Renovate Update Node.js to v22 #1817
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test & Build | |
on: | |
pull_request: | |
branches: | |
- main | |
push: | |
branches: | |
- main | |
workflow_dispatch: | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
identify: | |
name: Identify version | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: "0" | |
- name: Define commit SHA and branch | |
id: commit_branch | |
run: | | |
if [ "${{ github.head_ref }}" == "" ]; then | |
echo "COMMIT=${{github.sha}}" >> $GITHUB_OUTPUT | |
echo "BRANCH=main" >> $GITHUB_OUTPUT | |
else | |
echo "COMMIT=${{github.event.pull_request.head.sha}}" >> $GITHUB_OUTPUT | |
echo "BRANCH=${{github.head_ref}}" >> $GITHUB_OUTPUT | |
fi | |
- name: Bump version | |
id: bump_version | |
uses: anothrNick/[email protected] | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
INITIAL_VERSION: 1.0.0 | |
DEFAULT_BRANCH: main | |
DEFAULT_BUMP: minor | |
PRERELEASE: true | |
PRERELEASE_SUFFIX: ${{ steps.commit_branch.outputs.BRANCH }} | |
RELEASE_BRANCHES: main | |
WITH_V: true | |
outputs: | |
commit: ${{ steps.commit_branch.outputs.COMMIT }} | |
branch: ${{ steps.commit_branch.outputs.BRANCH }} | |
tag: ${{ steps.bump_version.outputs.tag }} | |
build: | |
name: Build LPA Dashboard | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Cache Images | |
uses: actions/cache@v4 | |
with: | |
path: /tmp/images | |
key: ${{ runner.os }}-images-${{ github.run_id }}-${{ github.run_number }} | |
- name: Build Images | |
run: | | |
make build-ci | |
mkdir -p /tmp/images | |
docker save -o /tmp/images/app.tar 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-lpa-dashboard:latest | |
docker save -o /tmp/images/pact-stub.tar pact-stub:latest | |
test: | |
name: Unit Tests | |
runs-on: ubuntu-latest | |
needs: [identify] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: unfor19/install-aws-cli-action@v1 | |
- name: Cache Go Dependencies | |
uses: actions/cache@v4 | |
with: | |
path: .gocache | |
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
restore-keys: | | |
${{ runner.os }}-go- | |
- name: Run Tests | |
run: make unit-test | |
- name: Publish pacts | |
run: | | |
docker compose run --rm pact pact-broker publish ./pacts/sirius-lpa-dashboard-sirius.json \ | |
--consumer-app-version ${{ needs.identify.outputs.commit }} \ | |
--branch ${{ needs.identify.outputs.branch }} \ | |
--tag ${{ needs.identify.outputs.tag }} \ | |
--broker-base-url https://pact-broker.api.opg.service.justice.gov.uk \ | |
--broker-username admin \ | |
--broker-password ${{ secrets.PACT_BROKER_PASSWORD }} | |
- name: Upload Code Coverage | |
uses: codecov/codecov-action@v4 | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
with: | |
files: test-results/test-coverage.txt | |
fail_ci_if_error: true | |
verbose: true | |
- name: Persist Pacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: pacts | |
path: | | |
./pacts/sirius-lpa-dashboard-sirius.json | |
./pacts/ignored-ignored.json | |
lint: | |
name: Lint | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Run linting | |
run: make lint | |
acceptance-test: | |
name: Acceptance Tests | |
runs-on: ubuntu-latest | |
needs: | |
- build | |
- test | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Cache Images | |
uses: actions/cache@v4 | |
with: | |
path: /tmp/images | |
key: ${{ runner.os }}-images-${{ github.run_id }}-${{ github.run_number }} | |
- name: Download Artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: pacts | |
path: ./pacts | |
- name: Restore images | |
run: | | |
docker load -i /tmp/images/app.tar | |
docker load -i /tmp/images/pact-stub.tar | |
- name: Run pa11y | |
run: make pa11y | |
- name: Run Lighthouse | |
run: make lighthouse | |
cypress: | |
name: Cypress | |
