[188912] Improve global program filter #749

Workflow file for this run

	name: CI

	on:
	push:
	branches:
	- develop
	- staging
	- master
	- ephemeral-*
	pull_request:
	branches:
	- develop
	- staging
	- master
	- ephemeral-*

	jobs:
	frontend_tests:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout code
	uses: actions/checkout@v2
	- name: Use Node.js
	uses: actions/setup-node@v2
	with:
	node-version: '18'
	- name: Cache dependencies
	uses: actions/cache@v2
	with:
	path: \|
	frontend/node_modules
	frontend/.yarn
	frontend/.yarn/cache
	key: ${{ runner.os }}-node-${{ hashFiles('frontend/yarn.lock') }}
	restore-keys: \|
	${{ runner.os }}-node-
	- run: yarn install --frozen-lockfile
	working-directory: frontend
	- run: yarn test --watchAll=false
	working-directory: frontend

	build_and_push_dev:
	runs-on: ubuntu-latest
	steps:
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v1
	- name: Checkout code
	uses: actions/checkout@v2
	- name: DockerHub login
	uses: docker/login-action@v1
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Push dev
	run: \|
	docker buildx create --use
	docker buildx build \
	--cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-${{ github.sha }}-dev \
	--cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-latest-dev \
	--cache-to ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-${{ github.sha }}-dev \
	--cache-to ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-latest-dev \
	-t ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \
	-t ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-latest-dev \
	-f ./docker/Dockerfile \
	--target dev \
	--push \
	./

	isort:
	runs-on: ubuntu-latest
	needs: [build_and_push_dev]
	steps:
	- name: Checkout code
	uses: actions/checkout@v2
	- name: DockerHub login
	uses: docker/login-action@v1
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Check
	run: \|
	docker run --rm -i \
	${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \
	isort . --check-only

	black:
	runs-on: ubuntu-latest
	needs: [build_and_push_dev]
	steps:
	- name: Checkout code
	uses: actions/checkout@v2
	- name: DockerHub login
	uses: docker/login-action@v1
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Check
	run: \|
	docker run --rm -i \
	${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \
	black . --check

	flake8:
	runs-on: ubuntu-latest
	needs: [build_and_push_dev]
	steps:
	- name: Checkout code
	uses: actions/checkout@v2
	- name: DockerHub login
	uses: docker/login-action@v1
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Check
	run: \|
	docker run --rm -i \
	${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \
	flake8 .

	mypy:
	runs-on: ubuntu-latest
	needs: [build_and_push_dev]
	steps:
	- name: Checkout code
	uses: actions/checkout@v2
	- name: DockerHub login
	uses: docker/login-action@v1
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Check
	run: \|
	docker run --rm -i \
	${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \
	mypy .

	build_and_push_dist:
	needs: [build_and_push_dev]
	runs-on: ubuntu-latest
	steps:
	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v1
	- name: Checkout code
	uses: actions/checkout@v2
	- name: DockerHub login
	uses: docker/login-action@v1
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Push dist
	run: \|
	docker buildx create --use

	# Base part of the command
	build_command="docker buildx build \
	--progress=plain \
	--cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-${{ github.sha }}-dev \
	--cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-latest-dev \
	--cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-${{ github.sha }}-dist \
	--cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-latest-dist \
	--cache-to ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-${{ github.sha }}-dist \
	--cache-to ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-latest-dist \
	-t ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dist \
	-t ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }} \
	-f ./docker/Dockerfile \
	--target dist \
	--push ./"

	if [ "${{ github.ref }}" = "refs/heads/master" ]; then
	version=$(python3 -c "import sys; version=None; [version:=line.split('=')[1].strip().strip('\"') for line in open('backend/pyproject.toml', 'r') if line.strip().startswith('version =')]; print(version if version else sys.exit(1))")
	tagged_image=${{ vars.DOCKERHUB_ORGANIZATION }}/hope:core-$version
	build_command="$build_command -t $tagged_image"
	fi

