Skip to content

[VI-252] MAP STS token validation #19906

[VI-252] MAP STS token validation

[VI-252] MAP STS token validation #19906

name: Audit Service Tags
on:
pull_request:
branches:
- 'master'
permissions:
contents: read
checks: write
jobs:
audit_service_tags:
permissions: write-all
name: Audit Service Tags
env:
BUNDLE_ENTERPRISE__CONTRIBSYS__COM: ${{ secrets.BUNDLE_ENTERPRISE__CONTRIBSYS__COM }}
CI: true
RAILS_ENV: test
TERM: xterm-256color
DOCKER_BUILDKIT: 1
COMPOSE_DOCKER_CLI_BUILD: 1
runs-on: ubuntu-16-cores-latest
steps:
- uses: actions/checkout@v4
- uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USER }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4.0.2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-gov-west-1
- name: Login to Amazon ECR
id: ecr-login
uses: aws-actions/amazon-ecr-login@v2.0.1
with:
mask-password: true
- name: Setup Environment
run: |
echo "VETS_API_USER_ID=$(id -u)" >> $GITHUB_ENV
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build Docker Image
uses: docker/build-push-action@v6
env:
DOCKER_BUILD_SUMMARY: false
with:
build-args: |
BUNDLE_ENTERPRISE__CONTRIBSYS__COM=${{ env.BUNDLE_ENTERPRISE__CONTRIBSYS__COM }}
USER_ID=${{ env.VETS_API_USER_ID }}
context: .
push: false
load: true
tags: vets-api
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Setup Database
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
with:
timeout_minutes: 20
retry_wait_seconds: 3 # Seconds
max_attempts: 3
command: |
docker compose -f docker-compose.test.yml run web bash \
-c "CI=true RAILS_ENV=test DISABLE_BOOTSNAP=true bundle exec parallel_test -n 13 -e 'bin/rails db:reset'"
- name: Get changed files
run: |
FILES=$(gh pr view ${{ github.event.pull_request.number }} --json files -q '[.files[].path | "\"" + . + "\""] | join(",")')
echo "CHANGED_FILES=$FILES" >> $GITHUB_ENV
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Run service tags audit controllers task
timeout-minutes: 20
uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
with:
timeout_minutes: 20
retry_wait_seconds: 3 # Seconds
max_attempts: 3
command: |
docker compose -f docker-compose.test.yml run -e CHANGED_FILES=${{ env.CHANGED_FILES }} web bash \
-c "CI=true DISABLE_BOOTSNAP=true bundle exec rake service_tags:audit_controllers_ci"
- name: Add Failure label
if: failure() && !contains(github.event.pull_request.labels.*.name, 'audit-service-failure')
uses: actions-ecosystem/action-add-labels@v1
with:
fail_on_error: true
number: ${{ github.event.pull_request.number }}
labels: |
audit-service-failure
- name: Remove Failure label
if: success() && contains(github.event.pull_request.labels.*.name, 'audit-service-failure')
uses: actions-ecosystem/action-remove-labels@v1
with:
number: ${{ github.event.pull_request.number }}
labels: |
audit-service-failure