Feature/fix filter by rdi #819
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- develop | |
- staging | |
- master | |
- ephemeral-* | |
pull_request: | |
branches: | |
- develop | |
- staging | |
- master | |
- ephemeral-* | |
jobs: | |
frontend_tests: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: Use Node.js | |
uses: actions/setup-node@v2 | |
with: | |
node-version: '18' | |
- name: Cache dependencies | |
uses: actions/cache@v2 | |
with: | |
path: | | |
frontend/node_modules | |
frontend/.yarn | |
frontend/.yarn/cache | |
key: ${{ runner.os }}-node-${{ hashFiles('frontend/yarn.lock') }} | |
restore-keys: | | |
${{ runner.os }}-node- | |
- run: yarn install --frozen-lockfile | |
working-directory: frontend | |
- run: yarn test --watchAll=false | |
working-directory: frontend | |
build_and_push_dev: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: DockerHub login | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Push dev | |
run: | | |
docker buildx create --use | |
docker buildx build \ | |
--cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-${{ github.sha }}-dev \ | |
--cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-latest-dev \ | |
--cache-to ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-${{ github.sha }}-dev \ | |
--cache-to ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-latest-dev \ | |
-t ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \ | |
-t ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-latest-dev \ | |
-f ./docker/Dockerfile \ | |
--target dev \ | |
--push \ | |
./ | |
isort: | |
runs-on: ubuntu-latest | |
needs: [build_and_push_dev] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: DockerHub login | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Check | |
run: | | |
docker run --rm -i \ | |
${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \ | |
isort . --check-only | |
black: | |
runs-on: ubuntu-latest | |
needs: [build_and_push_dev] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: DockerHub login | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Check | |
run: | | |
docker run --rm -i \ | |
${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \ | |
black . --check | |
flake8: | |
runs-on: ubuntu-latest | |
needs: [build_and_push_dev] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: DockerHub login | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Check | |
run: | | |
docker run --rm -i \ | |
${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \ | |
flake8 . | |
mypy: | |
runs-on: ubuntu-latest | |
needs: [build_and_push_dev] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: DockerHub login | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Check | |
run: | | |
docker run --rm -i \ | |
${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \ | |
mypy . | |
build_and_push_dist: | |
needs: [build_and_push_dev] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: DockerHub login | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Push dist | |
run: | | |
docker buildx create --use | |
# Base part of the command | |
build_command="docker buildx build \ | |
--progress=plain \ | |
--cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-${{ github.sha }}-dev \ | |
--cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-latest-dev \ | |
--cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-${{ github.sha }}-dist \ | |
--cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-latest-dist \ | |
--cache-to ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-${{ github.sha }}-dist \ | |
--cache-to ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-latest-dist \ | |
-t ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dist \ | |
-t ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }} \ | |
-f ./docker/Dockerfile \ | |
--target dist \ | |
--push ./" | |
if [ "${{ github.ref }}" = "refs/heads/master" ]; then | |
version=$(python3 -c "import sys; version=None; [version:=line.split('=')[1].strip().strip('\"') for line in open('backend/pyproject.toml', 'r') if line.strip().startswith('version =')]; print(version if version else sys.exit(1))") | |
tagged_image=${{ vars.DOCKERHUB_ORGANIZATION }}/hope:core-$version | |
build_command="$build_command -t $tagged_image" | |
fi | |
eval $build_command | |
unit_tests: | |
runs-on: ubuntu-latest | |
needs: [build_and_push_dev] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: DockerHub login | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Unit tests | |
run: | | |
backend_image=${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev docker compose \ | |
-f ./deployment/docker-compose.tst.yml \ | |
run backend ./dev.sh test | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v4 | |
with: | |
files: ./backend/coverage.xml | |
flags: unittests | |
token: ${{ secrets.CODECOV_TOKEN }} | |
verbose: true | |
e2e_tests: | |
runs-on: ubuntu-latest | |
needs: [build_and_push_dist] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: DockerHub login | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: E2E tests | |
run: | | |
dist_backend_image=${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dist dev_backend_image=${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev docker compose \ | |
-f ./deployment/docker-compose.selenium.yml \ | |
run selenium | |
- name: Upload Artifact | |
uses: actions/upload-artifact@v4 | |
continue-on-error: true | |
with: | |
name: report | |
path: ./backend/report/ | |
retention-days: 5 | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v4 | |
continue-on-error: true | |
with: | |
files: ./backend/coverage.xml | |
flags: e2e | |
token: ${{ secrets.CODECOV_TOKEN }} | |
verbose: true | |
trivy: | |
runs-on: ubuntu-latest | |
needs: [build_and_push_dist] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: DockerHub login | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Run Trivy vulnerability scanner | |
uses: aquasecurity/trivy-action@master | |
with: | |
image-ref: '${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}' | |
format: 'table' | |
exit-code: '0' | |
ignore-unfixed: true | |
vuln-type: 'os,library' | |
severity: 'CRITICAL,HIGH' | |
deploy: | |
runs-on: ubuntu-latest | |
needs: [e2e_tests, unit_tests, isort, black, flake8, mypy, frontend_tests] | |
if: | | |
github.event_name == 'push' && | |
( | |
github.ref == 'refs/heads/develop' || | |
github.ref == 'refs/heads/staging' || | |
github.ref == 'refs/heads/master' || | |
github.ref == 'refs/heads/ephemeral-1' || | |
github.ref == 'refs/heads/ephemeral-2' || | |
github.ref == 'refs/heads/ephemeral-3' | |
) | |
steps: | |
- name: Trigger deploy | |
run: | | |
# TODO: make it prettier | |
if [ ${{ github.ref }} == 'refs/heads/develop' ]; then | |
pipelineId=1159 | |
elif [ ${{ github.ref }} == 'refs/heads/staging' ]; then | |
pipelineId=1160 | |
elif [ ${{ github.ref }} == 'refs/heads/master' ]; then | |
pipelineId=1161,1165 | |
elif [ ${{ github.ref }} == 'refs/heads/ephemeral-1' ]; then | |
pipelineId=1164 | |
elif [ ${{ github.ref }} == 'refs/heads/ephemeral-2' ]; then | |
pipelineId=1253 | |
elif [ ${{ github.ref }} == 'refs/heads/ephemeral-3' ]; then | |
pipelineId=1283 | |
else | |
echo "No pipeline to trigger for ref ${{ github.ref }}" | |
exit 0 | |
fi | |
IFS=',' read -ra pipelines <<< "$pipelineId" | |
for pipeline in "${pipelines[@]}"; do | |
jsonBody='{"variables": {"sha": {"isSecret": false, "value": "${{ github.sha }}"}, "tag": {"isSecret": false, "value": "core-${{ github.sha }}"}}}' | |
contentLength=$(echo -n $jsonBody | wc -c) | |
project=ICTD-HCT-MIS | |
organization=unicef | |
echo Triggering deploy for pipeline $pipeline | |
echo JSON body: $jsonBody | |
curl -v -L \ | |
-u ":${{ secrets.AZURE_PAT }}" \ | |
-H "Content-Type: application/json" \ | |
-H "Content-Length: $contentLength" \ | |
-d "$jsonBody" \ | |
https://dev.azure.com/$organization/$project/_apis/pipelines/$pipeline/runs?api-version=7.1-preview.1 | |
if [ $? -ne 0 ]; then | |
echo "Failed to trigger deploy for pipeline $pipeline" | |
exit 1 | |
fi | |
done |