Skip to content

release: roles with admin #5587

release: roles with admin

release: roles with admin #5587

Workflow file for this run

name: Test CIF App
on:
push:
branches: [develop, main]
pull_request:
branches: [develop, main]
env:
PGUSER: postgres
PROGRAM_DIRECTOR_NAME: director name
PROGRAM_DIRECTOR_EMAIL: [email protected]
jobs:
install-dev-tools:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- run: make install_dev_tools
- run: make stop_pg # cleanly stop the database, otherwise it will complain in the subsequent jobs
- run: yarn install --frozen-lockfile
working-directory: ./app
yarn-test:
needs: install-dev-tools
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- run: yarn test
working-directory: ./app
yarn-audit:
needs: install-dev-tools
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- run: yarn audit-deps
working-directory: ./app
db-schema-is-up-to-date:
needs: install-dev-tools
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- run: make deploy_db_migrations
- run: yarn build:schema
working-directory: ./app
- run: git diff --exit-code || (echo 'The contents of the `schema` folder are out of sync with `app/server/schema.graphql`. Did you forget to \"yarn build:schema\"?' && false)
db-revert-migrations:
needs: install-dev-tools
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- run: make test_revert_migrations
db-tests:
needs: install-dev-tools
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- run: make db_unit_tests
- run: make db_style_tests
pre-commit:
needs: install-dev-tools
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- name: set pre-commit cache directory
run: |
echo "PRE_COMMIT_HOME=$GITHUB_WORKSPACE/.pre-commit-cache" >> $GITHUB_ENV
- name: set PY
run: echo "PY=$(python -VV | sha256sum | cut -d' ' -f1)" >> $GITHUB_ENV
- name: create commitlint COMMIT_EDITMSG if not exists
run: |
if test -f ".git/COMMIT_EDITMSG"; then
echo "COMMIT_EDITMSG EXISTS, skipping"
else
touch .git/COMMIT_EDITMSG
fi
- uses: actions/cache@v3
with:
path: |
./.pre-commit-cache
key: pre-commit-${{ env.PY }}-${{ hashFiles('.pre-commit-config.yaml') }}-v3
- run: pre-commit run --all-files
docker-build:
runs-on: ubuntu-latest
strategy:
matrix:
include:
- image: ghcr.io/bcgov/cas-cif-app
context: .
dockerfile: app/Dockerfile
name: app
- image: ghcr.io/bcgov/cas-cif-schema
context: .
dockerfile: schema/Dockerfile
name: schema
- image: ghcr.io/bcgov/cas-cif-test-backups
context: .
dockerfile: database_backup_test/Dockerfile
name: testBackups
name: Build ${{ matrix.name }} docker image
steps:
- uses: actions/checkout@v3
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2
with:
install: true
- name: Docker meta
id: meta
uses: docker/metadata-action@v3
with:
images: ${{ matrix.image }}
tags: |
type=sha,format=long,prefix=
latest
type=ref,event=pr
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Cache Docker layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ matrix.name }}-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-${{ matrix.name }}
- name: Build image
uses: docker/build-push-action@v3
with:
context: ${{ matrix.context }}
builder: ${{ steps.buildx.outputs.name }}
push: true
file: ${{ matrix.dockerfile }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
# Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
- name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
e2e:
needs: ["docker-build", "install-dev-tools"]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- name: run app locally
uses: ./.github/actions/local-app-run
- name: run e2e tests
env:
CYPRESS_TEST_INTERNAL_USERNAME: ${{ secrets.TEST_INTERNAL_USERNAME }}
CYPRESS_TEST_INTERNAL_PASSWORD: ${{ secrets.TEST_INTERNAL_PASSWORD }}
CYPRESS_TEST_ADMIN_USERNAME: ${{ secrets.TEST_ADMIN_USERNAME }}
CYPRESS_TEST_ADMIN_PASSWORD: ${{ secrets.TEST_ADMIN_PASSWORD }}
CYPRESS_TEST_UNAUTHORIZED_USERNAME: ${{ secrets.TEST_UNAUTHORIZED_USERNAME }}
CYPRESS_TEST_UNAUTHORIZED_PASSWORD: ${{ secrets.TEST_UNAUTHORIZED_PASSWORD }}
HAPPO_API_KEY: ${{ secrets.HAPPO_API_KEY }}
HAPPO_API_SECRET: ${{ secrets.HAPPO_API_SECRET }}
run: yarn test:e2e
working-directory: ./app
zap-owasp:
needs: ["docker-build", "install-dev-tools"]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- name: run app locally
uses: ./.github/actions/local-app-run
- name: ZAP Base Scan
uses: zaproxy/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
docker_name: "ghcr.io/zaproxy/zaproxy:stable"
target: "http://localhost:3004/"
rules_file_name: ".zap/rules.tsv"
cmd_options: "-a -d -T 5 -m 2"
issue_title: OWASP Baseline
fail_action: false