Skip to content

ci: update renovate config (#180) #62

ci: update renovate config (#180)

ci: update renovate config (#180) #62

Workflow file for this run

name: Main Merge
on:
push:
branches:
- main
paths-ignore:
- ".github/ISSUE_TEMPLATE/*"
- "**.md"
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}
cancel-in-progress: true
env:
REGISTRY: ghcr.io
NAME: nrog
jobs:
#TODO: check sonar for OG
tests-backend:
name: Backend Unit Tests
if: github.event_name != 'pull_request' || !github.event.pull_request.draft
runs-on: ubuntu-22.04
continue-on-error: true
steps:
- name: Run tests
uses: bcgov-nr/[email protected]
with:
commands: |
npm ci
npm run test:cov
dir: backend
sonar_args: >
-Dsonar.exclusions=**/coverage/**,**/examples/**,**/pages/**
-Dsonar.organization=bcgov-sonarcloud
-Dsonar.projectKey=nr-old-growth
-Dsonar.tests=test
sonar_project_token: ${{ secrets.SONAR_TOKEN_BACKEND }}
- name: Report code coverage
uses: romeovs/[email protected]
with:
title: Backend coverage report
delete-old-comments: true
github-token: ${{ secrets.GHCR_TOKEN }}
lcov-file: ./backend/coverage/lcov.info
codeql:
name: Semantic Code Analysis
runs-on: ubuntu-22.04
needs:
- tests-backend
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Initialize
uses: github/codeql-action/init@v2
with:
languages: javascript
- name: Build Backend
run: |
cd backend
npm ci
npm run build
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
deploy-test-database:
name: Deploy Database on Test Env
needs:
- tests-backend
env:
ZONE: test
environment: test
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- name: Deploys
uses: bcgov-nr/[email protected]
with:
file: .github/openshift/deploy.database.yml
oc_namespace: ${{ secrets.OC_NAMESPACE }}
oc_server: ${{ secrets.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: false
penetration_test: false
parameters:
-p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }}
deploy-test-backend:
name: Deploy Backend on Test Env
needs:
- deploy-test-database
env:
ZONE: test
environment: test
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- name: Deploys
uses: bcgov-nr/[email protected]
with:
file: .github/openshift/deploy.backend.yml
oc_namespace: ${{ secrets.OC_NAMESPACE }}
oc_server: ${{ secrets.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: true
penetration_test: true
parameters:
-p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }}
-p PROMOTE=${{ github.repository }}/backend:${{ env.ZONE }}
-p CHES_CLIENT_ID=${{ secrets.CHES_CLIENT_ID }}
-p CHES_CLIENT_SECRET=${{ secrets.CHES_CLIENT_SECRET }}
-p CHES_TOKEN_URL='https://test.loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token'
-p CHES_API_URL='https://ches-test.api.gov.bc.ca/api/v1'
-p NODE_ENV='development'
-p BCEID_FORM_PASSWORD=${{ secrets.CHEFS_BCEID_FORM_PASSWORD}}
-p IDIR_FORM_PASSWORD=${{ secrets.CHEFS_IDIR_FORM_PASSWORD}}
deploy-prod-database:
name: Deploy Database on Prod Env
needs:
- deploy-test-backend
env:
PREV: test
ZONE: prod
environment: prod
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- name: Deploys
uses: bcgov-nr/[email protected]
with:
file: .github/openshift/deploy.database.yml
oc_namespace: ${{ secrets.OC_NAMESPACE }}
oc_server: ${{ secrets.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: false
penetration_test: false
parameters:
-p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }}
deploy-prod-backend:
name: Deploy Backend on Prod Env
needs:
- deploy-prod-database
env:
PREV: test
ZONE: prod
environment: prod
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- name: Deploys
uses: bcgov-nr/[email protected]
with:
file: .github/openshift/deploy.backend.yml
oc_namespace: ${{ secrets.OC_NAMESPACE }}
oc_server: ${{ secrets.OC_SERVER }}
oc_token: ${{ secrets.OC_TOKEN }}
overwrite: true
penetration_test: true
parameters:
-p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }}
-p PROMOTE=${{ github.repository }}/backend:${{ env.PREV }}
-p CHES_CLIENT_ID=${{ secrets.CHES_CLIENT_ID }}
-p CHES_CLIENT_SECRET=${{ secrets.CHES_CLIENT_SECRET }}
-p CHES_TOKEN_URL='https://loginproxy.gov.bc.ca/auth/realms/comsvcauth/protocol/openid-connect/token'
-p CHES_API_URL='https://ches.api.gov.bc.ca/api/v1'
-p NODE_ENV='production'
-p BCEID_FORM_PASSWORD=${{ secrets.CHEFS_BCEID_FORM_PASSWORD}}
-p IDIR_FORM_PASSWORD=${{ secrets.CHEFS_IDIR_FORM_PASSWORD}}