runs-on: ubuntu-latest | |
needs: | |
- build | |
- test | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Cache Images | |
uses: actions/cache@v4 | |
with: | |
path: /tmp/images | |
key: ${{ runner.os }}-images-${{ github.run_id }}-${{ github.run_number }} | |
- name: Download Artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: pacts | |
path: ./pacts | |
- name: Restore images | |
run: | | |
docker load -i /tmp/images/app.tar | |
docker load -i /tmp/images/pact-stub.tar | |
- name: Start app | |
run: make cypress | |
- name: Upload Cypress screenshots | |
uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: cypress-screenshots | |
path: cypress/screenshots | |
push: | |
name: "Build & Push Containers" | |
runs-on: ubuntu-latest | |
needs: [identify, "build", "test", "lint", "acceptance-test", "cypress"] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: "0" | |
- name: Extract branch name | |
run: | | |
if [ "${{ github.head_ref }}" == "" ]; then | |
echo BRANCH_NAME=main >> $GITHUB_ENV | |
else | |
echo BRANCH_NAME=$(echo ${{ github.head_ref }} | sed 's/\//-/g') >> $GITHUB_ENV | |
fi | |
id: extract_branch | |
- uses: unfor19/install-aws-cli-action@v1 | |
- name: Cache Images | |
uses: actions/cache@v4 | |
with: | |
path: /tmp/images | |
key: ${{ runner.os }}-images-${{ github.run_id }}-${{ github.run_number }} | |
- name: Restore Image | |
run: docker load -i /tmp/images/app.tar | |
- name: Run Trivy | |
run: make scan | |
- name: Upload Trivy scan results to GitHub Security tab | |
uses: github/codeql-action/upload-sarif@v3 | |
if: always() | |
with: | |
sarif_file: 'test-results/trivy.sarif' | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
aws-region: eu-west-1 | |
role-to-assume: arn:aws:iam::311462405659:role/sirius-actions-ci | |
role-duration-seconds: 3600 | |
role-session-name: GitHubActions | |
- name: ECR Login | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
with: | |
registries: 311462405659 | |
- name: Push Container | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_REPOSITORY: sirius/sirius-lpa-dashboard | |
run: | | |
docker tag 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-lpa-dashboard:latest $ECR_REGISTRY/$ECR_REPOSITORY:${{ needs.identify.outputs.tag }} | |
if [ "${{ needs.identify.outputs.branch }}" == "main" ]; then | |
docker tag 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-lpa-dashboard:latest $ECR_REGISTRY/$ECR_REPOSITORY:main-${{ needs.identify.outputs.tag }} | |
docker tag 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-lpa-dashboard:latest $ECR_REGISTRY/$ECR_REPOSITORY:main-${{ needs.identify.outputs.tag }}-$(date +"%Y%m%d%H%M%S") | |
# We want all of the tags pushed | |
docker push --all-tags $ECR_REGISTRY/$ECR_REPOSITORY | |
else | |
docker push $ECR_REGISTRY/$ECR_REPOSITORY:${{ needs.identify.outputs.tag }} | |
fi | |
push-tags: | |
runs-on: ubuntu-latest | |
needs: [identify, push] | |
if: github.ref == 'refs/heads/main' | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
aws-region: eu-west-1 | |
role-to-assume: arn:aws:iam::997462338508:role/sirius-actions-ci | |
role-duration-seconds: 3600 | |
role-session-name: GitHubActions | |
- name: Install AWS CLI | |
id: install-aws-cli | |
uses: unfor19/install-aws-cli-action@v1 | |
- name: Push Tag to Parameter Store | |
run: | | |
aws ssm put-parameter --name "opg-sirius-lpa-dashboard-latest-green-build" --type "String" --value "${{ needs.identify.outputs.tag }}" --overwrite --region=eu-west-1 | |
- name: Trigger Dev Deploy | |
shell: bash | |
run: curl -u ${{ secrets.JENKINS_API_USER }}:${{ secrets.JENKINS_API_TOKEN }} "https://${{ secrets.JENKINS_URL }}/job/Sirius/job/Deploy_to_Development/build?token=${{ secrets.JENKINS_API_TOKEN_NAME }}&cause=Triggered+by+opg-sirius-lpa-dashboard" |