WIP: Kevytkirjautumisen uudistus kuntalaisille #12373
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-FileCopyrightText: 2017-2023 City of Espoo | |
| # | |
| # SPDX-License-Identifier: LGPL-2.1-or-later | |
| name: Build | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - master | |
| workflow_dispatch: | |
| inputs: | |
| push: | |
| required: false | |
| default: 'true' | |
| playwright_tag: | |
| required: true | |
| default: 'master' | |
| env: | |
| AWS_REGION: eu-west-1 | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| id-token: write | |
| contents: read | |
| packages: write | |
| actions: read | |
| jobs: | |
| cache-bust: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: "Cache bust" | |
| id: cache-bust | |
| run: echo "cache-bust=$(date '+%Y-%V')" >> "$GITHUB_OUTPUT" | |
| outputs: | |
| cache-bust: ${{ steps.cache-bust.outputs.cache-bust }} | |
| lint-shell: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: espoon-voltti/voltti-actions/shellcheck@v1 | |
| check-licenses: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Reuse Compliance Check | |
| uses: fsfe/reuse-action@v4 | |
| keycloak: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - cache-bust | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Docker building | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| id: setup | |
| uses: espoon-voltti/voltti-actions/docker-setup@master | |
| with: | |
| DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
| DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS_REGION: ${{ env.AWS_REGION }} | |
| AWS_ROLE: ${{ secrets.AWS_ROLE }} | |
| - name: Build keycloak image | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| id: build | |
| uses: espoon-voltti/voltti-actions/docker-build-registry@master | |
| with: | |
| registry: ${{ steps.setup.outputs.ecr_registry }} | |
| name: evaka/keycloak | |
| path: ./keycloak | |
| push: ${{ inputs.push || 'true' }} | |
| build-args: | | |
| CACHE_BUST=${{ needs.cache-bust.outputs.cache-bust }} | |
| build=${{ github.run_number }} | |
| commit=${{ github.event.pull_request.head.sha || github.sha }} | |
| - name: Docker cleanup | |
| if: always() | |
| uses: espoon-voltti/voltti-actions/docker-cleanup@master | |
| outputs: | |
| image: ${{ steps.build.outputs.image }} | |
| frontend-common: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - cache-bust | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Docker building | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| id: setup | |
| uses: espoon-voltti/voltti-actions/docker-setup@master | |
| with: | |
| DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
| DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS: false | |
| - name: Build frontend image | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| uses: espoon-voltti/voltti-actions/docker-build-registry@master | |
| id: build | |
| with: | |
| registry: ghcr.io/espoon-voltti | |
| name: evaka/frontend-common | |
| path: ./frontend | |
| push: ${{ inputs.push || 'true' }} | |
| build-args: | | |
| CACHE_BUST=${{ needs.cache-bust.outputs.cache-bust }} | |
| SENTRY_PUBLISH_ENABLED=false | |
| build=${{ github.run_number }} | |
| commit=${{ github.event.pull_request.head.sha || github.sha }} | |
| ICONS=free | |
| build-contexts: | |
| customizations=frontend/src/lib-customizations/espoo | |
| - name: Build frontend image builder | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| uses: espoon-voltti/voltti-actions/docker-build-registry@master | |
| id: builder | |
| with: | |
| registry: ghcr.io/espoon-voltti | |
| name: evaka/frontend-common-builder | |
| cache_from: ${{ steps.build.outputs.image_cache }} | |
| path: ./frontend | |
| target: builder | |
| push: ${{ inputs.push || 'true' }} | |
| build-args: | | |
| CACHE_BUST=${{ needs.cache-bust.outputs.cache-bust }} | |
| SENTRY_PUBLISH_ENABLED=false | |
| build=${{ github.run_number }} | |
| commit=${{ github.event.pull_request.head.sha || github.sha }} | |
| ICONS=free | |
| build-contexts: | |
| customizations=frontend/src/lib-customizations/espoo | |
| - name: Docker cleanup | |
| if: always() | |
| uses: espoon-voltti/voltti-actions/docker-cleanup@master | |
| outputs: | |
| image: ${{ steps.build.outputs.image }} | |
| image_name: ${{ steps.build.outputs.image_name }} | |
| builder_image: ${{ steps.builder.outputs.image }} | |
| builder_image_name: ${{ steps.builder.outputs.image_name }} | |
| frontend: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - cache-bust | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Cache fortawesome | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| id: fortawesome | |
| uses: actions/cache@v4 | |
| with: | |
| path: frontend/node_modules | |
| key: fortawesome-${{ hashFiles('frontend/setup-pro-icons.sh') }} | |
| - uses: actions/setup-node@v4 | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork && steps.fortawesome.outputs.cache-hit != 'true' }} | |
| with: | |
| node-version: 18 | |
| - name: Install fortawesome | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork && steps.fortawesome.outputs.cache-hit != 'true' }} | |
| run: | | |
| cat << EOF > frontend/.npmrc | |
| @fortawesome:registry=https://npm.fontawesome.com/ | |
| //npm.fontawesome.com/:_authToken="${{ secrets.FONTAWESOME_TOKEN }}" | |
| EOF | |
| ./frontend/setup-pro-icons.sh | |
| rm frontend/.npmrc | |
| - name: Setup Docker building | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| id: setup | |
| uses: espoon-voltti/voltti-actions/docker-setup@master | |
| with: | |
| DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
| DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS_REGION: ${{ env.AWS_REGION }} | |
| AWS_ROLE: ${{ secrets.AWS_ROLE }} | |
| - name: Build frontend image | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| uses: espoon-voltti/voltti-actions/docker-build-registry@master | |
| id: build | |
| with: | |
| registry: ${{ steps.setup.outputs.ecr_registry }} | |
| name: evaka/frontend | |
| path: ./frontend | |
| push: ${{ inputs.push || 'true' }} | |
| build-args: | | |
| CACHE_BUST=${{ needs.cache-bust.outputs.cache-bust }} | |
| SENTRY_PUBLISH_ENABLED=${{ github.ref_name == 'master' && 'true' || 'false' }} | |
| build=${{ github.run_number }} | |
| commit=${{ github.event.pull_request.head.sha || github.sha }} | |
| ICONS=pro | |
| SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }} | |
| build-contexts: | |
| customizations=frontend/src/lib-customizations/espoo | |
| - name: Docker cleanup | |
| if: always() | |
| uses: espoon-voltti/voltti-actions/docker-cleanup@master | |
| outputs: | |
| image: ${{ steps.build.outputs.image }} | |
| image_name: ${{ steps.build.outputs.image_name }} | |
| frontend-test: | |
| needs: | |
| - frontend-common | |
| - frontend | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Login to GitHub Container Registry | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Lint | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| run: docker run --rm "${{ needs.frontend-common.outputs.builder_image }}" yarn lint | |
| - name: Type check | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| run: docker run --rm "${{ needs.frontend-common.outputs.builder_image }}" yarn type-check | |
| - name: Test | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| run: docker run --rm "${{ needs.frontend-common.outputs.builder_image }}" yarn test --maxWorkers=2 | |
| - name: Build and test fork | |
| id: fork | |
| if: ${{ github.actor == 'dependabot[bot]' || github.event.pull_request.head.repo.fork }} | |
