fix: upgrade multiple dependencies with Snyk #8504
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy | |
concurrency: ci-${{ github.ref }} | |
on: | |
push: | |
branches: | |
- "*" | |
- "!skipci*" | |
permissions: | |
id-token: write | |
contents: read | |
actions: read | |
jobs: | |
lint: | |
name: Lint | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: "20.x" | |
- name: Install dependencies | |
run: | | |
npm ci --legacy-peer-deps | |
for service in services/*/; do | |
pushd "$service" | |
if [ -f package-lock.json ]; then npm ci --legacy-peer-deps; fi | |
popd | |
done | |
- name: Run ESLint | |
run: npx eslint --max-warnings=0 services | |
unit-test: | |
name: Unit Test | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: "20.x" | |
- name: Unit Test & Publish Coverage | |
uses: paambaati/codeclimate-action@v5.0.0 | |
env: | |
CC_TEST_REPORTER_ID: ${{ secrets.CODECLIMATE_TEST_REPORTER_ID }} | |
with: | |
debug: true | |
coverageCommand: ./unit-test.sh | |
coverageLocations: | | |
${{github.workspace}}/services/*/coverage/lcov.info:lcov | |
deploy: | |
name: Deploy | |
needs: | |
- lint | |
- unit-test | |
runs-on: ubuntu-latest | |
environment: | |
name: ${{ startsWith(github.ref_name, 'snyk-') && 'snyk' || github.ref_name }} | |
url: "https://onemac.cms.gov" | |
steps: | |
- name: set branch_name | |
run: echo "branch_name=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV | |
- name: Check branch name is a legal serverless stage name | |
run: | | |
if [[ ! $branch_name =~ ^[a-z][a-z0-9-]*$ ]] || [[ $branch_name -gt 128 ]]; then | |
echo """ | |
------------------------------------------------------------------------------------------------------------------------------ | |
ERROR: Please read below | |
------------------------------------------------------------------------------------------------------------------------------ | |
Bad branch name detected; cannot continue. | |
The Serverless Application Framework has a concept of stages that facilitate multiple deployments of the same service. | |
In this setup, the git branch name gets passed to Serverless to serve as the stage name. | |
The stage name (branch name in this case) is tacked onto the end of the service name by Serverless. | |
Therefore, the branch name must be a valid service name. | |
From Serverless: | |
A service name should only contain alphanumeric (case sensitive) and hyphens. It should start with an alphabetic character and shouldnt exceed 128 characters. | |
For Github Actions support, please push your code to a new branch with a name that meets Serverless' service name requirements. | |
So, make a new branch with a name that begins with a letter and is made up of only letters, numbers, and hyphens... then delete this branch. | |
------------------------------------------------------------------------------------------------------------------------------ | |
""" | |
exit 1 | |
fi | |
- uses: actions/checkout@v3 | |
- name: Validate branch name | |
run: ./.github/branchNameValidation.sh $STAGE_PREFIX$branch_name | |
- name: set branch specific variable names | |
run: ./.github/build_vars.sh set_names | |
- name: set variable values | |
run: ./.github/build_vars.sh set_values | |
env: | |
AWS_OIDC_ROLE_TO_ASSUME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }} | |
AWS_DEFAULT_REGION: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }} | |
INFRASTRUCTURE_TYPE: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_INFRASTRUCTURE_TYPE] || secrets.INFRASTRUCTURE_TYPE || 'development' }} | |
ROUTE_53_HOSTED_ZONE_ID: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_ROUTE_53_HOSTED_ZONE_ID] }} | |
