Merge pull request #426 from HHS/tech-debt-refactor-actions-001

tech-debt: Refactor GitHub Actions
HHS · Sep 8, 2022 · 0b440ec · 0b440ec
2 parents 5909e33 + 23fe17b
commit 0b440ec
Show file tree

Hide file tree

Showing 10 changed files with 164 additions and 72 deletions.
diff --git a/.github/actions/deploy-backend/action.yml b/.github/actions/deploy-backend/action.yml
@@ -0,0 +1,33 @@
+name: Deploy Backend
+description: Deploy backend code to Cloud.gov environment.
+inputs:
+  USERNAME:
+    description: Cloud.gov user to authenticate with.
+    required: true
+  PASSWORD:
+    description: Cloud.gov authentication password.
+    required: true
+  ORG_NAME:
+    description: Cloud.gov Organization Name.
+    required: true # Default to our Org once setup.
+  SPACE_NAME:
+    description: Cloud.gov Space (environment) Name.
+    required: true
+  APP_NAME:
+    description: Applicaiton name (from manifest.yml).
+    required: true
+outputs:
+  BACKEND_DOMAIN:
+    description: Uri of the deployed backend.
+    value: ${{ steps.deploy-backend.outputs.BACKEND_DOMAIN }}
+runs:
+  using: composite
+  steps:
+    - name: Deploy to Cloud.gov
+      run: |
+          export PATH=$HOME/bin:$PATH
+          cf login -a https://api.fr.cloud.gov -u ${{ inputs.USERNAME }} -p ${{ inputs.PASSWORD }} -o ${{ inputs.ORG_NAME }} -s ${{ inputs.SPACE_NAME }}
+          cf push ${{ inputs.APP_NAME }} -f manifest.yml
+          BACKEND_GUID=$(cf app ${{ inputs.APP_NAME }} --guid)
+          BACKEND_DOMAIN=$(cf curl /v3/apps/$BACKEND_GUID/env | jq -r .application_env_json.VCAP_APPLICATION.application_uris[0])
+          echo "::set-output name=BACKEND_DOMAIN::${BACKEND_DOMAIN}"
diff --git a/.github/actions/deploy-frontend/action.yml b/.github/actions/deploy-frontend/action.yml
@@ -0,0 +1,28 @@
+name: Deploy Frontend
+description: Deploy frontend code to Cloud.gov environment.
+inputs:
+  USERNAME:
+    description: Cloud.gov user to authenticate with.
+    required: true
+  PASSWORD:
+    description: Cloud.gov authentication password.
+    required: true
+  ORG_NAME:
+    description: Cloud.gov Organization Name.
+    required: true # Default to our Org once setup.
+  SPACE_NAME:
+    description: Cloud.gov Space (environment) Name.
+    required: true
+  APP_NAME:
+    description: Applicaiton name (from manifest.yml).
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Deploy to Cloud.gov
+      id: deploy-frontend
+      run: |
+        export PATH=$HOME/bin:$PATH
+        cf login -a https://api.fr.cloud.gov -u ${{ inputs.USERNAME }} -p ${{ inputs.PASSWORD }} -o ${{ inputs.ORG_NAME }} -s ${{ inputs.SPACE_NAME }}
+        cf push ${{ inputs.APP_NAME }} -f manifest.yml
diff --git a/.github/actions/run-full-stack/action.yml b/.github/actions/run-full-stack/action.yml
@@ -0,0 +1,8 @@
+name: Run Full Stack
+description: Runs the full stack from the docker-compose.yml
+runs:
+  using: composite
+  steps:
+    - name: Start Stack
+      shell: bash
+      run: docker-compose up --build -d
diff --git a/.github/actions/setup-cloudfoundry/action.yml b/.github/actions/setup-cloudfoundry/action.yml
@@ -0,0 +1,10 @@
+name: Setup Cloud Foundry
+description: Download the cloud foundary binary
+runs:
+  using: composite
+  steps:
+    - name: Install CF
+      run: |
+        mkdir -p $HOME/bin
+        export PATH=$HOME/bin:$PATH
+        curl -L "https://cli.run.pivotal.io/stable?release=linux64-binary" | tar xzv -C $HOME/bin
diff --git a/.github/actions/setup-javascript/action.yml b/.github/actions/setup-javascript/action.yml
@@ -0,0 +1,15 @@
+name: Set up Javascript
+description: Installs Node.js and dependencies defined in package.json
+runs:
+  using: composite
+  steps:
+    - name: Set up node
+      uses: actions/setup-node@v2
+      with:
+        node-version: 18
+        cache: 'yarn'
+        cache-dependency-path: '**/yarn.lock'
+    - name: Install yarn dependencies
+      shell: bash
+      working-directory: ./frontend
+      run: yarn install --frozen-lockfile
diff --git a/.github/actions/setup-python/action.yml b/.github/actions/setup-python/action.yml
@@ -0,0 +1,17 @@
+name: Set up Python
+description: Installs Python3 and dependencies defined in the Pipfile
+runs:
+  using: composite
+  steps:
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.9'
+        cache: pipenv
+    - name: Install Pipenv
+      shell: bash
+      run: pip install pipenv
+    - name: Install Pipenv dependencies
+      shell: bash
+      working-directory: ./backend
+      run: pipenv install --dev
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -35,13 +35,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: actions/setup-python@v4
-        with:
-          python-version: '3.9'
-          cache: 'pipenv'
-
-      - name: Pipenv install
-        run: pip install pipenv
+      - uses: ./.github/actions/setup-python
 
