Renovate Update Docker Updates #5970
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "[Workflow] PR Environment" | |
| concurrency: | |
| group: ${{ github.ref }}-${{ github.workflow }} | |
| defaults: | |
| run: | |
| shell: bash | |
| on: | |
| pull_request: | |
| permissions: | |
| contents: write | |
| security-events: write | |
| pull-requests: read | |
| actions: none | |
| checks: none | |
| deployments: none | |
| issues: none | |
| packages: none | |
| repository-projects: none | |
| statuses: none | |
| jobs: | |
| cleanup_pr_workspaces: | |
| name: cleanup pr workspaces | |
| uses: ./.github/workflows/scheduled-workspace-cleanup.yml | |
| secrets: inherit | |
| if: | | |
| always() | |
| workflow_variables: | |
| runs-on: ubuntu-latest | |
| name: output workflow variables | |
| outputs: | |
| safe_branch_name: ${{ steps.safe_branch_name.outputs.safe }} | |
| short_sha: ${{ steps.variables.outputs.short_sha }} | |
| specific_path: ${{ steps.variables.outputs.path }} | |
| workspace_name: ${{ steps.set_workspace_name.outputs.workspace_name }} | |
| steps: | |
| - uses: actions/checkout@3b9b8c884f6b4bb4d5be2779c26374abadae0871 # pin@v3 | |
| with: | |
| fetch-depth: 2 | |
| - name: Set safe branch name | |
| id: safe_branch_name | |
| uses: ministryofjustice/opg-github-actions/.github/actions/branch-name@v3.1.0 | |
| - name: get changed files in the admin folder | |
| id: changed-files-admin | |
| uses: tj-actions/changed-files@3f646a35495417b5549f98c7f7b78b41cbfaf43d | |
| with: | |
| files: | | |
| service-admin/** | |
| - name: get changed files in the terraform folder | |
| id: changed-files-terraform | |
| uses: tj-actions/changed-files@3f646a35495417b5549f98c7f7b78b41cbfaf43d | |
| with: | |
| files: | | |
| terraform/** | |
| - name: get changed docs files in any folder | |
| id: changed-files-docs | |
| uses: tj-actions/changed-files@3f646a35495417b5549f98c7f7b78b41cbfaf43d | |
| with: | |
| files: | | |
| **/*.md | |
| - name: extract variables for workflow | |
| id: variables | |
| run: | | |
| echo "short_sha=$(echo ${GITHUB_SHA:0:7})" >> $GITHUB_OUTPUT | |
| if [[ ${{ steps.changed-files-terraform.outputs.only_changed }} = "true" ]] | |
| then | |
| echo "path=$(echo terraform)" >> $GITHUB_OUTPUT | |
| elif [[ ${{ steps.changed-files-admin.outputs.only_changed }} = "true" ]] | |
| then | |
| echo "path=$(echo admin)" >> $GITHUB_OUTPUT | |
| elif [[ ${{ steps.changed-files-docs.outputs.only_changed }} = "true" ]] | |
| then | |
| echo "path=$(echo docs)" >> $GITHUB_OUTPUT | |
| else | |
| echo "path=$(echo all)" >> $GITHUB_OUTPUT | |
| fi | |
| - name: show specific path | |
| env: | |
| SPECIFIC_PATH: ${{ steps.variables.outputs.path }} | |
| run: | | |
| echo "path chosen - $SPECIFIC_PATH" | |
| - name: Set workspace name | |
| id: set_workspace_name | |
| run: | | |
| echo "workspace_name=${{ github.event.number }}${{ steps.safe_branch_name.outputs.safe }}" >> $GITHUB_OUTPUT | |
| update_documentation: | |
| name: update documentation | |
| runs-on: ubuntu-latest | |
| needs: | |
| - workflow_variables | |
| steps: | |
| - name: only update documentation | |
| run: echo 'Only docs have changed - skipping rest of pipeline' | |
| if: | | |
| needs.workflow_variables.outputs.specific_path == 'docs' | |
| terraform_lint: | |
| name: lint terraform code | |
| uses: ./.github/workflows/_lint-terraform.yml | |
| needs: | |
| - workflow_variables | |
| with: | |
| workspace: ${{ needs.workflow_variables.outputs.workspace_name }} | |
| secrets: inherit | |
| if: | | |
| always() && | |
| needs.workflow_variables.result == 'success' && | |
| needs.workflow_variables.outputs.specific_path != 'docs' | |
| node_test: | |
| name: test node dependencies | |
| uses: ./.github/workflows/_node-test.yml | |
| needs: | |
| - workflow_variables | |
| if: | | |
| always() && | |
| needs.workflow_variables.result == 'success' && | |
