Skip to content

Bump the lint group across 1 directory with 4 updates #905

Bump the lint group across 1 directory with 4 updates

Bump the lint group across 1 directory with 4 updates #905

Workflow file for this run

# SPDX-FileCopyrightText: 2023-2024 City of Espoo
#
# SPDX-License-Identifier: LGPL-2.1-or-later
name: Build
on:
- push
env:
AWS_REGION: eu-north-1
ECR_REGISTRY: 095341522062.dkr.ecr.eu-north-1.amazonaws.com
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
id-token: write
contents: read
jobs:
lint-shell:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: espoon-voltti/voltti-actions/shellcheck@master
check-licenses:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Reuse Compliance Check
uses: fsfe/reuse-action@v5
dockerize:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- name: oppivelvollisuus/frontend
path: frontend
- name: oppivelvollisuus/api-gateway
path: api-gateway
steps:
- uses: actions/checkout@v4
- name: Build image
uses: espoon-voltti/voltti-actions/docker-build-push@master
id: build
with:
path: ${{ matrix.path }}
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
AWS_ROLE_TO_ASSUME: ${{ secrets.AWS_ROLE }}
AWS_REGION: ${{ env.AWS_REGION }}
registry: ${{ env.ECR_REGISTRY }}
name: ${{ matrix.name }}
build-args: |
build=${{ github.run_number }}
commit=${{ github.sha }}
- name: Build and run unit tests
uses: espoon-voltti/voltti-actions/docker-build-push@master
id: test
with:
push: false
path: ${{ matrix.path }}
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
AWS_ROLE_TO_ASSUME: ${{ secrets.AWS_ROLE }}
AWS_REGION: ${{ env.AWS_REGION }}
registry: ${{ env.ECR_REGISTRY }}
name: ${{ matrix.name }}-test
build-args: |
build=${{ github.run_number }}
commit=${{ github.sha }}
target: test
service:
runs-on: ubuntu-latest
env:
name: oppivelvollisuus/service
path: service
builder: builder
steps:
- uses: actions/checkout@v4
- name: Build image
uses: espoon-voltti/voltti-actions/docker-build-push@master
id: build
with:
path: ${{ env.path }}
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
AWS_ROLE_TO_ASSUME: ${{ secrets.AWS_ROLE }}
AWS_REGION: ${{ env.AWS_REGION }}
registry: ${{ env.ECR_REGISTRY }}
name: ${{ env.name }}
build-args: |
build=${{ github.run_number }}
commit=${{ github.sha }}
- name: Build builder
uses: espoon-voltti/voltti-actions/docker-build-push@master
id: builder
with:
path: ${{ env.path }}
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
AWS_ROLE_TO_ASSUME: ${{ secrets.AWS_ROLE }}
AWS_REGION: ${{ env.AWS_REGION }}
registry: ${{ env.ECR_REGISTRY }}
name: ${{ env.name }}-${{ env.builder }}
build-args: |
build=${{ github.run_number }}
commit=${{ github.sha }}
target: ${{ env.builder }}
outputs:
image: ${{ steps.build.outputs.image }}
image_name: ${{ steps.build.outputs.image_name }}
builder_image: ${{ steps.builder.outputs.image }}
builder_image_name: ${{ steps.builder.outputs.image_name }}
owasp:
if: ${{ github.actor != 'dependabot[bot]' }}
needs:
- service
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE }}
role-duration-seconds: 1200
- name: Login to Amazon ECR
id: ecr
uses: aws-actions/amazon-ecr-login@v2
with:
mask-password: 'true'
- name: Cache dependency check database
uses: actions/cache@v4
with:
path: dependency-check-data
key: dependency-check-data-${{ github.run_id }}-${{ github.run_attempt }}
restore-keys: |
dependency-check-data-
- name: Run service OWASP tests
shell: bash
run: |
docker run --rm \
-e NVD_API_KEY=${{ secrets.NVD_API_KEY }} \
-v $(pwd)/dependency-check-data:/root/.gradle/dependency-check-data \
${{ needs.service.outputs.builder_image }} \
sh -c "./gradlew --no-daemon dependencyCheckUpdate && ./gradlew --no-daemon dependencyCheckAnalyze"
test:
runs-on: ubuntu-latest
needs: service
env:
BUILD: "false"
TAG: "${{ github.event.pull_request.head.sha || github.sha }}"
defaults:
run:
working-directory: compose
steps:
- uses: actions/checkout@v4
- name: Configure AWS credentials
if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }}
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE }}
role-duration-seconds: 1200
- name: Login to Amazon ECR
if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }}
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Pull images
if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }}
run: |
./test-compose pull
- name: Build images
if: ${{ github.actor == 'dependabot[bot]' || github.event.pull_request.head.repo.fork }}
run: |
./test-compose build --parallel
- name: Run tests
run: |
set -o pipefail
./test-compose run service-tests | tee tests.log
- name: Get logs
if: always()
run: |
./test-compose logs > tests-all.log
- name: Store logs
if: always()
uses: actions/upload-artifact@v4
with:
name: integration-test-results
path: |
compose/tests.log
compose/tests-all.log
retention-days: 2
e2e-test:
runs-on: ubuntu-latest
needs:
- service
- dockerize
env:
BUILD: "false"
TAG: "${{ github.event.pull_request.head.sha || github.sha }}"
defaults:
run:
working-directory: compose
steps:
- uses: actions/checkout@v4
- name: Configure AWS credentials
if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }}
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE }}
role-duration-seconds: 1200
- name: Login to Amazon ECR
if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }}
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Pull images
if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }}
run: |
./e2e-test-compose pull
- name: Build images
if: ${{ github.actor == 'dependabot[bot]' || github.event.pull_request.head.repo.fork }}
run: |
./e2e-test-compose build --parallel
- name: Start dependencies
run: |
./e2e-test-compose up -d oppivelvollisuus-db redis frontend api-gateway
- name: Run e2e tests
run: |
set -o pipefail
./e2e-test-compose up --exit-code-from service-e2e-tests service-e2e-tests | tee tests.log
- name: Get logs
if: always()
run: |
./e2e-test-compose logs > tests-all.log
- name: Store logs
if: always()
uses: actions/upload-artifact@v4
with:
name: e2e-test-results
path: |
compose/tests.log
compose/tests-all.log
retention-days: 2
deploy:
if: ${{ github.ref == 'refs/heads/master' }}
runs-on: ubuntu-latest
needs:
- test
- e2e-test
- dockerize
strategy:
fail-fast: false
matrix:
environment:
- staging
- prod
environment:
name: ${{ matrix.environment }}
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE }}
role-duration-seconds: 1200
- name: Retag
run: |
for repository in service api-gateway frontend; do
MANIFEST=$(aws ecr batch-get-image --repository-name "oppivelvollisuus/$repository" --image-ids imageTag="${{ github.event.pull_request.head.sha || github.sha }}" --output json | jq --raw-output --join-output '.images[0].imageManifest')
aws ecr put-image --repository-name "oppivelvollisuus/$repository" --image-tag "env-${{ matrix.environment }}" --image-manifest "$MANIFEST"
done
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE_ENVIRONMENT }}
role-duration-seconds: 1200
unset-current-credentials: true
- name: Deploy
run: |
aws ecs update-service \
--cluster "oppivelvollisuus-${{ matrix.environment }}" \
--service "oppivelvollisuus-${{ matrix.environment }}" \
--force-new-deployment
aws ecs wait services-stable \
--cluster "oppivelvollisuus-${{ matrix.environment }}" \
--services "oppivelvollisuus-${{ matrix.environment }}"