Github action for deploying the Django project to Elastic beanstalk after running some basic continuous integrations.

This GitHub Action will deploy your Django project to AWS Elastic beanstalk. It can be configured to upload your production-ready code into any branch you'd like, and even make multiple deployments it to different environments like staging or uat environments. You can also run linting, testing and security checks before deploying. And also you can download the reports of the coverage and the security checks as artifacts.

This action has the following features:

Deploy Django project to elasticbeanstalk.
Run unit tests.
Download coverage reports.
Run security checks using bandit.
Download security checks report.
Run linting using flake8.

Usage

It is important to have the Elastic beanstalk config.yml of your project with its AWS credentials.

    - name: Django aws eb deployment
      uses: joel-hanson/django-aws-eb-deploy@V1
      with:
        python_version: ${{ matrix.python_version }}
        flake8: true
        aws_access_key_id: ${{ secrets.aws_access_key_id }}
        aws_secret_access_key: ${{ secrets.aws_secret_access_key }}
        django_path: sample_project
        unit_testing: true
        deploy: true
        min_coverage: 10
        postgresql_required: true
        security_check: true
        flake8_config_file: "sample_project/.flake8"

Getting Started ✈️

You can include the action in your workflow to trigger on any event that GitHub actions supports. If the remote branch that you wish to deploy to doesn't already exist the action will create it for you. Your workflow will also need to include the actions/checkout step before this workflow runs in order for the deployment to work.

Example

You can view an example of this below.

name: Build and Deployment

on: push

jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        python_version: [3.6.10]
        # python_version: [3.5.7, 3.6.10, 3.7.5, 3.8.2]

    steps:
    - uses: actions/checkout@v2
    - name: Django aws eb deployment
      uses: joel-hanson/django-aws-eb-deploy@V1
      with:
        python_version: ${{ matrix.python_version }}
        flake8: true
        aws_access_key_id: ${{ secrets.aws_access_key_id }}
        aws_secret_access_key: ${{ secrets.aws_secret_access_key }}
        django_path: sample_project
        unit_testing: true
        deploy: true
        min_coverage: 10
        postgresql_required: true
        security_check: true
        flake8_config_file: "sample_project/.flake8"

If you'd like to make it so the workflow only triggers on push events to specific branches then you can modify the on section.

on:
  push:
    branches:
      - master

Configuration 📁

The with portion of the workflow must be configured before the action will work. You can add these in the with section found in the examples above. Any secrets must be referenced using the bracket syntax and stored in the GitHub repositories Settings/Secrets menu. You can learn more about setting environment variables with GitHub actions here.

Required Setup

One of the following deployment options must be configured.

Key	Value Information	Type	Required
`AWS_ACCESS_KEY_ID`	You should enter the AWS access key if ID. if you don't have one please learn more about how to generate one here This should be stored as a secret.'	`secrets`	Yes
`AWS_SECRET_ACCESS_KEY`	The AWS secret access key. This should be stored as a secret.	`secrets`	Yes

In addition to the deployment options you must also configure the following.

Key	Value Information	Type	Required	Default
`FLASK8`	This boolean flag to whether to run flake8 linting for our project.	`with`	No	false
`PYTHON_VERSION`	Version range or exact version of a Python version to use, using SemVer's version range syntax.	`with`	Yes	3.6.10
`FLAKE8_CONFIG_FILE`	The flake8 config path relative to the github repository (this requires input flake8 to be true).	`with`	No	".flake8"
`DEPLOY`	Deploy to AWS Elastic beanstalk.	`with`	Yes	true

Optional Choices

Key	Value Information	Type	Required	Default
`DJANGO_PATH`	This is the path at which the your django project is located in you github repo.	`with`	No	"."
`UNIT_TESTING`	Whether to run unit tests.	`with`	No	false
`MIN_COVERAGE`	Minimum code coverage required.	`with`	No	0
`POSTGRESQL_REQUIRED`	Run unit tests with postgresql.	`with`	No	false
`SECURITY_CHECK`	Security oriented static analyser for python code using bandit.	`with`	No	false
`FLAKE8_CONFIG_FILE`	The flake8 config path relative to the github repository (this requires input flake8 to be true).	`with`	No	true

With the action correctly configured you should see the workflow trigger the deployment under the configured conditions.

Operating System Support 💿

This action is primarily developed using Ubuntu. In your workflow job configuration it's recommended to set the runs-on property to ubuntu-latest.

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest

Artifacts 📁

You can get the report for the coverage and the bandit security checks reports for you django project. learn more about artifacts.

Bandit report (security checks report) 👮‍♂️

The following is an bandit report for a django project. learn more about bandit.

Run started:2020-03-22 18:12:42.386731

Test results:
>> Issue: [B105:hardcoded_password_string] Possible hardcoded password: '(2h1-*yec9^6xz6y920vco%zdd+!7m6j6$!gi@)3amkbduup%d'
   Severity: Low   Confidence: Medium
   Location: ./sample_project/settings.py:25
   More Info: https://bandit.readthedocs.io/en/latest/plugins/b105_hardcoded_password_string.html
24      # SECURITY WARNING: keep the secret key used in production secret!
25      SECRET_KEY = "(2h1-*yec9^6xz6y920vco%zdd+!7m6j6$!...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly