Skip to content

Reworking the celery init on k8s so I can see logging (#1999) #500

Reworking the celery init on k8s so I can see logging (#1999)

Reworking the celery init on k8s so I can see logging (#1999) #500

name: Build and push lambda image to production
on:
workflow_dispatch:
push:
branches: [main]
env:
REGISTRY: ${{ secrets.PRODUCTION_API_LAMBDA_ECR_ACCOUNT }}.dkr.ecr.ca-central-1.amazonaws.com/notify
jobs:
build-and-push:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
image: ["api-lambda"]
steps:
- name: Checkout
uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
- name: Configure AWS credentials
id: aws-creds
uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0
with:
aws-access-key-id: ${{ secrets.PRODUCTION_ECR_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.PRODUCTION_ECR_SECRET_ACCESS_KEY }}
aws-region: ca-central-1
- name: Set Docker image tag
run: |
echo "IMAGE_TAG=${GITHUB_SHA::7}" >> $GITHUB_ENV
- name: Build container
run: |
docker build \
--build-arg GIT_SHA=$IMAGE_TAG \
-t $REGISTRY/${{ matrix.image }}:$IMAGE_TAG \
. \
-f ci/Dockerfile.lambda
- name: Login to ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@2fc7aceee09e9e4a7105c0d060c656fad0b4f63d # v1.7.0
- name: Push containers to ECR
run: |
docker push $REGISTRY/${{ matrix.image }}:$IMAGE_TAG
- name: Generate docker SBOM
uses: cds-snc/security-tools/.github/actions/generate-sbom@cfec0943e40dbb78cee115bbbe89dc17f07b7a0f # v2.1.3
with:
docker_image: "${{ env.REGISTRY }}/${{ matrix.image }}:${{ env.IMAGE_TAG }}"
dockerfile_path: "ci/Dockerfile.lambda"
sbom_name: "notification-api-lambda"
token: "${{ secrets.GITHUB_TOKEN }}"
- name: Logout of Amazon ECR
run: docker logout ${{ steps.login-ecr.outputs.registry }}
- name: Notify Slack channel if this job failed
if: ${{ failure() }}
run: |
json="{'text':'<!here> CI is failing in <https://github.com/cds-snc/notification-api/actions/runs/${GITHUB_RUN_ID}|notification-api> !'}"
curl -X POST -H 'Content-type: application/json' --data "$json" ${{ secrets.SLACK_WEBHOOK }}