From ffed5f1471829cb98dd1a385887e91e281909400 Mon Sep 17 00:00:00 2001
From: Jason Jackson <jasonc.jackson@gmail.com>
Date: Wed, 20 Mar 2024 16:48:16 -0400
Subject: [PATCH 1/4] convert to actions

---
 .github/workflows/ci.yml             | 33 ++++++++++++++++++++++++++++
 Makefile                             |  2 +-
 README.md                            | 17 +++++---------
 action-services.yml                  | 18 +++++++++++++++
 aws.env.encrypted                    |  2 --
 aws.env.example                      | 11 ----------
 codeship-services.yml                |  6 -----
 codeship-steps.yml                   |  9 --------
 docker-compose.yml                   |  3 +--
 {codeship => scripts}/build.sh       |  0
 {codeship => scripts}/deploy-prod.sh |  0
 {codeship => scripts}/test.sh        |  0
 12 files changed, 59 insertions(+), 42 deletions(-)
 create mode 100644 .github/workflows/ci.yml
 create mode 100644 action-services.yml
 delete mode 100644 aws.env.encrypted
 delete mode 100644 aws.env.example
 delete mode 100644 codeship-services.yml
 delete mode 100644 codeship-steps.yml
 rename {codeship => scripts}/build.sh (100%)
 rename {codeship => scripts}/deploy-prod.sh (100%)
 rename {codeship => scripts}/test.sh (100%)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 0000000..799173a
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,33 @@
+name: Continuous Integration
+
+on:
+  push:
+
+env:
+  AWS_REGION: ${{ vars.AWS_REGION }}
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  APP_ID: ${{ secrets.APP_ID }}
+  ENV_ID: ${{ secrets.ENV_ID }}
+  CONFIG_ID: ${{ secrets.CONFIG_ID }}
+
+jobs:
+  test:
+    name: Test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Run tests
+        run: docker-compose -f "action-services.yml" run app bash -c "./scripts/test.sh"
+
+  deploy:
+    name: Deploy
+    if: github.ref_name == 'main'
+    needs: test
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Deploy lambda
+        run: docker-compose -f "action-services.yml" run app
diff --git a/Makefile b/Makefile
index 2bf9006..9a126ad 100644
--- a/Makefile
+++ b/Makefile
@@ -5,7 +5,7 @@ bash:
 	docker-compose run --rm app bash
 
 test:
-	docker-compose run --rm app ./codeship/test.sh
+	docker-compose run --rm app ./scripts/test.sh
 
 clean:
 	docker-compose kill
diff --git a/README.md b/README.md
index 221f23f..18b5660 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,5 @@
 # cloudflare-scanner
+
 Look through Cloudflare records to find the ones that contain a certain substring in their name and
 then send emails with that list via AWS SES.
 
@@ -6,17 +7,11 @@ then send emails with that list via AWS SES.
 
 ### AWS Serverless User
 
-1. Copy the aes key from Codeship
-2. Paste it in a new file `codeship.aes`
-3. Run `jet decrypt aws.env.encrypted aws.env`
-4. (Optional) Compare the key in `aws.env` with the key in the most recent Terraform Cloud output
-5. Use the Terraform CLI to taint the old access key
-6. Run a new plan on Terraform Cloud
-7. Review the new plan and apply if it is correct
-8. Copy the new key and secret from the Terraform output into the aws.env file, overwriting the old values
-9. Run `jet encrypt aws.env aws.env.encrypted`
-10. Commit the new `aws.env.encrypted` file on the `develop` branch and push it to Github
-11. Submit a PR to release the change to the `main` branch
+1. Use the Terraform CLI to taint the old access key
+2. Run a new plan on Terraform Cloud
+3. Review the new plan and apply if it is correct
+4. Copy the new key and secret from the Terraform output into Github Repository Secrets, overwriting the old values
+5. Manually rerun a past run on the main branch
 
