update alert text | refactor alert logic for certs when state is sele… #82652
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuous Integration | |
on: | |
push: | |
branches: | |
- '**' | |
tags-ignore: | |
- '**' | |
concurrency: | |
group: ${{ github.ref != 'refs/heads/main' && github.ref || github.sha }} | |
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} | |
jobs: | |
build: | |
name: Build | |
runs-on: ubuntu-16-cores-latest | |
outputs: | |
entry_names: ${{ steps.get-changed-apps.outputs.entry_names }} | |
continuous_deployment: ${{ steps.get-changed-apps.outputs.continuous_deployment }} | |
strategy: | |
fail-fast: false | |
matrix: | |
buildtype: [vagovdev, vagovstaging, vagovprod] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017 | |
with: | |
fetch-depth: 0 | |
- name: Configure AWS credentials | |
if: ${{ matrix.buildtype == 'vagovprod' }} | |
uses: ./.github/workflows/configure-aws-credentials | |
with: | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws_region: us-gov-west-1 | |
- name: Install dependencies | |
uses: ./.github/workflows/install | |
timeout-minutes: 30 | |
with: | |
key: ${{ hashFiles('yarn.lock') }} | |
yarn_cache_folder: .cache/yarn | |
path: | | |
.cache/yarn | |
node_modules | |
- name: Get changed applications | |
id: get-changed-apps | |
uses: ./.github/workflows/get-changed-apps | |
with: | |
delimiter: ',' | |
output-type: 'entry_name, continuous_deployment' | |
- name: Get Mapbox Token | |
if: ${{ matrix.buildtype == 'vagovprod' }} | |
uses: ./.github/workflows/inject-secrets | |
with: | |
ssm_parameter: /dsva-vagov/vets-website/dev/mapbox_token | |
env_variable_name: MAPBOX_TOKEN | |
- name: Build | |
run: yarn build --verbose --buildtype=${{ matrix.buildtype }} ${ENTRY:+"--entry=$ENTRY"} | |
timeout-minutes: 30 | |
env: | |
ENTRY: ${{ steps.get-changed-apps.outputs.entry_names }} | |
- name: Generate build details | |
run: | | |
cat > build/${{ matrix.buildtype }}/BUILD.txt << EOF | |
BUILDTYPE=${{ matrix.buildtype }} | |
NODE_ENV=production | |
BRANCH_NAME=$(echo "${GITHUB_REF#refs/heads/}") | |
CHANGE_TARGET=null | |
RUN_ID=${{ github.run_id }} | |
RUN_NUMBER=${{ github.run_number }} | |
REF=${{ github.sha }} | |
BUILDTIME=$(date +%s) | |
EOF | |
- name: Compress and archive build | |
run: tar -C build/${{ matrix.buildtype }} -cjf ${{ matrix.buildtype }}.tar.bz2 . | |
- name: Upload build artifact | |
uses: ./.github/workflows/upload-artifact | |
with: | |
name: ${{ matrix.buildtype }}.tar.bz2 | |
path: ${{ matrix.buildtype }}.tar.bz2 | |
retention-days: 1 | |
fetch-allow-lists: | |
name: Fetch Test Stability Allow Lists | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017 | |
- name: Configure AWS credentials | |
uses: ./.github/workflows/configure-aws-credentials | |
with: | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws_region: us-gov-west-1 | |
- name: Get va-vsp-bot token | |
uses: ./.github/workflows/inject-secrets | |
with: | |
ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN | |
env_variable_name: VA_VSP_BOT_GITHUB_TOKEN | |
- name: Init Dashboard Data Repo | |
uses: ./.github/workflows/init-data-repo | |
- name: Set Up BigQuery Creds | |
uses: ./.github/workflows/configure-bigquery | |
- name: Fetch E2E Test Stability Allow List | |
run: yarn get-allow-list | |
working-directory: qa-standards-dashboard-data | |
env: | |
TEST_TYPE: e2e | |
- name: Fetch Unit Test Stability Allow List | |
run: yarn get-allow-list | |
working-directory: qa-standards-dashboard-data | |
env: | |
TEST_TYPE: unit_test | |
- name: Archive E2E Test Stability Allow List | |
if: ${{ always() }} | |
uses: ./.github/workflows/upload-artifact | |
with: | |
name: e2e-allow-list | |
path: qa-standards-dashboard-data/e2e_allow_list.json | |
- name: Archive Unit Test Stability Allow List | |
if: ${{ always() }} | |
uses: ./.github/workflows/upload-artifact | |
with: | |
name: unit-test-allow-list | |
path: qa-standards-dashboard-data/unit_test_allow_list.json | |
tests-prep: | |
name: Tests Prep | |
needs: [fetch-allow-lists] | |
runs-on: ubuntu-22.04 | |
outputs: | |
app_folders: ${{ steps.get-changed-apps.outputs.folders }} | |
apps-to-stress-test: ${{ steps.apps-to-stress-test.outputs.apps_to_test }} | |
unit-tests-to-stress-test: ${{ steps.unit-tests-to-stress-test.outputs.tests }} | |
changed-files: ${{ steps.get-changed-apps.outputs.changed_files }} | |
disallowed-tests: ${{ steps.disallowed-tests.outputs.tests }} | |
cypress-tests: ${{ steps.cypress-tests.outputs.selected }} | |
cypress-tests-to-stress-test: ${{ steps.cypress-tests-to-stress-test.outputs.tests }} | |
app_urls: ${{ steps.get-changed-apps.outputs.urls }} | |
num_containers: ${{ steps.containers.outputs.num }} | |
ci_node_index: ${{ steps.matrix.outputs.ci_node_index }} | |
changed_file_paths: ${{ steps.get-changed-apps.outputs.changed_files }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017 | |
with: | |
fetch-depth: 0 | |
- name: Install dependencies | |
uses: ./.github/workflows/install | |
timeout-minutes: 30 | |
with: | |
key: ${{ hashFiles('yarn.lock') }} | |
yarn_cache_folder: .cache/yarn | |
path: | | |
.cache/yarn | |
node_modules | |
- name: Get changed applications | |
id: get-changed-apps | |
uses: ./.github/workflows/get-changed-apps | |
with: | |
delimiter: ',' | |
output-type: 'entry_name, url' | |
- name: Download Unit Test Stability Allow List | |
uses: ./.github/workflows/download-artifact | |
with: | |
name: unit-test-allow-list | |
path: . | |
- name: Download E2E Test Stability Allow List | |
uses: ./.github/workflows/download-artifact | |
with: | |
name: e2e-allow-list | |
path: . | |
- name: Set NUM_CONTAINERS, CI_NODE_INDEX, TESTS variables | |
run: node script/github-actions/select-cypress-tests.js | |
env: | |
RUN_FULL_SUITE: false | |
CHANGED_FILE_PATHS: ${{ steps.get-changed-apps.outputs.changed_files }} | |
APP_URLS: ${{ steps.get-changed-apps.outputs.urls }} | |
APP_ENTRIES: ${{ steps.get-changed-apps.outputs.entry_names }} | |
TEST_TYPE: e2e | |
- name: Run Unit Test Selection | |
run: node script/github-actions/select-unit-tests.js | |
env: | |
CHANGED_FILES: ${{ steps.get-changed-apps.outputs.changed_files }} | |
- name: Set output of DISALLOWED_TESTS | |
if: ${{ always() }} | |
id: disallowed-tests | |
run: echo "tests=$DISALLOWED_TESTS" >> $GITHUB_OUTPUT | |
- name: Set output of UNIT_TESTS_TO_STRESS_TEST | |
if: ${{ always() }} | |
id: unit-tests-to-stress-test | |
run: echo "tests=$UNIT_TESTS_TO_STRESS_TEST" >> $GITHUB_OUTPUT | |
- name: Upload artifact of Unit Tests to Stress Test | |
if: ${{ steps.unit-tests-to-stress-test.outputs.tests == 'true' }} | |
uses: ./.github/workflows/upload-artifact | |
with: | |
name: unit-tests-to-stress-test | |
path: unit_tests_to_stress_test.json | |
- name: Set output of APPS_TO_STRESS_TEST | |
if: ${{ always() }} | |
id: apps-to-stress-test | |
run: echo "apps_to_test=$APPS_TO_STRESS_TEST" >> $GITHUB_OUTPUT | |
- name: Set output of TESTS | |
id: cypress-tests | |
run: echo selected=$TESTS >> $GITHUB_OUTPUT | |
- name: Upload artifact of Cypress Tests to Test | |
if: ${{ steps.cypress-tests.outputs.selected == 'true' }} | |
uses: ./.github/workflows/upload-artifact | |
with: | |
name: e2e-tests-to-test | |
path: e2e_tests_to_test.json | |
- name: Set output of CYPRESS_TESTS_TO_STRESS_TEST | |
id: cypress-tests-to-stress-test | |
run: echo tests=$CYPRESS_TESTS_TO_STRESS_TEST >> $GITHUB_OUTPUT | |
- name: Upload artifact of Cypress Tests to Stress Test | |
if: ${{ steps.cypress-tests-to-stress-test.outputs.tests == 'true' }} | |
uses: ./.github/workflows/upload-artifact | |
with: | |
name: e2e-tests-to-stress-test | |
path: e2e_tests_to_stress_test.json | |
- name: Set output of NUM_CONTAINERS | |
id: containers | |
run: echo num=$NUM_CONTAINERS >> $GITHUB_OUTPUT | |
- name: Set output of CI_NODE_INDEX | |
id: matrix | |
run: echo ci_node_index=$CI_NODE_INDEX >> $GITHUB_OUTPUT | |
unit-tests: | |
name: Unit Tests | |
needs: [fetch-allow-lists, tests-prep] | |
timeout-minutes: 30 | |
runs-on: ubuntu-16-cores-latest | |
outputs: | |
app_folders: ${{ steps.get-changed-apps.outputs.folders }} | |
changed-files: ${{ steps.get-changed-apps.outputs.changed_files }} | |
env: | |
DISALLOWED_TESTS: ${{ needs.tests-prep.outputs.disallowed-tests }} | |
strategy: | |
fail-fast: false | |
max-parallel: 72 | |
matrix: | |
ci_node_index: [0,1,2,3,4,5,6,7,8,9] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017 | |
with: | |
fetch-depth: 0 | |
- name: Install dependencies | |
uses: ./.github/workflows/install | |
timeout-minutes: 30 | |
with: | |
key: ${{ hashFiles('yarn.lock') }} | |
yarn_cache_folder: .cache/yarn | |
path: | | |
.cache/yarn | |
node_modules | |
- name: Configure AWS credentials | |
uses: ./.github/workflows/configure-aws-credentials | |
with: | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws_region: us-gov-west-1 | |
- name: Get va-vsp-bot token | |
uses: ./.github/workflows/inject-secrets | |
with: | |
ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN | |
env_variable_name: VA_VSP_BOT_GITHUB_TOKEN | |
- name: Init Dashboard Data Repo | |
uses: ./.github/workflows/init-data-repo | |
- name: Set Up BigQuery Creds | |
uses: ./.github/workflows/configure-bigquery | |
- name: Fetch Unit Test Stability Allow List | |
run: yarn get-allow-list | |
working-directory: qa-standards-dashboard-data | |
env: | |
TEST_TYPE: unit_test | |
- name: Check for newly added disallowed tests | |
run: node script/github-actions/double-check-allow-list.js | |
env: | |
TEST_TYPE: unit_test | |
TESTS: ${{ env.DISALLOWED_TESTS }} | |
TESTS_PROPERTY: 'DISALLOWED_TESTS' | |
- name: Create test results folder | |
run: mkdir -p test-results | |
- name: Get changed applications | |
id: get-changed-apps | |
uses: ./.github/workflows/get-changed-apps | |
with: | |
delimiter: ',' | |
output-type: 'folder' | |
- name: Run unit tests | |
run: yarn test:unit:gha ${APP_FOLDERS:+"{script,$APP_FOLDERS}/**/*.unit.spec.js?(x)"} --coverage --log-level verbose | |
env: | |
MOCHA_FILE: test-results/unit-tests.xml | |
CHANGED_FILES: ${{ steps.get-changed-apps.outputs.changed_files }} | |
APP_FOLDERS: ${{ steps.get-changed-apps.outputs.folders }} | |
STEP: ${{ matrix.ci_node_index }} | |
IS_STRESS_TEST: false | |
NUM_CONTAINERS: 10 | |
- name: Archive unit test results | |
if: ${{ always() && env.NO_APPS_TO_RUN == 'false' }} | |
uses: ./.github/workflows/upload-artifact | |
with: | |
name: unit-test-report-${{ matrix.ci_node_index }} | |
path: mocha/results | |
- name: Rename Coverage Summary file | |
if: ${{ env.NO_APPS_TO_RUN == 'false' }} | |
run: | | |
cd coverage | |
mv coverage-summary.json coverage-summary-${{ matrix.ci_node_index }}.json | |
- name: Upload Coverage Report Artifact | |
uses: ./.github/workflows/upload-artifact | |
if: ${{ always() && env.NO_APPS_TO_RUN == 'false' }} | |
with: | |
name: unit-test-coverage-${{ matrix.ci_node_index }} | |
# path: test-results/coverage_report-${{ matrix.ci_node_index }}.txt | |
path: coverage | |
unit-tests-stress-test: | |
name: Unit Test Stability Review | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 30 | |
needs: [fetch-allow-lists, tests-prep] | |
if: ${{ always() && !cancelled() && needs.tests-prep.outputs.unit-tests-to-stress-test == 'true' && github.ref != 'refs/heads/main' && needs.fetch-allow-lists.result == 'success' && needs.tests-prep.result == 'success' }} | |
env: | |
APPS_TO_VERIFY: ${{ needs.tests-prep.outputs.apps-to-stress-test }} | |
DISALLOWED_TESTS: '[]' | |
strategy: | |
fail-fast: false | |
max-parallel: 10 | |
matrix: | |
runs: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017 | |
with: | |
fetch-depth: 0 | |
- name: Install dependencies | |
uses: ./.github/workflows/install | |
timeout-minutes: 30 | |
with: | |
key: ${{ hashFiles('yarn.lock') }} | |
yarn_cache_folder: .cache/yarn | |
path: | | |
.cache/yarn | |
node_modules | |
- name: Create test results folder | |
run: mkdir -p test-results | |
- name: Download Unit Test Stability Allow List | |
uses: ./.github/workflows/download-artifact | |
with: | |
name: unit-test-allow-list | |
path: . | |
- name: Download Tests to verify | |
uses: ./.github/workflows/download-artifact | |
with: | |
name: unit-tests-to-stress-test | |
path: . | |
- name: Run unit tests | |
run: yarn test:unit:gha ${APP_FOLDERS:+"{script,$APP_FOLDERS}/**/*.unit.spec.js?(x)"} --coverage --log-level verbose | |
env: | |
MOCHA_FILE: test-results/unit-tests.xml | |
APP_FOLDERS: ${{ steps.get-changed-apps.outputs.folders }} | |
IS_STRESS_TEST: true | |
STEP: ${{ matrix.runs }} | |
- name: Archive unit test results | |
if: ${{ always() }} | |
uses: ./.github/workflows/upload-artifact | |
with: | |
name: unit-test-stress-test-results-${{ matrix.runs }} | |
path: mocha/results | |
update-unit-test-allow-list: | |
name: Update Unit Test Stability Allow List | |
runs-on: ubuntu-22.04 | |
needs: [unit-tests-stress-test, fetch-allow-lists] | |
if: ${{ always() && (needs.unit-tests-stress-test.result == 'success' || needs.unit-tests-stress-test.result == 'failure') }} | |
continue-on-error: true | |
env: | |
APPLICATION_LIST: ${{ needs.testing-reports-prep.outputs.app_list }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017 | |
- name: Configure AWS credentials | |
uses: ./.github/workflows/configure-aws-credentials | |
with: | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws_region: us-gov-west-1 | |
- name: Get va-vsp-bot token | |
uses: ./.github/workflows/inject-secrets | |
with: | |
ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN | |
env_variable_name: VA_VSP_BOT_GITHUB_TOKEN | |
- name: Init Dashboard Data Repo | |
uses: ./.github/workflows/init-data-repo | |
- name: Set Up BigQuery Creds | |
uses: ./.github/workflows/configure-bigquery | |
- name: Get AWS IAM role | |
uses: ./.github/workflows/inject-secrets | |
with: | |
ssm_parameter: /frontend-team/github-actions/parameters/AWS_FRONTEND_NONPROD_ROLE | |
env_variable_name: AWS_FRONTEND_NONPROD_ROLE | |
- name: Set UUID for Mochawesome reports | |
run: echo "UUID=$(uuidgen)" >> $GITHUB_ENV | |
- name: Configure AWS Credentials (2) | |
uses: ./.github/workflows/configure-aws-credentials | |
with: | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws_region: us-gov-west-1 | |
role: ${{ env.AWS_FRONTEND_NONPROD_ROLE }} | |
role_duration: 900 | |
session_name: vsp-frontendteam-githubaction | |
- name: Download Unit Test results | |
uses: ./.github/workflows/download-artifact | |
with: | |
pattern: unit-test-stress-test-results-* | |
path: qa-standards-dashboard-data/src/allow-list/data | |
merge-multiple: true | |