| run: | | |
| cd ./frontend | |
| ./build-docker.sh test | |
| - name: Docker cleanup | |
| if: always() | |
| uses: espoon-voltti/voltti-actions/docker-cleanup@master | |
| api-gateway: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - cache-bust | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Docker building | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| id: setup | |
| uses: espoon-voltti/voltti-actions/docker-setup@master | |
| with: | |
| DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
| DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS_REGION: ${{ env.AWS_REGION }} | |
| AWS_ROLE: ${{ secrets.AWS_ROLE }} | |
| - name: Build and run API-gateway tests | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| uses: espoon-voltti/voltti-actions/docker-build-registry@master | |
| id: test | |
| with: | |
| registry: ${{ steps.setup.outputs.ecr_registry }} | |
| name: evaka/api-gateway-test | |
| path: ./apigw | |
| push: false | |
| load: true | |
| target: test | |
| build-args: | | |
| CACHE_BUST=${{ needs.cache-bust.outputs.cache-bust }} | |
| build=${{ github.run_number }} | |
| commit=${{ github.event.pull_request.head.sha || github.sha }} | |
| - name: Build API-gateway image | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| uses: espoon-voltti/voltti-actions/docker-build-registry@master | |
| id: build | |
| with: | |
| registry: ${{ steps.setup.outputs.ecr_registry }} | |
| name: evaka/api-gateway | |
| path: ./apigw | |
| push: ${{ inputs.push || 'true' }} | |
| build-args: | | |
| CACHE_BUST=${{ needs.cache-bust.outputs.cache-bust }} | |
| build=${{ github.run_number }} | |
| commit=${{ github.event.pull_request.head.sha || github.sha }} | |
| - name: Build docker tests and image on fork | |
| if: ${{ github.actor == 'dependabot[bot]' || github.event.pull_request.head.repo.fork }} | |
| run: | | |
| cd ./apigw | |
| ./build-docker.sh test | |
| ./build-docker.sh | |
| outputs: | |
| image: ${{ steps.build.outputs.image }} | |
| service: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - cache-bust | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Docker building | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| id: setup | |
| uses: espoon-voltti/voltti-actions/docker-setup@master | |
| with: | |
| DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
| DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS_REGION: ${{ env.AWS_REGION }} | |
| AWS_ROLE: ${{ secrets.AWS_ROLE }} | |
| - name: Build Evaka Service image | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| uses: espoon-voltti/voltti-actions/docker-build-registry@master | |
| id: build | |
| with: | |
| registry: ${{ steps.setup.outputs.ecr_registry }} | |
| name: evaka/service | |
| path: . | |
| dockerfile: service/Dockerfile | |
| push: ${{ inputs.push || 'true' }} | |
| build-args: | | |
| CACHE_BUST=${{ needs.cache-bust.outputs.cache-bust }} | |
| build=${{ github.run_number }} | |
| commit=${{ github.event.pull_request.head.sha || github.sha }} | |
| - name: Build Evaka Service builder image | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| uses: espoon-voltti/voltti-actions/docker-build-registry@master | |
| id: builder | |
| with: | |
| registry: ${{ steps.setup.outputs.ecr_registry }} | |
| name: evaka/service-builder | |
| target: builder | |
| cache_from: ${{ steps.build.outputs.image_cache }} | |
| path: . | |
| dockerfile: service/Dockerfile | |
| push: ${{ inputs.push || 'true' }} | |
| build-args: | | |
| CACHE_BUST=${{ needs.cache-bust.outputs.cache-bust }} | |
| build=${{ github.run_number }} | |
| commit=${{ github.event.pull_request.head.sha || github.sha }} | |
| - name: Docker cleanup | |
| if: always() | |
| uses: espoon-voltti/voltti-actions/docker-cleanup@master | |
| outputs: | |