       - name: Install backend dependencies
         working-directory: ./backend
@@ -51,15 +45,7 @@ jobs:
         working-directory: ./backend
         run: pipenv run nox -s lint
 
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 18
-          cache: 'yarn'
-          cache-dependency-path: '**/yarn.lock'
-
-      - name: Install frontend dependencies
-        working-directory: ./frontend
-        run: yarn install --frozen-lockfile
+      - uses: ./.github/actions/setup-javascript
 
       - name: Lint frontend
         working-directory: ./frontend

diff --git a/.github/workflows/dev_deploy.yml b/.github/workflows/dev_deploy.yml
@@ -20,37 +20,30 @@ jobs:
       NODE_ENV: production
     steps:
       - uses: actions/checkout@v3
-      - uses: actions/setup-python@v4
-        with:
-          python-version: '3.x'
-      - uses: actions/setup-node@v3
+      - uses: ./.github/actions/setup-python
+      - uses: ./.github/actions/setup-javascript
+      - uses: ./.github/actions/setup-cloudfoundry
+
+      - name: Deploy Backend
+        uses: ./.github/actions/deploy-backend
         with:
-          node-version: 18
-          cache: 'yarn'
-          cache-dependency-path: '**/yarn.lock'
-      - name: Install CF CLI
-        run: |
-          mkdir -p $HOME/bin
-          export PATH=$HOME/bin:$PATH
-          curl -L "https://cli.run.pivotal.io/stable?release=linux64-binary" | tar xzv -C $HOME/bin
-      - name: Install frontend dependencies
-        working-directory: ./frontend
-        run: yarn install --production --frozen-lockfile
-      - name: Deploy backend to Cloud.gov
-        id: backend-deploy
-        run: |
-          export PATH=$HOME/bin:$PATH
-          cf login -a https://api.fr.cloud.gov -u ${{ secrets.DEV_USER }} -p ${{ secrets.DEV_PASSWORD }} -o ${{ secrets.ORG_NAME }} -s ${{ secrets.SPACE_NAME }}
-          cf push opre-ops-test -f manifest.yml
-          BACKEND_GUID=$(cf app opre-ops-test --guid)
-          BACKEND_DOMAIN=$(cf curl /v3/apps/$BACKEND_GUID/env | jq -r .application_env_json.VCAP_APPLICATION.application_uris[0])
-          echo "::set-output name=BACKEND_DOMAIN::${BACKEND_DOMAIN}"
+          USERNAME: ${{ secrets.DEV_USER }}
+          PASSWORD: ${{ secrets.DEV_PASSWORD }}
+          ORG_NAME: ${{ secrets.ORG_NAME }}
+          SPACE_NAME: ${{ secrets.SPACE_NAME }}
+          APP_NAME: opre-ops-test
+
       - name: Build frontend
         working-directory: ./frontend
-        run: REACT_APP_BACKEND_DOMAIN=https://${{steps.backend-deploy.outputs.BACKEND_DOMAIN}} yarn build
-      - name: Deploy frontend to Cloud.gov
         run: |
-          export PATH=$HOME/bin:$PATH
+          REACT_APP_BACKEND_DOMAIN=https://${{steps.backend-deploy.outputs.BACKEND_DOMAIN}} yarn build
           cp ./frontend/Staticfile ./frontend/build/
-          cf login -a https://api.fr.cloud.gov -u ${{ secrets.DEV_USER }} -p ${{ secrets.DEV_PASSWORD }} -o ${{ secrets.ORG_NAME }} -s ${{ secrets.SPACE_NAME }}