- name: Download Unit Test Stability Allow List | |
uses: ./.github/workflows/download-artifact | |
with: | |
name: unit-test-allow-list | |
path: qa-standards-dashboard-data | |
- name: Copy test results to mochawesome directory | |
run: cp -R qa-standards-dashboard-data/src/allow-list/data qa-standards-dashboard-data/src/testing-reports/data | |
- name: Update Unit Test Stability Allow List | |
run: yarn update-allow-list | |
working-directory: qa-standards-dashboard-data | |
env: | |
TEST_TYPE: unit_test | |
IS_CI: true | |
GITHUB_WORKFLOW_URL: ${{ github.server_url}}/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
security-audit: | |
name: Security Audit | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017 | |
with: | |
fetch-depth: 0 | |
- name: Install dependencies | |
uses: ./.github/workflows/install | |
timeout-minutes: 30 | |
with: | |
key: ${{ hashFiles('yarn.lock') }} | |
yarn_cache_folder: .cache/yarn | |
path: | | |
.cache/yarn | |
node_modules | |
- name: Get changed applications | |
id: get-changed-apps | |
uses: ./.github/workflows/get-changed-apps | |
with: | |
output-type: 'entry_name' | |
- name: Audit dependencies | |
if: steps.get-changed-apps.outputs.entry_names == '' | |
run: yarn security-check | |
linting: | |
name: Linting (All) | |
if: ${{ github.ref == 'refs/heads/main' }} | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017 | |
with: | |
fetch-depth: 0 | |
- name: Install dependencies | |
uses: ./.github/workflows/install | |
timeout-minutes: 30 | |
with: | |
key: ${{ hashFiles('yarn.lock') }} | |
yarn_cache_folder: .cache/yarn | |
path: | | |
.cache/yarn | |
node_modules | |
- name: Get changed applications | |
id: get-changed-apps | |
uses: ./.github/workflows/get-changed-apps | |
with: | |
output-type: 'folder' | |
- name: Annotate ESLint results | |
run: | | |
if [[ -z "${{ steps.get-changed-apps.outputs.folders }}" ]]; then | |
yarn run eslint --ext .js --ext .jsx --format ./script/github-actions/eslint-annotation-format.js . | |
else | |
yarn run eslint --ext .js --ext .jsx --format ./script/github-actions/eslint-annotation-format.js \ | |
${{ steps.get-changed-apps.outputs.folders }} | |
fi | |
env: | |
GITHUB_REF: ${{ github.ref }} | |
- name: Run Stylelint | |
if: ${{ always() }} | |
run: | | |
if [[ -z "${{ steps.get-changed-apps.outputs.folders }}" ]]; then | |
yarn run stylelint verbose --output-file stylelint-report.json --formatter json src/**/*.scss | |
else | |
files=$(find ${{ steps.get-changed-apps.outputs.folders }} -name "*.scss") | |
if [[ -n "$files" ]]; then yarn run stylelint verbose --output-file stylelint-report.json --formatter json $(echo $files); fi | |
fi | |
- name: Annotate Stylelint results | |
if: ${{ always() }} | |
run: node ./script/github-actions/stylelint-annotation-format.js | |
testing-reports-prep: | |
name: Testing Reports Prep | |
runs-on: ubuntu-22.04 | |
continue-on-error: true | |
outputs: | |
app_list: ${{ env.APPLICATION_LIST }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017 | |
- name: Install dependencies | |
uses: ./.github/workflows/install | |
timeout-minutes: 30 | |
with: | |
key: ${{ hashFiles('yarn.lock') }} | |
yarn_cache_folder: .cache/yarn | |
path: | | |
.cache/yarn | |
node_modules | |
- name: Generate new application list | |
run: yarn generate-app-list | |
# exports app list and assigns to environmental variable at this step | |
- name: Configure AWS credentials | |
uses: ./.github/workflows/configure-aws-credentials | |
with: | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws_region: us-gov-west-1 | |
- name: Get va-vsp-bot token | |
uses: ./.github/workflows/inject-secrets | |
with: | |
ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN | |
env_variable_name: VA_VSP_BOT_GITHUB_TOKEN | |
- name: Init Dashboard Data Repo | |
uses: ./.github/workflows/init-data-repo | |
- name: Set Up BigQuery Creds | |
uses: ./.github/workflows/configure-bigquery | |
- name: Upload app list to BigQuery | |
run: yarn generate-app-list | |
working-directory: qa-standards-dashboard-data | |
fetch-ecr-credentials: | |
name: Fetch ECR Credentials | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 10 | |
needs: [build] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017 | |
- name: Configure AWS Credentials | |
uses: ./.github/workflows/configure-aws-credentials | |
with: | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws_region: us-gov-west-1 | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
with: | |
mask-password: false | |
outputs: | |
ecr_user: ${{ steps.login-ecr.outputs.docker_username_008577686731_dkr_ecr_us_gov_west_1_amazonaws_com }} | |
ecr_password: ${{ steps.login-ecr.outputs.docker_password_008577686731_dkr_ecr_us_gov_west_1_amazonaws_com }} | |
cypress-tests: | |
name: Cypress E2E Tests | |
runs-on: ubuntu-16-cores-latest | |
timeout-minutes: 60 | |
needs: [build, tests-prep, fetch-ecr-credentials] | |
if: | | |
needs.build.result == 'success' && | |
needs.tests-prep.result == 'success' | |
container: | |
image: 008577686731.dkr.ecr.us-gov-west-1.amazonaws.com/dsva/cypress-io/cypress/browsers:node16.16.0-chrome107-ff107-edge | |
credentials: | |
username: ${{ needs.fetch-ecr-credentials.outputs.ecr_user }} | |
password: ${{ needs.fetch-ecr-credentials.outputs.ecr_password }} | |
strategy: | |
fail-fast: false | |
max-parallel: 12 | |
matrix: | |
ci_node_index: ${{ fromJson(needs.tests-prep.outputs.ci_node_index) }} | |
env: | |
CI_NODE_INDEX: ${{ needs.tests-prep.outputs.ci_node_index }} | |
TESTS: ${{ needs.tests-prep.outputs.cypress-tests }} | |
steps: | |
# The following statement is included in each step because of a bug in | |
# GitHub's branch protection: | |
# | |
# if: needs.tests-prep.outputs.cypress-tests != '[]' | |
# | |
# Previously, if no tests were selected, the branch protection check that | |
# requires the cypress-tests job to run was not satisfied. This update forces | |
# the job to always run, and skips each step if no tests are selected. | |
# Previously, the above conditional was included in the job's if statement. | |
- name: Checkout vets-website | |
if: needs.tests-prep.outputs.cypress-tests != '[]' | |
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017 | |
- name: Configure AWS credentials | |
if: needs.tests-prep.outputs.cypress-tests != '[]' | |
uses: ./.github/workflows/configure-aws-credentials | |
with: | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws_region: us-gov-west-1 | |
- name: Get va-vsp-bot token | |
if: needs.tests-prep.outputs.cypress-tests != '[]' | |
uses: ./.github/workflows/inject-secrets | |
with: | |
ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN | |
env_variable_name: VA_VSP_BOT_GITHUB_TOKEN | |
- name: Init Dashboard Data Repo | |
if: needs.tests-prep.outputs.cypress-tests != '[]' | |
uses: ./.github/workflows/init-data-repo | |
- name: Set Up BigQuery Creds | |
if: needs.tests-prep.outputs.cypress-tests != '[]' | |
uses: ./.github/workflows/configure-bigquery | |
- name: Fetch E2E Test Stability Allow List | |
if: needs.tests-prep.outputs.cypress-tests != '[]' | |
run: yarn get-allow-list | |
working-directory: qa-standards-dashboard-data | |
env: | |
TEST_TYPE: e2e | |
- name: Download production build artifact | |
if: needs.tests-prep.outputs.cypress-tests != '[]' | |
uses: ./.github/workflows/download-artifact | |
with: | |
name: vagovprod.tar.bz2 | |
- name: Unpack build | |
if: needs.tests-prep.outputs.cypress-tests != '[]' | |
run: | | |
mkdir -p build/vagovprod | |
tar -C build/vagovprod -xjf vagovprod.tar.bz2 | |
- name: Install dependencies | |
if: needs.tests-prep.outputs.cypress-tests != '[]' | |
uses: ./.github/workflows/install | |
timeout-minutes: 20 | |
with: | |
key: ${{ hashFiles('yarn.lock') }} | |
yarn_cache_folder: .cache/yarn | |
path: | | |
.cache/yarn | |
/github/home/.cache/Cypress | |
node_modules | |
- name: Download Tests to verify | |
uses: ./.github/workflows/download-artifact | |
with: | |
name: e2e-tests-to-test | |
path: . | |
- name: Check for newly added disallowed tests | |
if: needs.tests-prep.outputs.cypress-tests != '[]' | |
run: node script/github-actions/double-check-allow-list.js | |
env: | |
TEST_TYPE: e2e | |
TEST_PROPERTY: 'TESTS' | |
- name: Start server | |
if: needs.tests-prep.outputs.cypress-tests != '[]' | |
run: node src/platform/testing/e2e/test-server.js --buildtype=vagovprod --port=3001 & | |
- name: Run Cypress tests | |
if: needs.tests-prep.outputs.cypress-tests != '[]' | |
run: node script/github-actions/run-cypress-tests.js | |
timeout-minutes: 120 | |
env: | |
CYPRESS_CI: true | |
STEP: ${{ matrix.ci_node_index }} | |
APP_URLS: ${{ needs.tests-prep.outputs.app_urls }} | |
NUM_CONTAINERS: ${{ needs.tests-prep.outputs.num_containers }} | |
- name: Archive test videos | |
if: ${{ needs.tests-prep.outputs.cypress-tests != '[]' && failure() }} | |
uses: ./.github/workflows/upload-artifact | |
with: | |
name: cypress-video-artifacts-${{ matrix.ci_node_index }} | |
path: cypress/videos | |
- name: Archive test screenshots | |
if: ${{ needs.tests-prep.outputs.cypress-tests != '[]' && failure() }} | |
uses: ./.github/workflows/upload-artifact | |
with: | |
name: cypress-screenshot-artifacts-${{ matrix.ci_node_index }} | |
path: cypress/screenshots | |
- name: Archive Mochawesome test results | |
if: ${{ needs.tests-prep.outputs.cypress-tests != '[]' && always() }} | |
uses: ./.github/workflows/upload-artifact | |
with: | |
name: cypress-mochawesome-test-results-${{ matrix.ci_node_index }} | |
path: cypress/results | |
retention-days: 1 | |
stress-test-cypress-tests: | |
name: E2E Test Stability Review | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 120 | |
needs: [build, tests-prep] | |
if: | | |
needs.build.result == 'success' && | |
needs.tests-prep.result == 'success' && | |
needs.tests-prep.outputs.cypress-tests-to-stress-test == 'true' && | |
github.ref != 'refs/heads/main' | |
container: | |
image: public.ecr.aws/cypress-io/cypress/browsers:node16.13.2-chrome100-ff98 | |
strategy: | |
fail-fast: false | |
max-parallel: 10 | |
matrix: | |
ci_node_index: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9] | |
env: | |
CI_NODE_INDEX: ${{ needs.tests-prep.outputs.ci_node_index }} | |
steps: | |
- name: Checkout vets-website | |
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017 | |
- name: Configure AWS credentials | |
uses: ./.github/workflows/configure-aws-credentials | |
with: | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws_region: us-gov-west-1 | |
- name: Download production build artifact | |
uses: ./.github/workflows/download-artifact | |
with: | |
name: vagovprod.tar.bz2 | |
- name: Unpack build | |
run: | | |
mkdir -p build/vagovprod | |
tar -C build/vagovprod -xjf vagovprod.tar.bz2 | |
- name: Install dependencies | |
uses: ./.github/workflows/install | |
timeout-minutes: 20 | |
with: | |
key: ${{ hashFiles('yarn.lock') }} | |
yarn_cache_folder: .cache/yarn | |
path: | | |
.cache/yarn | |
/github/home/.cache/Cypress | |
node_modules | |
- name: Start server | |
run: node src/platform/testing/e2e/test-server.js --buildtype=vagovprod --port=3001 & | |
- name: Download Tests to verify | |
uses: ./.github/workflows/download-artifact | |
with: | |
name: e2e-tests-to-stress-test | |
path: . | |
- name: Run Cypress tests | |
run: node script/github-actions/run-cypress-stress-tests.js | |
timeout-minutes: 180 | |
env: | |
CYPRESS_CI: true | |
STEP: ${{ matrix.ci_node_index }} | |
APP_URLS: ${{ needs.tests-prep.outputs.app_urls }} | |
NUM_CONTAINERS: 1 | |
IS_STRESS_TEST: true | |
- name: Archive test videos | |
if: ${{ failure() }} | |
uses: ./.github/workflows/upload-artifact | |
with: | |
name: cypress-stress-test-videos-${{ matrix.ci_node_index }} | |
path: cypress/videos | |
- name: Archive Mochawesome test results | |
if: ${{ always() }} | |
uses: ./.github/workflows/upload-artifact | |
with: | |
name: cypress-stress-test-results-${{ matrix.ci_node_index }} | |
path: cypress/results | |
retention-days: 1 | |
update-e2e-allow-list: | |
name: Update E2E Test Stability Allow List | |
runs-on: ubuntu-22.04 | |
needs: | |
[ | |
testing-reports-prep, | |
tests-prep, | |
stress-test-cypress-tests, | |
fetch-allow-lists, | |
] | |
if: ${{ always() && github.ref != 'refs/heads/main' && needs.tests-prep.outputs.cypress-tests-to-stress-test != '[]' && (needs.stress-test-cypress-tests.result == 'success' || needs.stress-test-cypress-tests.result == 'failure') }} | |
continue-on-error: true | |
env: | |
APPLICATION_LIST: ${{ needs.testing-reports-prep.outputs.app_list }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017 | |
- name: Configure AWS credentials | |
uses: ./.github/workflows/configure-aws-credentials | |
with: | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws_region: us-gov-west-1 | |
- name: Get va-vsp-bot token | |
uses: ./.github/workflows/inject-secrets | |
with: | |
ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN | |
env_variable_name: VA_VSP_BOT_GITHUB_TOKEN | |
- name: Init Dashboard Data Repo | |
uses: ./.github/workflows/init-data-repo | |
- name: Set Up BigQuery Creds | |
uses: ./.github/workflows/configure-bigquery | |
- name: Get AWS IAM role | |
uses: ./.github/workflows/inject-secrets | |
with: | |
ssm_parameter: /frontend-team/github-actions/parameters/AWS_FRONTEND_NONPROD_ROLE | |
env_variable_name: AWS_FRONTEND_NONPROD_ROLE | |
- name: Set UUID for Mochawesome reports | |
run: echo "UUID=$(uuidgen)" >> $GITHUB_ENV | |
- name: Configure AWS Credentials (2) | |
uses: ./.github/workflows/configure-aws-credentials | |
with: | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws_region: us-gov-west-1 | |
role: ${{ env.AWS_FRONTEND_NONPROD_ROLE }} | |
role_duration: 900 | |
session_name: vsp-frontendteam-githubaction | |
- name: Download Cypress E2E Mochawesome test results | |
uses: ./.github/workflows/download-artifact | |
with: | |
pattern: cypress-stress-test-results-* | |
path: qa-standards-dashboard-data/src/allow-list/data | |
merge-multiple: true | |
- name: Copy test results to mochawesome directory | |
run: cp -r qa-standards-dashboard-data/src/allow-list/data qa-standards-dashboard-data/src/testing-reports/data | |
- name: Download Cypress E2E video artifacts | |
if: ${{ needs.stress-test-cypress-tests.result == 'failure' }} | |
uses: ./.github/workflows/download-artifact | |
with: | |
pattern: cypress-stress-test-videos-* | |
path: qa-standards-dashboard-data/videos/${{ env.UUID }} | |
merge-multiple: true | |
- name: Download E2E Test Stability Allow List | |
uses: ./.github/workflows/download-artifact | |
with: | |
name: e2e-allow-list | |
