Merge pull request #4858 from linuxfoundation/unicron-fix-serverless-… #686

Workflow file for this run

.github/workflows/deploy-dev.yml at b8f72c2

	---
	# Copyright The Linux Foundation and each contributor to CommunityBridge.
	# SPDX-License-Identifier: MIT

	name: Build and Deploy to DEV
	on:
	push:
	branches:
	- dev

	permissions:
	# These permissions are needed to interact with GitHub's OIDC Token endpoint to fetch/set the AWS deployment credentials.
	id-token: write
	contents: read

	env:
	AWS_REGION: us-east-1
	STAGE: dev

	jobs:
	build-deploy-dev:
	runs-on: ubuntu-latest
	environment: dev
	steps:
	- uses: actions/checkout@v4

	- name: Setup go
	uses: actions/setup-go@v5
	with:
	go-version: '1.24'

	- name: Go Version
	run: go version

	- name: Setup Node
	uses: actions/setup-node@v4
	with:
	node-version: '20'

	- name: Setup python
	uses: actions/setup-python@v5
	with:
	python-version: '3.11'
	cache: 'pip'

	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	audience: sts.amazonaws.com
	role-to-assume: arn:aws:iam::395594542180:role/github-actions-deploy
	aws-region: us-east-1

	- name: Cache Go modules
	uses: actions/cache@v3
	with:
	path: ${{ github.workspace }}/go/pkg/mod
	key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
	restore-keys: \|
	${{ runner.os }}-go-

	- name: Configure Git to clone private Github repos
	run: git config --global url."https://${TOKEN_USER}:${TOKEN}@github.com".insteadOf "https://github.com"
	env:
	TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN_GITHUB }}
	TOKEN_USER: ${{ secrets.PERSONAL_ACCESS_TOKEN_USER_GITHUB }}

	- name: Add OS Tools
	run: sudo apt update && sudo apt-get install file -y

	- name: Python Setup
	working-directory: cla-backend
	run: \|
	python -m venv .venv
	source .venv/bin/activate
	pip install --upgrade pip
	pip install -r requirements.txt

	- name: Python Lint
	working-directory: cla-backend
	run: \|
	python -m venv .venv
	source .venv/bin/activate
	pip install --upgrade pylint
	pylint cla/*.py \|\| true

	- name: Python Test
	working-directory: cla-backend
	run: \|
	python -m venv .venv
	source .venv/bin/activate
	pip install --upgrade pytest py pytest-cov pytest-clarity
	pytest "cla/tests" -p no:warnings
	env:
	PLATFORM_GATEWAY_URL: https://api-gw.dev.platform.linuxfoundation.org
	AUTH0_PLATFORM_URL: https://linuxfoundation-dev.auth0.com/oauth/token
	AUTH0_PLATFORM_CLIENT_ID: ${{ secrets.AUTH0_PLATFORM_CLIENT_ID }}
	AUTH0_PLATFORM_CLIENT_SECRET: ${{ secrets.AUTH0_PLATFORM_CLIENT_SECRET }}
	AUTH0_PLATFORM_AUDIENCE: https://api-gw.dev.platform.linuxfoundation.org/

	- name: Go Setup
	working-directory: cla-backend-go
	run: \|
	make clean setup

	- name: Go Dependencies
	working-directory: cla-backend-go
	run: make deps

	- name: Go Swagger Generate
	working-directory: cla-backend-go
	run: \|
	make swagger

	- name: Go Build
	working-directory: cla-backend-go
	run: \|
	make build-lambdas-linux build-functional-tests-linux

	- name: Go Test
	working-directory: cla-backend-go
	run: make test

	- name: Go Lint
	working-directory: cla-backend-go
	run: make lint

	- name: Setup Deployment
	working-directory: cla-backend
	run: \|
	mkdir -p bin
	cp ../cla-backend-go/bin/backend-aws-lambda bin/
	cp ../cla-backend-go/bin/user-subscribe-lambda bin/
	cp ../cla-backend-go/bin/metrics-aws-lambda bin/
	cp ../cla-backend-go/bin/metrics-report-lambda bin/
	cp ../cla-backend-go/bin/dynamo-events-lambda bin/
	cp ../cla-backend-go/bin/zipbuilder-scheduler-lambda bin/
	cp ../cla-backend-go/bin/zipbuilder-lambda bin/
	cp ../cla-backend-go/bin/gitlab-repository-check-lambda bin/

	- name: EasyCLA v1 Deployment us-east-1
	working-directory: cla-backend
	run: \|
	yarn install
	if [[ ! -f bin/backend-aws-lambda ]]; then echo "Missing bin/backend-aws-lambda binary file. Exiting..."; exit 1; fi
	if [[ ! -f bin/user-subscribe-lambda ]]; then echo "Missing bin/user-subscribe-lambda binary file. Exiting..."; exit 1; fi
	if [[ ! -f bin/metrics-aws-lambda ]]; then echo "Missing bin/metrics-aws-lambda binary file. Exiting..."; exit 1; fi
	if [[ ! -f bin/metrics-report-lambda ]]; then echo "Missing bin/metrics-report-lambda binary file. Exiting..."; exit 1; fi
	if [[ ! -f bin/dynamo-events-lambda ]]; then echo "Missing bin/dynamo-events-lambda binary file. Exiting..."; exit 1; fi
	if [[ ! -f bin/zipbuilder-lambda ]]; then echo "Missing bin/zipbuilder-lambda binary file. Exiting..."; exit 1; fi
	if [[ ! -f bin/zipbuilder-scheduler-lambda ]]; then echo "Missing bin/zipbuilder-scheduler-lambda binary file. Exiting..."; exit 1; fi
	if [[ ! -f bin/gitlab-repository-check-lambda ]]; then echo "Missing bin/gitlab-repository-check-lambda binary file. Exiting..."; exit 1; fi
	if [[ ! -f serverless.yml ]]; then echo "Missing serverless.yml file. Exiting..."; exit 1; fi
	if [[ ! -f serverless-authorizer.yml ]]; then echo "Missing serverless-authorizer.yml file. Exiting..."; exit 1; fi
	yarn sls deploy --force --stage ${STAGE} --region us-east-1 --verbose

	- name: EasyCLA v1 Service Check
	run: \|
	sudo apt install curl jq -y

	# Development environment endpoints to test
	declare -r v2_url="https://api.lfcla.${STAGE}.platform.linuxfoundation.org/v2/health"
	declare -r v3_url="https://api.lfcla.${STAGE}.platform.linuxfoundation.org/v3/ops/health"

	echo "Validating v2 backend using endpoint: ${v2_url}"
	curl --fail -XGET ${v2_url}
	exit_code=$?
	if [[ ${exit_code} -eq 0 ]]; then
	echo "Successful response from endpoint: ${v2_url}"
	else
	echo "Failed to get a successful response from endpoint: ${v2_url}"
	exit ${exit_code}
	fi

	echo "Validating v3 backend using endpoint: ${v3_url}"
	curl --fail -XGET ${v3_url}
	exit_code=$?
	if [[ ${exit_code} -eq 0 ]]; then
	echo "Successful response from endpoint: ${v3_url}"
	# JSON response should include "Status": "healthy"
	if [[ `curl -s -XGET ${v3_url} \| jq -r '.Status'` == "healthy" ]]; then
	echo "Service is healthy"
	else
	echo "Service is NOT healthy"
	exit -1
	fi
	else
	echo "Failed to get a successful response from endpoint: ${v3_url}"
	exit ${exit_code}
	fi

	- name: EasyCLA v2 Deployment us-east-2
	working-directory: cla-backend-go
	run: \|
	if [[ ! -f bin/backend-aws-lambda ]]; then echo "Missing bin/backend-aws-lambda binary file. Exiting..."; exit 1; fi
	if [[ ! -f bin/user-subscribe-lambda ]]; then echo "Missing bin/user-subscribe-lambda binary file. Exiting..."; exit 1; fi
	rm -rf ./node_modules/
	yarn install
	yarn sls deploy --force --stage ${STAGE} --region us-east-2 --verbose

