Skip to content

Latest commit

 

History

History
307 lines (242 loc) · 13.9 KB

README.md

File metadata and controls

307 lines (242 loc) · 13.9 KB

Deployment

Github action for deploying the Django project to Elastic beanstalk after running some basic continuous integrations.

This GitHub Action will deploy your Django project to AWS Elastic beanstalk. It can be configured to upload your production-ready code into any branch you'd like, and even make multiple deployments it to different environments like staging or uat environments. You can also run linting, testing and security checks before deploying. And also you can download the reports of the coverage and the security checks as artifacts.

This action has the following features:

  • Deploy Django project to elasticbeanstalk.
  • Run unit tests.
  • Download coverage reports.
  • Run security checks using bandit.
  • Download security checks report.
  • Run linting using flake8.

Usage

It is important to have the Elastic beanstalk config.yml of your project with its AWS credentials.

    - name: Django aws eb deployment
      uses: joel-hanson/[email protected]
      with:
        python_version: ${{ matrix.python_version }}
        flake8: true
        aws_access_key_id: ${{ secrets.aws_access_key_id }}
        aws_secret_access_key: ${{ secrets.aws_secret_access_key }}
        django_path: sample_project
        unit_testing: true
        deploy: true
        min_coverage: 10
        postgresql_required: true
        security_check: true
        flake8_config_file: "sample_project/.flake8"

Getting Started ✈️

You can include the action in your workflow to trigger on any event that GitHub actions supports. If the remote branch that you wish to deploy to doesn't already exist the action will create it for you. Your workflow will also need to include the actions/checkout step before this workflow runs in order for the deployment to work.

Example

You can view an example of this below.

name: Build and Deployment

on: push

jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python_version: [3.7.17]

    steps:
    - uses: actions/checkout@v2
    - name: Django aws eb deployment
      uses: joel-hanson/[email protected]
      with:
        python_version: ${{ matrix.python_version }}
        flake8: true
        aws_access_key_id: ${{ secrets.aws_access_key_id }}
        aws_secret_access_key: ${{ secrets.aws_secret_access_key }}
        django_path: sample_project
        unit_testing: true
        deploy: true
        min_coverage: 10
        postgresql_required: true
        security_check: true
        flake8_config_file: "sample_project/.flake8"

If you'd like to make it so the workflow only triggers on push events to specific branches then you can modify the on section.

on:
  push:
    branches:
      - master

Configuration 📁

The with portion of the workflow must be configured before the action will work. You can add these in the with section found in the examples above. Any secrets must be referenced using the bracket syntax and stored in the GitHub repositories Settings/Secrets menu. You can learn more about setting environment variables with GitHub actions here.

Required Setup

One of the following deployment options must be configured.

Key Value Information Type Required
AWS_ACCESS_KEY_ID You should enter the AWS access key if ID. if you don't have one please learn more about how to generate one here This should be stored as a secret.' secrets Yes
AWS_SECRET_ACCESS_KEY The AWS secret access key. This should be stored as a secret. secrets Yes

In addition to the deployment options you must also configure the following.

Key Value Information Type Required Default
FLAKE8 This boolean flag to whether to run flake8 linting for our project. with No false
PYTHON_VERSION Version range or exact version of a Python version to use, using SemVer's version range syntax. with Yes 3.7.17
FLAKE8_CONFIG_FILE The flake8 config path relative to the github repository (this requires input flake8 to be true). with No ".flake8"
DEPLOY Deploy to AWS Elastic beanstalk. with Yes true

Optional Choices

Key Value Information Type Required Default
DJANGO_PATH This is the path at which the your django project is located in you github repo. with No "."
UNIT_TESTING Whether to run unit tests. with No false
MIN_COVERAGE Minimum code coverage required. with No 0
POSTGRESQL_REQUIRED Run unit tests with postgresql. with No false
SECURITY_CHECK Security oriented static analyser for python code using bandit. with No false
FLAKE8_CONFIG_FILE The flake8 config path relative to the github repository (this requires input flake8 to be true). with No true

With the action correctly configured you should see the workflow trigger the deployment under the configured conditions.


Operating System Support 💿

This action is primarily developed using Ubuntu. In your workflow job configuration it's recommended to set the runs-on property to ubuntu-latest.

