-
Notifications
You must be signed in to change notification settings - Fork 3
313 lines (274 loc) · 10.4 KB
/
promote.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
name: Promote
on:
push:
branches:
- 'main'
jobs:
unit-tests:
name: test - unit tests
runs-on: ubuntu-20.04
outputs:
app-version: ${{ steps.branch-name.outputs.app-version}}
changed-services: "[
'app-api',
'app-web',
'postgres',
'storybook',
'ui-auth',
'ui',
'uploads',
'run-migrations',
'prisma-layer',
'infra-api',
'github-oidc'
]"
services:
postgres:
image: postgres:13.3
env:
REACT_APP_AUTH_MODE: IDM
POSTGRES_PASSWORD: shhhsecret #pragma: allowlist secret
# Set health checks to wait until postgres has started
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: lock this branch to prevent concurrent builds
run: ./.github/github-lock.sh
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: set app version
id: app-version
shell: bash
run: echo "::set-output name=app-version::$(scripts/app_version.sh)"
- name: Setup env
uses: ./.github/actions/setup_env
- name: Unit Tests
env:
REACT_APP_AUTH_MODE: IDM
DATABASE_URL: postgresql://postgres:shhhsecret@localhost:5432/postgres?schema=public&connection_limit=5 #pragma: allowlist secret
NODE_OPTIONS: --max_old_space_size=6000
run: ./dev test --unit
- name: publish code coverage
uses: paambaati/codeclimate-action@v6.0.0
continue-on-error: true
env:
CC_TEST_REPORTER_ID: f7474ffe9522492f5380eb86189480f352c841718c1fe6a63f169353c7cee243
with:
debug: true
coverageLocations: |
${{github.workspace}}/services/app-api/coverage/lcov.info:lcov
${{github.workspace}}/services/app-web/coverage/lcov.info:lcov
build-prisma-client-lambda-layer:
name: build - postgres prisma layer
runs-on: ubuntu-20.04
steps:
- name: Check out repository
uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: 'yarn'
- name: Get yarn cache directory path
shell: bash
id: yarn-cache-dir-path
run: echo "::set-output name=dir::$(yarn cache dir)"
- name: Install packages
working-directory: services/app-api
run: PRISMA_CLI_BINARY_TARGETS=rhel-openssl-1.0.x yarn install --prefer-offline --frozen-lockfile --cache-folder ${{ steps.yarn-cache-dir-path.outputs.dir }}
- name: Generate protos
run: npx lerna run generate --scope=app-proto
# Generate Prisma Client and binary that can run in a lambda environment
- name: Prepare prisma client
working-directory: services/app-api
run: PRISMA_CLI_BINARY_TARGETS=rhel-openssl-1.0.x yarn prisma generate
- name: Prepare "@prisma/client" lambda layer
working-directory: services/app-api
run: ./scripts/prepare-prisma-layer.sh
- uses: actions/upload-artifact@v4
with:
name: lambda-layers-prisma-client-migration
path: ./services/app-api/lambda-layers-prisma-client-migration
- uses: actions/upload-artifact@v4
with:
name: lambda-layers-prisma-client-engine
path: ./services/app-api/lambda-layers-prisma-client-engine
build-clamav-layer:
name: build - clamav layer
runs-on: ubuntu-20.04
steps:
- name: Check out repository
uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: yarn
- name: Prepare ClamAV layer
working-directory: services/uploads/src/avLayer
run: ./dockerbuild.sh
- uses: actions/upload-artifact@v4
with:
name: lambda-layers-clamav
path: ./services/uploads/src/avLayer/build/lambda_layer.zip
promote-infra-dev:
needs: [build-prisma-client-lambda-layer, build-clamav-layer, unit-tests]
uses: Enterprise-CMCS/managed-care-review/.github/workflows/deploy-infra-to-env.yml@main
with:
environment: dev
stage_name: main
changed_services: ${{ needs.unit-tests.outputs.changed-services}}
aws_default_region: ${{ vars.AWS_DEFAULT_REGION }}
secrets:
aws_account_id: ${{ secrets.DEV_AWS_ACCOUNT_ID }}
nr_license_key: ${{ secrets.NR_LICENSE_KEY }}
slack_webhook_url: ${{ secrets.SLACK_WEBHOOK }}
promote-app-dev:
needs: [promote-infra-dev, build-prisma-client-lambda-layer, unit-tests]
uses: Enterprise-CMCS/managed-care-review/.github/workflows/deploy-app-to-env.yml@main
with:
environment: dev
stage_name: main
app_version: ${{ needs.unit-tests.outputs.app-version }}
changed_services: ${{ needs.unit-tests.outputs.changed-services}}
aws_default_region: ${{ vars.AWS_DEFAULT_REGION }}
secrets:
aws_account_id: ${{ secrets.DEV_AWS_ACCOUNT_ID }}
react_app_auth_mode: IDM
nr_license_key: ${{ secrets.NR_LICENSE_KEY }}
promote-infra-val:
needs: [promote-app-dev, unit-tests]
