Merge pull request #113 from silinternational/feature/gh-environments

use GitHub Actions environments

Author: briskt

.github/workflows/test-deploy-publish.yml

@@ -16,40 +16,44 @@ jobs:
     name: Tests
     runs-on: ubuntu-latest
     env:
-      AWS_REGION: ${{ vars.AWS_REGION }}
-      STG_AWS_ACCESS_KEY_ID: ${{ vars.STG_AWS_ACCESS_KEY_ID }}
-      STG_AWS_SECRET_ACCESS_KEY: ${{ secrets.STG_AWS_SECRET_ACCESS_KEY }}
-      PRD_AWS_ACCESS_KEY_ID: ${{ vars.PRD_AWS_ACCESS_KEY_ID }}
-      PRD_AWS_SECRET_ACCESS_KEY: ${{ secrets.PRD_AWS_SECRET_ACCESS_KEY }}
+      AWS_REGION: us-east-1
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
+
       - name: Test
-        run: docker compose -f actions-services.yml run --rm test ./scripts/test.sh
+        run: docker compose run app go test ./...
 
   lint:
     name: Lint and Vulnerability Scan
     runs-on: ubuntu-latest
     timeout-minutes: ${{ fromJSON(vars.DEFAULT_JOB_TIMEOUT_MINUTES) }}
     steps:
-    - uses: actions/checkout@v4
-    - uses: actions/setup-go@v5
-      with:
-        go-version-file: 'go.mod'
-        check-latest: true
-    - name: golangci-lint
-      uses: golangci/golangci-lint-action@v6
-      with:
-        version: latest
-    - name: govulncheck
-      run: |
-        go install golang.org/x/vuln/cmd/govulncheck@latest
-        govulncheck ./...
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+          check-latest: true
+
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v6
+        with:
+          version: latest
+
+      - name: govulncheck
+        run: |
+          go install golang.org/x/vuln/cmd/govulncheck@latest
+          govulncheck ./...
 
   deploy:
     name: Deploy to AWS Lambda
     needs: [ 'tests', 'lint' ]
     if: github.ref_name == 'main' || github.ref_name == 'develop'
+    environment: ${{ github.ref_name }}
     runs-on: ubuntu-latest
     concurrency:
       group: deploy-${{ github.ref }}-${{ matrix.region }}
@@ -58,27 +62,23 @@ jobs:
       matrix:
         region: [ us-east-1, us-west-2 ]
     env:
-      AWS_REGION: ${{ vars.AWS_REGION }}
-      STG_AWS_ACCESS_KEY_ID: ${{ vars.STG_AWS_ACCESS_KEY_ID }}
-      STG_AWS_SECRET_ACCESS_KEY: ${{ secrets.STG_AWS_SECRET_ACCESS_KEY }}
-      STG_LAMBDA_ROLE: ${{ vars.STG_LAMBDA_ROLE }}
-      STG_API_KEY_TABLE: ${{ vars.STG_API_KEY_TABLE }}
-      STG_WEBAUTHN_TABLE: ${{ vars.STG_WEBAUTHN_TABLE }}
-      PRD_AWS_ACCESS_KEY_ID: ${{ vars.PRD_AWS_ACCESS_KEY_ID }}
-      PRD_AWS_SECRET_ACCESS_KEY: ${{ secrets.PRD_AWS_SECRET_ACCESS_KEY }}
-      PRD_LAMBDA_ROLE: ${{ vars.PRD_LAMBDA_ROLE }}
-      PRD_API_KEY_TABLE: ${{ vars.PRD_API_KEY_TABLE }}
-      PRD_WEBAUTHN_TABLE: ${{ vars.PRD_WEBAUTHN_TABLE }}
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      LAMBDA_ROLE: ${{ vars.LAMBDA_ROLE }}
+      API_KEY_TABLE: ${{ vars.API_KEY_TABLE }}
+      WEBAUTHN_TABLE: ${{ vars.WEBAUTHN_TABLE }}
 
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
+
       - name: Deploy
-        run: docker compose -f actions-services.yml run --rm app ./scripts/deploy.sh ${{ matrix.region }}
+        run: docker compose run app ./scripts/deploy.sh ${{ matrix.region }}
 
   build-and-publish:
     name: Build and Publish
     needs: [ 'tests', 'lint' ]
+    if: github.ref_name == 'main' || github.ref_name == 'develop'
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
@@ -102,7 +102,7 @@ jobs:
         uses: docker/metadata-action@v5
         with:
           images: |
-            ${{ vars.IMAGE_NAME }}
+            ${{ vars.DOCKER_ORG }}/${{ github.event.repository.name }}
             ghcr.io/${{ github.repository }}
           tags: |
             type=ref,event=branch

actions-services.yml

@@ -7,7 +7,8 @@ services:
     volumes:
       - ./.cert/:/cert/
     env_file:
-      - local.env
+      - path: ./local.env
+        required: false
 
   dynamo:
     image: amazon/dynamodb-local
@@ -26,6 +27,7 @@ services:
     ports:
       - 8080
     environment:
+      AWS_REGION: localhost
       AWS_ENDPOINT: http://dynamo:8000
       AWS_DEFAULT_REGION: localhost
       AWS_ACCESS_KEY_ID: abc123
@@ -46,7 +48,8 @@ services:
   sls:
     build: .
     env_file:
-      - local.env
+      - path: ./local.env
+        required: false
     volumes:
       - .:/src
     command: ["bash"]

docker-compose.yml

@@ -7,34 +7,7 @@ set -e
 set -x
 
 # Build binaries
-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-"$DIR"/build.sh
-
-# export appropriate env vars
-if [ "${GITHUB_REF_NAME}" == "develop" ];
-then
-  STAGE="dev"
-  export AWS_ACCESS_KEY_ID="${STG_AWS_ACCESS_KEY_ID}"
-  set +x
-  export AWS_SECRET_ACCESS_KEY="${STG_AWS_SECRET_ACCESS_KEY}"
-  set -x
-  export LAMBDA_ROLE="${STG_LAMBDA_ROLE}"
-  export API_KEY_TABLE="${STG_API_KEY_TABLE}"
-  export WEBAUTHN_TABLE="${STG_WEBAUTHN_TABLE}"
-elif [ "${GITHUB_REF_NAME}" == "main" ];
-then
-  STAGE="production"
-  export AWS_ACCESS_KEY_ID="${PRD_AWS_ACCESS_KEY_ID}"
-  set +x
-  export AWS_SECRET_ACCESS_KEY="${PRD_AWS_SECRET_ACCESS_KEY}"
-  set -x
-  export LAMBDA_ROLE="${PRD_LAMBDA_ROLE}"
-  export API_KEY_TABLE="${PRD_API_KEY_TABLE}"
-  export WEBAUTHN_TABLE="${PRD_WEBAUTHN_TABLE}"
-else
-    echo "deployments only happen from develop and main branches (branch: ${GITHUB_REF_NAME})"
-    exit 1
-fi
+CGO_ENABLED=0 go build -tags lambda.norpc -ldflags="-s -w" -o bootstrap ./lambda
 
 # Print the Serverless version in the logs
 serverless --version