-
Notifications
You must be signed in to change notification settings - Fork 6
146 lines (145 loc) · 6.04 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
name: ci
on:
push:
pull_request:
types: [opened, reopened]
env:
PRODUCTION_BRANCH: refs/heads/production
STAGING_BRANCH: refs/heads/staging
jobs:
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: 'latest'
cache: 'npm'
- run: npm ci
- run: npm run lint
compile:
name: Compile
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: 'latest'
cache: 'npm'
- run: npm ci
- run: npm run build
test:
name: Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: 'latest'
cache: 'npm'
- run: npm ci
- name: Configure Datadog Test Visibility
env:
DD_SERVICE_NAME: ${{ secrets.DD_SERVICE_NAME }}
DD_API_KEY: ${{ secrets.DD_API_KEY }}
if: env.DD_SERVICE_NAME != '' && env.DD_API_KEY != ''
uses: datadog/test-visibility-github-action@v1
with:
languages: js
service-name: ${{ secrets.DD_SERVICE_NAME }}
api-key: ${{ secrets.DD_API_KEY }}
- run: npm run test:coverage
env:
# Required to allow Datadog to trace Vitest tests
NODE_OPTIONS: --max-old-space-size=4096 -r ${{ env.DD_TRACE_PACKAGE }}
gatekeep:
name: Determine if Build & Deploy is needed
outputs:
proceed: ${{ steps.determine_proceed.outputs.proceed }}
runs-on: ubuntu-latest
if: github.event_name == 'push'
steps:
- id: determine_proceed
run: |
if [[ $GITHUB_REF == $STAGING_BRANCH ]]; then
echo '::set-output name=proceed::true';
elif [[ $GITHUB_REF == $PRODUCTION_BRANCH ]]; then
echo '::set-output name=proceed::true';
else
echo '::set-output name=proceed::false';
fi
deploy:
name: Build & Deploy
runs-on: ubuntu-latest
needs: [test, lint, compile, gatekeep]
if: needs.gatekeep.outputs.proceed == 'true'
steps:
- uses: actions/checkout@v4
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: 'latest'
cache: 'npm'
- run: npm ci
- run: |
if [[ $GITHUB_REF == $STAGING_BRANCH ]]; then
echo LAMBDA_NODE_ENV=staging >> $GITHUB_ENV;
echo VPC_SUBNET_A=${{ secrets.VPC_SUBNET_A_STAGING }} >> $GITHUB_ENV;
echo VPC_SUBNET_B=${{ secrets.VPC_SUBNET_B_STAGING }} >> $GITHUB_ENV;
echo VPC_SUBNET_C=${{ secrets.VPC_SUBNET_C_STAGING }} >> $GITHUB_ENV;
echo VPC_SECURITY_GROUP_API=${{ secrets.VPC_SECURITY_GROUP_API_STAGING }} >> $GITHUB_ENV;
echo VPC_SECURITY_GROUP_STATIC=${{ secrets.VPC_SECURITY_GROUP_STATIC_STAGING }} >> $GITHUB_ENV;
echo DATABASE_URL=${{ secrets.DATABASE_URL_STAGING }} >> $GITHUB_ENV;
echo SESSION_SECRET=${{ secrets.SESSION_SECRET_STAGING }} >> $GITHUB_ENV;
echo OTP_SECRET=${{ secrets.OTP_SECRET_STAGING }} >> $GITHUB_ENV;
echo GA_TRACKING_ID=${{ secrets.GA_TRACKING_ID_STAGING }} >> $GITHUB_ENV;
echo "MAIL_SUFFIX=${{ secrets.MAIL_SUFFIX_STAGING }}" >> $GITHUB_ENV;
echo APP_HOST=staging.checkfirst.gov.sg >> $GITHUB_ENV;
echo DEPLOY_TIMESTAMP=$(date) >> $GITHUB_ENV;
elif [[ $GITHUB_REF == $PRODUCTION_BRANCH ]]; then
echo LAMBDA_NODE_ENV=production >> $GITHUB_ENV;
echo VPC_SUBNET_A=${{ secrets.VPC_SUBNET_A_PRODUCTION }} >> $GITHUB_ENV;
echo VPC_SUBNET_B=${{ secrets.VPC_SUBNET_B_PRODUCTION }} >> $GITHUB_ENV;
echo VPC_SUBNET_C=${{ secrets.VPC_SUBNET_C_PRODUCTION }} >> $GITHUB_ENV;
echo VPC_SECURITY_GROUP_API=${{ secrets.VPC_SECURITY_GROUP_API_PRODUCTION }} >> $GITHUB_ENV;
echo VPC_SECURITY_GROUP_STATIC=${{ secrets.VPC_SECURITY_GROUP_STATIC_PRODUCTION }} >> $GITHUB_ENV;
echo DATABASE_URL=${{ secrets.DATABASE_URL_PRODUCTION }} >> $GITHUB_ENV;
echo SESSION_SECRET=${{ secrets.SESSION_SECRET_PRODUCTION }} >> $GITHUB_ENV;
echo OTP_SECRET=${{ secrets.OTP_SECRET_PRODUCTION }} >> $GITHUB_ENV;
echo GA_TRACKING_ID=${{ secrets.GA_TRACKING_ID_PRODUCTION }} >> $GITHUB_ENV;
echo "MAIL_SUFFIX=${{ secrets.MAIL_SUFFIX_PRODUCTION }}" >> $GITHUB_ENV;
echo APP_HOST=checkfirst.gov.sg >> $GITHUB_ENV;
echo DEPLOY_TIMESTAMP=$(date) >> $GITHUB_ENV
fi
- run: npm run build
env:
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
FRONTEND_SENTRY_DSN: ${{ secrets.FRONTEND_SENTRY_DSN }}
SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
- name: serverless deploy
uses: opengovsg/[email protected]
with:
args: -c "serverless plugin install --name serverless-plugin-custom-binary && serverless deploy --conceal"
entrypoint: /bin/bash
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
LAMBDA_NODE_ENV: ${{ env.LAMBDA_NODE_ENV }}
VPC_SUBNET_A: ${{ env.VPC_SUBNET_A }}
VPC_SUBNET_B: ${{ env.VPC_SUBNET_B }}
VPC_SUBNET_C: ${{ env.VPC_SUBNET_C }}
VPC_SECURITY_GROUP_API: ${{ env.VPC_SECURITY_GROUP_API }}
VPC_SECURITY_GROUP_STATIC: ${{ env.VPC_SECURITY_GROUP_STATIC }}
DATABASE_URL: ${{ env.DATABASE_URL }}
SESSION_SECRET: ${{ env.SESSION_SECRET }}
OTP_SECRET: ${{ env.OTP_SECRET }}
OTP_EXPIRY: ${{ secrets.OTP_EXPIRY }}
APP_HOST: ${{ env.APP_HOST }}
FRONTEND_SENTRY_DSN: ${{ secrets.FRONTEND_SENTRY_DSN }}
BACKEND_SENTRY_DSN: ${{ secrets.BACKEND_SENTRY_DSN }}
CSP_REPORT_URI: ${{ secrets.CSP_REPORT_URI }}