Skip to content

Add EC2 Instance Connect based bastion for RDS #7177

Add EC2 Instance Connect based bastion for RDS

Add EC2 Instance Connect based bastion for RDS #7177

Workflow file for this run

name: CI
on:
push:
branches: ["master", "feature/*"]
pull_request:
branches: ["master"]
schedule:
- cron: "22 * * * *"
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
env:
HOWDJU_RUNNING_IN_GITHUB_WORKFLOW:
TEST_POSTGRES_PASSWORD: "TEST_POSTGRES_PASSWORD"
NODE_VERSION: 18.18.2
YARN_VERSION: 4.0.1
jobs:
premerge-checks:
runs-on: ubuntu-latest
services:
howdju-db:
image: postgres:12.5
env:
POSTGRES_PASSWORD: ${{ env.TEST_POSTGRES_PASSWORD }}
ports:
- 5432:5432
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Setup Node.JS
uses: actions/setup-node@v3
with:
node-version: ${{ env.NODE_VERSION }}
cache: "yarn"
- name: Install Yarn
run: |
corepack enable
yarn set version ${{ env.YARN_VERSION }}
- name: Install dependencies
run: yarn install
- name: Lint
run: yarn run lint:all
- name: Check format
run: yarn run check-format:all
- name: Typecheck
run: |
echo tsc version: $(yarn run tsc -v)
yarn run typecheck:all
- name: Test & coverage
env:
DB_USER: postgres
DB_PASSWORD: ${{ env.TEST_POSTGRES_PASSWORD }}
DB_HOST: localhost
DB_PORT: 5432
LOG_LEVEL: silly
NODE_ENV: test
run: yarn run test:all:coverage
- name: Create merged coverage
run: |
yarn run merge:coverage
yarn run nyc report -t coverage --report-dir coverage/html --reporter=html-spa --reporter=text-summary
- name: Archive coverage results
uses: actions/upload-artifact@v3
if: ${{ github.ref == 'refs/heads/master' }}
with:
name: coverage-report
path: |
coverage/**
!coverage/workspaces/**
if-no-files-found: error
- name: Custom checks
run: yarn run custom-check:all
- name: Check TODO format
run: |
git fetch origin ${{ github.event.pull_request.base.sha }}
git fetch origin ${{ github.event.pull_request.head.sha }}
yarn run check:todo-format ${{ github.event.pull_request.base.sha }} ${{ github.event.pull_request.head.sha }}
- name: Check do-not-merge
run: yarn run check:do-not-merge
changed-files-coverage-check:
# Only run on PRs && don't run on dependant CLs
# Don't run on dependabot CLs because 1) the PR comment step below fails, I think because we
# can't comment on dependabot PRs, and 2) dependabot PRs only change dependencies and so can't
# affect code coverage. The premerge-checks job should ensure that the upgrade didn't break anything.
if: github.ref != 'refs/heads/master' && github.actor != 'dependabot[bot]'
runs-on: ubuntu-latest
services:
howdju-db:
image: postgres:12.5
env:
POSTGRES_PASSWORD: ${{ env.TEST_POSTGRES_PASSWORD }}
ports:
- 5432:5432
steps:
- name: Checkout
uses: actions/checkout@v3
with:
# During a pre-merge check, Github creates and checks out an temporary merge commit. That
# commit won't work as the HEAD for yarn --changedSince
ref: ${{ github.event.pull_request.head.sha }}
- name: Fetch merge base commits
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# Fetch commits to a depth so that head and base reach their merge base.
comparison=$(gh api\
repos/Howdju/howdju/compare/${{ github.event.pull_request.base.sha }}...${{ github.event.pull_request.head.sha }})
behind_by=$(echo -E $comparison | jq -r '.behind_by')
ahead_by=$(echo -E $comparison | jq -r '.ahead_by')
echo "ahead_by: $ahead_by; behind by: $behind_by"
# +1 because fetch depth=1 is the commit itself.
if [[ $behind_by -gt 0 ]]; then
base_depth=$((behind_by+1))
echo Fetching base to depth $base_depth
git -c protocol.version=2 fetch --no-tags --no-recurse-submodules\
--depth=$base_depth origin ${{ github.event.pull_request.base.sha }}
fi
if [[ $ahead_by -gt 0 ]]; then
head_depth=$((ahead_by+1))
echo Fetching head to depth $head_depth
git -c protocol.version=2 fetch --no-tags --no-recurse-submodules\
--depth=$head_depth origin ${{ github.event.pull_request.head.sha }}
fi
- name: Setup Node.JS
uses: actions/setup-node@v3
with:
node-version: ${{ env.NODE_VERSION }}
cache: "yarn"
- name: Install Yarn
run: |
corepack enable
yarn set version ${{ env.YARN_VERSION }}
- name: Install dependencies
run: yarn install
- name: Changed-files test coverage
env:
DB_USER: postgres
DB_PASSWORD: ${{ env.TEST_POSTGRES_PASSWORD }}
DB_HOST: localhost
DB_PORT: 5432
LOG_LEVEL: silly
NODE_ENV: test
run: yarn run test:all:coverage:changed ${{ github.event.pull_request.base.sha }}
- name: Output merged changed-files coverage summary
id: changed-files-coverage-summary
run: |
yarn run merge:coverage
output=$(yarn run nyc report -t coverage --reporter=text-summary)
delimiter="$(openssl rand -hex 8)"
echo "coverage_summary<<${delimiter}" >> $GITHUB_OUTPUT
echo "${output}" >> $GITHUB_OUTPUT
echo "${delimiter}" >> $GITHUB_OUTPUT
- name: Create changed-files coverage PR comment
uses: marocchino/sticky-pull-request-comment@v2
with:
header: Changed-files coverage
message: |
# Changed-files coverage summary
```
${{ steps.changed-files-coverage-summary.outputs.coverage_summary }}
```