY_ASSESSMENTS_BUCKET: ${{ steps.set_api_secrets.outputs.energy_asessments_bucket }}
|
||||
# GOOGLE_SOLAR_API_KEY: ${{ steps.set_api_secrets.outputs.google_solar_api_key }}
|
||||
# DOMAIN_NAME: ${{ steps.set_domain.outputs.domain }}
|
||||
# EPC_AUTH_TOKEN: ${{ steps.set_auth_token.outputs.auth_token }}
|
||||
# OPEN_EPC_API_TOKEN: ${{ steps.set_open_epc_token.outputs.open_epc_token }}
|
||||
# DB_HOST: ${{ steps.set_db_credentials.outputs.db_host }}
|
||||
# DB_PORT: ${{ steps.set_db_credentials.outputs.db_port }}
|
||||
# DB_NAME: ${{ steps.set_db_credentials.outputs.db_name }}
|
||||
# ECR_URI: ${{ steps.set_ecr_credentials.outputs.ecr_uri }}
|
||||
# GITHUB_SHA: ${{ github.sha }}
|
||||
# SAP_BASELINE_PREDICTIONS_BUCKET: ${{ steps.set_api_secrets.outputs.sap_baseline_predictions_bucket }}
|
||||
# CARBON_BASELINE_PREDICTIONS_BUCKET: ${{ steps.set_api_secrets.outputs.carbon_baseline_predictions_bucket }}
|
||||
# HEAT_BASELINE_PREDICTIONS_BUCKET: ${{ steps.set_api_secrets.outputs.heat_baseline_predictions_bucket }}
|
||||
# run: |
|
||||
# # Fetch database credentials from AWS Secrets Manager
|
||||
# SECRET_VALUE=$(aws secretsmanager get-secret-value --secret-id ${{ github.ref_name }}/assessment_model/db_credentials --query SecretString)
|
||||
# DB_USERNAME=$(echo "$SECRET_VALUE" | jq -r '. | fromjson | .db_assessment_model_username')
|
||||
# DB_PASSWORD=$(echo "$SECRET_VALUE" | jq -r '. | fromjson | .db_assessment_model_password')
|
||||
#
|
||||
# # Set the database credentials as environment variables
|
||||
# export DB_USERNAME
|
||||
# export DB_PASSWORD
|
||||
#
|
||||
# # Deploy to AWS Lambda via Serverless
|
||||
# sls deploy --stage ${{ github.ref_name }} --verbose
|
||||
#
|
||||
# - name: Smoke test deployed /health
|
||||
# env:
|
||||
# EXPECTED_SHA: ${{ github.sha }}
|
||||
# HEALTH_URL: https://api.${{ steps.set_domain.outputs.domain }}/health
|
||||
# run: |
|
||||
# set -euo pipefail
|
||||
# echo "Probing $HEALTH_URL"
|
||||
# RESPONSE=$(curl -fsSL --max-time 30 --retry 3 --retry-delay 5 --retry-connrefused "$HEALTH_URL")
|
||||
# echo "Response: $RESPONSE"
|
||||
# ACTUAL_SHA=$(echo "$RESPONSE" | jq -r '.sha')
|
||||
# if [[ "$ACTUAL_SHA" != "$EXPECTED_SHA" ]]; then
|
||||
# echo "::error::SHA mismatch. expected=$EXPECTED_SHA actual=$ACTUAL_SHA"
|
||||
# exit 1
|
||||
# fi
|
||||
# echo "Health check passed. sha=$ACTUAL_SHA"
|
||||
|
|
|
|||
73
.github/workflows/integration_tests.yml
vendored
73
.github/workflows/integration_tests.yml
vendored
|
|
@ -1,35 +1,38 @@
|
|||
name: Rebaselining Integration Test
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
branches:
|
||||
- main
|
||||
|
||||
jobs:
|
||||
rebaselining-integration-test:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Set up Python 3.11
|
||||
uses: actions/setup-python@v4
|
||||
with:
|
||||
python-version: '3.11'
|
||||
|
||||
- name: Install tox via Makefile
|
||||
run: |
|
||||
make setup
|
||||
|
||||
- name: Configure AWS credentials for dev
|
||||
uses: aws-actions/configure-aws-credentials@v1
|
||||
with:
|
||||
aws-access-key-id: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
|
||||
aws-secret-access-key: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
|
||||
aws-region: eu-west-2
|
||||
|
||||
- name: Run only rebaselining integration test
|
||||
env:
|
||||
EPC_AUTH_TOKEN: ${{ secrets.DEV_EPC_AUTH_TOKEN }}
|
||||
run: |
|
||||
make test ARGS="-m integration"
|
||||
# Temporarily disabled — the rebaselining integration suite.
|
||||
# Commented out to cut GitHub Actions minutes; uncomment to re-enable.
|
||||
#
|
||||
# name: Rebaselining Integration Test
|
||||
#
|
||||
# on:
|
||||
# pull_request:
|
||||
# branches:
|
||||
# - main
|
||||
#
|
||||
# jobs:
|
||||
# rebaselining-integration-test:
|
||||
# runs-on: ubuntu-latest
|
||||
# steps:
|
||||
# - name: Checkout code
|
||||
# uses: actions/checkout@v4
|
||||
#
|
||||
# - name: Set up Python 3.11
|
||||
# uses: actions/setup-python@v4
|
||||
# with:
|
||||
# python-version: '3.11'
|
||||
#
|
||||
# - name: Install tox via Makefile
|
||||
# run: |
|
||||
# make setup
|
||||
#
|
||||
# - name: Configure AWS credentials for dev
|
||||
# uses: aws-actions/configure-aws-credentials@v1
|
||||
# with:
|
||||
# aws-access-key-id: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
|
||||
# aws-secret-access-key: ${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}
|
||||
# aws-region: eu-west-2
|
||||
#
|
||||
# - name: Run only rebaselining integration test
|
||||
# env:
|
||||
# EPC_AUTH_TOKEN: ${{ secrets.DEV_EPC_AUTH_TOKEN }}
|
||||
# run: |
|
||||
# make test ARGS="-m integration"
|
||||
|
|
|
|||
37
.github/workflows/protect_releases.yml
vendored
37
.github/workflows/protect_releases.yml
vendored
|
|
@ -1,17 +1,20 @@
|
|||
name: Restrict PR source
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
branches:
|
||||
- dev
|
||||
|
||||
jobs:
|
||||
check-source-branch:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Fail if PR is not from main
|
||||
run: |
|
||||
if [[ "${{ github.head_ref }}" != "main" ]]; then
|
||||
echo "Only PRs from main are allowed into dev"
|
||||
exit 1
|
||||
fi
|
||||
# Temporarily disabled — the main→dev PR-source guardrail.
|
||||
# Commented out to cut GitHub Actions minutes; uncomment to re-enable.
|
||||
#
|
||||
# name: Restrict PR source
|
||||
#
|
||||
# on:
|
||||
# pull_request:
|
||||
# branches:
|
||||
# - dev
|
||||
#
|
||||
# jobs:
|
||||
# check-source-branch:
|
||||
# runs-on: ubuntu-latest
|
||||
# steps:
|
||||
# - name: Fail if PR is not from main
|
||||
# run: |
|
||||
# if [[ "${{ github.head_ref }}" != "main" ]]; then
|
||||
# echo "Only PRs from main are allowed into dev"
|
||||
# exit 1
|
||||
# fi
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue