Skip to content

.github/workflows/post-deploy.yml #7

.github/workflows/post-deploy.yml

.github/workflows/post-deploy.yml #7

Workflow file for this run

on:
# Triggers the workflow on push or pull request events but only for the main branch
workflow_call:
inputs:
assets_required:
required: false
default: false
type: boolean
postgres_unit_testing:
required: false
default: false
type: boolean
db_name:
required: false
default: "postgres_db"
type: string
run_performance_tests:
required: false
default: false
type: boolean
run_e2e_tests_application:
required: false
default: true
type: boolean
run_e2e_tests_assessment:
required: false
default: true
type: boolean
run_static_security_python:
required: false
default: true
type: boolean
app_name:
required: false
type: string
environment:
required: true
type: string
default: test
run_zap_scan:
required: false
default: false
type: boolean
secrets:
FSD_GH_APP_ID:
required: true
FSD_GH_APP_KEY:
required: true
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
inputs:
assets_required:
required: false
default: false
type: boolean
postgres_unit_testing:
required: false
default: false
type: boolean
db_name:
required: false
default: "postgres_db"
type: string
run_performance_tests:
required: false
default: false
type: boolean
run_e2e_tests_application:
required: false
default: true
type: boolean
run_e2e_tests_assessment:
required: false
default: true
type: boolean
run_static_security_python:
required: false
default: true
type: boolean
app_name:
required: false
type: string
environment:
required: true
type: string
default: test
run_zap_scan:
required: false
default: false
type: boolean
jobs:
run_shared_tests_aws:
concurrency: run_shared_tests_aws
uses: ./.github/workflows/run-shared-tests.yml
with:
perf_test_target_url_application_store: http://fsd-application-store:8080
perf_test_target_url_fund_store: https://fsd-fund-store:8080
perf_test_target_url_assessment_store: https://fsd-assessment-store:8080
e2e_tests_target_url_frontend: https://fsd:fsd@frontend.${{ inputs.environment }}.access-funding.test.levellingup.gov.uk
e2e_tests_target_url_authenticator: https://fsd:fsd@authenticator.${{ inputs.environment }}.access-funding.test.levellingup.gov.uk
e2e_tests_target_url_form_runner: https://fsd:fsd@forms.${{ inputs.environment }}.access-funding.test.levellingup.gov.uk
e2e_tests_target_url_assessment: https://fsd:fsd@assessment.${{ inputs.environment }}.access-funding.test.levellingup.gov.uk
# run_performance_tests: ${{inputs.run_performance_tests}}
run_performance_tests: false
run_e2e_tests_assessment: ${{inputs.run_e2e_tests_assessment}}
run_e2e_tests_application: ${{inputs.run_e2e_tests_application}}
secrets:
FSD_GH_APP_ID: ${{ secrets.FSD_GH_APP_ID }}
FSD_GH_APP_KEY: ${{ secrets.FSD_GH_APP_KEY }}
static_security_python:
if: ${{ inputs.run_static_security_python == true}}
runs-on: ubuntu-latest
environment: dev
steps:
- name: checkout code
uses: actions/checkout@v4
- name: checkout app code
uses: actions/checkout@v4
with:
repository: communitiesuk/funding-service-design-${{inputs.app_name}}
path: ${{inputs.app_name}}
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: 3.10.x
- name: install dependencies
run: python -m pip install --upgrade pip && python -m pip install -r ${{inputs.app_name}}/requirements-dev.txt bandit==1.7.7
- name: Bandit
run: bandit -r ${{inputs.app_name}}/app
zap-scan-aws:
if: inputs.app_name != '' && inputs.run_zap_scan == true
runs-on: ubuntu-latest
environment: test
steps:
- name: ZAP Scan
uses: zaproxy/action-full-scan@v0.4.0
with:
target: 'https://${{inputs.app_name}}.${{ inputs.environment }}.access-funding.test.levellingup.gov.uk/'
allow_issue_writing: False