| needs.workflow_variables.outputs.specific_path == 'all' | |
| node_build: | |
| name: build node dependencies | |
| uses: ./.github/workflows/_node-build.yml | |
| needs: | |
| - workflow_variables | |
| if: | | |
| always() && | |
| needs.workflow_variables.result == 'success' && | |
| needs.workflow_variables.outputs.specific_path == 'all' | |
| docker_build_scan_push: | |
| name: build, test, scan and push | |
| uses: ./.github/workflows/_build-and-push.yml | |
| needs: | |
| - workflow_variables | |
| - node_test | |
| - node_build | |
| with: | |
| tag: ${{ needs.workflow_variables.outputs.safe_branch_name }}-${{ needs.workflow_variables.outputs.short_sha }} | |
| branch_name: ${{ needs.workflow_variables.outputs.safe_branch_name }} | |
| push_to_ecr: true | |
| specific_path: ${{ needs.workflow_variables.outputs.specific_path }} | |
| secrets: inherit | |
| if: | | |
| always() && | |
| needs.workflow_variables.outputs.specific_path != 'docs' && | |
| (needs.node_test.result == 'success' || needs.node_test.result == 'skipped') && | |
| (needs.node_build.result == 'success' || needs.node_build.result == 'skipped') && | |
| needs.workflow_variables.result == 'success' | |
| code_coverage: | |
| name: upload to code coverage | |
| uses: ./.github/workflows/_codecov.yml | |
| with: | |
| specific_path: ${{ needs.workflow_variables.outputs.specific_path }} | |
| needs: | |
| - docker_build_scan_push | |
| - workflow_variables | |
| secrets: inherit | |
| if: | | |
| always() && | |
| ( needs.docker_build_scan_push.result == 'success' || needs.docker_build_scan_push.result == 'failure' ) | |
| terraform_apply_shared_development: | |
| name: terraform apply shared development | |
| uses: ./.github/workflows/_run-terraform.yml | |
| needs: | |
| - terraform_lint | |
| - workflow_variables | |
| with: | |
| workspace: development | |
| terraform_path: account | |
| specific_path: ${{ needs.workflow_variables.outputs.specific_path }} | |
| apply: false | |
| secrets: inherit | |
| if: | | |
| always() && | |
| needs.terraform_lint.result == 'success' | |
| terraform_apply_environment: | |
| name: terraform apply environment | |
| uses: ./.github/workflows/_run-terraform.yml | |
| needs: | |
| - docker_build_scan_push | |
| - terraform_lint | |
| - workflow_variables | |
| with: | |
| workspace: ${{ needs.workflow_variables.outputs.workspace_name }} | |
| terraform_path: environment | |
| container_version: ${{ needs.workflow_variables.outputs.safe_branch_name }}-${{ needs.workflow_variables.outputs.short_sha }} | |
| apply: true | |
| specific_path: ${{ needs.workflow_variables.outputs.specific_path }} | |
| add_ttl: true | |
| secrets: inherit | |
| if: | | |
| always() && | |
| needs.terraform_lint.result == 'success' && | |
| needs.docker_build_scan_push.result == 'success' && | |
| needs.workflow_variables.result == 'success' | |
| terraform_preproduction_plan_environment: | |
| name: terraform plan preproduction environment | |
| uses: ./.github/workflows/_run-terraform.yml | |
| needs: | |
| - docker_build_scan_push | |
| - terraform_lint | |
| - workflow_variables | |
| with: | |
| workspace: preproduction | |
| terraform_path: environment | |
| container_version: main-${{ needs.workflow_variables.outputs.short_sha }} | |
| apply: false | |
| specific_path: all | |
| add_ttl: false | |
| secrets: inherit | |
| if: | | |
| always() && | |
| needs.terraform_lint.result == 'success' && | |
| needs.docker_build_scan_push.result == 'success' && | |
| needs.workflow_variables.result == 'success' | |
| seed_dynamodb: | |
| name: seed dynamodb | |
| uses: ./.github/workflows/_seed-database.yml | |
| needs: | |
| - terraform_apply_environment | |
| - terraform_apply_shared_development | |
| - workflow_variables | |
| with: | |
| workspace: ${{ needs.workflow_variables.outputs.workspace_name }} | |
| secrets: inherit | |
| if: | | |
| always() && | |
| needs.terraform_apply_environment.result == 'success' && | |
| needs.terraform_apply_shared_development.result == 'success' | |
| run_behat_suite: | |
| name: run behat tests against environment | |
| uses: ./.github/workflows/_run-behat-tests.yml | |
| needs: | |
| - seed_dynamodb | |
| - workflow_variables | |
| with: | |
| workspace: ${{ needs.workflow_variables.outputs.workspace_name }} | |
| secrets: inherit | |
| if: | | |
| always() && | |
| needs.workflow_variables.result == 'success' && | |
| needs.seed_dynamodb.result == 'success' | |
| slack_notify: | |
| name: notify of result | |
| uses: ./.github/workflows/_slack-notification.yml | |
| needs: | |
| - run_behat_suite | |
| - workflow_variables | |
| with: | |
| template: successful_dev_build.txt | |
| workflow_status: ${{ needs.run_behat_suite.result }} | |
| workspace: ${{ needs.workflow_variables.outputs.workspace_name }} | |
| secrets: | |
| webhook: ${{ secrets.DEV_SLACK_WEB_HOOK }} | |
| if: | | |
| always() && | |
| needs.run_behat_suite.result == 'success' | |
| ecr_scan_results: | |
| name: ecr scan results | |
| uses: ./.github/workflows/_ecr-scanning.yml | |
| with: | |
| tag: ${{ needs.workflow_variables.outputs.safe_branch_name }}-${{ needs.workflow_variables.outputs.short_sha }} | |
| needs: | |
| - code_coverage | |
| - terraform_apply_environment | |
| - workflow_variables | |
| secrets: inherit | |
| if: | | |
| always() && | |
| needs.code_coverage.result == 'success' && | |
| needs.terraform_apply_environment.result == 'success' | |
| # Required end of workflow job | |
| end_of_workflow: | |
| name: end of workflow | |
| runs-on: ubuntu-latest | |
| needs: | |
| - ecr_scan_results | |
| - workflow_variables | |
| - update_documentation | |
| - docker_build_scan_push | |
| - run_behat_suite | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Calculate Step Duration | |
| id: calculate_durations | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| python ./scripts/pipeline/output_step_timing/step_timing.py -json '{ | |
| "test node dependencies / unit-test": ["run tests with jest"], | |
| "build, test, scan and push / docker_build_scan_push": ["docker unit tests", "docker integration and acceptance tests"], | |
| "run behat tests against environment / build-web": ["run behat test suite"] | |
| }' | |
| - name: Create a table with job durations and set as output | |
| id: create_table | |
| run: | | |
| { | |
| echo ${{ needs.docker_build_scan_push.outputs.matrix_job_names }} | |
| echo "| Job | Step | Duration |" | |
| echo "| --- | --- | --- |" | |
| jobs=$(echo '${{ steps.calculate_durations.outputs.jobs }}' | jq -r '.[]') | |
| steps=$(echo '${{ steps.calculate_durations.outputs.steps }}' | jq -r '.[]') | |
| durations=$(echo '${{ steps.calculate_durations.outputs.durations }}' | jq -r '.[]') | |
| for i in $(seq 0 $(($(echo "$jobs" | wc -l) - 1))); do | |
| job=$(echo "$jobs" | sed -n "$((i+1))p") | |
| step=$(echo "$steps" | sed -n "$((i+1))p") | |
| duration=$(echo "$durations" | sed -n "$((i+1))p") | |
| echo "| $job | $step | $duration |" | |
| done | |
| } >> $GITHUB_STEP_SUMMARY | |
| - name: workflow has ended without issue | |
| run: | | |
| if ${{ contains(needs.run_behat_suite.result, 'success') && contains(needs.ecr_scan_results.result, 'success') }}; then | |
| echo "${{ needs.workflow_variables.outputs.safe_branch_name }} PR environment tested, built and deployed" | |
| echo "Tag Used: ${{ needs.workflow_variables.outputs.safe_branch_name }}-${{ needs.workflow_variables.outputs.short_sha }}" | |
| echo "URL: https://${{ needs.workflow_variables.outputs.workspace_name }}.use-lasting-power-of-attorney.service.gov.uk" | |
| exit 0 | |
| elif [[ ${{ needs.workflow_variables.outputs.specific_path }} = 'docs' ]]; then | |
| echo 'Ending docs workflow' | |
| exit 0 | |
| else | |
| echo "Previous jobs in pipeline failed." | |
| exit 1 | |
| fi | |
| if: always() |