convert to actions

.github/workflows/ci.yml

@@ -0,0 +1,33 @@
+name: Continuous Integration
+
+on:
+  push:
+
+env:
+  AWS_REGION: ${{ vars.AWS_REGION }}
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  APP_ID: ${{ secrets.APP_ID }}
+  ENV_ID: ${{ secrets.ENV_ID }}
+  CONFIG_ID: ${{ secrets.CONFIG_ID }}
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Run tests
+        run: docker-compose -f "action-services.yml" run app bash -c "./scripts/test.sh"
+
+  deploy:
+    name: Deploy
+    if: github.ref_name == 'main'
+    needs: test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Deploy lambda
+        run: docker-compose -f "action-services.yml" run app

Makefile

@@ -5,7 +5,7 @@ bash:
 	docker-compose run --rm app bash
 
 test:
-	docker-compose run --rm app ./codeship/test.sh
+	docker-compose run --rm app ./scripts/test.sh
 
 clean:
 	docker-compose kill

README.md

@@ -1,22 +1,17 @@
 # cloudflare-scanner
+
 Look through Cloudflare records to find the ones that contain a certain substring in their name and
 then send emails with that list via AWS SES.
 
 ## Credential Rotation
 
 ### AWS Serverless User
 
-1. Copy the aes key from Codeship
-2. Paste it in a new file `codeship.aes`
-3. Run `jet decrypt aws.env.encrypted aws.env`
-4. (Optional) Compare the key in `aws.env` with the key in the most recent Terraform Cloud output
-5. Use the Terraform CLI to taint the old access key
-6. Run a new plan on Terraform Cloud
-7. Review the new plan and apply if it is correct
-8. Copy the new key and secret from the Terraform output into the aws.env file, overwriting the old values
-9. Run `jet encrypt aws.env aws.env.encrypted`
-10. Commit the new `aws.env.encrypted` file on the `develop` branch and push it to Github
-11. Submit a PR to release the change to the `main` branch
+1. Use the Terraform CLI to taint the old access key
+2. Run a new plan on Terraform Cloud
+3. Review the new plan and apply if it is correct
+4. Copy the new key and secret from the Terraform output into Github Repository Secrets, overwriting the old values
+5. Manually rerun a past run on the main branch
 
 ### Cloudflare
 

action-services.yml

@@ -0,0 +1,18 @@
+version: "3"
+
+services:
+  app:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    environment:
+      AWS_REGION: $AWS_REGION
+      AWS_ACCESS_KEY_ID: $AWS_ACCESS_KEY_ID
+      AWS_SECRET_ACCESS_KEY: $AWS_SECRET_ACCESS_KEY
+      APP_ID: $APP_ID
+      ENV_ID: $ENV_ID
+      CONFIG_ID: $CONFIG_ID
+    volumes:
+      - ./:/app
+    working_dir: /app
+    command: bash -c "scripts/deploy-prod.sh"

docker-compose.yml

@@ -1,7 +1,6 @@
 version: "3"
 
 services:
-
   app:
     build:
       context: ./
@@ -11,4 +10,4 @@ services:
     volumes:
       - ./:/app
     working_dir: /app
-    command: bash -c "codeship/build.sh"
+    command: bash -c "scripts/build.sh"