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest

Artifacts 📁

You can get the report for the coverage and the bandit security checks reports for you django project. learn more about artifacts.

Bandit report (security checks report) 👮‍♂️

The following is an bandit report for a django project. learn more about bandit.

Run started:2020-03-22 18:12:42.386731

Test results:
>> Issue: [B105:hardcoded_password_string] Possible hardcoded password: '(2h1-*yec9^6xz6y920vco%zdd+!7m6j6$!gi@)3amkbduup%d'
   Severity: Low   Confidence: Medium
   Location: ./sample_project/settings.py:25
   More Info: https://bandit.readthedocs.io/en/latest/plugins/b105_hardcoded_password_string.html
24      # SECURITY WARNING: keep the secret key used in production secret!
25      SECRET_KEY = "(2h1-*yec9^6xz6y920vco%zdd+!7m6j6$!gi@)3amkbduup%d"
26
27      # SECURITY WARNING: don't run with debug turned on in production!
28      DEBUG = True

--------------------------------------------------

Test results:
	No issues identified.

Code scanned:
	Total lines of code: 138
	Total lines skipped (#nosec): 0

Run metrics:
	Total issues (by severity):
		Undefined: 0.0
		Low: 0.0
		Medium: 0.0
		High: 0.0
	Total issues (by confidence):
		Undefined: 0.0
		Low: 0.0
		Medium: 0.0
		High: 0.0
Files skipped (0):

This can be achieved by add the following to your job

    - name: Security check report artifacts
      uses: actions/upload-artifact@v1
      if: failure()
      with:
        name: bandit
        path: output/security_report.txt

Coverage report 👮‍♂️

The following is an example coverage report done for a sample django project by running unit tests. learn more about coverage

Name                                Stmts   Miss  Cover
-------------------------------------------------------
manage.py                              12      2    83%
sample_app/__init__.py                  0      0   100%
sample_app/admin.py                     1      1     0%
sample_app/apps.py                      3      3     0%
sample_app/migrations/__init__.py       0      0   100%
sample_app/models.py                    1      1     0%
sample_app/tests.py                     1      0   100%
sample_app/views.py                     1      1     0%
sample_project/__init__.py              0      0   100%
sample_project/asgi.py                  4      4     0%
sample_project/settings.py             18      0   100%
sample_project/urls.py                  3      0   100%
sample_project/wsgi.py                  4      4     0%
-------------------------------------------------------
TOTAL                                  48     16    67%

This can be achieved by add the following to your job

    - name: Coverage report artifacts
      uses: actions/upload-artifact@v1
      if: failure()
      with:
        name: coverage report
        path: output/coverage_report.txt

    - name: Coverage report artifacts if failed
      uses: actions/upload-artifact@v1
      if: failure()
      with:
        name: coverage report if failed
        path: output/coverage_report.txt

The following is the full workflow file that you can use:

name: Deployment

on:
  push:
    branches:
      - master
jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python_version: [3.7.17]

    steps:
    - uses: actions/checkout@v2
    - name: Django aws eb deployment
      uses: joel-hanson/[email protected]
      with:
        python_version: ${{ matrix.python_version }}
        flake8: true
        aws_access_key_id: ${{ secrets.aws_access_key_id }}
        aws_secret_access_key: ${{ secrets.aws_secret_access_key }}
        django_path: sample_project
        unit_testing: true
        deploy: true
        min_coverage: 10
        postgresql_required: true
        security_check: true
        flake8_config_file: "sample_project/.flake8"

    - name: Coverage report artifacts
      uses: actions/upload-artifact@v1
      with:
        name: coverage report
        path: output/coverage_report.txt

    - name: Coverage report artifacts if failed
      uses: actions/upload-artifact@v1
      if: failure()
      with:
        name: coverage report if failed
        path: output/coverage_report.txt

    - name: Security check report artifacts
      uses: actions/upload-artifact@v1
      if: failure()
      with:
        name: bandit
        path: output/security_report.txt

License 👨🏻‍💻

The Dockerfile and associated scripts and documentation in this project are released under the MIT License.

Container images built with this project include third party materials. As with all Docker images, these likely also contain other software which may be under other licenses. It is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.