Configure MongoDB Replica Set and implement example MongoDB transaction #1097
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This GitHub Actions workflow spins up the "test" Docker Compose stack and runs automated tests within it. | |
| # Reference: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions | |
| name: Python application | |
| # Note: The following events will trigger this workflow: | |
| # 1. Someone pushes a commit to `main` that includes changes to any of the listed files. | |
| # 2. Someone opens a pull request that includes changes to any of the listed files. | |
| # 3. Someone clicks the "Run workflow" button on the "Actions" tab on GitHub. | |
| # | |
| # References: | |
| # - https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/triggering-a-workflow#example-including-paths | |
| # - https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet | |
| # | |
| on: | |
| push: | |
| branches: [ main ] | |
| paths: | |
| - '.github/workflows/python-app.yml' | |
| - 'Makefile' | |
| - '**/Dockerfile' | |
| - '**.py' | |
| - 'requirements/main.txt' | |
| # Every file in the `data` directory or in any of its subdirectories: | |
| - 'metadata-translation/notebooks/data/**' | |
| pull_request: | |
| paths: | |
| - '.github/workflows/python-app.yml' | |
| - 'Makefile' | |
| - '**/Dockerfile' | |
| - '**.py' | |
| - 'requirements/main.txt' | |
| - 'metadata-translation/notebooks/data/**' | |
| # Allow developers to trigger this workflow manually via the "Actions" page on GitHub. | |
| # Reference: https://docs.github.com/en/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/manually-running-a-workflow | |
| workflow_dispatch: { } | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 # update version to maintain consistency across workflows | |
| # Prepare the MongoDB keyfile to be mounted by the `mongo` container. | |
| # | |
| # Note: This is to prevent MongoDB from reporting the error: | |
| # > "permissions on /path/to/keyfile are too open" | |
| # | |
| # Note: This involves making the file be readable _only_ by the OS user that MongoDB runs as. | |
| # | |
| # In containers using the `mongo` image, that user is named `mongodb` and has a | |
| # UID of `999`. That user belongs to a group named `mongodb`, whose GID is `999`. | |
| # You can verify this by looking at the Dockerfile layers on Docker Hub. | |
| # Reference: https://hub.docker.com/layers/library/mongo/8.0.5/images/sha256-90bf5066fed8a3cd59345d963922bc5cb557d4b4b2a0e38dfd9ee299c405741b | |
| # | |
| # The GHA Runner will allow me to `chmod 600` the file, but not `chown 999:999` it. | |
| # Since the GHA Runner will not allow me to `chown` the file, I use a Docker container | |
| # to (effectively) accomplish that. Since—after I use the Docker container to change | |
| # the file's owner—the GHA Runner will not allow me to then `chmod` the file, I opt to | |
| # accomplish that within the Docker container as well. | |
| # | |
| # The reason—within the Docker container—I do not `chmod` or `chown` the original file | |
| # directly, is that I am under the impression that ownership/permission changes made | |
| # within a container to mounted files that already exist on the host will not be seen | |
| # by the host. I have not found official documentation supporting this yet. | |
| # TODO: Include a reference about changing mounted file's permission within container. | |
| # | |
| - name: Restrict access to MongoDB keyfile | |
| run: | | |
| mkdir _tmp | |
| docker run --rm \ | |
| -v ./mongoKeyFile:/mongoKeyFile \ | |
| -v ./_tmp:/out \ | |
| alpine \ | |
| sh -c 'cp /mongoKeyFile /out/mongoKeyFile && chmod 600 /out/mongoKeyFile && chown 999:999 /out/mongoKeyFile' | |
| mv _tmp/mongoKeyFile ./mongoKeyFile | |
| rmdir _tmp | |
| - name: Set up Python 3.10 | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.10' | |
| # deprecated: Consider merging python.app.yml and lint.yml | |
| # - name: Lint with flake8 | |
| # run: | | |
| # pip install flake8 | |
| # make lint | |
| - name: Build and run containers upon which test runner depends | |
| run: make up-test | |
| - name: Build container image for test runner | |
| run: make test-build | |
| - name: Run tests | |
| run: make test-run |