Skip to content

feat(keystone): DOMA-10642 custom field for encrypted text #5926

feat(keystone): DOMA-10642 custom field for encrypted text

feat(keystone): DOMA-10642 custom field for encrypted text #5926

name: Condo CI
on:
push:
branches:
- main
# NOTE: change pull_request_target to pull_request if you want to change the CI in your branch
pull_request_target:
types:
- opened
- reopened
- synchronize
branches:
- main
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
DOCKER_IMAGE: condo/condo-image:${{ github.event.pull_request.head.sha || github.sha }}
DOCKER_IMAGE_FULL: ${{ secrets.DOCKER_REGISTRY }}/condo/condo-image:${{ github.event.pull_request.head.sha || github.sha }}
PG_IMAGE_FULL: ${{ secrets.DOCKER_REGISTRY }}/doma/utils/postgres:13.2
REDIS_IMAGE_FULL: ${{ secrets.DOCKER_REGISTRY }}/doma/utils/redis:6.2
REF: ${{ github.event.pull_request.head.sha || github.ref }}
jobs:
authorize:
name: Authorize PR
runs-on: ubuntu-22.04
environment:
${{ github.event_name == 'pull_request_target' &&
github.event.pull_request.head.repo.full_name != github.repository &&
'external' || 'internal' }}
outputs:
ref: ${{ env.REF }}
steps:
- run: echo "PR is authorized to run CI jobs"
build-image:
name: Build Docker Image
needs: authorize
runs-on: test-pool-runners
outputs:
DOCKER_IMAGE: ${{ env.DOCKER_IMAGE }}
steps:
- name: Prepare runner
run: |
sudo apt update && sudo apt install -y git
- name: Set registry variables
run: |
echo "DOCKER_CACHE_FROM=type=registry,ref=${{ secrets.DOCKER_REGISTRY }}/condo/condo-image:$( echo "${{github.ref_name}}" | sed 's/[^a-zA-Z0-9]/-/g' ) >> $GITHUB_ENV"
echo "DOCKER_CACHE_TO=type=registry,ref=${{ secrets.DOCKER_REGISTRY }}/condo/condo-image:$( echo "${{github.ref_name}}" | sed 's/[^a-zA-Z0-9]/-/g' ),mode=min,image-manifest=true" >> $GITHUB_ENV
- name: Login to cloud registry
uses: docker/login-action@v3
with:
registry: ${{ secrets.DOCKER_REGISTRY }}
username: ${{ secrets.SBERCLOUD_CR_USERNAME }}
password: ${{ secrets.SBERCLOUD_CR_PASSWORD }}
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: recursive
ssh-key: ${{ secrets.SSH_DOCK_SERVER_PRIVATE_KEY }}
ref: ${{ env.REF }}
- name: Prune repo to filter out yarn.lock and package.json
run: |
bash bin/prune.sh
- name: Setup context for Docker BuildX
id: buildx-context
run: |
docker context create builders
- name: Setup Docker BuildX
id: buildx
uses: docker/setup-buildx-action@v3
with:
endpoint: builders
driver-opts: |
env.BUILDKIT_STEP_LOG_MAX_SIZE=10485760
image=${{ secrets.DOCKER_REGISTRY }}/doma/utils/buildkit:buildx-stable-1
- name: Build repo image
uses: docker/build-push-action@v5
with:
context: .
file: Dockerfile
push: true
tags: ${{ env.DOCKER_IMAGE_FULL }}
build-args: |
REGISTRY=${{ secrets.DOCKER_REGISTRY }}/doma/utils
TURBO_TEAM=condo-ci
TURBO_REMOTE_ONLY=true
TURBO_TOKEN=${{ secrets.TURBO_TOKEN }}
TURBO_API=${{ secrets.TURBO_API }}
provenance: false
cache-from: ${{ env.DOCKER_CACHE_FROM }}
cache-to: ${{ env.DOCKER_CACHE_TO }}
- name: Collect docker logs on failure
if: failure()
uses: jwalton/gh-docker-logs@v1
with:
dest: './docker-logs'
- name: Upload log artifact
uses: actions/upload-artifact@v4
if: failure()
with:
name: logs
path: |
*.log
./docker-logs
retention-days: 2
# SRC: https://how.wtf/run-workflow-step-or-job-based-on-file-changes-github-actions.html
detect-changes:
name: Define job list based on changed files
needs: authorize
runs-on: ubuntu-22.04
outputs:
address-service: ${{ steps.detect-changes.outputs.address-service }}
dev-api: ${{ steps.detect-changes.outputs.dev-api }}
condorb: ${{ steps.detect-changes.outputs.condorb }}
webhooks: ${{ steps.detect-changes.outputs.webhooks }}
steps:
- name: Checkout code with submodules
uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: recursive
ssh-key: ${{ secrets.SSH_DOCK_SERVER_PRIVATE_KEY }}
ref: ${{ env.REF }}
- name: Scan changed files
uses: dorny/paths-filter@v3
id: detect-changes
with:
filters: |
address-service:
- 'apps/address-service/**'
- 'packages/**'
condorb:
- 'apps/condorb'
- 'packages/**'
dev-api:
- 'apps/dev-api/**'
- 'apps/condo/domains/miniapp/**'
- 'apps/condo/domains/user/**'
- 'packages/**'
webhooks:
- 'packages/webhooks/**'
lint:
name: Lint source code
needs: authorize
runs-on: ubuntu-22.04
steps:
- name: Checkout code with submodules
uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: recursive
ssh-key: ${{ secrets.SSH_DOCK_SERVER_PRIVATE_KEY }}
ref: ${{ env.REF }}
- name: Prepare Node environment
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node-version }}
cache: 'yarn'
- name: Install root dependencies
run: |
yarn workspaces focus root
- name: Check JS code-style rules
run: |
yarn lint:code
- name: Check styling rules
run: |
yarn lint:styles
- name: Check translations rules
run: |
yarn lint:translations
- name: Check common file patterns
run: |
bash ./bin/lint-common-patterns.sh
# TODO(DOMA-7754): Figure out how to extract schema without starting KS-app (30sec for start per app is slow) and lint all apps
security:
name: Semgrep vulnerabilities check
needs: authorize
runs-on: ubuntu-22.04
container:
image: returntocorp/semgrep
# Skip any PR created by dependabot to avoid permission issues
if: (github.actor != 'dependabot[bot]')
steps:
# Fetch project source with GitHub Actions Checkout.
- name: Checkout code with submodules
uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: recursive
ssh-key: ${{ secrets.SSH_DOCK_SERVER_PRIVATE_KEY }}
ref: ${{ env.REF }}
- run: ./bin/run-semgrep.sh -a
run-address-service-tests:
name: Address-Service Tests
runs-on: ubuntu-22.04
needs:
- authorize
- build-image
- detect-changes
if: ${{ needs.detect-changes.outputs.address-service == 'true' }}
steps:
- name: Login to cloud registry
uses: docker/login-action@v3
with:
registry: ${{ secrets.DOCKER_REGISTRY }}
username: ${{ secrets.SBERCLOUD_CR_USERNAME }}
password: ${{ secrets.SBERCLOUD_CR_PASSWORD }}
- name: Setup PG db
run: |
docker run -e POSTGRES_USER=$POSTGRES_USER -e POSTGRES_PASSWORD=$POSTGRES_PASSWORD -e POSTGRES_DB=$POSTGRES_DB -p="127.0.0.1:5432:5432" -d ${{ env.PG_IMAGE_FULL }}
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: main
- name: Setup Redis db
run: |
docker run -p="127.0.0.1:6379:6379" -d ${{ env.REDIS_IMAGE_FULL }}
- name: Run condo container with daemon
run: |
docker run --network="host" --name condo-container -dit ${{ env.DOCKER_IMAGE_FULL }} sh
- name: Prepare apps
run: |
docker exec condo-container node bin/prepare.js -f address-service condo
- name: Check migrations state
run: |
docker exec condo-container yarn workspace @app/address-service makemigrations --check
- name: Run apps and tests
run: |
docker exec condo-container sh -c "(\
yarn workspace @app/address-service start & \
node bin/wait-apps-apis.js -f address-service) && \
yarn workspace @app/address-service test"
run-condo-tests:
name: Condo Tests
needs:
- authorize
- build-image
strategy:
matrix:
domain:
- organization
- user
- scope
- property
- acquiring
- billing
- miniapp
- banking
- ticket
- meter
- contact
- resident
- notification
- common
- others
uses: ./.github/workflows/_nodejs.condo.core.tests.yml
with:
domain_name: ${{ matrix.domain }}
runs-on: runners-dind-set-cpu5-ram10
image_name: ${{ needs.build-image.outputs.DOCKER_IMAGE }}
secrets: inherit
run-condo-e2e-tests:
name: Condo E2E Tests
needs: authorize
uses: ./.github/workflows/_nodejs.condo.cypress.yml
with:
ref: ${{ needs.authorize.outputs.ref }}
secrets: inherit
run-condorb-tests:
name: CondoRB Tests
runs-on: ubuntu-22.04
needs:
- authorize
- build-image
- detect-changes
if: ${{ needs.detect-changes.outputs.condorb == 'true' }}
steps:
- name: Login to cloud registry
uses: docker/login-action@v3
with:
registry: ${{ secrets.DOCKER_REGISTRY }}
username: ${{ secrets.SBERCLOUD_CR_USERNAME }}
password: ${{ secrets.SBERCLOUD_CR_PASSWORD }}
- name: Setup PG db
run: |
docker run -e POSTGRES_USER=$POSTGRES_USER -e POSTGRES_PASSWORD=$POSTGRES_PASSWORD -e POSTGRES_DB=$POSTGRES_DB -p="127.0.0.1:5432:5432" -d ${{ env.PG_IMAGE_FULL }}
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: main
- name: Setup Redis db
run: |
docker run -p="127.0.0.1:6379:6379" -d ${{ env.REDIS_IMAGE_FULL }}
- name: Run condo container with daemon
run: |
docker run --network="host" --name condo-container -dit ${{ env.DOCKER_IMAGE_FULL }} sh
- name: Prepare apps
run: |
docker exec condo-container node bin/prepare.js -f condo condorb
- name: Check migrations state
run: |
docker exec condo-container yarn workspace @app/condorb makemigrations --check
- name: Run apps and tests
run: |
docker exec condo-container sh -c "(\
yarn workspace @app/condo start & \
yarn workspace @app/condorb start & \
node bin/wait-apps-apis.js -f condo condorb) && \
yarn workspace @app/condorb test"
run-dev-api-tests:
name: DEV-API Tests
runs-on: ubuntu-22.04
needs:
- authorize
- build-image
- detect-changes
if: ${{ needs.detect-changes.outputs.dev-api == 'true' }}
steps:
- name: Login to cloud registry
uses: docker/login-action@v3
with:
registry: ${{ secrets.DOCKER_REGISTRY }}
username: ${{ secrets.SBERCLOUD_CR_USERNAME }}
password: ${{ secrets.SBERCLOUD_CR_PASSWORD }}
- name: Setup PG db
run: |
docker run -e POSTGRES_USER=$POSTGRES_USER -e POSTGRES_PASSWORD=$POSTGRES_PASSWORD -e POSTGRES_DB=$POSTGRES_DB -p="127.0.0.1:5432:5432" -d ${{ env.PG_IMAGE_FULL }}
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_DB: main
- name: Setup Redis db
run: |
docker run -p="127.0.0.1:6379:6379" -d ${{ env.REDIS_IMAGE_FULL }}
- name: Run condo container with daemon
run: |
mkdir test_logs
chmod -R a+rw ./test_logs
docker run -v ./test_logs:/app/test_logs --network="host" --name condo-container -dit ${{ env.DOCKER_IMAGE_FULL }} sh
- name: Prepare apps
run: |
docker exec condo-container node bin/prepare.js -f condo dev-api
- name: Check migrations state
run: |
docker exec condo-container yarn workspace @app/dev-api makemigrations --check
- name: Run apps and tests
run: |
docker exec condo-container sh -c "yarn workspace @app/condo start" 2>&1 > ./test_logs/devapi.condo.dev.log &
docker exec condo-container sh -c "yarn workspace @app/dev-api start" 2>&1 > ./test_logs/devapi.dev-api.dev.log &
docker exec condo-container sh -c "node bin/wait-apps-apis.js -f condo dev-api"
docker exec condo-container sh -c "yarn workspace @app/dev-api test" 2>&1 > ./test_logs/devapi.tests.log
- name: Collect docker logs on failure
if: failure()
uses: jwalton/gh-docker-logs@v1
with:
dest: './docker-logs'
- name: Upload log artifact
uses: actions/upload-artifact@v4
if: failure()
with:
name: dev-api
path: |
./test_logs/*
*.log
./docker-logs
retention-days: 2
run-webhooks-tests:
name: Webhooks Tests
runs-on: ubuntu-22.04
needs:
- authorize
- detect-changes
if: ${{ needs.detect-changes.outputs.webhooks == 'true' }}
steps:
- name: Checkout code with submodules
uses: actions/checkout@v4
with:
fetch-depth: 0
submodules: recursive
ssh-key: ${{ secrets.SSH_DOCK_SERVER_PRIVATE_KEY }}
ref: ${{ env.REF }}
- name: Install packages
run: |
npm i -g turbo
yarn install --immutable
- name: Test webhooks utils
run: yarn workspace @open-condo/webhooks jest