-
Notifications
You must be signed in to change notification settings - Fork 0
171 lines (142 loc) · 5.29 KB
/
build-and-test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
name: Build and Test
on:
push:
branches:
- main
- develop
pull_request:
branches:
- main
- develop
jobs:
backend-build-test:
name: Backend Build and Test
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
cache: 'pip'
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
pip install pylint bandit pytest pytest-cov pytest-httpx
- name: Static code analysis
run: |
pylint --fail-under=8.0 ./src/
- name: Security scanning
run: |
bandit -r ./src/ -f json -o bandit-results.json
if [ -s bandit-results.json ]; then
echo "Security issues found"
cat bandit-results.json
exit 1
fi
- name: Run unit tests with coverage
run: |
pytest --cov=./src/ --cov-report=xml --cov-fail-under=90
- name: Run integration tests
run: |
pytest --integration ./tests/integration/
- name: Upload coverage report
uses: codecov/codecov-action@v3
with:
file: ./coverage.xml
fail_ci_if_error: true
- name: Build backend Docker image
run: |
docker build -t refunds-service-backend:${{ github.sha }} -f Dockerfile.backend .
- name: Login to Amazon ECR
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop'
uses: aws-actions/amazon-ecr-login@v1
id: login-ecr
- name: Push Docker image to Amazon ECR
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop'
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: refunds-service-backend
IMAGE_TAG: ${{ github.sha }}
run: |
docker tag refunds-service-backend:${{ github.sha }} $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
# Also tag with branch name
BRANCH_TAG=${GITHUB_REF#refs/heads/}
docker tag refunds-service-backend:${{ github.sha }} $ECR_REGISTRY/$ECR_REPOSITORY:$BRANCH_TAG
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$BRANCH_TAG
frontend-build-test:
name: Frontend Build and Test
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up Node.js
uses: actions/setup-node@v3
with:
node-version: '18'
cache: 'npm'
- name: Install dependencies
run: npm ci
- name: Run ESLint
run: npm run lint
- name: Verify TypeScript compilation
run: npm run type-check
- name: Security audit
run: npm audit --production
- name: Run unit tests with coverage
run: npm test -- --coverage --coverageThreshold='{"global":{"branches":90,"functions":90,"lines":90,"statements":90}}'
- name: Build frontend application
run: npm run build
- name: Upload coverage report
uses: codecov/codecov-action@v3
with:
file: ./coverage/coverage-final.json
fail_ci_if_error: true
- name: Build frontend Docker image
run: |
docker build -t refunds-service-frontend:${{ github.sha }} -f Dockerfile.frontend .
- name: Login to Amazon ECR
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop'
uses: aws-actions/amazon-ecr-login@v1
id: login-ecr
- name: Push Docker image to Amazon ECR
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop'
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: refunds-service-frontend
IMAGE_TAG: ${{ github.sha }}
run: |
docker tag refunds-service-frontend:${{ github.sha }} $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
# Also tag with branch name
BRANCH_TAG=${GITHUB_REF#refs/heads/}
docker tag refunds-service-frontend:${{ github.sha }} $ECR_REGISTRY/$ECR_REPOSITORY:$BRANCH_TAG
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$BRANCH_TAG
terraform-validate:
name: Terraform Validation
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: '1.5.0'
- name: Initialize Terraform
run: terraform init -backend=false
working-directory: ./terraform
- name: Validate Terraform configurations
run: terraform validate
working-directory: ./terraform
- name: Create Terraform plans
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/develop'
run: |
# For each environment, create and store a plan
for env in dev test staging prod; do
echo "Creating plan for $env environment"
terraform plan -var-file="environments/$env.tfvars" -out="${env}.tfplan"
done
working-directory: ./terraform