ci: update renovate config (#180) #62
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Main Merge | |
on: | |
push: | |
branches: | |
- main | |
paths-ignore: | |
- ".github/ISSUE_TEMPLATE/*" | |
- "**.md" | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.workflow }} | |
cancel-in-progress: true | |
env: | |
REGISTRY: ghcr.io | |
NAME: nrog | |
jobs: | |
#TODO: check sonar for OG | |
tests-backend: | |
name: Backend Unit Tests | |
if: github.event_name != 'pull_request' || !github.event.pull_request.draft | |
runs-on: ubuntu-22.04 | |
continue-on-error: true | |
steps: | |
- name: Run tests | |
uses: bcgov-nr/[email protected] | |
with: | |
commands: | | |
npm ci | |
npm run test:cov | |
dir: backend | |
sonar_args: > | |
-Dsonar.exclusions=**/coverage/**,**/examples/**,**/pages/** | |
-Dsonar.organization=bcgov-sonarcloud | |
-Dsonar.projectKey=nr-old-growth | |
-Dsonar.tests=test | |
sonar_project_token: ${{ secrets.SONAR_TOKEN_BACKEND }} | |
- name: Report code coverage | |
uses: romeovs/[email protected] | |
with: | |
title: Backend coverage report | |
delete-old-comments: true | |
github-token: ${{ secrets.GHCR_TOKEN }} | |
lcov-file: ./backend/coverage/lcov.info | |
codeql: | |
name: Semantic Code Analysis | |
runs-on: ubuntu-22.04 | |
needs: | |
- tests-backend | |
permissions: | |
actions: read | |
contents: read | |
security-events: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Initialize | |
uses: github/codeql-action/init@v2 | |
with: | |
languages: javascript | |
- name: Build Backend | |
run: | | |
cd backend | |
npm ci | |
npm run build | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v2 | |
deploy-test-database: | |
name: Deploy Database on Test Env | |
needs: | |
- tests-backend | |
env: | |
ZONE: test | |
environment: test | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Deploys | |
uses: bcgov-nr/[email protected] | |
with: | |
file: .github/openshift/deploy.database.yml | |
oc_namespace: ${{ secrets.OC_NAMESPACE }} | |
oc_server: ${{ secrets.OC_SERVER }} | |
oc_token: ${{ secrets.OC_TOKEN }} | |
overwrite: false | |
penetration_test: false | |
parameters: | |
-p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} | |
deploy-test-backend: | |
name: Deploy Backend on Test Env | |
needs: | |
- deploy-test-database | |
env: | |
ZONE: test | |
environment: test | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Deploys | |
uses: bcgov-nr/[email protected] | |
with: | |
file: .github/openshift/deploy.backend.yml | |
oc_namespace: ${{ secrets.OC_NAMESPACE }} | |
oc_server: ${{ secrets.OC_SERVER }} | |
oc_token: ${{ secrets.OC_TOKEN }} | |
overwrite: true | |
penetration_test: true | |
parameters: | |
-p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} | |
-p PROMOTE=${{ github.repository }}/backend:${{ env.ZONE }} | |
-p CHES_CLIENT_ID=${{ secrets.CHES_CLIENT_ID }} | |
-p CHES_CLIENT_SECRET=${{ secrets.CHES_CLIENT_SECRET }} | |
-p CHES_TOKEN_URL='https://test.loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token' | |
-p CHES_API_URL='https://ches-test.api.gov.bc.ca/api/v1' | |
-p NODE_ENV='development' | |
-p BCEID_FORM_PASSWORD=${{ secrets.CHEFS_BCEID_FORM_PASSWORD}} | |
-p IDIR_FORM_PASSWORD=${{ secrets.CHEFS_IDIR_FORM_PASSWORD}} | |
deploy-prod-database: | |
name: Deploy Database on Prod Env | |
needs: | |
- deploy-test-backend | |
env: | |
PREV: test | |
ZONE: prod | |
environment: prod | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Deploys | |
uses: bcgov-nr/[email protected] | |
with: | |
file: .github/openshift/deploy.database.yml | |
oc_namespace: ${{ secrets.OC_NAMESPACE }} | |
oc_server: ${{ secrets.OC_SERVER }} | |
oc_token: ${{ secrets.OC_TOKEN }} | |
overwrite: false | |
penetration_test: false | |
parameters: | |
-p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} | |
deploy-prod-backend: | |
name: Deploy Backend on Prod Env | |
needs: | |
- deploy-prod-database | |
env: | |
PREV: test | |
ZONE: prod | |
environment: prod | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Deploys | |
uses: bcgov-nr/[email protected] | |
with: | |
file: .github/openshift/deploy.backend.yml | |
oc_namespace: ${{ secrets.OC_NAMESPACE }} | |
oc_server: ${{ secrets.OC_SERVER }} | |
oc_token: ${{ secrets.OC_TOKEN }} | |
overwrite: true | |
penetration_test: true | |
parameters: | |
-p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }} | |
-p PROMOTE=${{ github.repository }}/backend:${{ env.PREV }} | |
-p CHES_CLIENT_ID=${{ secrets.CHES_CLIENT_ID }} | |
-p CHES_CLIENT_SECRET=${{ secrets.CHES_CLIENT_SECRET }} | |
-p CHES_TOKEN_URL='https://loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token' | |
-p CHES_API_URL='https://ches.api.gov.bc.ca/api/v1' | |
-p NODE_ENV='production' | |
-p BCEID_FORM_PASSWORD=${{ secrets.CHEFS_BCEID_FORM_PASSWORD}} | |
-p IDIR_FORM_PASSWORD=${{ secrets.CHEFS_IDIR_FORM_PASSWORD}} |