|
|
name: FRED ML CI/CD Pipeline |
|
|
|
|
|
on: |
|
|
push: |
|
|
branches: [ main, develop ] |
|
|
pull_request: |
|
|
branches: [ main ] |
|
|
schedule: |
|
|
|
|
|
- cron: '0 2 * * *' |
|
|
|
|
|
env: |
|
|
AWS_REGION: us-west-2 |
|
|
S3_BUCKET: fredmlv1 |
|
|
LAMBDA_FUNCTION: fred-ml-processor |
|
|
PYTHON_VERSION: '3.9' |
|
|
|
|
|
jobs: |
|
|
|
|
|
test: |
|
|
name: π§ͺ Test & Quality |
|
|
runs-on: ubuntu-latest |
|
|
|
|
|
steps: |
|
|
- name: Checkout code |
|
|
uses: actions/checkout@v4 |
|
|
|
|
|
- name: Set up Python ${{ env.PYTHON_VERSION }} |
|
|
uses: actions/setup-python@v4 |
|
|
with: |
|
|
python-version: ${{ env.PYTHON_VERSION }} |
|
|
|
|
|
- name: Cache pip dependencies |
|
|
uses: actions/cache@v3 |
|
|
with: |
|
|
path: ~/.cache/pip |
|
|
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }} |
|
|
restore-keys: | |
|
|
${{ runner.os }}-pip- |
|
|
|
|
|
- name: Install dependencies |
|
|
run: | |
|
|
python -m pip install --upgrade pip |
|
|
pip install -r requirements.txt |
|
|
pip install pytest pytest-cov black flake8 mypy |
|
|
|
|
|
- name: Run linting |
|
|
run: | |
|
|
echo "π Running code linting..." |
|
|
flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics |
|
|
flake8 . --count --exit-zero --max-complexity=10 --max-line-length=88 --statistics |
|
|
|
|
|
- name: Run type checking |
|
|
run: | |
|
|
echo "π Running type checking..." |
|
|
mypy lambda/ frontend/ src/ --ignore-missing-imports |
|
|
|
|
|
- name: Run formatting check |
|
|
run: | |
|
|
echo "π¨ Checking code formatting..." |
|
|
black --check --diff . |
|
|
|
|
|
- name: Run unit tests |
|
|
run: | |
|
|
echo "π§ͺ Running unit tests..." |
|
|
pytest tests/unit/ -v --cov=lambda --cov=frontend --cov-report=xml |
|
|
|
|
|
- name: Upload coverage to Codecov |
|
|
uses: codecov/codecov-action@v3 |
|
|
with: |
|
|
file: ./coverage.xml |
|
|
flags: unittests |
|
|
name: codecov-umbrella |
|
|
fail_ci_if_error: false |
|
|
|
|
|
|
|
|
integration: |
|
|
name: π Integration Tests |
|
|
runs-on: ubuntu-latest |
|
|
needs: test |
|
|
|
|
|
steps: |
|
|
- name: Checkout code |
|
|
uses: actions/checkout@v4 |
|
|
|
|
|
- name: Set up Python ${{ env.PYTHON_VERSION }} |
|
|
uses: actions/setup-python@v4 |
|
|
with: |
|
|
python-version: ${{ env.PYTHON_VERSION }} |
|
|
|
|
|
- name: Install dependencies |
|
|
run: | |
|
|
python -m pip install --upgrade pip |
|
|
pip install -r requirements.txt |
|
|
|
|
|
- name: Configure AWS credentials |
|
|
uses: aws-actions/configure-aws-credentials@v4 |
|
|
with: |
|
|
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} |
|
|
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |
|
|
aws-region: ${{ env.AWS_REGION }} |
|
|
|
|
|
- name: Run integration tests |
|
|
run: | |
|
|
echo "π Running integration tests..." |
|
|
python scripts/test_complete_system.py --skip-e2e |
|
|
env: |
|
|
AWS_DEFAULT_REGION: ${{ env.AWS_REGION }} |
|
|
S3_BUCKET: ${{ env.S3_BUCKET }} |
|
|
LAMBDA_FUNCTION: ${{ env.LAMBDA_FUNCTION }} |
|
|
|
|
|
|
|
|
e2e: |
|
|
name: π End-to-End Tests |
|
|
runs-on: ubuntu-latest |
|
|
needs: [test, integration] |
|
|
|
|
|
steps: |
|
|
- name: Checkout code |
|
|
uses: actions/checkout@v4 |
|
|
|
|
|
- name: Set up Python ${{ env.PYTHON_VERSION }} |
|
|
uses: actions/setup-python@v4 |
|
|
with: |
|
|
python-version: ${{ env.PYTHON_VERSION }} |
|
|
|
|
|
