Bump slackapi/slack-github-action from 1.23.0 to 1.27.0 #7900
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuous Integration | |
on: | |
push: | |
branches: | |
- '**' | |
tags-ignore: | |
- '**' | |
env: | |
CHROMEDRIVER_FILEPATH: /usr/local/share/chrome_driver/chromedriver | |
DEVOPS_CHANNEL_ID: C37M86Y8G #devops-deploys | |
PLATFORM_BUILD_CHANNEL_ID: C0MQ281DJ #vfs-platform-builds | |
CONTENT_BUILD_CHANNEL_ID: C02VD909V08 #status-content-build | |
BROKEN_LINKS_SLACK: C030F5WV2TF # content-broken-links | |
INSTANCE_TYPE: m5.4xlarge | |
# Sandbox Drupal address, username, and password is used on branches other than main. | |
DRUPAL_ADDRESS: https://main-medc0xjkxm4jmpzxl3tfbcs7qcddsivh.ci.cms.va.gov | |
# This is a test credential and is not used on any production instances. | |
DRUPAL_PASSWORD: drupal8 | |
concurrency: | |
group: ${{ github.ref != 'refs/heads/main' && github.ref || github.sha }} | |
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} | |
jobs: | |
build: | |
name: Build | |
runs-on: [self-hosted, asg] | |
timeout-minutes: 120 | |
defaults: | |
run: | |
working-directory: content-build | |
outputs: | |
vagovdev_buildtime: ${{ env.vagovdev_buildtime }} | |
vagovstaging_buildtime: ${{ env.vagovstaging_buildtime }} | |
env: | |
NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt | |
strategy: | |
fail-fast: true | |
matrix: | |
buildtype: [vagovdev, vagovstaging, vagovprod] | |
include: | |
- buildtype: vagovdev | |
drupal-address: https://main-medc0xjkxm4jmpzxl3tfbcs7qcddsivh.ci.cms.va.gov | |
- buildtype: vagovstaging | |
drupal-address: https://main-medc0xjkxm4jmpzxl3tfbcs7qcddsivh.ci.cms.va.gov | |
- buildtype: vagovprod | |
drupal-address: https://prod.cms.va.gov | |
steps: | |
- name: Checkout vagov-content | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
repository: department-of-veterans-affairs/vagov-content | |
path: vagov-content | |
- name: Checkout content-build | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
path: content-build | |
- name: Get Node version | |
id: get-node-version | |
run: echo NODE_VERSION=$(cat .nvmrc) >> $GITHUB_OUTPUT | |
- name: Setup Node | |
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 | |
with: | |
node-version: ${{ steps.get-node-version.outputs.NODE_VERSION }} | |
- name: Setup Yarn | |
run: npm i -g [email protected] | |
- name: Cache dependencies | |
id: cache-dependencies | |
uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 | |
with: | |
path: | | |
.cache/yarn | |
**/node_modules | |
key: ${{ steps.get-node-version.outputs.NODE_VERSION }}-on-demand-runner-${{ hashFiles('**/yarn.lock') }} | |
restore-keys: ${{ steps.get-node-version.outputs.NODE_VERSION }}-on-demand-runner- | |
- name: Install dependencies | |
uses: nick-invision/retry@943e742917ac94714d2f408a0e8320f2d1fcafcd # v2.8.3 | |
with: | |
command: cd content-build && yarn install --frozen-lockfile --prefer-offline | |
max_attempts: 3 | |
timeout_minutes: 7 | |
env: | |
YARN_CACHE_FOLDER: .cache/yarn | |
- name: Configure AWS Credentials (1) | |
uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-gov-west-1 | |
- name: Set Drupal address | |
if: ${{ github.ref == 'refs/heads/main' }} | |
run: echo "DRUPAL_ADDRESS=${{ matrix.drupal-address }}" >> $GITHUB_ENV | |
- name: Set Drupal prod password | |
if: ${{ matrix.buildtype == 'vagovprod' && github.ref == 'refs/heads/main' }} | |
uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest | |
with: | |
ssm_parameter: /cms/prod/drupal_api_users/content_build_api/password | |
env_variable_name: DRUPAL_PASSWORD | |
