Initial commit (copy of hls-lpdaac cdk-v2 branch)

.github/workflows/deploy.yml

@@ -0,0 +1,68 @@
+name: Deploy
+
+on:
+  workflow_dispatch:
+  workflow_call:
+    inputs:
+      environment:
+        required: true
+        type: string
+      PYTHON_VERSION:
+        required: true
+        type: string
+      TOX_MIN_VERSION:
+        required: true
+        type: string
+
+defaults:
+  run:
+    shell: bash
+
+# See https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#updating-your-github-actions-workflow
+permissions:
+  id-token: write # required for requesting the JWT
+  contents: read  # required for actions/checkout
+
+jobs:
+  deploy:
+    runs-on: ubuntu-22.04
+    environment: ${{ inputs.environment }}
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v4
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "${{ inputs.PYTHON_VERSION }}"
+          cache: 'pip'
+          cache-dependency-path: setup.py
+      - name: Install dependencies
+        run: |
+          pip install "tox>=${{ inputs.TOX_MIN_VERSION }}"
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ vars.AWS_DEFAULT_REGION }}
+          role-to-assume: ${{ vars.AWS_ROLE_TO_ASSUME_ARN }}
+          role-session-name: ${{ github.actor }}
+      - name: Convert secrets to environment variables
+        env:
+          SECRETS_JSON: ${{ toJson(secrets) }}
+        run: |
+          while read -rd $'' line; do
+            echo "$line" >> $GITHUB_ENV
+          done < <(
+            jq -r <<<"$SECRETS_JSON" 'to_entries|map("\(.key)=\(.value)\u0000")[]'
+          )
+      - name: Convert vars to environment variables
+        env:
+          VARS_JSON: ${{ toJson(vars) }}
+        run: |
+          while read -rd $'' line; do
+            echo "$line" >> $GITHUB_ENV
+          done < <(
+            jq -r <<<"$VARS_JSON" 'to_entries|map("\(.key)=\(.value)\u0000")[]'
+          )
+      - name: Deploy forward notification to ${{ inputs.environment }}
+        run: |
+          make deploy-forward

.github/workflows/main.yml

@@ -0,0 +1,167 @@
+# Install Python dependencies, run tests, and lint with a single version of Python.
+# See https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
+
+name: HLS LPDAAC Notifications
+
+on:
+  workflow_dispatch:
+  release:
+    types:
+      - published
+  push:
+    branches:
+      - main
+      - develop
+    tags-ignore:
+      - '*'
+    paths:
+      - '.github/workflows/*'
+      - 'cdk/**'
+      - 'src/**'
+      - 'cdk.json'
+      - 'Makefile'
+      - 'setup.py'
+      - 'tox.ini'
+  pull_request:
+    types:
+      - edited
+      - opened
+      - reopened
+      - synchronize
+    branches:
+      - main
+      - develop
+    paths:
+      - '.github/workflows/*'
+      - 'cdk/**'
+      - 'src/**'
+      - 'cdk.json'
+      - 'Makefile'
+      - 'setup.py'
+      - 'tox.ini'
+
+# See https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services#updating-your-github-actions-workflow
+permissions:
+  id-token: write # required for requesting the JWT
+  contents: read  # required for actions/checkout
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  config:
+    # This is a hack to work around the lack of support for two other possiblities for
+    # avoiding duplication of configuration values:
+    #
+    # (1) YAML anchors (https://yaml.org/spec/1.1/current.html#id899912) and aliases
+    #     (https://yaml.org/spec/1.1/current.html#id902561)
+    # (2) Availability of `env` context within `jobs.<job-id>.with.<with-id>` (see
+    #     https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability)
+    #
+    # Alternative hack: https://github.com/actions/runner/issues/1182#issuecomment-1262870831
+    runs-on: ubuntu-22.04
+    outputs:
+      PYTHON_VERSION: "3.9"
+      TOX_MIN_VERSION: "3.18.0"  # `allowlist_externals` replaces `whitelist_externals`
+    steps:
+      - name: Configure shared values
+        run: ""  # Nothing to do, but at least one step is required
+
+  unit-tests:
+    runs-on: ubuntu-22.04
+    needs: config
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v4
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "${{ needs.config.outputs.PYTHON_VERSION }}"
+          cache: 'pip'
+          cache-dependency-path: setup.py
+      - name: Install dependencies
+        run: |
+          pip install "tox>=${{ needs.config.outputs.TOX_MIN_VERSION }}"
+      - name: Run unit tests
+        run: |
+          make unit-tests
+
+  integration-tests:
+    runs-on: ubuntu-22.04
+    environment: dev-forward
+    needs: config
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v4
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "${{ needs.config.outputs.PYTHON_VERSION }}"
+          cache: 'pip'
+          cache-dependency-path: setup.py
+      - name: Install dependencies
+        run: |
+          pip install "tox>=${{ needs.config.outputs.TOX_MIN_VERSION }}"
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ vars.AWS_DEFAULT_REGION }}
+          role-to-assume: ${{ vars.AWS_ROLE_TO_ASSUME_ARN }}
+          role-session-name: ${{ github.actor }}
+      - name: Convert secrets to environment variables
+        env:
+          SECRETS_JSON: ${{ toJson(secrets) }}
+        run: |
+          while read -rd $'' line; do
+            echo "$line" >> $GITHUB_ENV
+          done < <(
+            jq -r <<<"$SECRETS_JSON" 'to_entries|map("\(.key)=\(.value)\u0000")[]'
+          )
+      - name: Convert vars to environment variables
+        env:
+          VARS_JSON: ${{ toJson(vars) }}
+        run: |
+          while read -rd $'' line; do
+            echo "$line" >> $GITHUB_ENV
+          done < <(
+            jq -r <<<"$VARS_JSON" 'to_entries|map("\(.key)=\(.value)\u0000")[]'
+          )
+      - name: Deploy forward notification integration test stack
+        run: |
+          make deploy-forward-it
+      - name: Run forward notification integration tests
+        run: |
+          make forward-integration-tests
+      - name: Destroy forward notification integration test stack
+        if: '!cancelled()'
+        run: |
+          make destroy-forward-it
+
+  deploy-dev:
+    # Deploy to Dev only on push (including merged PR) to `develop` branch
+    if: github.event_name == 'push' && github.event.ref == 'refs/heads/develop'
+    needs:
+      - config
+      - unit-tests
+      - integration-tests
+    uses: ./.github/workflows/deploy.yml
+    with:
+      environment: dev-forward
+      PYTHON_VERSION: "${{ needs.config.outputs.PYTHON_VERSION }}"
+      TOX_MIN_VERSION: "${{ needs.config.outputs.TOX_MIN_VERSION }}"
+    secrets: inherit
+
+  deploy-prod:
+    # Deploy to Prod only on publishing a release (tag) on `main` branch
+    if: github.event_name == 'release' && github.event.action == 'published'
+    needs:
+      - config
+      - unit-tests
+      - integration-tests
+    uses: ./.github/workflows/deploy.yml
+    with:
+      environment: prod-forward
+      PYTHON_VERSION: "${{ needs.config.outputs.PYTHON_VERSION }}"
+      TOX_MIN_VERSION: "${{ needs.config.outputs.TOX_MIN_VERSION }}"
+    secrets: inherit