Skip to content

Ish client cert (#593) #2149

Ish client cert (#593)

Ish client cert (#593) #2149

Workflow file for this run

name: Deploy
on:
push:
branches:
- "*"
- "dependabot/**"
- "!skipci*"
permissions:
id-token: write
contents: read
actions: read
jobs:
deploy:
runs-on: ubuntu-latest
env:
SLS_DEPRECATION_DISABLE: "*" # Turn off deprecation warnings in the pipeline
steps:
- name: set branch_name
run: |
if [[ "$GITHUB_REF" =~ ^refs/heads/dependabot/.* ]]; then # Dependabot builds very long branch names. This is a switch to make it shorter.
echo "branch_name=`echo ${GITHUB_REF#refs/heads/} | md5sum | head -c 10 | sed 's/^/x/'`" >> $GITHUB_ENV
else
echo "branch_name=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
fi
- uses: actions/checkout@v2
- name: Validate branch name
run: ./.github/scripts/branch_name_validation.sh $STAGE_PREFIX$branch_name
- name: set branch specific variable names
run: ./.github/scripts/build_vars.sh set_names
- name: set variable values
run: ./.github/scripts/build_vars.sh set_values
env:
AWS_DEFAULT_REGION: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }}
AWS_OIDC_ROLE_TO_ASSUME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }}
STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
CODE_CLIMATE_ID: ${{ secrets.CODE_CLIMATE_ID }}
- name: Configure AWS credentials for GitHub Actions
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: lock this branch to prevent concurrent builds
run: ./.github/scripts/github_lock.sh $branch_name
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: read .nvmrc
id: node_version
run: echo ::set-output name=NODE_VERSION::$(cat .nvmrc)
- uses: actions/setup-node@v1
with:
node-version: ${{ steps.node_version.outputs.NODE_VERSION }}
- uses: actions/cache@v2
with:
path: |
**/node_modules
~/.cache/Cypress
key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock', 'plugins/**') }}-3
- name: set path
run: |
echo "PATH=$(pwd)/node_modules/.bin/:$PATH" >> $GITHUB_ENV
- name: run unit tests
run: ./scripts/unit_test.sh
- name: publish test coverage to code climate
if: env.CODE_CLIMATE_ID != ''
uses: paambaati/[email protected]
env:
CC_TEST_REPORTER_ID: ${{ secrets.CODE_CLIMATE_ID }}
with:
coverageLocations: |
${{github.workspace}}/services/ui-src/coverage/lcov.info:lcov
- name: Store unit test reults
uses: actions/upload-artifact@v2
with:
name: unit_test_results
path: ${{github.workspace}}/services/ui-src/coverage/lcov.info
- name: deploy
run: |
# When deploying multiple copies of this quickstart to the same AWS Account (not ideal), a prefix helps prevent stepping on each other.
# This can optionally be set as an GitHub Actions Secret
./scripts/deploy.sh $STAGE_PREFIX$branch_name
- name: Slack Notification
uses: rtCamp/action-slack-notify@v2
if: env.SLACK_WEBHOOK_URL != '' && contains(fromJson('["master", "val", "production"]'), env.branch_name) && failure ()
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_USERNAME: Destroy Alerts
SLACK_ICON_EMOJI: ":bell:"
SLACK_COLOR: ${{job.status}}
SLACK_FOOTER: ""
MSG_MINIMAL: actions url,commit,ref
cypress-test:
name: Cypress Tests
needs: deploy
if: ${{ github.ref != 'refs/heads/prod' }}
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
containers: [test.spec.js, test2.spec.js]
steps:
- name: set branch_name
run: |
if [[ "$GITHUB_REF" =~ ^refs/heads/dependabot/.* ]]; then # Dependabot builds very long branch names. This is a switch to make it shorter.
echo "branch_name=`echo ${GITHUB_REF#refs/heads/} | md5sum | head -c 10 | sed 's/^/x/'`" >> $GITHUB_ENV
else
