Merge pull request #27 from mozilla/proj-update

bsieber-mozilla · web-flow · commit 3ff2b7908b70 · 2022-03-18T11:33:43.000-07:00
Updating pre-commit, workflows, and readme.
diff --git a/.github/workflows/build-image.yaml b/.github/workflows/build-image.yaml
@@ -69,26 +69,3 @@ jobs:
           docker push $GCR_REGISTRY:latest
           echo "::set-output name=build-tag::$IMAGE_TAG"
           echo "::debug::Set the build-tag output as $IMAGE_TAG"
-
-  deploy-image:
-    runs-on: ubuntu-latest
-    needs: build-image
-    environment:
-      name: dev
-
-    steps:
-      - id: auth
-        uses: google-github-actions/auth@v0
-        with:
-          credentials_json: ${{ secrets.GCP_CREDENTIALS }}
-
-      - name: Deploy to Cloud Run
-        uses: google-github-actions/deploy-cloudrun@v0
-        with:
-          service: ${{ secrets.GCP_APP_NAME }}
-          image: gcr.io/${{ secrets.GCP_PROJECT_ID }}/${{ secrets.GCP_APP_NAME }}/${{ secrets.GCP_GCR_REPO }}:${{ needs.build-image.outputs.BUILD_TAG }}
-          region: ${{ secrets.GCP_REGION }}
-          secrets: |
-            JIRA_PASSWORD=JIRA_PASSWORD:latest
-            JIRA_USERNAME=JIRA_USERNAME:latest
-            BUGZILLA_API_KEY=BUGZILLA_API_KEY:latest
diff --git a/.github/workflows/deploy-build.yaml b/.github/workflows/deploy-build.yaml
@@ -0,0 +1,96 @@
+name: Build and Deploy Docker image
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    outputs:
+      FULL_IMAGE_TAG: ${{ steps.tag.outputs.tag }}
+    steps:
+      - name: Set Tag
+        id: tag
+        run: |
+          export CI_COMMIT_SHORT_SHA=$(echo $GITHUB_SHA | cut -c1-8)
+          echo $CI_COMMIT_SHORT_SHA;
+          echo ${GITHUB_REF##*/};
+          echo $version_pattern;
+          if [[ ${GITHUB_REF} =~ $version_pattern ]]; then
+            echo "::set-output name=tag::${GITHUB_REF##*/}"
+          elif [ ${GITHUB_REF##*/} = "main" ]; then
+            echo "::set-output name=tag::stg-$CI_COMMIT_SHORT_SHA"
+          else
+            echo "::set-output name=tag::$CI_COMMIT_SHORT_SHA"
+          fi
+        env:
+          version_pattern: "tags\\/v[0-9]+\\.[0-9]+\\.[0-9]+"
+  build-image:
+    runs-on: ubuntu-latest
+    needs: prepare
+    environment:
+        name: dev
+    outputs:
+      BUILD_TAG: ${{ steps.build-push.outputs.build-tag }}
+
+    steps:
+      - name: Echo tag
+        id: echotag
+        env:
+          IMAGE_TAG: ${{ needs.prepare.outputs.FULL_IMAGE_TAG }}
+        run: |
+          echo "Building an image with the following tag:"
+          echo $IMAGE_TAG
+
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Login to GCR
+        uses: docker/login-action@v1
+        with:
+          registry: gcr.io
+          username: _json_key
+          password: ${{ secrets.GCP_CREDENTIALS }}
+
+      - name: Build and push to GCR
+        id: build-push
+        env:
+          GCR_REGISTRY: gcr.io/${{ secrets.GCP_PROJECT_ID }}/${{ secrets.GCP_APP_NAME }}/${{ secrets.GCP_GCR_REPO }}
+          IMAGE_TAG: ${{ needs.prepare.outputs.FULL_IMAGE_TAG }}
+        run: |
+          printf '{\n    "commit": "%s",\n    "version": "%s",\n    "image_tag": "%s",\n    "source": "%s",\n    "build": "%s"\n}\n' \
+            "$GITHUB_SHA" \
+            "$GITHUB_REF" \
+            "$IMAGE_TAG" \
+            "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY" \
+            "$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" > ./version.json
+          docker build --file infra/Dockerfile -t $GCR_REGISTRY:$IMAGE_TAG .
+          docker image tag $GCR_REGISTRY:$IMAGE_TAG $GCR_REGISTRY:latest
+          docker push $GCR_REGISTRY:$IMAGE_TAG
+          docker push $GCR_REGISTRY:latest
+          echo "::set-output name=build-tag::$IMAGE_TAG"
+          echo "::debug::Set the build-tag output as $IMAGE_TAG"
+
+  deploy-image:
+    runs-on: ubuntu-latest
+    needs: build-image
+    environment:
+      name: dev
+
+    steps:
+      - id: auth
+        uses: google-github-actions/auth@v0
+        with:
+          credentials_json: ${{ secrets.GCP_CREDENTIALS }}
+
+      - name: Deploy to Cloud Run
+        uses: google-github-actions/deploy-cloudrun@v0
+        with:
+          service: ${{ secrets.GCP_APP_NAME }}
+          image: gcr.io/${{ secrets.GCP_PROJECT_ID }}/${{ secrets.GCP_APP_NAME }}/${{ secrets.GCP_GCR_REPO }}:${{ needs.build-image.outputs.BUILD_TAG }}
+          region: ${{ secrets.GCP_REGION }}
+          secrets: |
+            JIRA_PASSWORD=JIRA_PASSWORD:latest
+            JIRA_USERNAME=JIRA_USERNAME:latest
+            BUGZILLA_API_KEY=BUGZILLA_API_KEY:latest
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,3 +1,8 @@
+exclude: |
+  (?x)^(
+      .*/gunicorn_conf.py|
+      .*/test_gunicorn_conf.py
+  )$
 repos:
   - repo: local
     hooks:
@@ -56,6 +61,11 @@ repos:
         args: ["--recursive", "--settings-path", "./pyproject.toml", "."]
         language: system
         types: [python]
+        exclude: |
+          (?x)^(
+              .*/gunicorn_conf.py|
+              .*/test_gunicorn_conf.py
+          )$
   - repo: local
     hooks:
       - id: black
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -1,10 +1,10 @@
 {
   "custom_plugin_paths": [],
   "exclude": {
-    "files": null,
+    "files": "^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2022-02-04T19:26:47Z",
+  "generated_at": "2022-03-18T00:00:55Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -59,11 +59,31 @@
     }
   ],
   "results": {
+    ".github/workflows/deploy-build.yaml": [
+      {
+        "hashed_secret": "24b04b46d769e6f6b8d10c943738ac5c968dea1c",
+        "is_verified": false,
+        "line_number": 94,
+        "type": "Secret Keyword"
+      },
+      {
+        "hashed_secret": "1481d0a0ceb16ea4672fed76a0710306eb9f3a33",
+        "is_verified": false,
+        "line_number": 96,
+        "type": "Secret Keyword"
+      },
+      {
+        "hashed_secret": "30a1dfa6d09c177dcd147a5f31a5627becd96b23",
+        "is_verified": false,
+        "line_number": 96,
+        "type": "Secret Keyword"
+      }
+    ],
     "poetry.lock": [
       {
-        "hashed_secret": "a3c8e175e20ee103a0aafa92378200de0583c54b",
+        "hashed_secret": "d97b148b47121abb687af133c28a3932202426b0",
         "is_verified": false,
-        "line_number": 542,
+        "line_number": 899,
         "type": "Hex High Entropy String"
       }
     ]
diff --git a/README.md b/README.md
@@ -1,5 +1,6 @@
 ![build badge](https://github.com/mozilla/jira-bugzilla-integration/actions/workflows/build-image.yaml/badge.svg)
 ![test badge](https://github.com/mozilla/jira-bugzilla-integration/actions/workflows/test-build.yaml/badge.svg)
+[![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)
 
 # Jira Bugzilla Integration (JBI)
 System to sync Bugzilla bugs to Jira issues.
diff --git a/tests/unit/test_gunicorn_conf.py b/tests/unit/test_gunicorn_conf.py
@@ -1,5 +1,6 @@
-from pydantic import ValidationError
 import pytest
+from pydantic import ValidationError
+
 from infra.gunicorn_conf import GunicornSettings
 
 