	- name: EasyCLA v2 Service Check
	run: \|
	sudo apt install curl jq -y

	# Development environment endpoint to test
	v4_url="https://api-gw.${STAGE}.platform.linuxfoundation.org/cla-service/v4/ops/health"

	echo "Validating v4 backend using endpoint: ${v4_url}"
	curl --fail -XGET ${v4_url}
	exit_code=$?
	if [[ ${exit_code} -eq 0 ]]; then
	echo "Successful response from endpoint: ${v4_url}"
	# JSON response should include "Status": "healthy"
	if [[ `curl -s -XGET ${v4_url} \| jq -r '.Status'` == "healthy" ]]; then
	echo "Service is healthy"
	else
	echo "Service is NOT healthy"
	exit -1
	fi
	else
	echo "Failed to get a successful response from endpoint: ${v4_url}"
	exit ${exit_code}
	fi


	cypress-functional-after-deploy:
	name: Cypress Functional Tests (post-deploy) - executes on a freshly deployed dev API.
	if: ${{ github.event_name != 'pull_request' \|\| github.event.pull_request.head.repo.fork == false }}
	runs-on: ubuntu-latest
	continue-on-error: true
	timeout-minutes: 75
	needs: build-deploy-dev
	environment: dev
	defaults:
	run:
	working-directory: tests/functional
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: Setup Node
	uses: actions/setup-node@v4
	with:
	node-version: '20'
	cache: 'npm'

	- name: Install system dependencies
	shell: bash
	run: \|
	set -euo pipefail
	sudo apt-get update
	# Core deps for Cypress/Electron under Xvfb
	sudo apt-get install -y \
	xvfb \
	libgtk-3-0 \
	libgbm1 \
	libnss3 \
	libxss1 \
	xauth \
	fonts-liberation \
	xdg-utils \
	ca-certificates \
	libatk-bridge2.0-0 \
	libatspi2.0-0 \
	libdrm2
	# Optional/legacy GTK2 (ok if missing)
	sudo apt-get install -y libgtk2.0-0 \|\| true
	# Audio lib: Noble uses libasound2t64 (fallback to libasound2 on older images)
	sudo apt-get install -y libasound2t64 \|\| sudo apt-get install -y libasound2 \|\| true
	# Notify lib: prefer runtime package; fall back to -dev if needed
	sudo apt-get install -y libnotify4 \|\| sudo apt-get install -y libnotify-dev \|\| true

	- name: Install dependencies
	run: npm ci

	- name: Create .env from secrets and constants
	run: \|
	cat > .env <<'EOF'
	APP_URL=https://api-gw.dev.platform.linuxfoundation.org/
	AUTH0_TOKEN_API=https://linuxfoundation-dev.auth0.com/oauth/token
	CYPRESS_ENV=dev

	AUTH0_USER_NAME=${{ secrets.AUTH0_USER_NAME }}
	AUTH0_PASSWORD=${{ secrets.AUTH0_PASSWORD }}
	LFX_API_TOKEN=${{ secrets.LFX_API_TOKEN }}
	AUTH0_CLIENT_SECRET=${{ secrets.AUTH0_CLIENT_SECRET }}
	AUTH0_CLIENT_ID=${{ secrets.AUTH0_CLIENT_ID }}
	EOF
	echo "Wrote $(pwd)/.env"

	- name: Show Cypress version
	run: npx cypress --version

	- name: Verify Cypress binary
	run: npx cypress verify

	- name: Run Cypress (xvfb)
	run: xvfb-run -a npx cypress run

	- name: Upload Cypress Artifacts (on failure)
	if: failure()
	uses: actions/upload-artifact@v4
	with:
	name: cypress-artifacts-post-deploy
	path: \|
	tests/functional/cypress/screenshots
	tests/functional/cypress/videos
	if-no-files-found: ignore

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Merge pull request #4858 from linuxfoundation/unicron-fix-serverless-… #686

Workflow file

Merge pull request #4858 from linuxfoundation/unicron-fix-serverless-… #686

Uh oh!

Jobs

Run details

Workflow file for this run