CI improvements (#129)

* done

* refinements

* remove wait-for-tests

* Update Dockerfile

* whistespaces

.github/workflows/deploy-all-lambdas.yml

@@ -9,41 +9,54 @@ jobs:
   deploy-lambdas:
     runs-on: ubuntu-latest
     container: swift:5.10-amazonlinux2
+
     env:
       AWS_DEFAULT_REGION: eu-west-1
       AWS_ACCESS_KEY_ID: ${{ secrets.DEPLOYER_ACCESS_KEY_ID }}
       AWS_SECRET_ACCESS_KEY: ${{ secrets.DEPLOYER_ACCESS_SECRET_KEY }}
+
     steps:
       - name: Install additional dependencies and AWSCLI v2
         run: |
-          echo "::add_mask::$AWS_ACCESS_KEY_ID"
-          echo "::add_mask::$AWS_SECRET_ACCESS_KEY"
           yum -y install \
             {libuuid,libicu,libedit,sqlite,python,ncurses,openssl}-devel \
             libtool jq zip
           curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
           unzip awscliv2.zip
           ./aws/install
+
       - name: Check out repository
         uses: actions/checkout@v3
-      - name: Build, package, and deploy
+
+      - name: Find package names
+        id: find_package_names
+        run: |
+          echo "names=$(
+            swift package describe --type json | \
+            jq -r '.targets[] |
+              select(
+                .type == "executable"
+              and
+                (.name | endswith("Lambda"))
+              ).name'
+          )" >> $GITHUB_OUTPUT
+
+      - name: Build and package
         run: |
           mkdir zips
-          for name in $(
-            swift package dump-package | \
-              jq '.targets' | \
-              jq 'map(select(.type == "executable"))' | \
-              jq 'map(select(.path != null))' | \
-              jq 'map(select(.path | startswith("./Lambdas")))' | \
-              jq -r '.[].name'
-            ); do
+          for name in ${{ steps.find_package_names.outputs.names }}; do
             swift package archive \
               --output-path ./zips \
               --products "${name}"
             aws s3api put-object \
               --bucket penny-lambdas-store \
               --key "${name}.zip" \
               --body ./zips/${name}/${name}.zip
+          done
+
+      - name: Deploy
+        run: |
+          for name in ${{ steps.find_package_names.outputs.names }}; do
             aws lambda update-function-code \
               --function-name "${name}" \
               --s3-bucket "penny-lambdas-store" \

.github/workflows/deploy-penny.yml

@@ -6,21 +6,26 @@ on:
   push: { branches: [main] }
 
 jobs:
-  deploy: 
+  deploy:
     name: Deploy Stack
+
     runs-on: ubuntu-latest
+
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-access-key-id: ${{ secrets.DEPLOYER_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.DEPLOYER_ACCESS_SECRET_KEY }}
-          aws-region: 'eu-west-1'
+          aws-region: "eu-west-1"
+
       - name: Login to Amazon ECR
         id: login-ecr
         uses: aws-actions/amazon-ecr-login@v2
+
       - name: Build, tag, and push image to Amazon ECR
         id: build-image
         env:
@@ -33,20 +38,23 @@ jobs:
           # be deployed to ECS.
           docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f Dockerfile .
           docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
-          echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >>"${GITHUB_OUTPUT}"
+          echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
+
       - name: Fill in the new image ID in the Amazon ECS task definition
         id: task-def
         uses: aws-actions/amazon-ecs-render-task-definition@v1
         with:
           task-definition: ./deploy/penny-discord-bot-task.json
           container-name: penny-bot
           image: ${{ steps.build-image.outputs.image }}
+
       - name: Deploy to Amazon ECS Service
         id: task-dep
         uses: aws-actions/amazon-ecs-deploy-task-definition@v1
         with:
           task-definition: ${{ steps.task-def.outputs.task-definition }}
           wait-for-service-stability: true
+
       - name: Deploy to AWS cloudformation
         uses: aws-actions/aws-cloudformation-github-deploy@v1
         with:

.github/workflows/test.yml

@@ -1,10 +1,10 @@
-name: test
+name: tests
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 on:
   pull_request: { types: [opened, reopened, synchronize, ready_for_review] }
-  push: { branches: [ main ] }
+  push: { branches: [main] }
 
 jobs:
   unit-tests:
@@ -13,15 +13,16 @@ jobs:
       with_coverage: false
       with_tsan: false
       with_public_api_check: false
+      with_deps_submission: true
       with_gh_codeql: false # Temporary, until the action actually works
 
   cloudformation-lint:
     name: Check CloudFormation
     runs-on: ubuntu-latest
     steps:
-    - name: Checkout
-      uses: actions/checkout@v4
-    - name: Setup and run CloudFormation lint
-      uses: ScottBrenner/cfn-lint-action@v2
-      with:
-        command: cfn-lint -t ./deploy/penny-discord-bot-stack.yml
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup and run CloudFormation lint
+        uses: ScottBrenner/cfn-lint-action@v2
+        with:
+          command: cfn-lint -t ./deploy/penny-discord-bot-stack.yml

Dockerfile

@@ -25,7 +25,8 @@ COPY . .
 
 # Build everything, with optimizations, with static linking, and using jemalloc
 # N.B.: The static version of jemalloc is incompatible with the static Swift runtime.
-RUN swift build -c release \
+RUN swift build \
+        -c release \
         --product Penny \
         --static-swift-stdlib \
         -Xlinker -ljemalloc