ROUTE_53_DOMAIN_NAME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_ROUTE_53_DOMAIN_NAME] }} | |
CLOUDFRONT_CERTIFICATE_ARN: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_CLOUDFRONT_CERTIFICATE_ARN] }} | |
CLOUDFRONT_DOMAIN_NAME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_CLOUDFRONT_DOMAIN_NAME] }} | |
STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }} | |
METRICS_USERS: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_METRICS_USERS] || secrets.METRICS_USERS }} | |
OKTA_METADATA_URL: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_OKTA_METADATA_URL] || secrets.OKTA_METADATA_URL }} | |
COGNITO_TEST_USERS_PASSWORD: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_COGNITO_TEST_USERS_PASSWORD] || secrets.COGNITO_TEST_USERS_PASSWORD }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
REACT_APP_GOOGLE_TAG: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_REACT_APP_GOOGLE_TAG] || secrets[env.REACT_APP_GOOGLE_TAG] }} | |
- name: Configure AWS credentials for GitHub Actions | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }} | |
aws-region: ${{ env.AWS_DEFAULT_REGION }} | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: "20.x" | |
- name: Combine package-lock.json files to single file | |
run: find services -maxdepth 3 -name package-lock.json | xargs cat package-lock.json > combined-package-lock.txt | |
- name: cache service dependencies | |
uses: actions/cache@v3 | |
with: | |
path: | | |
services/.sechub/node_modules | |
services/admin/node_modules | |
services/seatool-sink/node_modules | |
services/uploads/node_modules | |
services/app-api/node_modules | |
services/email/node_modules | |
services/one-stream/node_modules | |
services/ui/node_modules | |
services/ui-auth/node_modules | |
services/ui-src/node_modules | |
node_modules | |
key: ${{ runner.os }}-${{ hashFiles('combined-package-lock.txt') }} | |
- name: set path | |
run: | | |
echo "PATH=$(pwd)/node_modules/.bin/:$PATH" >> $GITHUB_ENV | |
- name: Set dev login flag for all but production branch | |
if: ${{ env.branch_name != 'production' }} | |
run: echo "ALLOW_DEV_LOGIN=true" >> $GITHUB_ENV | |
- name: Set testing email address unless in prod | |
if: ${{ env.branch_name != 'production' }} | |
run: echo "TESTING_TEAM_EMAIL=macproemailnotification@gmail.com" >> $GITHUB_ENV | |
- name: deploy | |
run: | | |
# When deploying multiple copies of this quickstart to the same AWS Account (not ideal), a prefix helps prevent stepping on each other. | |
# This can optionally be set as a variable in GitHub Actions Secrets | |
./deploy.sh $STAGE_PREFIX$branch_name | |
- name: Output Endpoint | |
run: | | |
pushd services | |
echo "::notice::Endpoint URL - `./output.sh ui ApplicationEndpointUrl $STAGE_PREFIX$branch_name`" | |
popd | |
configure: | |
name: Configure | |
needs: | |
- deploy | |
runs-on: ubuntu-latest | |
steps: | |
- name: set branch_name | |
run: echo "branch_name=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV | |
- name: Check branch name is a legal serverless stage name | |
run: | | |
if [[ ! $branch_name =~ ^[a-z][a-z0-9-]*$ ]] || [[ $branch_name -gt 128 ]]; then | |
echo """ | |
------------------------------------------------------------------------------------------------------------------------------ | |
ERROR: Please read below | |
------------------------------------------------------------------------------------------------------------------------------ | |
Bad branch name detected; cannot continue. | |
The Serverless Application Framework has a concept of stages that facilitate multiple deployments of the same service. | |
In this setup, the git branch name gets passed to Serverless to serve as the stage name. | |