uses: Enterprise-CMCS/managed-care-review/.github/workflows/deploy-infra-to-env.yml@main
with:
environment: val
stage_name: val
changed_services: ${{ needs.unit-tests.outputs.changed-services}}
aws_default_region: ${{ vars.AWS_DEFAULT_REGION }}
secrets:
aws_account_id: ${{ secrets.VAL_AWS_ACCOUNT_ID }}
nr_license_key: ${{ secrets.NR_LICENSE_KEY }}
slack_webhook_url: ${{ secrets.SLACK_WEBHOOK }}
promote-app-val:
needs: [promote-app-dev, promote-infra-val, unit-tests]
uses: Enterprise-CMCS/managed-care-review/.github/workflows/deploy-app-to-env.yml@main
with:
environment: val
stage_name: val
app_version: ${{ needs.unit-tests.outputs.app-version }}
changed_services: ${{ needs.unit-tests.outputs.changed-services}}
aws_default_region: ${{ vars.AWS_DEFAULT_REGION }}
secrets:
aws_account_id: ${{ secrets.VAL_AWS_ACCOUNT_ID }}
react_app_auth_mode: IDM
nr_license_key: ${{ secrets.NR_LICENSE_KEY }}
promote-infra-prod:
needs: [promote-app-val, unit-tests]
uses: Enterprise-CMCS/managed-care-review/.github/workflows/deploy-infra-to-env.yml@main
with:
environment: prod
stage_name: prod
changed_services: ${{ needs.unit-tests.outputs.changed-services}}
aws_default_region: ${{ vars.AWS_DEFAULT_REGION }}
secrets:
aws_account_id: ${{ secrets.PROD_AWS_ACCOUNT_ID }}
nr_license_key: ${{ secrets.NR_LICENSE_KEY }}
slack_webhook_url: ${{ secrets.SLACK_WEBHOOK }}
promote-app-prod:
needs: [promote-app-val, promote-infra-prod, unit-tests]
uses: Enterprise-CMCS/managed-care-review/.github/workflows/deploy-app-to-env.yml@main
with:
environment: prod
stage_name: prod
app_version: ${{ needs.unit-tests.outputs.app-version }}
changed_services: ${{ needs.unit-tests.outputs.changed-services}}
aws_default_region: ${{ vars.AWS_DEFAULT_REGION }}
secrets:
aws_account_id: ${{ secrets.PROD_AWS_ACCOUNT_ID }}
react_app_auth_mode: IDM
nr_license_key: ${{ secrets.NR_LICENSE_KEY }}
cypress-prod:
name: prod - cypress
needs: [promote-app-prod]
runs-on: ubuntu-20.04
container:
image: cypress/browsers:node16.17.0-chrome106
options: --user 1001
strategy:
fail-fast: false
steps:
- uses: actions/checkout@v4
- name: check ip
id: check-ip
shell: bash
run: curl ifconfig.me/ip
- name: Generate unique ID for Cypress
id: uuid
run: echo "::set-output name=value::sha-$GITHUB_SHA-time-$(date +"%s")"
- name: Setup env
uses: ./.github/actions/setup_env
- uses: actions/download-artifact@v4
with:
name: app-web-gen deploy prod
path: ./services/app-web/src/gen
- uses: actions/download-artifact@v4
with:
name: cypress-gen deploy prod
path: ./services/cypress/gen
- name: Cypress chrome fix
run: |
export DISPLAY=:1
Xvfb :1 -screen 0 1024x768x16 2>/dev/null &
- name: Cypress on Prod -- Chrome
id: cypress
uses: cypress-io/github-action@v6
with:
install: false
config: baseUrl=https://mc-review.onemac.cms.gov
spec: services/cypress/integration/promoteWorkflow/promote.spec.ts
record: true
parallel: false
browser: chrome
group: 'Chrome - prod'
ci-build-id: ${{ steps.uuid.outputs.value }}
# Point to the cypress config file from root
config-file: services/cypress/cypress.config.ts
env:
REACT_APP_AUTH_MODE: IDM
CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Overwrites folder directories in cypress config because in CI we run from root
CYPRESS_SUPPORT_FILE: services/cypress/support/index.ts
CYPRESS_FIXTURES_FOLDER: services/cypress/fixtures
CYPRESS_SPEC_PATTERN: services/cypress/integration/**/*.spec.ts
CYPRESS_SCREEN_SHOTS_FOLDER: services/cypress/screenshots
CYPRESS_VIDEOS_FOLDER: services/cypress/videos
- name: Upload cypress video
uses: actions/upload-artifact@v4
if: failure() && steps.cypress.outcome == 'failure'
with:
name: cypress-videos
path: services/cypress/videos
slack:
name: Slack notification on failure
runs-on: ubuntu-20.04
needs: [cypress-prod, promote-app-val]
if: always()
steps:
# this action sets env.WORKFLOW_CONCLUSION so we can call a
# failure notification if any part of the workflow fails
- uses: technote-space/workflow-conclusion-action@v3
- name: Alert Slack On Failure
uses: rtCamp/action-slack-notify@v2
if: (env.WORKFLOW_CONCLUSION == 'failure' || needs.cypress-prod.result == 'skipped' || needs.promote-app-val.result == 'skipped')
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
SLACK_USERNAME: Deploy Alerts
SLACK_ICON_EMOJI: ':bell:'
SLACK_COLOR: failure
SLACK_FOOTER: ''
MSG_MINIMAL: actions url,commit