-          cf push opre-ops-frontend-test -f manifest.yml
+
+      - name: Deploy frontend
+        uses: ./.github/actions/deploy-frontend
+        with:
+          USERNAME: ${{ secrets.DEV_USER }}
+          PASSWORD: ${{ secrets.DEV_PASSWORD }}
+          ORG_NAME: ${{ secrets.ORG_NAME }}
+          SPACE_NAME: ${{ secrets.SPACE_NAME }}
+          APP_NAME: opre-ops-frontend-test
diff --git a/.github/workflows/nightly_scans.yml b/.github/workflows/nightly_scans.yml
@@ -0,0 +1,25 @@
+name: Nightly Security Analysis
+on:
+  workflow_dispatch:
+  schedule:
+    # cron format: 'minute hour dayofmonth month dayofweek'
+    # this will run at 8AM UTC every day (3am EST / 4am EDT)
+    - cron: '0 8 * * *'
+
+jobs:
+  dast-scan:
+    name: OWASP Zap Scan
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - id: setup
+        uses: ./.github/actions/run-full-stack
+
+      - name: Run OWASP Zap Scan
+        uses: zaproxy/[email protected]
+        with:
+          docker_name: 'owasp/zap2docker-stable'
+          target: 'http://localhost:3000/'
+          fail_action: true
+          cmd_options: '-I'
diff --git a/.github/workflows/unit_test_reusable.yml b/.github/workflows/unit_test_reusable.yml
@@ -8,15 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: actions/setup-python@v4
-        with:
-          python-version: '3.9'
-          cache: pipenv
-      - name: Pipenv install
-        run: pip install pipenv
-      - name: Install backend dependencies
-        working-directory: ./backend
-        run: pipenv install --dev
+      - uses: ./.github/actions/setup-python
       - name: Run backend unit tests
         working-directory: ./backend
         run: pipenv run pytest
@@ -26,14 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 18
-          cache: 'yarn'
-          cache-dependency-path: '**/yarn.lock'
-      - name: Install frontend dependencies
-        working-directory: ./frontend
-        run: yarn install --frozen-lockfile
+      - uses: ./.github/actions/setup-javascript
       - name: Run frontend unit tests
         working-directory: ./frontend
         run: yarn test
@@ -45,17 +30,9 @@ jobs:
         uses: actions/checkout@v3
       # Install NPM dependencies, cache them correctly
       # and run all Cypress tests
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 18
-          cache: 'yarn'
-          cache-dependency-path: '**/yarn.lock'
-      - name: Install frontend dependencies
-        working-directory: frontend
-        run: yarn install --frozen-lockfile
+      - uses: ./.github/actions/setup-javascript
       # Stand up the system stack, to have something to poke
-      - name: Start Stack
-        run: docker-compose up --build -d
+      - uses: ./.github/actions/run-full-stack
       # Run the Cypress E2E Tests
       - name: E2E Test
         working-directory: frontend