 ### Cloudflare
 
diff --git a/action-services.yml b/action-services.yml
new file mode 100644
index 0000000..a25296c
--- /dev/null
+++ b/action-services.yml
@@ -0,0 +1,18 @@
+version: "3"
+
+services:
+  app:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    environment:
+      AWS_REGION: $AWS_REGION
+      AWS_ACCESS_KEY_ID: $AWS_ACCESS_KEY_ID
+      AWS_SECRET_ACCESS_KEY: $AWS_SECRET_ACCESS_KEY
+      APP_ID: $APP_ID
+      ENV_ID: $ENV_ID
+      CONFIG_ID: $CONFIG_ID
+    volumes:
+      - ./:/app
+    working_dir: /app
+    command: bash -c "scripts/deploy-prod.sh"
diff --git a/aws.env.encrypted b/aws.env.encrypted
deleted file mode 100644
index 82b9f9e..0000000
--- a/aws.env.encrypted
+++ /dev/null
@@ -1,2 +0,0 @@
-cloudbees:v1
-3qTawtryB/ASUiqgDXF0mNuh2nWPbkt8/nmYh1l582qbYgJ2/z/sDOb4fwSOjf8MFlBAUhf+xPkNeBhC5RPneNl4lyOi/FffUEl9kZiRfZnCL/simi3gN/aQlXdXsCYkC5dxp7seBljJ7WdiYhiMy+jo11QuZeEMvfDY/fjq1egADoXpOR5m+mCArke9SEivsILI/YxCBr6aeUAJrvDoUaQ1H1Mo/xzWRZ4Mvbuyqwqot71UMT0aHQNIPrKrNiGUJgizwNlvmqXSKOLEdkLUIZxxYwsPyOM2xEtEFs79ba3+A5KA1jQLd/a4e8BCqkxZZKILKSFpQ7UF6EjLUO/GVK5u/3dSqV0gUQVDbpQFF6zXmc7Frv3m5o4GmDX8MZzXrXjWb8AEBJSx4BmZAeYRETtl5Gww1WQYNvImqGy5bLg0yIHFVU1FllaqNjNwUi/gj+i3pesLdQ==
\ No newline at end of file
diff --git a/aws.env.example b/aws.env.example
deleted file mode 100644
index b7d167a..0000000
--- a/aws.env.example
+++ /dev/null
@@ -1,11 +0,0 @@
-AWS_ACCESS_KEY_ID=AKABCDEFGHIJKLMNOPQ
-AWS_SECRET_ACCESS_KEY=aBcDeFgHiJkLmNoPqRsTuVwXyZAbCdEfGhIjKlMn
-AWS_REGION=us-east-1
-
-# AppConfig Identifers
-# Application ID
-APP_ID=0123abc
-# Environment ID
-ENV_ID=0123abc
-# Configuration Profile ID
-CONFIG_ID=0123abc
diff --git a/codeship-services.yml b/codeship-services.yml
deleted file mode 100644
index 62f8a94..0000000
--- a/codeship-services.yml
+++ /dev/null
@@ -1,6 +0,0 @@
-app:
-  build:
-    dockerfile_path: Dockerfile
-  encrypted_env_file: aws.env.encrypted
-  cached: true
-  working_dir: /app
\ No newline at end of file
diff --git a/codeship-steps.yml b/codeship-steps.yml
deleted file mode 100644
index b0ab77e..0000000
--- a/codeship-steps.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-- name: test
-  service: app
-  command: ./codeship/test.sh
-
-- name: deploy_prod
-  service: app
-  tag: main
-  command: ./codeship/deploy-prod.sh
-
diff --git a/docker-compose.yml b/docker-compose.yml
index fd271e5..31a3ead 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,7 +1,6 @@
 version: "3"
 
 services:
-
   app:
     build:
       context: ./
@@ -11,4 +10,4 @@ services:
     volumes:
       - ./:/app
     working_dir: /app
-    command: bash -c "codeship/build.sh"
+    command: bash -c "scripts/build.sh"
diff --git a/codeship/build.sh b/scripts/build.sh
similarity index 100%
rename from codeship/build.sh
rename to scripts/build.sh
diff --git a/codeship/deploy-prod.sh b/scripts/deploy-prod.sh
similarity index 100%
rename from codeship/deploy-prod.sh
rename to scripts/deploy-prod.sh
diff --git a/codeship/test.sh b/scripts/test.sh
similarity index 100%
rename from codeship/test.sh
rename to scripts/test.sh

From 553834a60f565654328a84feac0d5b83301badd1 Mon Sep 17 00:00:00 2001
From: Jason Jackson <jasonc.jackson@gmail.com>
Date: Wed, 20 Mar 2024 17:17:19 -0400
Subject: [PATCH 2/4] specify most recent run

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 18b5660..c7164d9 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@ then send emails with that list via AWS SES.
 2. Run a new plan on Terraform Cloud
 3. Review the new plan and apply if it is correct
 4. Copy the new key and secret from the Terraform output into Github Repository Secrets, overwriting the old values
-5. Manually rerun a past run on the main branch
+5. Manually rerun the most recent workflow run on the main branch
 
 ### Cloudflare
 

From 48eb36c0eea8250c1800b37a0ece1e77b70b5472 Mon Sep 17 00:00:00 2001
From: Jason Jackson <jasonc.jackson@gmail.com>
Date: Wed, 20 Mar 2024 17:36:47 -0400
Subject: [PATCH 3/4] simplify

---
 action-services.yml | 4 +---
 docker-compose.yml  | 4 +---
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/action-services.yml b/action-services.yml
index a25296c..b5745e9 100644
--- a/action-services.yml
+++ b/action-services.yml
@@ -2,9 +2,7 @@ version: "3"
 
 services:
   app:
-    build:
-      context: .
-      dockerfile: Dockerfile
+    build: .
     environment:
       AWS_REGION: $AWS_REGION
       AWS_ACCESS_KEY_ID: $AWS_ACCESS_KEY_ID
diff --git a/docker-compose.yml b/docker-compose.yml
index 31a3ead..aa98d8d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,9 +2,7 @@ version: "3"
 
 services:
   app:
-    build:
-      context: ./
-      dockerfile: Dockerfile
+    build: .
     env_file:
       - aws.env
     volumes:

From c0bf348813e8b7f43ec945b6cf985cb70531a94f Mon Sep 17 00:00:00 2001
From: Jason Jackson <jasonc.jackson@gmail.com>
Date: Wed, 20 Mar 2024 17:39:21 -0400
Subject: [PATCH 4/4] merge jobs

---
 .github/workflows/ci.yml | 13 +++----------
 1 file changed, 3 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 799173a..b9eecce 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -13,21 +13,14 @@ env:
 
 jobs:
   test:
-    name: Test
+    name: Test and Deploy
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
 
-      - name: Run tests
+      - name: Unit tests
         run: docker-compose -f "action-services.yml" run app bash -c "./scripts/test.sh"
 
-  deploy:
-    name: Deploy
-    if: github.ref_name == 'main'
-    needs: test
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-
       - name: Deploy lambda
+        if: github.ref_name == 'main'
         run: docker-compose -f "action-services.yml" run app