	eval $build_command

	unit_tests:
	runs-on: ubuntu-latest
	needs: [build_and_push_dev]
	steps:
	- name: Checkout code
	uses: actions/checkout@v2
	- name: DockerHub login
	uses: docker/login-action@v1
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Unit tests
	run: \|
	backend_image=${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev docker compose \
	-f ./deployment/docker-compose.tst.yml \
	run backend ./dev.sh test
	- name: Upload coverage to Codecov
	uses: codecov/codecov-action@v4
	with:
	files: ./backend/coverage.xml
	flags: unittests
	token: ${{ secrets.CODECOV_TOKEN }}
	verbose: true

	e2e_tests:
	runs-on: ubuntu-latest
	needs: [build_and_push_dist]
	steps:
	- name: Checkout code
	uses: actions/checkout@v2
	- name: DockerHub login
	uses: docker/login-action@v1
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: E2E tests
	run: \|
	dist_backend_image=${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dist dev_backend_image=${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev docker compose \
	-f ./deployment/docker-compose.selenium.yml \
	run selenium
	- name: Upload Artifact
	uses: actions/upload-artifact@v4
	continue-on-error: true
	with:
	name: report
	path: ./backend/report/
	retention-days: 5
	- name: Upload coverage to Codecov
	uses: codecov/codecov-action@v4
	continue-on-error: true
	with:
	files: ./backend/coverage.xml
	flags: e2e
	token: ${{ secrets.CODECOV_TOKEN }}
	verbose: true

	trivy:
	runs-on: ubuntu-latest
	needs: [build_and_push_dist]
	steps:
	- name: Checkout code
	uses: actions/checkout@v2
	- name: DockerHub login
	uses: docker/login-action@v1
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}
	- name: Run Trivy vulnerability scanner
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: '${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}'
	format: 'table'
	exit-code: '0'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: 'CRITICAL,HIGH'
	deploy:
	runs-on: ubuntu-latest
	needs: [e2e_tests, unit_tests, isort, black, flake8, mypy, frontend_tests]
	if: \|
	github.event_name == 'push' &&
	(
	github.ref == 'refs/heads/develop' \|\|
	github.ref == 'refs/heads/staging' \|\|
	github.ref == 'refs/heads/master' \|\|
	github.ref == 'refs/heads/ephemeral-1' \|\|
	github.ref == 'refs/heads/ephemeral-2' \|\|
	github.ref == 'refs/heads/ephemeral-3'
	)
	steps:
	- name: Trigger deploy
	run: \|
	# TODO: make it prettier
	if [ ${{ github.ref }} == 'refs/heads/develop' ]; then
	pipelineId=1159
	elif [ ${{ github.ref }} == 'refs/heads/staging' ]; then
	pipelineId=1160
	elif [ ${{ github.ref }} == 'refs/heads/master' ]; then
	pipelineId=1161,1165
	elif [ ${{ github.ref }} == 'refs/heads/ephemeral-1' ]; then
	pipelineId=1164
	elif [ ${{ github.ref }} == 'refs/heads/ephemeral-2' ]; then
	pipelineId=1253
	elif [ ${{ github.ref }} == 'refs/heads/ephemeral-3' ]; then
	pipelineId=1283
	else
	echo "No pipeline to trigger for ref ${{ github.ref }}"
	exit 0
	fi

	IFS=',' read -ra pipelines <<< "$pipelineId"
	for pipeline in "${pipelines[@]}"; do
	jsonBody='{"variables": {"sha": {"isSecret": false, "value": "${{ github.sha }}"}, "tag": {"isSecret": false, "value": "core-${{ github.sha }}"}}}'
	contentLength=$(echo -n $jsonBody \| wc -c)
	project=ICTD-HCT-MIS
	organization=unicef

	echo Triggering deploy for pipeline $pipeline
	echo JSON body: $jsonBody

	curl -v -L \
	-u ":${{ secrets.AZURE_PAT }}" \
	-H "Content-Type: application/json" \
	-H "Content-Length: $contentLength" \
	-d "$jsonBody" \
	https://dev.azure.com/$organization/$project/_apis/pipelines/$pipeline/runs?api-version=7.1-preview.1
	if [ $? -ne 0 ]; then
	echo "Failed to trigger deploy for pipeline $pipeline"
	exit 1
	fi
	done

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[188912] Improve global program filter #749

Workflow file

[188912] Improve global program filter #749

Jobs

Run details

Workflow file for this run