The stage name (branch name in this case) is tacked onto the end of the service name by Serverless. | |
Therefore, the branch name must be a valid service name. | |
From Serverless: | |
A service name should only contain alphanumeric (case sensitive) and hyphens. It should start with an alphabetic character and shouldnt exceed 128 characters. | |
For Github Actions support, please push your code to a new branch with a name that meets Serverless' service name requirements. | |
So, make a new branch with a name that begins with a letter and is made up of only letters, numbers, and hyphens... then delete this branch. | |
------------------------------------------------------------------------------------------------------------------------------ | |
""" | |
exit 1 | |
fi | |
- uses: actions/checkout@v3 | |
- name: Validate branch name | |
run: ./.github/branchNameValidation.sh $STAGE_PREFIX$branch_name | |
- name: set branch specific variable names | |
run: ./.github/build_vars.sh set_names | |
- name: set variable values | |
run: ./.github/build_vars.sh set_values | |
env: | |
AWS_OIDC_ROLE_TO_ASSUME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }} | |
AWS_DEFAULT_REGION: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }} | |
INFRASTRUCTURE_TYPE: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_INFRASTRUCTURE_TYPE] || secrets.INFRASTRUCTURE_TYPE || 'development' }} | |
ROUTE_53_HOSTED_ZONE_ID: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_ROUTE_53_HOSTED_ZONE_ID] }} | |
ROUTE_53_DOMAIN_NAME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_ROUTE_53_DOMAIN_NAME] }} | |
CLOUDFRONT_CERTIFICATE_ARN: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_CLOUDFRONT_CERTIFICATE_ARN] }} | |
CLOUDFRONT_DOMAIN_NAME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_CLOUDFRONT_DOMAIN_NAME] }} | |
STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }} | |
METRICS_USERS: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_METRICS_USERS] || secrets.METRICS_USERS }} | |
OKTA_METADATA_URL: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_OKTA_METADATA_URL] || secrets.OKTA_METADATA_URL }} | |
COGNITO_TEST_USERS_PASSWORD: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_COGNITO_TEST_USERS_PASSWORD] || secrets.COGNITO_TEST_USERS_PASSWORD }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
- name: Configure AWS credentials for GitHub Actions | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }} | |
aws-region: ${{ env.AWS_DEFAULT_REGION }} | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: "20.x" | |
- name: Combine package-lock.json files to single file | |
run: find services -maxdepth 3 -name package-lock.json | xargs cat package-lock.json > combined-package-lock.txt | |
- name: cache service dependencies | |
uses: actions/cache@v3 | |
with: | |
path: | | |
services/.sechub/node_modules | |
services/admin/node_modules | |
services/seatool-sink/node_modules | |
services/uploads/node_modules | |
services/app-api/node_modules | |
services/email/node_modules | |
services/one-stream/node_modules | |
services/ui/node_modules | |
services/ui-auth/node_modules | |
services/ui-src/node_modules | |
node_modules | |
key: ${{ runner.os }}-${{ hashFiles('combined-package-lock.txt') }} | |
- name: set path | |
run: | | |
echo "PATH=$(pwd)/node_modules/.bin/:$PATH" >> $GITHUB_ENV | |
- name: Set dev login flag for all but production branch | |
if: ${{ env.branch_name != 'production' }} | |
run: echo "ALLOW_DEV_LOGIN=true" >> $GITHUB_ENV | |
- name: Set testing email address unless in prod | |
if: ${{ env.branch_name != 'production' }} | |
run: echo "TESTING_TEAM_EMAIL=macproemailnotification@gmail.com" >> $GITHUB_ENV | |
- name: Output Endpoint | |