- name: Set Drupal prod username | |
uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest | |
with: | |
ssm_parameter: /cms/prod/drupal_api_users/content_build_api/username | |
env_variable_name: DRUPAL_USERNAME | |
- name: Get buildtime | |
id: buildtime | |
run: | | |
BUILDTIME=$(date +%s) | |
echo buildtime=$BUILDTIME >> $GITHUB_OUTPUT | |
echo "${{ matrix.buildtype }}_buildtime=$BUILDTIME" >> $GITHUB_ENV | |
- name: Wait for the CMS to be ready | |
uses: ./content-build/.github/workflows/wait-for-cms-ready | |
with: | |
base_url: ${{ env.DRUPAL_ADDRESS }} | |
- name: Build | |
run: yarn build --buildtype=${{ matrix.buildtype }} --asset-source=local --drupal-address=${{ env.DRUPAL_ADDRESS }} --drupal-user=${{ env.DRUPAL_USERNAME }} --drupal-password="${{ env.DRUPAL_PASSWORD }}" --pull-drupal --drupal-max-parallel-requests=15 --no-drupal-proxy --verbose | |
env: | |
NODE_ENV: production | |
DEBUG: ${{ secrets.ACTIONS_RUNNER_DEBUG }} | |
- name: Check broken links | |
id: get-broken-link-info | |
if: ${{ matrix.buildtype == 'vagovprod' }} | |
run: node ./script/github-actions/check-broken-links-blocks.js ${{ matrix.buildtype }} | |
- name: Generate build details | |
run: | | |
cat > build/${{ matrix.buildtype }}/BUILD.txt << EOF | |
BUILDTYPE=${{ matrix.buildtype }} | |
NODE_ENV=production | |
BRANCH_NAME=$(echo "${GITHUB_REF#refs/heads/}") | |
CHANGE_TARGET=null | |
RUN_ID=${{ github.run_id }} | |
RUN_NUMBER=${{ github.run_number }} | |
REF=${{ github.sha }} | |
BUILDTIME=${{ steps.buildtime.outputs.buildtime }} | |
EOF | |
- name: Prearchive | |
run: node ./script/prearchive.js --buildtype=${{ matrix.buildtype }} | |
- name: Compress build | |
run: tar -C build/${{ matrix.buildtype }} -cvf ${{ matrix.buildtype }}.tar.bz2 . | |
- name: Cache Drupal content | |
if: github.ref == 'refs/heads/main' | |
run: node ./script/drupal-aws-cache.js --buildtype=${{ matrix.buildtype }} | |
- name: Get role from Parameter Store | |
uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest | |
with: | |
ssm_parameter: /frontend-team/github-actions/parameters/AWS_FRONTEND_NONPROD_ROLE | |
env_variable_name: AWS_FRONTEND_NONPROD_ROLE | |
- name: Configure AWS Credentials (2) | |
uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-gov-west-1 | |
role-to-assume: ${{ env.AWS_FRONTEND_NONPROD_ROLE }} | |
role-duration-seconds: 900 | |
role-session-name: vsp-frontendteam-githubaction | |
- name: Upload build | |
run: aws s3 cp ${{ matrix.buildtype }}.tar.bz2 s3://vetsgov-website-builds-s3-upload/content-build/${{ github.sha }}/${{ matrix.buildtype }}.tar.bz2 --acl public-read --region us-gov-west-1 --no-progress | |
- name: Upload Drupal cache | |
if: github.ref == 'refs/heads/main' | |
run: aws s3 sync .cache/content s3://vetsgov-website-builds-s3-upload/content/ --acl public-read --region us-gov-west-1 --quiet | |
# Only will get called if error in workflow | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 | |
if: ${{ steps.get-broken-link-info.outputs.UPLOAD_AND_NOTIFY == '1' && always() }} | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-gov-west-1 | |
- name: Get Slack app token | |
uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest | |
if: ${{ steps.get-broken-link-info.outputs.UPLOAD_AND_NOTIFY == '1' && always() }} | |
with: | |
ssm_parameter: /devops/github_actions_slack_socket_token | |
env_variable_name: SLACK_APP_TOKEN | |
- name: Get Slack bot token | |
uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest | |
if: ${{ steps.get-broken-link-info.outputs.UPLOAD_AND_NOTIFY == '1' && always() }} | |
with: | |
ssm_parameter: /devops/github_actions_slack_bot_user_token | |
env_variable_name: SLACK_BOT_TOKEN | |
- name: Get role from Parameter Store | |
uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest | |
if: ${{ steps.get-broken-link-info.outputs.UPLOAD_AND_NOTIFY == '1' && always() }} | |
with: | |
ssm_parameter: /frontend-team/github-actions/parameters/AWS_FRONTEND_NONPROD_ROLE | |
env_variable_name: AWS_FRONTEND_NONPROD_ROLE | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 | |
if: ${{ steps.get-broken-link-info.outputs.UPLOAD_AND_NOTIFY == '1' && always() }} | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-gov-west-1 | |
role-to-assume: ${{ env.AWS_FRONTEND_NONPROD_ROLE }} | |
role-duration-seconds: 900 | |
role-session-name: vsp-frontendteam-githubaction | |
- name: Upload broken links file | |
if: ${{ steps.get-broken-link-info.outputs.UPLOAD_AND_NOTIFY == '1' && always() }} | |
run: aws s3 cp ./logs/${{ matrix.buildtype }}-broken-links.json s3://vetsgov-website-builds-s3-upload/broken-link-reports/${{ matrix.buildtype }}-broken-links.json --acl public-read --region us-gov-west-1 | |
- name: Notify Slack about broken links | |
uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0 | |
if: ${{ steps.get-broken-link-info.outputs.UPLOAD_AND_NOTIFY == '1' && always() }} | |
continue-on-error: true | |
env: | |
SSL_CERT_DIR: /etc/ssl/certs | |
SLACK_BOT_TOKEN: ${{ env.SLACK_BOT_TOKEN }} | |
with: | |
payload: ${{ steps.get-broken-link-info.outputs.SLACK_BLOCKS }} | |
channel-id: ${{ env.BROKEN_LINKS_SLACK }} | |
unit-tests: | |
name: Unit Tests | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Install dependencies | |
uses: ./.github/workflows/install | |
timeout-minutes: 30 | |
with: | |
key: ${{ hashFiles('yarn.lock') }} | |
yarn_cache_folder: .cache/yarn | |
path: | | |
.cache/yarn | |
node_modules | |
- name: Create test results folder | |
run: mkdir -p test-results | |
- name: Run unit tests | |
run: yarn test:unit --coverage | |
env: | |
MOCHA_FILE: test-results/unit-tests.xml | |
- name: Generate coverage report by app | |
run: node script/app-coverage-report.js > test-results/coverage_report.txt | |
- name: Get code coverage | |
if: ${{ always() }} | |
id: code-coverage | |
run: echo MARKDOWN=$(node ./script/github-actions/code-coverage-format-report.js) >> $GITHUB_OUTPUT | |
- name: Publish test results | |
if: ${{ always() }} | |
continue-on-error: true | |
uses: mikepenz/action-junit-report@959aefb7f095e717eb407fe917238d61ca323ff3 # v3.7.6 | |
with: | |
check_name: 'Unit Tests Summary' | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
report_paths: 'test-results/unit-tests.xml' | |
summary: ${{ steps.code-coverage.outputs.MARKDOWN }} | |
fail_on_failure: 'true' | |
linting: | |
name: Linting | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Install dependencies | |
uses: ./.github/workflows/install | |
timeout-minutes: 30 | |
with: | |
key: ${{ hashFiles('yarn.lock') }} | |
yarn_cache_folder: .cache/yarn | |
path: | | |
.cache/yarn | |
node_modules | |
- name: Update browserslist | |
run: yarn exec -- browserslist --update-db | |
- name: Annotate ESLint results | |
run: yarn run eslint --ext .js --ext .jsx --format ./script/github-actions/eslint-annotation-format.js . | |
security-audit: | |
name: Security Audit | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Install dependencies | |
uses: ./.github/workflows/install | |
timeout-minutes: 30 | |
with: | |
key: ${{ hashFiles('yarn.lock') }} | |
yarn_cache_folder: .cache/yarn | |
path: | | |
.cache/yarn | |
node_modules | |
- name: Audit dependencies | |
run: yarn security-check | |
drupal-cache-test: | |
name: Drupal Cache Test | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Install dependencies | |
uses: ./.github/workflows/install | |
timeout-minutes: 30 | |
with: | |
key: ${{ hashFiles('yarn.lock') }} | |
yarn_cache_folder: .cache/yarn | |
path: | | |
.cache/yarn | |
node_modules | |
- name: Fetch Drupal cache | |
run: yarn fetch-drupal-cache | |
# This is necessary to get credentials to use the private ECR image defined in the test job container. | |
login-to-amazon-ecr: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-gov-west-1 | |
mask-aws-account-id: 'false' | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
with: | |
mask-password: 'false' | |
outputs: | |
docker_username: ${{ steps.login-ecr.outputs.docker_username_008577686731_dkr_ecr_us_gov_west_1_amazonaws_com }} | |
docker_password: ${{ steps.login-ecr.outputs.docker_password_008577686731_dkr_ecr_us_gov_west_1_amazonaws_com }} | |
cypress-tests: | |
name: Cypress E2E Tests | |
runs-on: [self-hosted, asg] | |
needs: | |
- login-to-amazon-ecr | |
- build | |
timeout-minutes: 30 | |
container: | |
image: 008577686731.dkr.ecr.us-gov-west-1.amazonaws.com/cypress-io:node16.13.2-chrome100-ff98 | |
credentials: | |
username: ${{ needs.login-to-amazon-ecr.outputs.docker_username }} | |
password: ${{ needs.login-to-amazon-ecr.outputs.docker_password }} | |
options: --user 1001:1001 | |
volumes: | |
- /usr/local/share:/share | |
- /etc/ssl/certs:/etc/ssl/certs | |
env: | |
NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt | |
CHROMEDRIVER_FILEPATH: /share/chrome_driver/chromedriver | |
steps: | |
- name: Checkout content-build | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Download production build | |
run: curl -L "https://s3-us-gov-west-1.amazonaws.com/vetsgov-website-builds-s3-upload/content-build/${{ github.sha }}/vagovprod.tar.bz2" -o vagovprod.tar.bz2 | |
- name: Unpack build | |
run: | | |
mkdir -p build/vagovprod | |
tar -C build/vagovprod -xf vagovprod.tar.bz2 | |
- name: Install dependencies | |
uses: ./.github/workflows/install | |
timeout-minutes: 30 | |
with: | |
key: on-demand-runner-cypress-${{ hashFiles('**/yarn.lock') }} | |
restore-keys: on-demand-runner-cypress- | |
yarn_cache_folder: .cache/yarn | |
path: | | |
.cache/yarn | |
/github/home/.cache/Cypress | |
**/node_modules | |
- name: Start server | |
run: node src/platform/testing/e2e/test-server.js --buildtype vagovprod --port=3002 & | |
- name: Run Cypress tests | |
run: yarn cy:run --reporter cypress-multi-reporters --reporter-options "configFile=config/cypress-reporters.json" --env buildtype=vagovprod | |
- name: Publish test results | |
if: ${{ always() }} | |
uses: mikepenz/action-junit-report@959aefb7f095e717eb407fe917238d61ca323ff3 # v3.7.6 | |
with: | |
check_name: 'Cypress Tests Summary' | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
report_paths: 'test-results/e2e-test-output-*.xml' | |
- name: Archive Cypress test videos | |
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
if: ${{ failure() }} | |
with: | |
name: cypress-video-artifacts | |
path: cypress/videos | |
- name: Archive Cypress test screenshots | |
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
if: ${{ failure() }} | |
with: | |
name: cypress-screenshot-artifacts | |
path: cypress/screenshots | |
- name: Archive Mochawesome test results | |
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
if: ${{ always() }} | |
with: | |