| image: ${{ steps.build.outputs.image }} | |
| image_name: ${{ steps.build.outputs.image_name }} | |
| builder_image: ${{ steps.builder.outputs.image }} | |
| builder_image_name: ${{ steps.builder.outputs.image_name }} | |
| service-test: | |
| needs: | |
| - cache-bust | |
| - service | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup Docker building | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| id: setup | |
| uses: espoon-voltti/voltti-actions/docker-setup@master | |
| with: | |
| DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
| DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| AWS_REGION: ${{ env.AWS_REGION }} | |
| AWS_ROLE: ${{ secrets.AWS_ROLE }} | |
| - name: Build and run Evaka Service tests | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| uses: espoon-voltti/voltti-actions/docker-build-registry@master | |
| id: build | |
| with: | |
| registry: ${{ steps.setup.outputs.ecr_registry }} | |
| name: evaka/service-test | |
| path: . | |
| dockerfile: service/test.Dockerfile | |
| push: false | |
| load: true | |
| build-args: | | |
| CACHE_BUST=${{ needs.cache-bust.outputs.cache-bust }} | |
| build=${{ github.run_number }} | |
| commit=${{ github.event.pull_request.head.sha || github.sha }} | |
| BASE_IMAGE=${{ needs.service.outputs.builder_image }} | |
| - name: Run service tests for fork | |
| if: ${{ github.actor == 'dependabot[bot]' || github.event.pull_request.head.repo.fork }} | |
| shell: bash | |
| run: | | |
| cd ./service | |
| ./build-docker.sh test | |
| - name: Docker cleanup | |
| if: always() | |
| uses: espoon-voltti/voltti-actions/docker-cleanup@master | |
| owasp: | |
| needs: | |
| - service | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ${{ env.AWS_REGION }} | |
| role-to-assume: ${{ secrets.AWS_ROLE }} | |
| role-duration-seconds: 1200 | |
| - name: Login to Amazon ECR | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| id: ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| with: | |
| mask-password: 'true' | |
| - name: Cache dependency check database | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| uses: actions/cache@v4 | |
| with: | |
| path: dependency-check-data | |
| key: dependency-check-data-${{ github.run_id }}-${{ github.run_attempt }} | |
| restore-keys: | | |
| dependency-check-data- | |
| - name: Run service OWASP tests | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| shell: bash | |
| run: | | |
| docker run --rm \ | |
| -e NVD_API_KEY=${{ secrets.NVD_API_KEY }} \ | |
| -v $(pwd)/dependency-check-data:/root/.gradle/dependency-check-data \ | |
| ${{ needs.service.outputs.builder_image }} \ | |
| sh -c "./gradlew --no-daemon dependencyCheckUpdate && ./gradlew --no-daemon dependencyCheckAnalyze" | |
| service-integration-test: | |
| needs: | |
| - keycloak | |
| - service | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| test_chunk_number: [1, 2, 3, 4] | |
| test_chunk_count: [4] # must max value of above list | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Login to GitHub Container Registry | |
| if: ${{ !github.event.pull_request.head.repo.fork }} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Run service integration tests | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| shell: bash | |
| env: | |
| TAG: "${{ github.event.pull_request.head.sha || github.sha }}" | |
| BUILD: "false" | |
| run: | | |
| cd ./compose | |
| mkdir -p test-results/ | |
| ./compose-integration pull | |
| ./compose-integration run integration-test $(../bin/split-integration-tests.sh "${{ matrix.test_chunk_number }}" "${{ matrix.test_chunk_count }}") | |
| ./compose-integration logs db > test-results/db.log | |
| - name: Run service integration tests for fork | |
| if: ${{ github.actor == 'dependabot[bot]' || github.event.pull_request.head.repo.fork }} | |
| shell: bash | |
| run: | | |
| cd ./compose | |
| ./compose-integration run integration-test $(../bin/split-integration-tests.sh "${{ matrix.test_chunk_number }}" "${{ matrix.test_chunk_count }}") | |
| - name: Store test results | |
| uses: actions/upload-artifact@v4 | |
| if: always() | |
| with: | |
| name: integration-test-results-${{ matrix.test_chunk_number }} | |
| path: ./compose/test-results/ | |
| retention-days: 2 | |
| e2e-split: | |
| runs-on: ubuntu-latest | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| CHUNK_COUNT: 6 # must match the number of chunks in the e2e job | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Split e2e tests | |
| run: | | |
| ./bin/timings.sh $CHUNK_COUNT e2e-test-chunk--{}.txt | |
| - name: Upload test chunks | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: e2e-test-chunks | |
| path: e2e-test-chunk--*.txt | |
| e2e: | |
| needs: | |
| - service | |
| - api-gateway | |
| - keycloak | |
| - frontend-common | |
| - frontend | |
| - e2e-split | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # If you change the number of chunks, remember to update CHUNK_COUNT in e2e-split job | |
| test_chunk_number: [1, 2, 3, 4, 5, 6] | |
| env: | |
| PLAYWRIGHT_TAG: "${{ inputs.playwright_tag || 'master' }}" | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Login to Docker Hub | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Login to GitHub Container Registry | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Download test chunks | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: e2e-test-chunks | |
| - name: Run e2e tests | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| env: | |
| TAG: "${{ github.event.pull_request.head.sha || github.sha }}" | |
| BUILD: "false" | |
| FRONTEND_IMAGE: "ghcr.io/espoon-voltti/evaka/frontend" | |
| run: | | |
| set -eo pipefail | |
| cp e2e-test-chunk--${{ matrix.test_chunk_number }}.txt frontend/playwright-filenames.txt | |
| echo "Tests to run:" | |
| cat frontend/playwright-filenames.txt | |
| cd ./compose | |
| ./test-e2e pull | |
| ./test-e2e run playwright | tee e2e.log | |
| - name: Run e2e tests for fork | |
| if: ${{ github.actor == 'dependabot[bot]' || github.event.pull_request.head.repo.fork }} | |
| run: | | |
| set -eo pipefail | |
| cp e2e-test-chunk--${{ matrix.test_chunk_number }}.txt frontend/playwright-filenames.txt | |
| echo "Tests to run:" | |
| cat frontend/playwright-filenames.txt | |
| cd ./compose | |
| ./test-e2e run playwright | tee e2e.log | |
| - name: Get logs | |
| if: always() | |
| run: | | |
| cd compose | |
| ./test-e2e logs > e2e-all.log | |
| - name: Store screenshots and logs | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: e2e-test-results-${{ matrix.test_chunk_number }} | |
| path: | | |
| frontend/screenshots/ | |
| frontend/traces/ | |
| compose/e2e.log | |
| compose/e2e-all.log | |
| retention-days: 2 | |
| frontend-s3: | |
| if: ${{ github.ref == 'refs/heads/master' && github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork && inputs.push != 'false' }} | |
| needs: | |
| - frontend | |
| - frontend-test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Configure AWS credentials | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ${{ env.AWS_REGION }} | |
| role-to-assume: ${{ secrets.AWS_ROLE }} | |
| role-duration-seconds: 1200 | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| with: | |
| mask-password: 'true' | |
| - name: Extract frontend files | |
| run: | | |
| rm -rf ./frontend-build/ | |
| docker create -ti --name frontend_instance "${{ needs.frontend.outputs.image }}" sh | |
| docker cp frontend_instance:/static ./frontend-build | |
| docker rm -f frontend_instance | |