run: | | |
pushd services | |
echo "::notice::Endpoint URL - `./output.sh ui ApplicationEndpointUrl $STAGE_PREFIX$branch_name`" | |
popd | |
- name: Consolidate Seed Data | |
if: ${{ env.branch_name != 'production'}} | |
run: cd services/app-api/seed-data && ./buildSeedData.py . | |
- name: Seed Data | |
if: ${{ env.branch_name != 'production' }} | |
env: | |
SLS_DEBUG: 'true' | |
BRANCH: ${{ env.STAGE_PREFIX }}${{ env.branch_name }} | |
run: | | |
set +e | |
cd services/app-api | |
serverless dynamodb seed --stage=$BRANCH --region=$AWS_DEFAULT_REGION --online | |
if [ $? -ne 0 ]; then | |
echo "Seed data step failed but continuing with the pipeline." | |
fi | |
set -e | |
- name: Load Test Users | |
if: ${{ env.branch_name != 'production'}} | |
run: ./loadTestUsers.py $STAGE_PREFIX$branch_name | |
- name: Migrate Data | |
if: ${{ env.branch_name != 'production'}} | |
run: cd ./services/app-api && sls invoke -s $STAGE_PREFIX$branch_name -f migrate | |
- name: Reset Test Data | |
if: ${{ env.branch_name != 'production'}} | |
run: cd ./services/admin && sls invoke -s $STAGE_PREFIX$branch_name -f resetData | |
cypress-test: | |
name: Cypress Tests | |
needs: configure | |
if: ${{ github.ref != 'refs/heads/production'}} | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
containers: | |
[ | |
Package_Details_Appendix_K_CMS_User.spec.feature, | |
Package_Details_Appendix_K_State_User.spec.feature, | |
Package_Details_CHIP_SPA_CMS_User.spec.feature, | |
Package_Details_CHIP_SPA_State_User.spec.feature, | |
Package_Details_Initial_Waiver_CMS_User.spec.feature, | |
Package_Details_Initial_Waiver_State_User.spec.feature, | |
Package_Details_Medicaid_SPA_CMS_User.spec.feature, | |
Package_Details_Medicaid_SPA_State_User.spec.feature, | |
Package_Details_Renewal_Waiver_CMS_User.spec.feature, | |
Package_Details_Renewal_Waiver_State_User.spec.feature, | |
Package_Details_Temporary_Extension_CMS_User.spec.feature, | |
Package_Details_Temporary_Extension_State_User.spec.feature, | |
Package_Details_Waiver_Amendment_CMS_User.spec.feature, | |
Package_Details_Waiver_Amendment_State_User.spec.feature, | |
Dashboard_Initial_Waiver_RAI_Response.spec.feature, | |
Dashboard_Column_Picker_SPA_CMS.spec.feature, | |
Dashboard_Column_Picker_SPA_State.spec.feature, | |
Dashboard_Column_Picker_Waiver_CMS.spec.feature, | |
Dashboard_Column_Picker_Waiver_State.spec.feature, | |
Dashboard_Filter_By_State.spec.feature, | |
Dashboard_Filter_options_that_include_Dates.spec.feature, | |
Dashboard_Filter_options_that_include_Dates_CMS.spec.feature, | |
Dashboard_Filter.spec.feature, | |
Dashboard_Search_Bar.spec.feature, | |
Dashboard_Medicaid_SPA_RAI_Response.spec.feature, | |
Dashboard_Waiver_Renewal_RAI_Response.spec.feature, | |
SPA_Form_Logic.spec.feature, | |
Dashboard_Tabs.spec.feature, | |
Dashboard_Waiver_Amendment_RAI_Response.spec.feature, | |
Comprehensive_Capitated_1915b_Waiver_Form_Logic.spec.feature, | |
FFS_Selective_Waiver_Form_Logic.spec.feature, | |
Profile_View_CMS_Approver.spec.feature, | |
Profile_View_CMS_System_Admin.spec.feature, | |
Profile_View_CMS_User_Denied.spec.feature, | |
Profile_View_CMS_User_Revoked.spec.feature, | |
Profile_View_Helpdesk_User.spec.feature, | |
Profile_View_Mixed_Case_Emails.spec.feature, | |
Profile_View_State_Submitter.spec.feature, | |
Profile_View_State_System_Admin.spec.feature, | |
Request_A_Role_Change_As_CMS_Read_Only.spec.feature, | |
Request_A_Role_Change.spec.feature, | |
Home_Page.spec.feature, | |
FAQ_Page.spec.feature, | |
Chip_SPA_Form.spec.feature, | |
Medicaid_SPA_Form.spec.feature, | |
CMS_Read_Only_View.spec.feature, | |
Appendix_K_Form.spec.feature, | |
