build.yml

name: Build and Deploy

on: [push]

jobs:
  deploy:
    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v2
      with:
        fetch-depth: 0
    - name: Set up Python
      uses: actions/setup-python@v1
      with:
        python-version: '3.7'

    - name: Configure AWS Credentials
      uses: aws-actions/configure-aws-credentials@v1
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: us-east-1

    - name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install wheel
        pip install -r requirements-dev.txt
    - name: Lint
      run: |
        PYTHONPATH=trash pylint trash/

    - name: Test
      run: |
        PYTHONPATH=trash pytest --cov-config=.coveragerc --cov=. tests/ --cov-report=xml --cov-fail-under=80

    - name: Sam Build
      run: sam build --debug

    - name: Run local Cucumber Tests
      run: |
        sam local start-lambda &
        sleep 5
        sam_pid=$!
        behave -D local
        kill $sam_pid

    - name: SonarCloud Scan
      uses: sonarsource/sonarcloud-github-action@master
      env:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
    - name: Check Sonar Status
      run: |
        status=$(curl https://sonarcloud.io/api/qualitygates/project_status?projectKey=grouch-trash-service_grouch-trash-function)
        echo $status | jq '.'
        status=$(echo $status | jq '.projectStatus.status')
        test '"OK"' = $status

    - name: Run Snyk to check for vulnerabilities
      uses: snyk/actions/python@master
      env:
        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
      with:
        args: --file=trash/requirements.txt -- --allow-missing

    - name: Deploy Sam templates
      run: sam deploy --no-fail-on-empty-changeset

    - name: validate using Cucumber tests
      run: behave