- name: Install dependencies |
|
|
run: | |
|
|
python -m pip install --upgrade pip |
|
|
pip install -r requirements.txt |
|
|
|
|
|
- name: Configure AWS credentials |
|
|
uses: aws-actions/configure-aws-credentials@v4 |
|
|
with: |
|
|
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} |
|
|
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |
|
|
aws-region: ${{ env.AWS_REGION }} |
|
|
|
|
|
- name: Run end-to-end tests |
|
|
run: | |
|
|
echo "π Running end-to-end tests..." |
|
|
python scripts/test_complete_system.py |
|
|
env: |
|
|
AWS_DEFAULT_REGION: ${{ env.AWS_REGION }} |
|
|
S3_BUCKET: ${{ env.S3_BUCKET }} |
|
|
LAMBDA_FUNCTION: ${{ env.LAMBDA_FUNCTION }} |
|
|
|
|
|
- name: Upload test results |
|
|
uses: actions/upload-artifact@v3 |
|
|
if: always() |
|
|
with: |
|
|
name: test-results |
|
|
path: test_report.json |
|
|
|
|
|
|
|
|
security: |
|
|
name: π Security Scan |
|
|
runs-on: ubuntu-latest |
|
|
needs: test |
|
|
|
|
|
steps: |
|
|
- name: Checkout code |
|
|
uses: actions/checkout@v4 |
|
|
|
|
|
- name: Run Bandit security scan |
|
|
run: | |
|
|
echo "π Running security scan..." |
|
|
pip install bandit |
|
|
bandit -r lambda/ frontend/ src/ -f json -o bandit-report.json || true |
|
|
|
|
|
- name: Upload security report |
|
|
uses: actions/upload-artifact@v3 |
|
|
if: always() |
|
|
with: |
|
|
name: security-report |
|
|
path: bandit-report.json |
|
|
|
|
|
|
|
|
deploy-lambda: |
|
|
name: β‘ Deploy Lambda |
|
|
runs-on: ubuntu-latest |
|
|
needs: [test, integration, e2e, security] |
|
|
if: github.ref == 'refs/heads/main' |
|
|
|
|
|
steps: |
|
|
- name: Checkout code |
|
|
uses: actions/checkout@v4 |
|
|
|
|
|
- name: Set up Python ${{ env.PYTHON_VERSION }} |
|
|
uses: actions/setup-python@v4 |
|
|
with: |
|
|
python-version: ${{ env.PYTHON_VERSION }} |
|
|
|
|
|
- name: Configure AWS credentials |
|
|
uses: aws-actions/configure-aws-credentials@v4 |
|
|
with: |
|
|
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} |
|
|
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |
|
|
aws-region: ${{ env.AWS_REGION }} |
|
|
|
|
|
- name: Create Lambda deployment package |
|
|
run: | |
|
|
echo "π¦ Creating Lambda deployment package..." |
|
|
cd lambda |
|
|
pip install -r requirements.txt -t . |
|
|
zip -r ../lambda-deployment.zip . |
|
|
cd .. |
|
|
|
|
|
- name: Update Lambda function |
|
|
run: | |
|
|
echo "β‘ Updating Lambda function..." |
|
|
aws lambda update-function-code \ |
|
|
--function-name ${{ env.LAMBDA_FUNCTION }} \ |
|
|
--zip-file fileb://lambda-deployment.zip \ |
|
|
--region ${{ env.AWS_REGION }} |
|
|
|
|
|
- name: Update Lambda configuration |
|
|
run: | |
|
|
echo "βοΈ Updating Lambda configuration..." |
|
|
aws lambda update-function-configuration \ |
|
|
--function-name ${{ env.LAMBDA_FUNCTION }} \ |
|
|
--environment Variables="{S3_BUCKET=${{ env.S3_BUCKET }}}" \ |
|
|
--region ${{ env.AWS_REGION }} |
|
|
|
|
|
- name: Update SSM parameter |
|
|
run: | |
|
|
echo "π Updating FRED API key in SSM..." |
|
|
aws ssm put-parameter \ |
|
|
--name "/fred-ml/api-key" \ |
|
|
--value "${{ secrets.FRED_API_KEY }}" \ |
|
|
--type "SecureString" \ |
|
|
--overwrite \ |
|
|
--region ${{ env.AWS_REGION }} |
|
|
|
|
|
|
|
|
deploy-infrastructure: |
|
|
name: ποΈ Deploy Infrastructure |
|
|
runs-on: ubuntu-latest |
|
|
needs: [test, integration, e2e, security] |
|
|