path: qa-standards-dashboard-data | |
- name: Update E2E Test Stability Allow List | |
run: yarn update-allow-list | |
working-directory: qa-standards-dashboard-data | |
env: | |
TEST_TYPE: e2e | |
IS_CI: true | |
GITHUB_WORKFLOW_URL: ${{ github.server_url}}/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
- name: Create Cypress E2E report | |
run: yarn cypress-mochawesome-to-bigquery | |
working-directory: qa-standards-dashboard-data | |
env: | |
IS_MASTER_BUILD: false | |
TEST_EXECUTIONS_TABLE_NAME: cypress_test_suite_executions | |
TEST_RESULTS_TABLE_NAME: cypress_test_results | |
TEST_REPORTS_FOLDER_NAME: vets-website-cypress-stress-test-reports | |
TEST_RETRIES_TABLE_NAME: cypress_retry_records | |
NUM_CONTAINERS: 1 | |
IS_STRESS_TEST: true | |
- name: Upload Cypress E2E test videos to s3 | |
if: ${{ needs.stress-test-cypress-tests.result == 'failure' }} | |
run: aws s3 cp qa-standards-dashboard-data/videos/${{ env.UUID }} s3://testing-tools-testing-reports/vets-website-cypress-stress-test-reports/videos/${{ env.UUID }} --acl public-read --region us-gov-west-1 --recursive | |
- name: Upload Cypress E2E test report to s3 | |
run: aws s3 cp qa-standards-dashboard-data/mochawesome-report s3://testing-tools-testing-reports/vets-website-cypress-stress-test-reports --acl public-read --region us-gov-west-1 --recursive | |
- name: Publish E2E Test Stability Review Results | |
if: ${{ always() }} | |
uses: ./.github/workflows/checks-action | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
name: E2E Test Stability Review Summary | |
conclusion: ${{ needs.stress-test-cypress-tests.result }} | |
output: | | |
{"summary":${{ env.MOCHAWESOME_REPORT_RESULTS }}} | |
testing-reports-unit-tests: | |
name: Testing Reports - Unit Tests | |
runs-on: ubuntu-22.04 | |
needs: [testing-reports-prep, unit-tests] | |
if: ${{ always() && !cancelled() && (needs.unit-tests.result == 'success' || needs.unit-tests.result == 'failure')}} | |
continue-on-error: true | |
env: | |
APPLICATION_LIST: ${{ needs.testing-reports-prep.outputs.app_list }} | |
steps: | |
- name: Set IS_MASTER_BUILD | |
run: | | |
if [[ ${{ github.ref }} == 'refs/heads/main' ]]; then | |
echo "IS_MASTER_BUILD=true" >> $GITHUB_ENV | |
else | |
echo "IS_MASTER_BUILD=false" >> $GITHUB_ENV | |
fi | |
- name: Checkout | |
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017 | |
# ---------------- | |
# | Notify Slack | | |
# ---------------- | |
- name: Notify Slack about Unit test failures | |
if: ${{ github.ref != 'refs/heads/main' }} | |
uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@main | |
continue-on-error: true | |
env: | |
SSL_CERT_DIR: /etc/ssl/certs | |
with: | |
attachments: '[{"mrkdwn_in": ["text"], "color": "danger", "text": "<!here> Unit tests in `vets-website` have failed on the `main` branch, run: <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}|${{github.run_id}}>"}]' | |
channel_id: C026PD47Z19 #gha-test-status | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
# ------------------------ | |
# | Upload BigQuery Data | | |
# ------------------------ | |
- name: Configure AWS credentials | |
uses: ./.github/workflows/configure-aws-credentials | |
with: | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws_region: us-gov-west-1 | |
- name: Get va-vsp-bot token | |
uses: ./.github/workflows/inject-secrets | |
with: | |
ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN | |
env_variable_name: VA_VSP_BOT_GITHUB_TOKEN | |
- name: Init Dashboard Data Repo | |
uses: ./.github/workflows/init-data-repo | |
- name: Set Up BigQuery Creds | |
uses: ./.github/workflows/configure-bigquery | |
- name: Get AWS IAM role | |
uses: ./.github/workflows/inject-secrets | |
with: | |
ssm_parameter: /frontend-team/github-actions/parameters/AWS_FRONTEND_NONPROD_ROLE | |
env_variable_name: AWS_FRONTEND_NONPROD_ROLE | |
- name: Set UUID for Mochawesome reports | |
run: echo "UUID=$(uuidgen)" >> $GITHUB_ENV | |
- name: Configure AWS Credentials (2) | |
uses: ./.github/workflows/configure-aws-credentials | |
with: | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws_region: us-gov-west-1 | |
role: ${{ env.AWS_FRONTEND_NONPROD_ROLE }} | |
role_duration: 900 | |
session_name: vsp-frontendteam-githubaction | |
# -------------------------------------------------- | |
# | Publish Unit Test Report and Upload to BigQuery | | |
# -------------------------------------------------- | |
- name: Create coverage directory | |
run: mkdir -p qa-standards-dashboard-data/coverage | |
- name: Download Unit Test Mochawesome test results | |
uses: ./.github/workflows/download-artifact | |
with: | |
pattern: unit-test-report-* | |
path: qa-standards-dashboard-data/src/testing-reports/data | |
merge-multiple: true | |
- name: Archive unit test coverage | |
if: ${{ always() }} | |
uses: ./.github/workflows/upload-artifact | |
with: | |
name: unit-test-coverage-merged | |
path: qa-standards-dashboard-data/coverage | |
- name: Create Unit Test report | |
run: yarn unit-mochawesome-to-bigquery | |
working-directory: qa-standards-dashboard-data | |
env: | |
UNIT_TEST_RESULTS_TABLE_NAME: vets_website_unit_test_results | |
UNIT_TEST_EXECUTIONS_TABLE_NAME: unit_test_suite_executions | |
TEST_REPORTS_FOLDER_NAME: vets-website-unit-test-reports | |
- name: Upload Test Results to BigQuery | |
continue-on-error: true | |
run: yarn upload-unit-test-results | |
working-directory: qa-standards-dashboard-data | |
env: | |
TEST_RESULTS_TABLE_NAME: vets_website_unit_test_results | |
TEST_EXECUTIONS_TABLE_NAME: unit_test_suite_executions | |
- name: Upload Unit Test report to s3 | |
run: aws s3 cp qa-standards-dashboard-data/mochawesome-report s3://testing-tools-testing-reports/vets-website-unit-test-reports --acl public-read --region us-gov-west-1 --recursive | |
- name: Unit test results | |
if: ${{ always() }} | |
uses: ./.github/workflows/checks-action | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
name: Unit Tests Summary | |
conclusion: ${{ needs.unit-tests.result }} | |
output: | | |
{"summary":${{ env.MOCHAWESOME_REPORT_RESULTS }}} | |
testing-reports-unit-tests-stress-test: | |
name: Testing Reports - Unit Test Stability Review | |
runs-on: ubuntu-22.04 | |
needs: [testing-reports-prep, unit-tests-stress-test] | |
if: ${{ always() && (needs.unit-tests-stress-test.result == 'success' || needs.unit-tests-stress-test.result == 'failure')}} | |
continue-on-error: true | |
env: | |
APPLICATION_LIST: ${{ needs.testing-reports-prep.outputs.app_list }} | |
steps: | |
- name: Set IS_MASTER_BUILD | |
run: | | |
if [[ ${{ github.ref }} == 'refs/heads/main' ]]; then | |
echo "IS_MASTER_BUILD=true" >> $GITHUB_ENV | |
else | |
echo "IS_MASTER_BUILD=false" >> $GITHUB_ENV | |
fi | |
- name: Checkout | |
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017 | |
# ------------------------ | |
# | Upload BigQuery Data | | |
# ------------------------ | |
- name: Configure AWS credentials | |
uses: ./.github/workflows/configure-aws-credentials | |
with: | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws_region: us-gov-west-1 | |
- name: Get va-vsp-bot token | |
uses: ./.github/workflows/inject-secrets | |
with: | |
ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN | |
env_variable_name: VA_VSP_BOT_GITHUB_TOKEN | |
- name: Init Dashboard Data Repo | |
