Add test option to failure scenario script (#2897) #1249
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and push lambda image to production | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: [main] | |
| env: | |
| REGISTRY: ${{ secrets.PRODUCTION_AWS_ACCOUNT_ID }}.dkr.ecr.ca-central-1.amazonaws.com/notify | |
| ACCOUNT_ID: ${{ secrets.PRODUCTION_AWS_ACCOUNT_ID }} | |
| AWS_DEFAULT_REGION: ca-central-1 | |
| permissions: | |
| id-token: write # This is required for requesting the OIDC JWT | |
| contents: write # This is required for actions/checkout | |
| pull-requests: write | |
| jobs: | |
| build-and-push: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| image: ["api-lambda"] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| - name: Configure credentials to Notify using OIDC | |
| uses: aws-actions/configure-aws-credentials@ececac1a45f3b08a01d2dd070d28d111c5fe6722 # v4.1.0 | |
| with: | |
| role-to-assume: arn:aws:iam::${{env.ACCOUNT_ID}}:role/notification-api-apply | |
| role-session-name: NotifyApiApply | |
| aws-region: ${{ env.AWS_DEFAULT_REGION }} | |
| - name: Set Docker image tag | |
| run: | | |
| echo "IMAGE_TAG=${GITHUB_SHA::7}" >> $GITHUB_ENV | |
| - name: Login to ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@5a88a04c91d5c6f97aae0d9be790e64d9b1d47b7 # v1.7.1 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and push container | |
| run: | | |
| docker buildx build \ | |
| --provenance=false \ | |
| --build-arg GIT_SHA=$IMAGE_TAG \ | |
| -t $REGISTRY/${{ matrix.image }}:$IMAGE_TAG \ | |
| --output type=image,push=true \ | |
| . \ | |
| -f ci/Dockerfile.lambda | |
| - name: Generate docker SBOM | |
| uses: cds-snc/security-tools/.github/actions/generate-sbom@12a0cdea1c5a515dfcbe353693db804a1793c0ed #v4.0.1 | |
| env: | |
| TRIVY_DB_REPOSITORY: ${{ vars.TRIVY_DB_REPOSITORY }} | |
| with: | |
| docker_image: "${{ env.REGISTRY }}/${{ matrix.image }}:${{ env.IMAGE_TAG }}" | |
| dockerfile_path: "ci/Dockerfile.lambda" | |
| sbom_name: "notification-api-lambda" | |
| token: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: Logout of Amazon ECR | |
| run: docker logout ${{ steps.login-ecr.outputs.registry }} | |
| - name: Notify Slack channel if this job failed | |
| if: ${{ failure() }} | |
| run: | | |
| json='{"text":"<!here> CI is failing in <https://github.com/cds-snc/notification-api/actions/runs/'${{ github.run_id }}'|notification-api> !"}' | |
| curl -X POST -H 'Content-type: application/json' --data "$json" ${{ secrets.SLACK_WEBHOOK }} |