if: github.ref == 'refs/heads/main' |
|
|
|
|
|
steps: |
|
|
- name: Checkout code |
|
|
uses: actions/checkout@v4 |
|
|
|
|
|
- name: Configure AWS credentials |
|
|
uses: aws-actions/configure-aws-credentials@v4 |
|
|
with: |
|
|
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} |
|
|
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |
|
|
aws-region: ${{ env.AWS_REGION }} |
|
|
|
|
|
- name: Deploy S3 bucket |
|
|
run: | |
|
|
echo "π¦ Deploying S3 bucket..." |
|
|
aws cloudformation deploy \ |
|
|
--template-file infrastructure/s3/bucket.yaml \ |
|
|
--stack-name fredmlv1-s3-stack \ |
|
|
--parameter-overrides BucketName=${{ env.S3_BUCKET }} \ |
|
|
--capabilities CAPABILITY_NAMED_IAM \ |
|
|
--region ${{ env.AWS_REGION }} |
|
|
|
|
|
- name: Deploy EventBridge rule |
|
|
run: | |
|
|
echo "β° Deploying EventBridge rule..." |
|
|
aws cloudformation deploy \ |
|
|
--template-file infrastructure/eventbridge/quarterly-rule.yaml \ |
|
|
--stack-name fred-ml-processor-eventbridge-stack \ |
|
|
--parameter-overrides \ |
|
|
LambdaFunctionName=${{ env.LAMBDA_FUNCTION }} \ |
|
|
S3BucketName=${{ env.S3_BUCKET }} \ |
|
|
--capabilities CAPABILITY_NAMED_IAM \ |
|
|
--region ${{ env.AWS_REGION }} |
|
|
|
|
|
|
|
|
deploy-streamlit: |
|
|
name: π¨ Deploy to Streamlit Cloud |
|
|
runs-on: ubuntu-latest |
|
|
needs: [deploy-lambda, deploy-infrastructure] |
|
|
if: github.ref == 'refs/heads/main' |
|
|
|
|
|
steps: |
|
|
- name: Checkout code |
|
|
uses: actions/checkout@v4 |
|
|
|
|
|
- name: Deploy to Streamlit Cloud |
|
|
run: | |
|
|
echo "π¨ Deploying to Streamlit Cloud..." |
|
|
echo "Manual deployment required - follow instructions in docs/deployment/streamlit-cloud.md" |
|
|
echo "Repository is ready for Streamlit Cloud deployment" |
|
|
|
|
|
- name: Create deployment summary |
|
|
run: | |
|
|
echo "π Deployment Summary" > deployment-summary.md |
|
|
echo "===================" >> deployment-summary.md |
|
|
echo "" >> deployment-summary.md |
|
|
echo "β
Lambda function updated" >> deployment-summary.md |
|
|
echo "β
Infrastructure deployed" >> deployment-summary.md |
|
|
echo "π Streamlit Cloud deployment: Manual step required" >> deployment-summary.md |
|
|
echo "" >> deployment-summary.md |
|
|
echo "Next steps:" >> deployment-summary.md |
|
|
echo "1. Deploy to Streamlit Cloud using the web interface" >> deployment-summary.md |
|
|
echo "2. Configure environment variables in Streamlit Cloud" >> deployment-summary.md |
|
|
echo "3. Test the complete system" >> deployment-summary.md |
|
|
|
|
|
- name: Upload deployment summary |
|
|
uses: actions/upload-artifact@v3 |
|
|
with: |
|
|
name: deployment-summary |
|
|
path: deployment-summary.md |
|
|
|
|
|
|
|
|
notify: |
|
|
name: π’ Notifications |
|
|
runs-on: ubuntu-latest |
|
|
needs: [deploy-streamlit] |
|
|
if: always() |
|
|
|
|
|
steps: |
|
|
- name: Download test results |
|
|
uses: actions/download-artifact@v3 |
|
|
with: |
|
|
name: test-results |
|
|
|
|
|
- name: Download deployment summary |
|
|
uses: actions/download-artifact@v3 |
|
|
with: |
|
|
name: deployment-summary |
|
|
|
|
|
- name: Send notification |
|
|
run: | |
|
|
echo "π’ Sending deployment notification..." |
|
|
if [ "${{ needs.deploy-streamlit.result }}" == "success" ]; then |
|
|
echo "β
Deployment completed successfully!" |
|
|
else |
|
|
echo "β Deployment failed!" |
|
|
fi |