echo "branch_name=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
fi
- uses: actions/checkout@v1
- name: set branch specific variable names
run: ./.github/scripts/build_vars.sh set_names
- name: set variable values
run: ./.github/scripts/build_vars.sh set_values
env:
AWS_OIDC_ROLE_TO_ASSUME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }}
AWS_DEFAULT_REGION: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }}
STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }}
- name: Configure AWS credentials for GitHub Actions
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: read .nvmrc
id: node_version
run: echo ::set-output name=NODE_VERSION::$(cat .nvmrc)
- uses: actions/setup-node@v1
with:
node-version: ${{ steps.node_version.outputs.NODE_VERSION }}
- uses: actions/cache@v2
with:
path: |
**/node_modules
~/.cache/Cypress
key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock', 'plugins/**') }}-3
- name: set path
run: |
echo "PATH=$(pwd)/node_modules/.bin/:$PATH" >> $GITHUB_ENV
- name: Endpoint
run: |
pushd services
export APPLICATION_ENDPOINT=`./output.sh ui ApplicationEndpointUrl $STAGE_PREFIX$branch_name`
echo "APPLICATION_ENDPOINT=$APPLICATION_ENDPOINT" >> $GITHUB_ENV
echo "Application endpoint: $APPLICATION_ENDPOINT"
popd
- name: Run Cypress Tests
uses: cypress-io/[email protected]
with:
working-directory: tests/cypress
spec: integration/${{ matrix.containers }}
browser: chrome
headless: true
config: baseUrl=${{ env.APPLICATION_ENDPOINT }}
- name: Upload screenshots
uses: actions/upload-artifact@v2
if: failure()
with:
name: cypress-screenshots
path: tests/cypress/screenshots/
a11y-tests:
name: A11y Tests
needs: deploy
if: ${{ github.ref != 'refs/heads/prod' }}
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
containers: [homePage]
steps:
- name: set branch_name
run: |
if [[ "$GITHUB_REF" =~ ^refs/heads/dependabot/.* ]]; then # Dependabot builds very long branch names. This is a switch to make it shorter.
echo "branch_name=`echo ${GITHUB_REF#refs/heads/} | md5sum | head -c 10 | sed 's/^/x/'`" >> $GITHUB_ENV
else
echo "branch_name=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV
fi
- uses: actions/checkout@v1
- name: set branch specific variable names
run: ./.github/scripts/build_vars.sh set_names
- name: set variable values
run: ./.github/scripts/build_vars.sh set_values
env:
AWS_DEFAULT_REGION: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }}
AWS_OIDC_ROLE_TO_ASSUME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }}
STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }}
- name: Configure AWS credentials for GitHub Actions
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: read .nvmrc
id: node_version
run: echo ::set-output name=NODE_VERSION::$(cat .nvmrc)
- uses: actions/setup-node@v1
with:
node-version: ${{ steps.node_version.outputs.NODE_VERSION }}
- uses: actions/cache@v2
with:
path: |
**/node_modules
~/.cache/Cypress
key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock', 'plugins/**') }}-3
- name: set path
run: |
echo "PATH=$(pwd)/node_modules/.bin/:$PATH" >> $GITHUB_ENV
- name: Endpoint
run: |
pushd services
export APPLICATION_ENDPOINT=`./output.sh ui ApplicationEndpointUrl $STAGE_PREFIX$branch_name`
echo "APPLICATION_ENDPOINT=$APPLICATION_ENDPOINT" >> $GITHUB_ENV
echo "Application endpoint: $APPLICATION_ENDPOINT"
popd
- name: Check Project A11y
uses: cypress-io/[email protected]
with:
working-directory: tests/cypress
spec: integration/a11y/${{ matrix.containers }}.spec.js
browser: chrome
headless: true
config: baseUrl=${{ env.APPLICATION_ENDPOINT }}