Merge pull request #1948 from bcgov/chore/release #5590
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test CIF App | |
on: | |
push: | |
branches: [develop, main] | |
pull_request: | |
branches: [develop, main] | |
env: | |
PGUSER: postgres | |
PROGRAM_DIRECTOR_NAME: director name | |
PROGRAM_DIRECTOR_EMAIL: [email protected] | |
jobs: | |
install-dev-tools: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: dev env setup | |
uses: ./.github/actions/dev-env-setup | |
- run: make install_dev_tools | |
- run: make stop_pg # cleanly stop the database, otherwise it will complain in the subsequent jobs | |
- run: yarn install --frozen-lockfile | |
working-directory: ./app | |
yarn-test: | |
needs: install-dev-tools | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: dev env setup | |
uses: ./.github/actions/dev-env-setup | |
- run: yarn test | |
working-directory: ./app | |
yarn-audit: | |
needs: install-dev-tools | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: dev env setup | |
uses: ./.github/actions/dev-env-setup | |
- run: yarn audit-deps | |
working-directory: ./app | |
db-schema-is-up-to-date: | |
needs: install-dev-tools | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: dev env setup | |
uses: ./.github/actions/dev-env-setup | |
- run: make deploy_db_migrations | |
- run: yarn build:schema | |
working-directory: ./app | |
- run: git diff --exit-code || (echo 'The contents of the `schema` folder are out of sync with `app/server/schema.graphql`. Did you forget to \"yarn build:schema\"?' && false) | |
db-revert-migrations: | |
needs: install-dev-tools | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: dev env setup | |
uses: ./.github/actions/dev-env-setup | |
- run: make test_revert_migrations | |
db-tests: | |
needs: install-dev-tools | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: dev env setup | |
uses: ./.github/actions/dev-env-setup | |
- run: make db_unit_tests | |
- run: make db_style_tests | |
pre-commit: | |
needs: install-dev-tools | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: dev env setup | |
uses: ./.github/actions/dev-env-setup | |
- name: set pre-commit cache directory | |
run: | | |
echo "PRE_COMMIT_HOME=$GITHUB_WORKSPACE/.pre-commit-cache" >> $GITHUB_ENV | |
- name: set PY | |
run: echo "PY=$(python -VV | sha256sum | cut -d' ' -f1)" >> $GITHUB_ENV | |
- name: create commitlint COMMIT_EDITMSG if not exists | |
run: | | |
if test -f ".git/COMMIT_EDITMSG"; then | |
echo "COMMIT_EDITMSG EXISTS, skipping" | |
else | |
touch .git/COMMIT_EDITMSG | |
fi | |
- uses: actions/cache@v3 | |
with: | |
path: | | |
./.pre-commit-cache | |
key: pre-commit-${{ env.PY }}-${{ hashFiles('.pre-commit-config.yaml') }}-v3 | |
- run: pre-commit run --all-files | |
docker-build: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
include: | |
- image: ghcr.io/bcgov/cas-cif-app | |
context: . | |
dockerfile: app/Dockerfile | |
name: app | |
- image: ghcr.io/bcgov/cas-cif-schema | |
context: . | |
dockerfile: schema/Dockerfile | |
name: schema | |
- image: ghcr.io/bcgov/cas-cif-test-backups | |
context: . | |
dockerfile: database_backup_test/Dockerfile | |
name: testBackups | |
name: Build ${{ matrix.name }} docker image | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
with: | |
install: true | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v3 | |
with: | |
images: ${{ matrix.image }} | |
tags: | | |
type=sha,format=long,prefix= | |
latest | |
type=ref,event=pr | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Cache Docker layers | |
uses: actions/cache@v3 | |
with: | |
path: /tmp/.buildx-cache | |
key: ${{ runner.os }}-buildx-${{ matrix.name }}-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-buildx-${{ matrix.name }} | |
- name: Build image | |
uses: docker/build-push-action@v3 | |
with: | |
context: ${{ matrix.context }} | |
builder: ${{ steps.buildx.outputs.name }} | |
push: true | |
file: ${{ matrix.dockerfile }} | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=local,src=/tmp/.buildx-cache | |
cache-to: type=local,dest=/tmp/.buildx-cache-new | |
# Temp fix | |
# https://github.com/docker/build-push-action/issues/252 | |
# https://github.com/moby/buildkit/issues/1896 | |
- name: Move cache | |
run: | | |
rm -rf /tmp/.buildx-cache | |
mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |
e2e: | |
needs: ["docker-build", "install-dev-tools"] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: dev env setup | |
uses: ./.github/actions/dev-env-setup | |
- name: run app locally | |
uses: ./.github/actions/local-app-run | |
- name: run e2e tests | |
env: | |
CYPRESS_TEST_INTERNAL_USERNAME: ${{ secrets.TEST_INTERNAL_USERNAME }} | |
CYPRESS_TEST_INTERNAL_PASSWORD: ${{ secrets.TEST_INTERNAL_PASSWORD }} | |
CYPRESS_TEST_ADMIN_USERNAME: ${{ secrets.TEST_ADMIN_USERNAME }} | |
CYPRESS_TEST_ADMIN_PASSWORD: ${{ secrets.TEST_ADMIN_PASSWORD }} | |
CYPRESS_TEST_UNAUTHORIZED_USERNAME: ${{ secrets.TEST_UNAUTHORIZED_USERNAME }} | |
CYPRESS_TEST_UNAUTHORIZED_PASSWORD: ${{ secrets.TEST_UNAUTHORIZED_PASSWORD }} | |
HAPPO_API_KEY: ${{ secrets.HAPPO_API_KEY }} | |
HAPPO_API_SECRET: ${{ secrets.HAPPO_API_SECRET }} | |
run: yarn test:e2e | |
working-directory: ./app | |
zap-owasp: | |
needs: ["docker-build", "install-dev-tools"] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: dev env setup | |
uses: ./.github/actions/dev-env-setup | |
- name: run app locally | |
uses: ./.github/actions/local-app-run | |
- name: ZAP Base Scan | |
uses: zaproxy/[email protected] | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
docker_name: "ghcr.io/zaproxy/zaproxy:stable" | |
target: "http://localhost:3004/" | |
rules_file_name: ".zap/rules.tsv" | |
cmd_options: "-a -d -T 5 -m 2" | |
issue_title: OWASP Baseline | |
fail_action: false |