italia-opensource · FabrizioCafolla · Nov 5, 2024 · Jun 23, 2024 · Jul 24, 2024 · Aug 8, 2024
diff --git a/.activate b/.activate
@@ -3,12 +3,23 @@ if [ "${BASH_SOURCE-}" = "$0" ]; then
     exit 33
 fi
 
-if [[ -f .venv/bin/activate ]]; then
-    source .venv/bin/activate
+VENV_FILE="${VENV_DIR}/bin/activate"
+
+if [ -f "${VENV_FILE}" ]; then
+    . "${VENV_FILE}"
 else
-    echo "WARN No virtualenv found. Run 'make setup' to create one."
+    echo "VENV_DIR: ${VENV_DIR}"
+    echo "VENV_FILE: ${VENV_FILE}"
+    echo "WARN No virtualenv found. Run 'devbox shell'"
+fi
+
+ENV_FILE="${DEVBOX_PROJECT_ROOT}/.env"
+DOPPLER_FILE="${DEVBOX_PROJECT_ROOT}/.env.doppler"
+
+if [ -f "${ENV_FILE}" ]; then
+    . "${ENV_FILE}"
 fi
 
-if [[ -f .env ]]; then
-    source .env
+if [ -f "${DOPPLER_FILE}" ]; then
+    . "${DOPPLER_FILE}"
 fi
diff --git a/.github/workflows/actions/terraform-init/action.yml b/.github/workflows/actions/terraform-init/action.yml
diff --git a/.github/workflows/deploy-infrastructure.yml b/.github/workflows/deploy-infrastructure.yml
@@ -13,7 +13,7 @@ permissions:
   contents: read
 
 env:
-  WORKSPACE: "production"
+  WORKSPACE: ${{ secrets.WORKSPACE }}
 
 jobs:
   deploy-infrastructure:
@@ -33,30 +33,39 @@ jobs:
         with:
           ref: ${{ env.COMMIT_SHA }}
 
-      - name: Terraform Init
-        id: terraform
-        uses: ./.github/workflows/actions/terraform-init
-        timeout-minutes: 5
+      - name: Install devbox
+        uses: jetify-com/[email protected]
         with:
-          WORKSPACE: ${{ env.WORKSPACE }}
-          AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
-          AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
-          AWS_ROLE_NAME: ${{ secrets.AWS_ROLE_NAME }}
-          AWS_TERRAFORM_STATE_BUCKET: ${{ secrets.AWS_TERRAFORM_STATE_BUCKET }}
+          enable-cache: "true"
+
+      - name: Configure aws credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ROLE_NAME }}
+          aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
+          role-session-name: github-actions
 
       - name: Terraform Plan
         id: plan
         continue-on-error: true
+        env:
+          AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
+          AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
+          AWS_ROLE_NAME: ${{ secrets.AWS_ROLE_NAME }}
         run: |
-          make check-drift
+          devbox run infra check-drift
           exitcode=$?
           echo $exitcode
           echo "run_apply=${exitcode}" >> "$GITHUB_OUTPUT"
 
       - name: Terraform Apply
         if: ${{ steps.plan.outputs.run_apply == '2' }}
+        env:
+          AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
+          AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
+          AWS_ROLE_NAME: ${{ secrets.AWS_ROLE_NAME }}
         run: |
-          make apply-auto-approve
+          devbox run infra apply-auto-approve
 
       - name: Update comment
         if: ${{ success() && github.event.client_payload.slash_command.args.named.comment_id }}

diff --git a/.github/workflows/deploy-website.yml b/.github/workflows/deploy-website.yml
@@ -1,32 +1,18 @@
 name: Deploy Website
 
+permissions: read-all
+
 on:
   repository_dispatch:
     types:
       - deploy-website
       - deploy-website-command
-  # push:
-  #   branches:
-  #     - main
-  #   paths:
-  #     - "website/**"
-  #     - "!website/tests/**"
-  #     - "!website/Makefile"
-  #     - "!website/README.md"
   workflow_dispatch:
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
-# Permissions for terramform-init action
-permissions:
-  id-token: write
-  contents: read
-
-env:
-  WORKSPACE: "production"
-
 jobs:
   deploy-website:
     name: Deploy
@@ -45,40 +31,20 @@ jobs:
         with:
           ref: ${{ env.COMMIT_SHA }}
 
-      - name: Setup Python 3.12
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.12"
-          cache: "pip"
-
-      - name: Setup Node
-        uses: actions/setup-node@v4
-        with:
-          node-version-file: "website/.nvmrc"
-          cache-dependency-path: website/yarn.lock
-          cache: "yarn"
-
-      - name: Terraform Init
-        id: terraform
-        uses: ./.github/workflows/actions/terraform-init
-        timeout-minutes: 5
+      - name: Install devbox
+        uses: jetify-com/[email protected]
         with:
-          WORKSPACE: ${{ env.WORKSPACE }}
-          AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
-          AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
-          AWS_ROLE_NAME: ${{ secrets.AWS_ROLE_NAME }}
-          AWS_TERRAFORM_STATE_BUCKET: ${{ secrets.AWS_TERRAFORM_STATE_BUCKET }}
+          enable-cache: "true"
 
       - name: Build
         timeout-minutes: 5
         run: |
-          make setup-website VIRTUAL_ENV=false
-          make build
+          devbox run website build
 
       - name: Deploy
         timeout-minutes: 5
         run: |
-          make deploy
+          devbox run deploy
 
       - name: Update comment
         if: ${{ success() && github.event.client_payload.slash_command.args.named.comment_id }}

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,6 +1,7 @@
 name: Release
 
 on:
+  workflow_dispatch:
   push:
     branches:
       - main

diff --git a/.github/workflows/sync-database.yml b/.github/workflows/sync-database.yml
@@ -1,19 +1,13 @@
 name: Sync Database
 
+permissions: read-all
+
 on:
   workflow_dispatch:
   repository_dispatch:
     types:
       - sync-database
 
-# Permissions for terramform-init action
-permissions:
-  id-token: write
-  contents: read
-
-env:
-  WORKSPACE: "production"
-
 jobs:
   sync-database:
     name: Sync Database
@@ -22,6 +16,11 @@ jobs:
       - name: Check out code
         uses: actions/checkout@v4
 
+      - name: Install devbox
+        uses: jetify-com/[email protected]
+        with:
+          enable-cache: "true"
+
       - name: Load env
         id: env
         run: |
@@ -35,7 +34,7 @@ jobs:
             hash_commit_awesome_italia_opensource="${{ github.event.client_payload.hash }}"
           fi
 
-          pr_body="${pr_body}\n\n Sync database pipeline: [${{ github.run_id }}](https://github.com/italia-opensource/italiaopensource.com/actions/runs/${{ github.run_id }})"
+          pr_body="${pr_body}. Sync database pipeline: [${{ github.run_id }}](https://github.com/italia-opensource/italiaopensource.com/actions/runs/${{ github.run_id }})"
 
           echo "pr_branch_name=${pr_branch_name}" >> $GITHUB_OUTPUT
           echo "pr_branch_name=${pr_branch_name}"
@@ -46,35 +45,11 @@ jobs:
           echo "hash_commit_awesome_italia_opensource=${hash_commit_awesome_italia_opensource}" >> $GITHUB_OUTPUT
           echo "hash_commit_awesome_italia_opensource=${hash_commit_awesome_italia_opensource}"
 
-      - name: Setup Python 3.12
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.12"
-          cache: "pip"
-
-      - name: Setup Node
-        uses: actions/setup-node@v4
-        with:
-          node-version-file: "website/.nvmrc"
-          cache-dependency-path: website/yarn.lock
-          cache: "yarn"
-
-      - name: Terraform Init
-        id: terraform
-        uses: ./.github/workflows/actions/terraform-init
-        timeout-minutes: 5
-        with:
-          WORKSPACE: ${{ env.WORKSPACE }}
-          AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
-          AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
-          AWS_ROLE_NAME: ${{ secrets.AWS_ROLE_NAME }}
-          AWS_TERRAFORM_STATE_BUCKET: ${{ secrets.AWS_TERRAFORM_STATE_BUCKET }}
-
       - name: Build
         id: build
         timeout-minutes: 5
         run: |
-          make download HASH_COMMIT="${{ steps.env.outputs.hash_commit_awesome_italia_opensource}}"
+          devbox run website download HASH_COMMIT="${{ steps.env.outputs.hash_commit_awesome_italia_opensource}}"
 
           git checkout HEAD -- infrastructure/.terraform.lock.hcl # Ignore changes to the lock file
           status=$(git status -s)
@@ -87,9 +62,6 @@ jobs:
             exit 0
           fi
 
-          make setup-website VIRTUAL_ENV=false
-          make build
-
           echo "has_changed=true" >> $GITHUB_OUTPUT
 
       - name: Create Pull Request

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -15,7 +15,7 @@ concurrency:
   cancel-in-progress: true
 
 env:
-  WORKSPACE: "ci" # @TODO: Create infrastructure in pull-request workspace
+  WORKSPACE: production
 
 jobs:
   test-data:
@@ -26,36 +26,24 @@ jobs:
       - name: Check out code
         uses: actions/checkout@v4
 
-      - name: Setup Python 3.12
-        uses: actions/setup-python@v5
+      - name: Install devbox
+        uses: jetify-com/[email protected]
         with:
-          python-version: "3.12"
-          cache: "pip"
+          enable-cache: "true"
 
-      - name: Setup Node
-        uses: actions/setup-node@v4
+      - name: Configure aws credentials
+        uses: aws-actions/configure-aws-credentials@v4
         with:
-          node-version-file: "website/.nvmrc"
-          cache-dependency-path: website/yarn.lock
-          cache: "yarn"
-
-      - name: Terraform Init
-        id: terraform
-        uses: ./.github/workflows/actions/terraform-init
-        timeout-minutes: 5
-        with:
-          WORKSPACE: ${{ env.WORKSPACE }}
+          role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ROLE_NAME }}
+          aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
+          role-session-name: github-actions
+
+      - name: Tests
+        timeout-minutes: 10
+        env:
           AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
           AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
           AWS_ROLE_NAME: ${{ secrets.AWS_ROLE_NAME }}
-
-      - name: Setup
-        timeout-minutes: 5
-        run: |
-          make setup-project VIRTUAL_ENV=false
-          make setup-website VIRTUAL_ENV=false
-
-      - name: Test
-        timeout-minutes: 5
         run: |
-          make tests
+          devbox run infra setup
+          devbox run tests
diff --git a/.gitignore b/.gitignore
@@ -5,6 +5,5 @@ __pycache__
 .venv
 *.egg-info
 
-.*.env
-.env
+.env*
 .DS_Store
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -83,4 +83,5 @@ repos:
           - --args=--skip-check CKV_AWS_158
           - --args=--skip-check CKV_AWS_116
           - --args=--skip-check CKV_AWS_259
+          - --args=--skip-check CKV_AWS_374
           - --args=--skip-check CKV_GHA_7
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -0,0 +1,8 @@
+{
+  "editor.codeActionsOnSave": {
+    "source.fixAll": "explicit"
+  },
+  "editor.defaultFormatter": "esbenp.prettier-vscode",
+  "editor.formatOnSave": true,
+  "files.autoSave": "afterDelay"
+}