name: cypress-mochawesome-test-results | |
path: cypress/results | |
retention-days: 1 | |
- name: Notify Slack about Cypress test failures | |
if: ${{ github.ref == 'refs/heads/main' && failure() }} | |
uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@8c496a4b0c9158d18edcd9be8722ed0f79e8c5b4 # main | |
continue-on-error: true | |
env: | |
SSL_CERT_DIR: /etc/ssl/certs | |
with: | |
payload: '{"attachments": [{"color": "#D33834","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "<!here> E2E tests in `content-build` have failed on the `main` branch, run: <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}|${{github.run_id}}>"}}]}]}' | |
channel_id: C026PD47Z19 | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
testing-reports: | |
name: Testing Reports | |
runs-on: ubuntu-latest | |
needs: [cypress-tests] | |
if: ${{ needs.cypress-tests.result == 'failure' || needs.cypress-tests.result == 'success' }} | |
continue-on-error: true | |
timeout-minutes: 30 | |
steps: | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-gov-west-1 | |
- name: Get va-vsp-bot token | |
uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest | |
with: | |
ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN | |
env_variable_name: VA_VSP_BOT_GITHUB_TOKEN | |
# ------------------------ | |
# | Upload BigQuery Data | | |
# ------------------------ | |
- name: Checkout Testing Tools Team Dashboard Data repo | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
repository: department-of-veterans-affairs/testing-tools-team-dashboard-data | |
token: ${{ env.VA_VSP_BOT_GITHUB_TOKEN }} | |
path: testing-tools-team-dashboard-data | |
# TODO: Set .nvmrc in testing-tools-team-dashboard-data. | |
# - name: Get Node version | |
# id: get-node-version | |
# run: echo NODE_VERSION=$(cat .nvmrc) >> $GITHUB_OUTPUT | |
# working-directory: testing-tools-team-dashboard-data | |
- name: Setup Node | |
uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0 | |
with: | |
node-version: 14 # ${{ steps.get-node-version.outputs.NODE_VERSION }} | |
# TODO: Potentially use install composite | |
- name: Install dependencies | |
run: yarn install --frozen-lockfile --prefer-offline --production=false | |
env: | |
YARN_CACHE_FOLDER: .cache/yarn | |
working-directory: testing-tools-team-dashboard-data | |
- name: Download Mochawesome test results | |
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
with: | |
name: cypress-mochawesome-test-results | |
path: testing-tools-team-dashboard-data/src/testing-reports/data | |
- name: Get BigQuery service credentials | |
uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest | |
with: | |
ssm_parameter: /dsva-vagov/testing-team/bigquery_service_credentials | |
env_variable_name: BIGQUERY_SERVICE_CREDENTIALS | |
- name: Setup Cloud SDK | |
uses: google-github-actions/setup-gcloud@e30db14379863a8c79331b04a9969f4c1e225e0b # v1.1.1 | |
with: | |
project_id: vsp-analytics-and-insights | |
service_account_key: ${{ env.BIGQUERY_SERVICE_CREDENTIALS }} | |
export_default_credentials: true | |
- name: Set UUID for Mochawesome report | |
run: echo "UUID=$(uuidgen)" >> $GITHUB_ENV | |
- name: Create report and post results to BigQuery | |
run: yarn cypress-mochawesome-to-bigquery | |
working-directory: testing-tools-team-dashboard-data | |
env: | |
IS_MASTER_BUILD: ${{ needs.cypress-tests-prep.outputs.is_master_build }} | |
NUM_CONTAINERS: ${{ needs.cypress-tests-prep.outputs.num_containers }} | |
TEST_EXECUTIONS_TABLE_NAME: content_build_cypress_test_suite_executions | |
TEST_RESULTS_TABLE_NAME: content_build_cypress_test_results | |
