Skip to content

Merge pull request #30 from Code-dot-mil/hshah-mitre-patch-1 #194

Merge pull request #30 from Code-dot-mil/hshah-mitre-patch-1

Merge pull request #30 from Code-dot-mil/hshah-mitre-patch-1 #194

Workflow file for this run

name: CI/CD Pipeline
on:
push:
branches:
- main
- "*"
pull_request:
types: [opened, ready_for_review, synchronize]
permissions:
contents: read # This is required for actions/checkout
pull-requests: write
id-token: write # This is required requesting the JWT
jobs:
auto_assign:
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v1.7.0
with:
role-to-assume: arn:aws:iam::677043464939:role/GitHubAction-AssumeRoleWithAction
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ secrets.AWS_REGION }}
# Hello from AWS: WhoAmI
- name: Sts GetCallerIdentity
run: |
aws sts get-caller-identity
- name: Print repo structure
run: |
pwd
ls -al
ls -al .github || echo ".github directory does not exist"
cat .github/auto_assign.yml || echo "No .github/auto_assign.yml found"
- name: Print working directory and files
run: |
pwd
ls -al .github
cat .github/auto_assign.yml || echo "No auto_assign.yml found"
- uses: actions/checkout@v3
- name: Assign assignee via GitHub API
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
curl -X POST \
-H "Authorization: token $GITHUB_TOKEN" \
-H "Accept: application/vnd.github+json" \
https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/assignees \
-d "{\"assignees\":[\"${{ github.actor }}\"]}"
# Add a comment with the S3 preview link
PR_NUMBER=${{ github.event.pull_request.number }}
COMMENT="Preview your changes at: http://${{ secrets.S3_BUCKET_NAME }}/mergeRequest/${PR_NUMBER}/index.html"
curl -X POST \
-H "Authorization: token $GITHUB_TOKEN" \
-H "Accept: application/vnd.github+json" \
-d "{\"body\": \"$COMMENT\"}" \
https://api.github.com/repos/${{ github.repository }}/issues/${PR_NUMBER}/comments
- name: Assign team reviewer via GitHub API
env:
ORG_PAT: ${{ secrets.ORG_PAT }}
run: |
curl -X POST \
-H "Authorization: token $ORG_PAT" \
-H "Accept: application/vnd.github+json" \
-H "Content-Type: application/json" \
-d '{"team_reviewers":["ai4sdlc-reviewers"]}' \
https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/requested_reviewers
# Build stage - converting md file to html using MkDocs
convert_md_to_html:
runs-on: ubuntu-latest
if: github.ref != 'refs/heads/main' # Run for non-main branches
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: 3.12
- name: Install MkDocs and dependencies
run: |
pip install mkdocs mkdocs-material
- name: Build project with MkDocs
run: |
echo "Building your project..."
mkdocs build
echo "pwd in build project with MKDocs"
pwd
- name: Debug MkDocs Build Output
run: |
echo "Contents of site directory:"
ls -l site
- name: Save artifacts
uses: actions/upload-artifact@v4
with:
name: site
path: site
# Deployment to test folder in S3 bucket
deploy_to_test:
needs: convert_md_to_html
runs-on: ubuntu-latest
if: github.event_name == 'pull_request' && github.ref != 'refs/heads/main' # Run for non-main branches
steps:
- name: Checkout code
uses: actions/checkout@v3
#- name: Get PR number from GitHub API
# id: pr
# run: |
# PR_API_URL="https://api.github.com/repos/${GITHUB_REPOSITORY}/commits/${GITHUB_SHA}/pulls"
# PR_NUMBER=$(curl -s -H "Accept: application/vnd.github.groot-preview+json" \
# -H "Authorization: Bearer $GITHUB_TOKEN" \
# $PR_API_URL | jq '.[0].number')
# echo "pr_number=$PR_NUMBER"
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: site
path: site
#- name: Configure AWS credentials
# uses: aws-actions/configure-aws-credentials@v4
# with:
# aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
# aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# aws-region: us-east-1 # change if needed
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v1.7.0
with:
role-to-assume: arn:aws:iam::677043464939:role/GitHubAction-AssumeRoleWithAction
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ secrets.AWS_REGION }}
- name: Deploy to Test Environment
env:
S3_BUCKET_NAME: ${{ secrets.S3_BUCKET_NAME }}
PR_NUMBER: ${{ github.event.pull_request.number }}
#GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
#PR_API_URL="https://api.github.com/repos/${GITHUB_REPOSITORY}/commits/${GITHUB_SHA}/pulls"
#PR_NUMBER=$(curl -s -H "Accept: application/vnd.github.groot-preview+json" \
# -H "Authorization: Bearer $GITHUB_TOKEN" \
# $PR_API_URL | jq '.[0].number')
echo "pr_number while deploying =$PR_NUMBER"
pwd
aws s3 ls
aws s3 sync site/ s3://$S3_BUCKET_NAME/test
aws s3 sync site/ s3://$S3_BUCKET_NAME/mergeRequest/$PR_NUMBER
# Deployment to production folder in S3 bucket
deploy_to_production:
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main' # Run for main branch
steps:
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v1.7.0
with:
role-to-assume: arn:aws:iam::677043464939:role/GitHubAction-AssumeRoleWithAction
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ secrets.AWS_REGION }}
- name: Get PR number from GitHub API
id: pr
run: |
echo "Before pr_number=$PR_NUMBER"
PR_API_URL="https://api.github.com/repos/${GITHUB_REPOSITORY}/commits/${GITHUB_SHA}/pulls"
PR_NUMBER=$(curl -s -H "Accept: application/vnd.github.groot-preview+json" \
-H "Authorization: Bearer $GITHUB_TOKEN" \
$PR_API_URL | jq '.[0].number')
echo "after pr_number=$PR_NUMBER"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Deploy to Production Environment
env:
S3_BUCKET_NAME: ${{ secrets.S3_BUCKET_NAME }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
echo "inside pr_number=$PR_NUMBER"
echo "Before pr_number=$PR_NUMBER"
PR_API_URL="https://api.github.com/repos/${GITHUB_REPOSITORY}/commits/${GITHUB_SHA}/pulls"
PR_NUMBER=$(curl -s -H "Accept: application/vnd.github.groot-preview+json" \
-H "Authorization: Bearer $GITHUB_TOKEN" \
$PR_API_URL | jq '.[0].number')
echo "after pr_number=$PR_NUMBER"
aws s3 sync s3://$S3_BUCKET_NAME/mergeRequest/$PR_NUMBER s3://$S3_BUCKET_NAME/production/