uses: ./.github/workflows/init-data-repo | |
- name: Set Up BigQuery Creds | |
uses: ./.github/workflows/configure-bigquery | |
- name: Get AWS IAM role | |
uses: ./.github/workflows/inject-secrets | |
with: | |
ssm_parameter: /frontend-team/github-actions/parameters/AWS_FRONTEND_NONPROD_ROLE | |
env_variable_name: AWS_FRONTEND_NONPROD_ROLE | |
- name: Set UUID for Mochawesome reports | |
run: echo "UUID=$(uuidgen)" >> $GITHUB_ENV | |
- name: Configure AWS Credentials (2) | |
uses: ./.github/workflows/configure-aws-credentials | |
with: | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws_region: us-gov-west-1 | |
role: ${{ env.AWS_FRONTEND_NONPROD_ROLE }} | |
role_duration: 900 | |
session_name: vsp-frontendteam-githubaction | |
# -------------------------------------------------- | |
# | Publish Unit Test Report and Upload to BigQuery | | |
# -------------------------------------------------- | |
- name: Download Unit Test Mochawesome test results | |
uses: ./.github/workflows/download-artifact | |
with: | |
pattern: unit-test-stress-test-results-* | |
path: qa-standards-dashboard-data/src/testing-reports/data | |
merge-multiple: true | |
- name: Create Unit Test report | |
run: yarn unit-mochawesome-to-bigquery | |
working-directory: qa-standards-dashboard-data | |
env: | |
UNIT_TEST_RESULTS_TABLE_NAME: vets_website_unit_test_results | |
UNIT_TEST_EXECUTIONS_TABLE_NAME: unit_test_suite_executions | |
TEST_REPORTS_FOLDER_NAME: vets-website-unit-test-stress-test-reports | |
- name: Upload Unit Test Stability Review Report to S3 | |
run: aws s3 cp qa-standards-dashboard-data/mochawesome-report s3://testing-tools-testing-reports/vets-website-unit-test-stress-test-reports --acl public-read --region us-gov-west-1 --recursive | |
# ------------------------- | |
# | Unit Tests Summary | | |
# ------------------------- | |
- name: Publish Unit Test Stability Review Results | |
if: ${{ always() }} | |
uses: ./.github/workflows/checks-action | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
name: Unit Test Stability Review Summary | |
conclusion: ${{ needs.unit-tests-stress-test.result }} | |
output: | | |
{"summary":${{ env.MOCHAWESOME_REPORT_RESULTS }}} | |
testing-reports-unit-tests-coverage: | |
name: Testing Reports - Unit Tests Coverage | |
runs-on: ubuntu-22.04 | |
needs: [testing-reports-prep, unit-tests] | |
if: ${{ always() && !cancelled() && (needs.unit-tests.result == 'success' || needs.unit-tests.result == 'failure') }} | |
continue-on-error: true | |
env: | |
APPLICATION_LIST: ${{ needs.testing-reports-prep.outputs.app_list }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017 | |
- name: Install dependencies | |
uses: ./.github/workflows/install | |
timeout-minutes: 30 | |
with: | |
key: ${{ hashFiles('yarn.lock') }} | |
yarn_cache_folder: .cache/yarn | |
path: | | |
.cache/yarn | |
node_modules | |
# ------------------------ | |
# | Upload BigQuery Data | | |
# ------------------------ | |
- name: Configure AWS credentials | |
uses: ./.github/workflows/configure-aws-credentials | |
with: | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws_region: us-gov-west-1 | |
- name: Get va-vsp-bot token | |
uses: ./.github/workflows/inject-secrets | |
with: | |
ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN | |
env_variable_name: VA_VSP_BOT_GITHUB_TOKEN | |
- name: Init Dashboard Data Repo | |
uses: ./.github/workflows/init-data-repo | |
- name: Set Up BigQuery Creds | |
uses: ./.github/workflows/configure-bigquery | |
- name: Get AWS IAM role | |
uses: ./.github/workflows/inject-secrets | |
with: | |
ssm_parameter: /frontend-team/github-actions/parameters/AWS_FRONTEND_NONPROD_ROLE | |
env_variable_name: AWS_FRONTEND_NONPROD_ROLE | |
- name: Set UUID for Mochawesome reports | |
run: echo "UUID=$(uuidgen)" >> $GITHUB_ENV | |
- name: Configure AWS Credentials (2) | |
uses: ./.github/workflows/configure-aws-credentials | |
with: | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws_region: us-gov-west-1 | |
role: ${{ env.AWS_FRONTEND_NONPROD_ROLE }} | |
role_duration: 900 | |
session_name: vsp-frontendteam-githubaction | |
# -------------------------------------- | |
# | Publish Unit Test Coverage Report | | |
# ------------------------------------- | |
- name: Download Unit Test coverage results | |
uses: ./.github/workflows/download-artifact | |
with: | |
pattern: unit-test-coverage-* | |
path: qa-standards-dashboard-data/coverage | |
merge-multiple: true | |
- name: Merge all coverage reports | |
run: | | |
node script/github-actions/merge-unit-test-coverage.js $(find qa-standards-dashboard-data/coverage -name '*.json') | |
- name: Generate coverage report by app | |
run: node script/app-coverage-report.js > qa-standards-dashboard-data/coverage/coverage_report.txt | |
- name: Copy merged coverage file to data directory | |
run: | | |
mkdir -p qa-standards-dashboard-data/src/testing-reports/data | |
cp qa-standards-dashboard-data/coverage/test-coverage-report.json qa-standards-dashboard-data/src/testing-reports/data | |
- name: Archive coverage txt | |
if: ${{ always() }} | |
uses: ./.github/workflows/upload-artifact | |
with: | |
name: unit-test-coverage-txt | |
path: qa-standards-dashboard-data/coverage/coverage_report.txt | |
- name: Process Coverage Report and post results to BigQuery | |
run: yarn unit-coverage-to-bigquery | |
working-directory: qa-standards-dashboard-data | |
- name: Upload coverage report to S3 | |
if: ${{ github.ref == 'refs/heads/main' && needs.unit-tests.outputs.app_folders == '' }} | |
run: | | |
if [ -f qa-standards-dashboard-data/coverage/test-coverage-report.json ]; then | |
aws s3 cp qa-standards-dashboard-data/coverage/test-coverage-report.json s3://vetsgov-website-builds-s3-upload-test/coverage/test-coverage-report.json --acl public-read --region us-gov-west-1 | |
else | |
echo 'No coverage report exists as no tests were run.' | |
fi | |
# ------------------------- | |
# | Unit Tests Summary | | |
# ------------------------- | |
- name: Get code coverage | |
if: ${{ always() }} | |
id: code-coverage | |
run: echo MARKDOWN=$(node ./script/github-actions/code-coverage-format-report.js) >> $GITHUB_OUTPUT | |
- name: Publish Unit Test Coverage Results | |
if: ${{ always() }} | |
uses: ./.github/workflows/checks-action | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
name: Unit Test Coverage Summary | |
conclusion: ${{ needs.unit-tests.result }} | |
output: | | |
{"summary":"<https://department-of-veterans-affairs.github.io/veteran-facing-services-tools/frontend-support-dashboard/unit-test-coverage-report/>"} | |
testing-reports-cypress: | |
name: Testing Reports - Cypress E2E Tests | |
runs-on: ubuntu-22.04 | |
needs: [testing-reports-prep, tests-prep, cypress-tests] | |
if: ${{ always() && needs.tests-prep.outputs.tests != '[]' && (needs.cypress-tests.result == 'success' || needs.cypress-tests.result == 'failure') }} | |
env: | |
APPLICATION_LIST: ${{ needs.testing-reports-prep.outputs.app_list }} | |
continue-on-error: true | |
steps: | |
- name: Checkout | |
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017 | |
- name: Notify Slack about Cypress test failures | |
if: ${{ github.ref == 'refs/heads/main' && needs.cypress-tests.result == 'failure' }} | |
uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@main | |