TEST_REPORTS_FOLDER_NAME: content-build-cypress-reports | |
# env.MOCHAWESOME_REPORT_RESULTS is set and exported during the above step when the mochawesome report is generated. It contains the output string for the publish step at the end of the job with the numbers from the Mochawesome report. | |
# -------------------------- | |
# | Publish Testing Report | | |
# -------------------------- | |
- name: Download video artifacts | |
if: ${{ needs.cypress-tests.result == 'failure' }} | |
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
with: | |
name: cypress-video-artifacts | |
path: testing-tools-team-dashboard-data/testing-reports/videos/${{ env.UUID }} | |
- name: Get AWS IAM role | |
uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest | |
with: | |
ssm_parameter: /frontend-team/github-actions/parameters/AWS_FRONTEND_NONPROD_ROLE | |
env_variable_name: AWS_FRONTEND_NONPROD_ROLE | |
- name: Configure AWS Credentials (2) | |
uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-gov-west-1 | |
role-to-assume: ${{ env.AWS_FRONTEND_NONPROD_ROLE }} | |
role-duration-seconds: 900 | |
role-session-name: vsp-frontendteam-githubaction | |
- name: Upload test videos to s3 | |
if: ${{ needs.cypress-tests.result == 'failure' }} | |
run: aws s3 cp testing-tools-team-dashboard-data/cypress-reports/videos/${{ env.UUID }} s3://testing-tools-testing-reports/content-build-cypress-reports/videos/${{ env.UUID }} --acl public-read --region us-gov-west-1 --recursive | |
- name: Upload test report to s3 | |
run: aws s3 cp testing-tools-team-dashboard-data/mochawesome-report s3://testing-tools-testing-reports/content-build-cypress-reports --acl public-read --region us-gov-west-1 --recursive | |
# ------------------------- | |
# | Cypress Tests Summary | | |
# ------------------------- | |
- name: Publish Cypress test results | |
if: ${{ always() }} | |
uses: LouisBrunner/checks-action@69aaabbcf32668b60dc03b65deabfe23e92d9c41 # v1.6.0 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
name: Cypress Tests Summary | |
conclusion: ${{ needs.cypress-tests.result }} | |
output: | | |
{"summary":${{ env.MOCHAWESOME_REPORT_RESULTS }}} | |
get-latest-run-number: | |
name: Get Latest Workflow Run Number | |
runs-on: ubuntu-latest | |
if: ${{ always() && github.ref == 'refs/heads/main' && needs.cypress-tests.result == 'success' }} | |
needs: cypress-tests | |
outputs: | |
latest_run_number: ${{ steps.latest-run-number.outputs.latest_run_number }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Install dependencies | |
uses: ./.github/workflows/install | |
timeout-minutes: 30 | |
with: | |
key: ${{ hashFiles('yarn.lock') }} | |
yarn_cache_folder: .cache/yarn | |
path: | | |
.cache/yarn | |
node_modules | |
- name: Set output of latest_run_number | |
id: latest-run-number | |
run: echo latest_run_number=$(node ./script/github-actions/get-latest-run-number.js) >> $GITHUB_OUTPUT | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
deploy: | |
name: Deploy | |
runs-on: [self-hosted, asg] | |
if: ${{ always() && github.ref == 'refs/heads/main' && needs.get-latest-run-number.result == 'success' && needs.get-latest-run-number.outputs.latest_run_number == github.run_number }} | |
needs: [build, cypress-tests, get-latest-run-number] | |
env: | |
NODE_EXTRA_CA_CERTS: /etc/ssl/certs/ca-certificates.crt | |
strategy: | |
matrix: | |
include: | |
- environment: vagovdev | |
bucket: content.dev.va.gov | |
- environment: vagovstaging | |
bucket: content.staging.va.gov | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Configure AWS credentials (1) | |
uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-gov-west-1 | |
- name: Get role from Parameter Store | |
uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest | |
with: | |
ssm_parameter: /frontend-team/github-actions/parameters/AWS_FRONTEND_NONPROD_ROLE | |
env_variable_name: AWS_FRONTEND_NONPROD_ROLE | |
- name: Get Drupal token from Parameter Store | |
if: ${{ matrix.environment == 'vagovstaging' }} | |
uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest | |
with: | |
ssm_parameter: /dsva-vagov/vets-website/staging/drupal-password | |
env_variable_name: CALLBACK_TOKEN | |
- name: Configure AWS Credentials (2) | |
uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-gov-west-1 | |
role-to-assume: ${{ env.AWS_FRONTEND_NONPROD_ROLE }} | |
role-duration-seconds: 1800 | |
role-session-name: vsp-frontendteam-githubaction | |
- name: Deploy | |
run: ./script/github-actions/deploy.sh -s $SRC -d $DEST -v | |
env: | |
SRC: s3://vetsgov-website-builds-s3-upload/content-build/${{ github.sha }}/${{ matrix.environment }}.tar.bz2 | |
DEST: s3://${{ matrix.bucket }} | |
- name: Wait for the CMS to be ready | |
if: ${{ matrix.environment == 'vagovstaging' }} | |
uses: ./.github/workflows/wait-for-cms-ready | |
with: | |
base_url: ${{ env.DRUPAL_ADDRESS }} | |
- name: CMS GovDelivery callback | |
if: ${{ matrix.environment == 'vagovstaging' }} | |
uses: fjogeleit/http-request-action@e8dd067b83c3ab0774c76bf065b1c4f11c7e45ba # v1.14.0 | |
with: | |
url: ${{ env.DRUPAL_ADDRESS }}/api/govdelivery_bulletins/queue?EndTime=${{ needs.build.outputs.vagovstaging_buildtime }}&src=gha&runId=${{ github.run_id }}&runNumber=${{ github.run_number }} | |
method: GET | |
username: api | |
password: ${{ env.CALLBACK_TOKEN }} | |
timeout: 10000 | |
# A failure here should not prevent the workflow from continuing. | |
continue-on-error: true | |
jenkins: | |
name: Run Jenkins CI | |
runs-on: ubuntu-latest | |
steps: | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@e1e17a757e536f70e52b5a12b2e8d1d1c60e04ef # v2.0.0 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: us-gov-west-1 | |
- name: Get Jenkins token from Parameter Store | |
uses: department-of-veterans-affairs/action-inject-ssm-secrets@d8e6de3bde4dd728c9d732baef58b3c854b8c4bb # latest | |
with: | |
ssm_parameter: /frontend-team/github-actions/parameters/JENKINS_API_TOKEN | |
env_variable_name: JENKINS_API_TOKEN | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Install dependencies | |
uses: ./.github/workflows/install | |
timeout-minutes: 30 | |
with: | |
key: ${{ hashFiles('yarn.lock') }} | |
yarn_cache_folder: ~/.cache/yarn | |
path: | | |
~/.cache/yarn | |
node_modules | |
- name: Trigger Jenkins pipeline | |
run: node script/github-actions/trigger-jenkins.js | |
notify-failure: | |
name: Notify Failure | |
runs-on: ubuntu-latest | |
if: ${{ github.ref == 'refs/heads/main' && (failure() || cancelled()) }} | |
needs: deploy | |
steps: | |
- name: Checkout | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Notify Slack | |
uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@8c496a4b0c9158d18edcd9be8722ed0f79e8c5b4 # main | |
continue-on-error: true | |
with: | |
payload: '{"attachments": [{"color": "#D33834","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "<!subteam^S01JXBLLMJL|cms-devops-engineers> content-build main branch CI failed!: <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}>"}}]}]}' | |
channel_id: ${{ env.CONTENT_BUILD_CHANNEL_ID }} | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |