Merge pull request #633 from etalab/bump/ruby #3147
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- '**' | |
- '!main' | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: docker/setup-buildx-action@v3 | |
- uses: docker/build-push-action@v6 | |
with: | |
context: . | |
tags: data_pass:latest | |
outputs: type=docker,dest=/tmp/data_pass.tar | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
- | |
name: Cache image and ENV file | |
id: data_pass-docker | |
uses: actions/cache@v4 | |
with: | |
path: | | |
/tmp/data_pass.tar | |
./.github/workflows/test.env | |
key: ${{ github.sha }}-data_pass | |
security: | |
name: "Security: Brakeman" | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- uses: docker/setup-buildx-action@v3 | |
- uses: actions/cache@v4 | |
with: | |
path: | | |
/tmp/data_pass.tar | |
./.github/workflows/test.env | |
key: ${{ github.sha }}-data_pass | |
- run: docker load --input /tmp/data_pass.tar | |
- run: docker run --rm --entrypoint="" data_pass:latest bundle exec brakeman | |
rb-lint: | |
name: "Linting: Rubocop" | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- uses: docker/setup-buildx-action@v3 | |
- uses: actions/cache@v4 | |
with: | |
path: | | |
/tmp/data_pass.tar | |
./.github/workflows/test.env | |
key: ${{ github.sha }}-data_pass | |
- run: docker load --input /tmp/data_pass.tar | |
- run: docker run --rm --entrypoint="" data_pass:latest bundle exec rubocop | |
js-lint: | |
name: "Linting: Standardjs" | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- uses: docker/setup-buildx-action@v3 | |
- uses: actions/cache@v4 | |
with: | |
path: | | |
/tmp/data_pass.tar | |
./.github/workflows/test.env | |
key: ${{ github.sha }}-data_pass | |
- run: docker load --input /tmp/data_pass.tar | |
- run: docker run --rm --entrypoint="" data_pass:latest standard app/javascript | |
yaml-lint: | |
name: "Linting: YAML through prettier" | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- uses: docker/setup-buildx-action@v3 | |
- uses: actions/cache@v4 | |
with: | |
path: | | |
/tmp/data_pass.tar | |
./.github/workflows/test.env | |
key: ${{ github.sha }}-data_pass | |
- run: docker load --input /tmp/data_pass.tar | |
- run: docker run --rm --entrypoint="" data_pass:latest ./bin/lint-yaml | |
unit-tests: | |
name: "Unit tests: RSpec" | |
runs-on: ubuntu-latest | |
needs: build | |
services: | |
postgres: | |
image: postgres | |
ports: ["5432:5432"] | |
env: | |
POSTGRES_PASSWORD: dummy | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
chrome: | |
image: browserless/chrome:latest | |
ports: | |
- "3333:3333" | |
env: | |
PORT: 3333 | |
CONNECTION_TIMEOUT: 600000 | |
redis: | |
image: redis | |
ports: | |
- "6379:6379" | |
steps: | |
- uses: docker/setup-buildx-action@v3 | |
- uses: actions/cache@v4 | |
with: | |
path: | | |
/tmp/data_pass.tar | |
./.github/workflows/test.env | |
key: ${{ github.sha }}-data_pass | |
- run: docker load --input /tmp/data_pass.tar | |
- run: | | |
docker run \ | |
--network="host" \ | |
--env-file ./.github/workflows/test.env \ | |
--rm data_pass bundle exec rspec | |
integration-tests-admin: | |
name: "Integration tests: admin" | |
needs: build | |
uses: ./.github/workflows/reusable-integration-tests.yaml | |
with: | |
cucumber_options: "features/{instructeurs,reporters}/" | |
integration-tests-dgfip-habilitations: | |
name: "Integration tests: dgfip habilitations" | |
needs: build | |
uses: ./.github/workflows/reusable-integration-tests.yaml | |
with: | |
cucumber_options: "features/habilitations/dgfip/" | |
integration-tests-others-habilitations: | |
name: "Integration tests: other habilitations" | |
needs: build | |
uses: ./.github/workflows/reusable-integration-tests.yaml | |
with: | |
cucumber_options: "features/habilitations/ -e features/habilitations/dgfip/" | |
integration-tests-others: | |
name: "Integration tests: others" | |
needs: build | |
uses: ./.github/workflows/reusable-integration-tests.yaml | |
with: | |
cucumber_options: "-e features/instructeurs/ -e features/habilitations/ -e features/reporters/" | |
merge-with-main: | |
name: "Merge develop with main" | |
runs-on: ubuntu-latest | |
if: github.ref == 'refs/heads/develop' | |
needs: | |
- security | |
- rb-lint | |
- js-lint | |
- yaml-lint | |
- unit-tests | |
- integration-tests-admin | |
- integration-tests-dgfip-habilitations | |
- integration-tests-others-habilitations | |
- integration-tests-others | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Import GPG key to sign main push | |
id: import_gpg | |
uses: crazy-max/ghaction-import-gpg@v6 | |
with: | |
gpg_private_key: ${{ secrets.GPG_SECRET_KEY }} | |
passphrase: ${{ secrets.GPG_PASSPHRASE }} | |
git_user_signingkey: true | |
git_commit_gpgsign: true | |
- name: Force push develop to main | |
run: | | |
git reset --hard && \ | |
git push --force origin develop:main && \ | |
git fetch && \ | |
[[ ! -s \"$(git rev-parse --git-dir)/shallow\" ]] || git fetch --unshallow | |
exit 0 | |
continuous-deployment: | |
name: "Continuous deployment on staging" | |
runs-on: ubuntu-latest | |
if: github.ref == 'refs/heads/develop' | |
needs: | |
- merge-with-main | |
timeout-minutes: 10 | |
strategy: | |
matrix: | |
host: [watchdoge1, watchdoge2, watchdoge3, watchdoge4] | |
fail-fast: false | |
environment: sandbox | |
env: | |
DEPLOY_HTTPS_LOGIN: ${{ secrets.DEPLOY_HTTPS_LOGIN }} | |
DEPLOY_HTTPS_PASSWORD: ${{ secrets.DEPLOY_HTTPS_PASSWORD }} | |
DEPLOY_HTTPS_REQUEST_URL: ${{ vars.DEPLOY_HTTPS_REQUEST_URL }} | |
DEPLOY_HTTPS_RESPONSE_URL: ${{ vars.DEPLOY_HTTPS_RESPONSE_URL }} | |
DEPLOY_HOST: host_${{ matrix.host }} | |
DEPLOY_APP: datapass_reborn_staging | |
DEPLOY_BRANCH: ${{ github.ref_name }} | |
steps: | |
- name: Download and run deploy script | |
shell: bash | |
run: | | |
git clone https://github.com/etalab/api-entreprise-integration | |
cd api-entreprise-integration | |
./deploy-parteprise.sh |