| - name: Configure AWS credentials | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ${{ env.AWS_REGION }} | |
| role-to-assume: ${{ secrets.AWS_ROLE_SST }} | |
| role-duration-seconds: 1200 | |
| - name: Clean build from non-versioned files | |
| run: | | |
| cd ./frontend-build/ | |
| for filename in index.html service-worker.js service-worker.js.map; do | |
| find . -name "$filename" -not -path "./maintenance-page/*" -type f -delete | |
| done | |
| aws s3 sync --exact-timestamps . s3://evaka-static-common/ | |
| tag: | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| runs-on: ubuntu-latest | |
| needs: | |
| - service-test | |
| - service-integration-test | |
| - e2e | |
| - frontend-test | |
| - lint-shell | |
| - check-licenses | |
| steps: | |
| - name: Configure AWS credentials | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ${{ env.AWS_REGION }} | |
| role-to-assume: ${{ secrets.AWS_ROLE }} | |
| role-duration-seconds: 1200 | |
| - name: Login to GitHub Container Registry | |
| if: ${{ github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Docker metadata # Used to get the tag from DOCKER_METADATA_OUTPUT_VERSION | |
| id: metadata | |
| env: | |
| DOCKER_METADATA_PR_HEAD_SHA: "true" | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| evaka/dummy | |
| tags: | | |
| type=ref,event=pr,prefix=pr- | |
| type=ref,event=branch,prefix= | |
| - name: Retag with branch | |
| run: | | |
| if test -z "$DOCKER_METADATA_OUTPUT_VERSION"; then | |
| echo "Empty tag" | |
| exit 1 | |
| fi | |
| for repository in evaka/keycloak evaka/frontend evaka/frontend-common evaka/frontend-common-builder evaka/service evaka/service-builder evaka/api-gateway; do | |
| ghcr_image_base="ghcr.io/espoon-voltti/${repository}" | |
| ghcr_image="${ghcr_image_base}:${{ github.event.pull_request.head.sha || github.sha }}" | |
| ghcr_target="${ghcr_image_base}:${DOCKER_METADATA_OUTPUT_VERSION}" | |
| echo "Tagging GHCR with '${ghcr_target}'" | |
| docker pull "$ghcr_image" | |
| docker tag "$ghcr_image" "${ghcr_image_base}:${DOCKER_METADATA_OUTPUT_VERSION}" | |
| docker push "${ghcr_image_base}:${DOCKER_METADATA_OUTPUT_VERSION}" | |
| done | |
| for repository in evaka/keycloak evaka/frontend evaka/service evaka/api-gateway; do | |
| # ECR retag | |
| MANIFEST=$(aws ecr batch-get-image --repository-name "$repository" --image-ids imageTag="${{ github.event.pull_request.head.sha || github.sha }}" --output json | jq --raw-output --join-output '.images[0].imageManifest') | |
| aws ecr put-image --repository-name "$repository" --image-tag "${DOCKER_METADATA_OUTPUT_VERSION}" --image-manifest "$MANIFEST" | |
| done | |
| deploy: | |
| if: ${{ github.ref == 'refs/heads/master' && github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork }} | |
| env: | |
| DEPLOY_REPO_OWNER: 'espoon-voltti' | |
| DEPLOY_REPO_NAME: 'evaka-deploy' | |
| DEPLOY_REPO_WORKFLOW: 'deploy.yml' | |
| runs-on: ubuntu-latest | |
| needs: | |
| - tag | |
| - frontend-s3 | |
| steps: | |
| - uses: actions/github-script@v7 | |
| with: | |
| github-token: '${{ secrets.EVAKA_PAT }}' | |
| script: | | |
| await github.rest.actions.createWorkflowDispatch({ | |
| owner: '${{ env.DEPLOY_REPO_OWNER }}', | |
| repo: '${{ env.DEPLOY_REPO_NAME }}', | |
| workflow_id: '${{ env.DEPLOY_REPO_WORKFLOW }}', | |
| ref: 'master', | |
| inputs: { | |
| version: '${{ github.event.pull_request.head.sha || github.sha }}' | |
| } | |
| }) | |
| notify: | |
| if: ${{ always() && contains(needs.*.result, 'failure') && github.ref == 'refs/heads/master' }} | |
| runs-on: ubuntu-latest | |
| needs: | |
| - deploy | |
| steps: | |
| - name: Report failure | |
| uses: espoon-voltti/voltti-actions/notify@master | |
| with: | |
| webhook_url: ${{ secrets.SLACK_WEBHOOK_URL }} | |
| channel: "#evaka-alerts" | |
| message: "CI job for master branch failed" |