FFS_Selective_Waiver_Amendment_Form.spec.feature, | |
FFS_Selective_Waiver_Renewal_Form.spec.feature, | |
FFS_Selective_Initial_Waiver_Form.spec.feature, | |
Comprehensive_Capitated_1915b_Initial_Waiver_Form.spec.feature, | |
Comprehensive_Capitated_1915b_Waiver_Amendment_Form.spec.feature, | |
Comprehensive_Capitated_1915b_Waiver_Renewal_Form.spec.feature, | |
Dashboard_CHIP_SPA_RAI_Response.spec.feature, | |
Dashboard_AppK_RAI_Response.spec.feature, | |
Temporary_Extension_1915b_Form.spec.feature, | |
Temporary_Extension_1915c_Form.spec.feature, | |
Dashboard_No_Action_Packages.spec.feature, | |
Dashboard_RAI_Issued_Actions.spec.feature, | |
Dashboard_Under_Review_Actions.spec.feature, | |
Dashboard_Approved_Actions.spec.feature, | |
Dashboard_Filter_CMS.spec.feature, | |
Withdraw_Package_Form_App_K_Amendment.spec.feature, | |
Withdraw_Package_Form_CHIP_SPA.spec.feature, | |
Withdraw_Package_Form_Initial_Waiver.spec.feature, | |
Withdraw_Package_Form_Medicaid_SPA.spec.feature, | |
Withdraw_Package_Form_Waiver_Amendment.spec.feature, | |
Withdraw_Package_Form_Waiver_Renewal.spec.feature, | |
Subsequent_Submission_1915b_Amendment_Waiver.spec.feature, | |
Subsequent_Submission_1915c_Appendix_K.spec.feature, | |
Subsequent_Submission_CHIP_Spa.spec.feature, | |
Subsequent_Submission_Initial_Waiver.spec.feature, | |
Subsequent_Submission_Medicaid_Spa.spec.feature, | |
Subsequent_Submission_Renewal_Waiver.spec.feature, | |
] | |
steps: | |
- name: set branch_name | |
run: echo "branch_name=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV | |
- uses: actions/checkout@v3 | |
- name: set branch specific variable names | |
run: ./.github/build_vars.sh set_names | |
- name: set variable values | |
run: ./.github/build_vars.sh set_values | |
env: | |
AWS_OIDC_ROLE_TO_ASSUME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }} | |
AWS_DEFAULT_REGION: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }} | |
INFRASTRUCTURE_TYPE: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_INFRASTRUCTURE_TYPE] || secrets.INFRASTRUCTURE_TYPE || 'development' }} | |
STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }} | |
COGNITO_TEST_USERS_PASSWORD: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_COGNITO_TEST_USERS_PASSWORD] || secrets.COGNITO_TEST_USERS_PASSWORD }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
- name: Configure AWS credentials for GitHub Actions | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }} | |
aws-region: ${{ env.AWS_DEFAULT_REGION }} | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: 18 | |
- name: Combine package-lock.json files to single file | |
run: find services -maxdepth 3 -name package-lock.json | xargs cat package-lock.json > combined-package-lock.txt | |
- name: cache service dependencies | |
uses: actions/cache@v3 | |
with: | |
path: | | |
services/uploads/node_modules | |
services/app-api/node_modules | |
services/ui/node_modules | |
services/ui-auth/node_modules | |
services/ui-src/node_modules | |
node_modules | |
key: ${{ runner.os }}-${{ hashFiles('combined-package-lock.txt') }} | |
- name: Install dependencies | |
run: | | |
npm ci --legacy-peer-deps | |
- name: set path | |
run: | | |
echo "PATH=$(pwd)/node_modules/.bin/:$PATH" >> $GITHUB_ENV | |
- name: Endpoint | |
run: | | |
pushd services | |
export APPLICATION_ENDPOINT=`./output.sh ui ApplicationEndpointUrl $STAGE_PREFIX$branch_name` | |
echo "APPLICATION_ENDPOINT=$APPLICATION_ENDPOINT" >> $GITHUB_ENV | |
echo "Application endpoint: $APPLICATION_ENDPOINT" | |
popd | |
- name: Run Cypress Tests | |
uses: cypress-io/github-action@v5 | |
with: | |
working-directory: tests/cypress | |
spec: cypress/e2e/${{ matrix.containers }} | |
browser: chromium | |
config: baseUrl=${{ env.APPLICATION_ENDPOINT }} | |
- name: Upload screenshots | |
uses: actions/upload-artifact@v3 | |
if: failure() | |
with: | |
name: cypress-screenshots | |
path: tests/cypress/screenshots/ | |
- name: Slack Notification | |
uses: rtCamp/action-slack-notify@v2 | |
if: env.SLACK_WEBHOOK_URL != '' && contains(fromJson('["develop", "master", "production"]'), env.branch_name) && failure () | |
env: | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} | |
SLACK_USERNAME: ${{env.branch_name}} Deploy Failure | |
SLACK_ICON_EMOJI: ":bell:" | |
SLACK_COLOR: ${{job.status}} | |
SLACK_FOOTER: "" | |
MSG_MINIMAL: actions url,commit,ref | |
a11y-tests: | |
name: A11y Tests | |
needs: configure | |
if: ${{ github.ref != 'refs/heads/production' }} | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
containers: | |
[ | |
homePage, | |
faqPage, | |
manageProfilePage, | |
dashboardPage, | |
packagePageSpas, | |
packagePageWaivers, | |
RequestRoleChangePage, | |
spaTypePage, | |
submissionType, | |
PackageWaiverActionTypePage, | |
PackageRequestTempExtentionPage, | |
PackageMedicaidSpaPage, | |
PackageCHIPSPAPage, | |
PackageAppendixKPage, | |
PackageWaiverAmendmentPage, | |
PackageInitialWaiverPage, | |
PackageWaiverRenewalPage, | |
] | |
steps: | |
- name: set branch_name | |
run: echo "branch_name=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV | |
- uses: actions/checkout@v3 | |
- name: set branch specific variable names | |
run: ./.github/build_vars.sh set_names | |
- name: set variable values | |
run: ./.github/build_vars.sh set_values | |
env: | |
AWS_OIDC_ROLE_TO_ASSUME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }} | |
AWS_DEFAULT_REGION: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }} | |
INFRASTRUCTURE_TYPE: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_INFRASTRUCTURE_TYPE] || secrets.INFRASTRUCTURE_TYPE || 'development' }} | |
STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }} | |
COGNITO_TEST_USERS_PASSWORD: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_COGNITO_TEST_USERS_PASSWORD] || secrets.COGNITO_TEST_USERS_PASSWORD }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
- name: Configure AWS credentials for GitHub Actions | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }} | |
aws-region: ${{ env.AWS_DEFAULT_REGION }} | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: 18 | |
- name: Combine package-lock.json files to single file | |
run: find services -maxdepth 3 -name package-lock.json | xargs cat package-lock.json > combined-package-lock.txt | |
- name: cache service dependencies | |
uses: actions/cache@v3 | |
with: | |
path: | | |
services/app-api/node_modules | |
services/uploads/node_modules | |
services/ui/node_modules | |
services/ui-auth/node_modules | |
services/ui-src/node_modules | |
node_modules | |
key: ${{ runner.os }}-${{ hashFiles('combined-package-lock.txt') }} | |
- name: Install dependencies | |
run: | | |
npm install --frozen-lockfile --legacy-peer-deps | |
- name: set path | |
run: | | |
echo "PATH=$(pwd)/node_modules/.bin/:$PATH" >> $GITHUB_ENV | |
- name: Endpoint | |
run: | | |
pushd services | |
export APPLICATION_ENDPOINT=`./output.sh ui ApplicationEndpointUrl $STAGE_PREFIX$branch_name` | |
echo "APPLICATION_ENDPOINT=$APPLICATION_ENDPOINT" >> $GITHUB_ENV | |
echo "Application endpoint: $APPLICATION_ENDPOINT" | |
popd | |
- name: Check Project A11y | |
uses: cypress-io/github-action@v5 | |
with: | |
working-directory: tests/cypress | |
spec: cypress/e2e/a11y/${{ matrix.containers }}.spec.js | |
browser: chromium | |
config: baseUrl=${{ env.APPLICATION_ENDPOINT }} | |
env: | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} |