continue-on-error: true | |
env: | |
SSL_CERT_DIR: /etc/ssl/certs | |
with: | |
payload: '{"attachments": [{"color": "#FF0800","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "<!here> E2E tests in `vets-website` have failed on the `main` branch, run: <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}|${{github.run_id}}>"}}]}]}' | |
channel_id: C026PD47Z19 #gha-test-status | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
# ------------------------ | |
# | Upload BigQuery Data | | |
# ------------------------ | |
- name: Configure AWS credentials | |
uses: ./.github/workflows/configure-aws-credentials | |
with: | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws_region: us-gov-west-1 | |
- name: Get va-vsp-bot token | |
uses: ./.github/workflows/inject-secrets | |
with: | |
ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN | |
env_variable_name: VA_VSP_BOT_GITHUB_TOKEN | |
- name: Init Dashboard Data Repo | |
uses: ./.github/workflows/init-data-repo | |
- name: Set Up BigQuery Creds | |
uses: ./.github/workflows/configure-bigquery | |
- name: Get AWS IAM role | |
uses: ./.github/workflows/inject-secrets | |
with: | |
ssm_parameter: /frontend-team/github-actions/parameters/AWS_FRONTEND_NONPROD_ROLE | |
env_variable_name: AWS_FRONTEND_NONPROD_ROLE | |
- name: Set UUID for Mochawesome reports | |
run: echo "UUID=$(uuidgen)" >> $GITHUB_ENV | |
- name: Configure AWS Credentials (2) | |
uses: ./.github/workflows/configure-aws-credentials | |
with: | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws_region: us-gov-west-1 | |
role: ${{ env.AWS_FRONTEND_NONPROD_ROLE }} | |
role_duration: 900 | |
session_name: vsp-frontendteam-githubaction | |
# -------------------------------------- | |
# | Publish Cypress E2E Testing Report | | |
# ------------------------------------- | |
- name: Download Cypress E2E Mochawesome test results | |
uses: ./.github/workflows/download-artifact | |
with: | |
pattern: cypress-mochawesome-test-results-* | |
path: qa-standards-dashboard-data/src/testing-reports/data | |
merge-multiple: true | |
- name: Download Cypress E2E video artifacts | |
if: ${{ needs.cypress-tests.result == 'failure' }} | |
uses: ./.github/workflows/download-artifact | |
with: | |
pattern: cypress-mochawesome-test-results-* | |
path: qa-standards-dashboard-data/videos/${{ env.UUID }} | |
merge-multiple: true | |
- name: Create Cypress E2E Mochawesome report | |
run: yarn cypress-mochawesome-to-bigquery | |
working-directory: qa-standards-dashboard-data | |
env: | |
IS_MASTER_BUILD: false | |
TEST_REPORTS_FOLDER_NAME: vets-website-cypress-reports | |
TEST_RETRIES_TABLE_NAME: cypress_retry_records | |
NUM_CONTAINERS: ${{ needs.tests-prep.outputs.num_containers }} | |
# env.MOCHAWESOME_REPORT_RESULTS is set and exported during the above step when the mochawesome report is generated. It contains the output string for the publish step at the end of the job with the numbers from the Mochawesome report. | |
- name: Upload Test Results to BigQuery | |
continue-on-error: true | |
working-directory: qa-standards-dashboard-data | |
run: yarn upload-cypress-test-results | |
env: | |
TEST_EXECUTIONS_TABLE_NAME: cypress_test_suite_executions | |
TEST_RESULTS_TABLE_NAME: cypress_test_results | |
- name: Upload Cypress E2E test videos to s3 | |
if: ${{ needs.cypress-tests.result == 'failure' }} | |
run: aws s3 cp qa-standards-dashboard-data/videos/${{ env.UUID }} s3://testing-tools-testing-reports/vets-website-cypress-reports/videos/${{ env.UUID }} --acl public-read --region us-gov-west-1 --recursive | |
- name: Upload Cypress E2E test report to s3 | |
run: aws s3 cp qa-standards-dashboard-data/mochawesome-report s3://testing-tools-testing-reports/vets-website-cypress-reports --acl public-read --region us-gov-west-1 --recursive | |
# ------------------------- | |
# | Cypress Tests Summary | | |
# ------------------------- | |
- name: Publish Cypress test results | |
if: ${{ always() }} | |
uses: ./.github/workflows/checks-action | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
name: Cypress Tests Summary | |
conclusion: ${{ needs.cypress-tests.result }} | |
output: | | |
{"summary":${{ env.MOCHAWESOME_REPORT_RESULTS }}} | |
testing-reports-cypress-stress-test: | |
name: Testing Reports - E2E Test Stability Review | |
runs-on: ubuntu-22.04 | |
needs: [testing-reports-prep, tests-prep, stress-test-cypress-tests] | |
if: ${{ always() && (needs.stress-test-cypress-tests.result == 'success' || needs.stresss-test-cypress-tests.result == 'failure') }} | |
env: | |
APPLICATION_LIST: ${{ needs.testing-reports-prep.outputs.app_list }} | |
continue-on-error: true | |
steps: | |
- name: Checkout | |
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017 | |
- name: Notify Slack about Cypress test failures | |
if: ${{ github.ref == 'refs/heads/main' && needs.cypress-tests.result == 'failure' }} | |
uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@main | |
continue-on-error: true | |
env: | |
SSL_CERT_DIR: /etc/ssl/certs | |
with: | |
payload: '{"attachments": [{"color": "#FF0800","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "<!here> E2E tests in `vets-website` have failed on the `main` branch, run: <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}|${{github.run_id}}>"}}]}]}' | |
channel_id: C026PD47Z19 #gha-test-status | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
# ------------------------ | |
# | Upload BigQuery Data | | |
# ------------------------ | |
- name: Configure AWS credentials | |
uses: ./.github/workflows/configure-aws-credentials | |
with: | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws_region: us-gov-west-1 | |
- name: Get va-vsp-bot token | |
uses: ./.github/workflows/inject-secrets | |
with: | |
ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN | |
env_variable_name: VA_VSP_BOT_GITHUB_TOKEN | |
- name: Init Dashboard Data Repo | |
uses: ./.github/workflows/init-data-repo | |
- name: Set Up BigQuery Creds | |
uses: ./.github/workflows/configure-bigquery | |
- name: Get AWS IAM role | |
uses: ./.github/workflows/inject-secrets | |
with: | |
ssm_parameter: /frontend-team/github-actions/parameters/AWS_FRONTEND_NONPROD_ROLE | |
env_variable_name: AWS_FRONTEND_NONPROD_ROLE | |
- name: Set UUID for Mochawesome reports | |
run: echo "UUID=$(uuidgen)" >> $GITHUB_ENV | |
- name: Configure AWS Credentials (2) | |
uses: ./.github/workflows/configure-aws-credentials | |
with: | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws_region: us-gov-west-1 | |
role: ${{ env.AWS_FRONTEND_NONPROD_ROLE }} | |
role_duration: 900 | |
session_name: vsp-frontendteam-githubaction | |
# -------------------------------------- | |
# | Publish Cypress E2E Testing Report | | |
# ------------------------------------- | |
- name: Download Cypress E2E Mochawesome test results | |
uses: ./.github/workflows/download-artifact | |
with: | |
pattern: cypress-stress-test-results-* | |
path: qa-standards-dashboard-data/src/testing-reports/data | |
merge-multiple: true | |
- name: Download Cypress E2E video artifacts | |
if: ${{ needs.cypress-tests.result == 'failure' }} | |
uses: ./.github/workflows/download-artifact | |
with: | |
pattern: cypress-stress-test-videos-* | |
path: qa-standards-dashboard-data/videos/${{ env.UUID }} | |
merge-multiple: true | |
