Test containers work before pushing

.github/workflows/main.yml

@@ -8,7 +8,7 @@ permissions:
 
 jobs:
   # test:
-  #   name: "Test"
+  #   name: "Test dev"
   #   runs-on: ubuntu-latest
   #   defaults:
   #     run:
@@ -47,19 +47,69 @@ jobs:
   #       run: |
   #         poetry run pre-commit run --all-files
 
-  # build-push:
-  #   name: "Build and push"
-  #   runs-on: ubuntu-latest
-  #   defaults:
-  #     run:
-  #       shell: bash
+  build-push:
+    name: "Build, test and push prod"
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        shell: bash
 
-  #   steps:
-  #     - name: Checkout repo
-  #       uses: actions/checkout@v3
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+
+      - name: Build compose
+        run: |
+          AWS_SECRET_KMS_KEY=${{ secrets.AWS_SECRET_KMS_KEY }} \
+          AWS_SECRET_NAME_NEO4J=${{ secrets.AWS_SECRET_NAME_NEO4J }} \
+          AWS_SECRET_NAME_AZURE=${{ secrets.AWS_SECRET_NAME_AZURE }} \
+          AWS_SECRET_NAME_API=${{ secrets.AWS_SECRET_NAME_API }} \
+          AWS_REGION=${{ env.AWS_REGION }} \
+          MONGODB_HOST=${{ env.MONGODB_HOST }} \
+          FRONTEND_URL=${{ env.FRONTEND_URL }} \
+          docker compose -f docker/docker-compose.prod.yml up -d --build mongodb python-api react-frontend
+
+      - name: Test mongo
+        run: |
+          timeout=120 # 2 minutes timeout
+          while ! curl --fail http://localhost:27017/test; do
+            sleep 10
+            timeout=$((timeout - 10))
+            if [ "$timeout" -le 0 ]; then
+              echo "MongoDB failed to start within the expected time."
+              exit 1
+            fi
+          done
+          echo "MongoDB is up and running."
+
+      - name: Test API
+        run: |
+          timeout=120 # 2 minutes timeout
+          while ! curl --fail http://localhost:8080/health; do
+            sleep 10
+            timeout=$((timeout - 10))
+            if [ "$timeout" -le 0 ]; then
+              echo "API failed to start within the expected time."
+              exit 1
+            fi
+          done
+          echo "API is up and running."
+
+      - name: Test frontend
+        run: |
+          timeout=120 # 2 minutes timeout
+          while ! curl --fail http://localhost:3000; do
+            sleep 10
+            timeout=$((timeout - 10))
+            if [ "$timeout" -le 0 ]; then
+              echo "Frontend failed to start within the expected time."
+              exit 1
+            fi
+          done
+          echo "Frontend is up and running."
 
-  #     - name: Build containers
-  #       run: bash scripts/build-push-prod.sh
+      - name: Build ECR containers
+        run: bash scripts/build-push-prod.sh
 
   terraform:
     name: "Terraform"

app/utils/security/secrets.py

@@ -1,10 +1,12 @@
 import json
+import logging
 
 import boto3
 
 
 def get_secret(secret_name: str, aws_region: str, aws_kms_key: str):
     # Create a Secrets Manager client
+    logging.info(secret_name)
     session = boto3.session.Session()
     client = session.client(service_name="secretsmanager", region_name=aws_region)
 

docker/docker-compose.prod.yml

@@ -15,8 +15,16 @@ services:
     container_name: zifo-skills-api
     environment:
       - SKILLS_ENV=production
+      - AWS_REGION=${AWS_REGION}
+      - AWS_SECRET_KMS_KEY=${AWS_SECRET_KMS_KEY}
+      - AWS_SECRET_NAME_NEO4J=${AWS_SECRET_NAME_NEO4J}
+      - AWS_SECRET_NAME_AZURE=${AWS_SECRET_NAME_AZURE}
+      - AWS_SECRET_NAME_API=${AWS_SECRET_NAME_API}
+      - MONGODB_HOST=${MONGODB_HOST}
+      - FRONTEND_URL=${FRONTEND_URL}
     volumes:
       - ../data/admin_users.txt:/app/data/admin_users.txt
+      - ~/.aws:/root/.aws:ro
     depends_on:
       mongodb:
         condition: service_healthy
@@ -32,31 +40,31 @@ services:
     container_name: zifo-skills-frontend
     network_mode: host
     environment:
-      - REACT_APP_API_URL=https://skills.zifo-tech.com/api/
+      - REACT_APP_API_URL=${REACT_APP_API_URL}
     depends_on:
       python-api:
         condition: service_healthy
     healthcheck:
-      test: wget http://localhost:3000/docs -O - || exit 1
+      test: wget http://localhost:3000 -O - || exit 1
       interval: 5s
       timeout: 10s
       retries: 20
 
-  # nginx:
-  #   image: nginx:1.15-alpine
-  #   restart: unless-stopped
-  #   volumes:
-  #     - ./data/nginx:/etc/nginx/conf.d
-  #     - ./data/certbot/conf:/etc/letsencrypt
-  #     - ./data/certbot/www:/var/www/certbot
-  #   network_mode: host
-  #   command: '/bin/sh -c ''while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g "daemon off;"'''
+  nginx:
+    image: nginx:1.15-alpine
+    restart: unless-stopped
+    volumes:
+      - ./data/nginx:/etc/nginx/conf.d
+      - ./data/certbot/conf:/etc/letsencrypt
+      - ./data/certbot/www:/var/www/certbot
+    network_mode: host
+    command: '/bin/sh -c ''while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g "daemon off;"'''
 
-  # certbot:
-  #   image: certbot/certbot
-  #   restart: unless-stopped
-  #   volumes:
-  #     - ./data/certbot/conf:/etc/letsencrypt
-  #     - ./data/certbot/www:/var/www/certbot
-  #   network_mode: host
-  #   entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
+  certbot:
+    image: certbot/certbot
+    restart: unless-stopped
+    volumes:
+      - ./data/certbot/conf:/etc/letsencrypt
+      - ./data/certbot/www:/var/www/certbot
+    network_mode: host
+    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"