- name: Create Cypress E2E Mochawesome report | |
run: yarn cypress-mochawesome-to-bigquery | |
working-directory: qa-standards-dashboard-data | |
env: | |
IS_MASTER_BUILD: false | |
TEST_REPORTS_FOLDER_NAME: vets-website-cypress-stress-test-reports | |
TEST_RETRIES_TABLE_NAME: cypress_retry_records | |
NUM_CONTAINERS: ${{ needs.tests-prep.outputs.num_containers }} | |
# env.MOCHAWESOME_REPORT_RESULTS is set and exported during the above step when the mochawesome report is generated. It contains the output string for the publish step at the end of the job with the numbers from the Mochawesome report. | |
- name: Upload Test Results to BigQuery | |
continue-on-error: true | |
working-directory: qa-standards-dashboard-data | |
run: yarn upload-cypress-test-results | |
env: | |
TEST_EXECUTIONS_TABLE_NAME: cypress_test_suite_executions | |
TEST_RESULTS_TABLE_NAME: cypress_test_results | |
- name: Upload Cypress E2E test videos to s3 | |
if: ${{ needs.cypress-tests.result == 'failure' }} | |
run: aws s3 cp qa-standards-dashboard-data/videos/${{ env.UUID }} s3://testing-tools-testing-reports/vets-website-cypress-stress-test-reports/videos/${{ env.UUID }} --acl public-read --region us-gov-west-1 --recursive | |
- name: Upload Cypress E2E test report to s3 | |
run: aws s3 cp qa-standards-dashboard-data/mochawesome-report s3://testing-tools-testing-reports/vets-website-cypress-stress-test-reports --acl public-read --region us-gov-west-1 --recursive | |
# ------------------------- | |
# | Cypress Tests Summary | | |
# ------------------------- | |
- name: Publish E2E Test Stability Review Results | |
if: ${{ always() }} | |
uses: ./.github/workflows/checks-action | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
name: Cypress Stress Tests Summary | |
conclusion: ${{ needs.stress-test-cypress-tests.result }} | |
output: | | |
{"summary":${{ env.MOCHAWESOME_REPORT_RESULTS }}} | |
test-stability-review-merge-status: | |
name: QA Merge Status | |
runs-on: ubuntu-22.04 | |
needs: | |
[ | |
cypress-tests, | |
stress-test-cypress-tests, | |
tests-prep, | |
unit-tests, | |
unit-tests-stress-test, | |
update-e2e-allow-list, | |
update-unit-test-allow-list, | |
] | |
if: ${{ always() && !cancelled() && github.ref != 'refs/heads/main' }} | |
continue-on-error: true | |
steps: | |
- name: Checkout | |
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017 | |
with: | |
fetch-depth: 0 | |
- name: Configure AWS credentials | |
uses: ./.github/workflows/configure-aws-credentials | |
with: | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws_region: us-gov-west-1 | |
- name: Get va-vsp-bot token | |
uses: ./.github/workflows/inject-secrets | |
with: | |
ssm_parameter: /devops/VA_VSP_BOT_GITHUB_TOKEN | |
env_variable_name: VA_VSP_BOT_GITHUB_TOKEN | |
- name: Install dependencies | |
uses: ./.github/workflows/install | |
timeout-minutes: 30 | |
with: | |
key: ${{ hashFiles('yarn.lock') }} | |
yarn_cache_folder: .cache/yarn | |
path: | | |
.cache/yarn | |
node_modules | |
- name: Get changed applications | |
id: get-changed-apps | |
uses: ./.github/workflows/get-changed-apps | |
with: | |
delimiter: ',' | |
output-type: 'folder' | |
- name: Init Dashboard Data Repo | |
uses: ./.github/workflows/init-data-repo | |
- name: Set Up BigQuery Creds | |
uses: ./.github/workflows/configure-bigquery | |
- name: Fetch E2E Test Stability Allow List | |
run: yarn get-allow-list | |
working-directory: qa-standards-dashboard-data | |
env: | |
TEST_TYPE: e2e | |
- name: Fetch Unit Test Stability Allow List | |
run: yarn get-allow-list | |
working-directory: qa-standards-dashboard-data | |
env: | |
TEST_TYPE: unit_test | |
- name: Copy Test Stability Allow List files to vets-website | |
run: | | |
cp ./qa-standards-dashboard-data/unit_test_allow_list.json ./ | |
cp ./qa-standards-dashboard-data/e2e_allow_list.json ./ | |
- name: Check for disallowed E2E Tests | |
run: node script/github-actions/annotate-disallowed-tests.js | |
env: | |
TEST_TYPE: e2e | |
CHANGED_FILES: ${{ steps.get-changed-apps.outputs.changed_files }} | |
- name: Check for disallowed Unit Tests | |
run: node script/github-actions/annotate-disallowed-tests.js | |
env: | |
TEST_TYPE: unit_test | |
CHANGED_FILES: ${{ steps.get-changed-apps.outputs.changed_files }} | |
- name: Create E2E annotations file | |
if: ${{ env.e2e-annotations-json != '[]' }} | |
run: | | |
echo "$E2E_ANNOTATIONS_JSON" > e2e-annotations.json | |
cat e2e-annotations.json | |
- name: Create Unit Test annotations file | |
if: ${{ env.unit-test-annotations-json != '[]' }} | |
run: | | |
echo "$UNIT_TEST_ANNOTATIONS_JSON" > unit-test-annotations.json | |
cat unit-test-annotations.json | |
- name: Annotate E2E Files accordingly | |
if: ${{ env.e2e-annotations-json != '[]' }} | |
uses: ./.github/workflows/annotations | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
check_title: 'E2E Test Stability Allow List Annotations' | |
input_json: './e2e-annotations.json' | |
- name: Annotate Unit Test Files accordingly | |
if: ${{ env.unit-test-annotations-json != '[]' }} | |
uses: ./.github/workflows/annotations | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
check_title: 'Unit Test Stability Allow List Annotations' | |
input_json: './unit-test-annotations.json' | |
- name: Verify Merge Eligibility | |
run: node script/github-actions/verify-merge-eligibility.js | |
env: | |
CYPRESS_TESTS_RESULT: ${{ needs.cypress-tests.result }} | |
CYPRESS_TESTS_STRESS_TEST_RESULT: ${{ needs.stress-test-cypress-tests.result }} | |
UNIT_TESTS_STRESS_TEST_RESULT: ${{ needs.unit-tests-stress-test.result }} | |
archive: | |
name: Archive | |
runs-on: ubuntu-22.04 | |
strategy: | |
matrix: | |
buildtype: [vagovdev, vagovstaging, vagovprod] | |
needs: [build, cypress-tests, unit-tests, security-audit, linting] | |
env: | |
IS_SINGLE_APP_BUILD: ${{ needs.build.outputs.entry_names != '' }} | |
if: | | |
always() && | |
(needs.cypress-tests.result == 'success' || needs.cypress-tests.result == 'skipped') && | |
needs.build.result == 'success' && | |
needs.unit-tests.result == 'success' && | |
needs.security-audit.result == 'success' && | |
(needs.linting.result == 'success' || needs.linting.result == 'skipped') | |
steps: | |
- name: Checkout | |
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017 | |
- name: Download build artifact | |
uses: ./.github/workflows/download-artifact | |
with: | |
name: ${{ matrix.buildtype }}.tar.bz2 | |
- name: Extract build artifact | |
if: env.IS_SINGLE_APP_BUILD == 'true' | |
run: | | |
mkdir -p build/${{ matrix.buildtype }} | |
tar -C build/${{ matrix.buildtype }} -xjvf ${{ matrix.buildtype }}.tar.bz2 | |
rm ${{ matrix.buildtype }}.tar.bz2 | |
- name: Remove global assets from build | |
if: env.IS_SINGLE_APP_BUILD == 'true' | |
run: ./script/github-actions/remove-global-assets.sh | |
env: | |
ENTRY_NAMES: ${{ needs.build.outputs.entry_names }} | |
APP_DIRS: ${{ needs.unit-tests.outputs.app_folders }} | |
BUILD_DIR: build/${{ matrix.buildtype }} | |
- name: Generate build details | |
run: | | |
cat > BUILD_ARTIFACT.txt << EOF | |
IS_SINGLE_APP_BUILD=${{ env.IS_SINGLE_APP_BUILD }} | |
IS_CONTINUOUS_DEPLOYMENT_ENABLED=${{ needs.build.outputs.continuous_deployment == 'true' }} | |
REF=${{ github.sha }} | |
EOF | |
- name: Compress and archive single/grouped app build | |
if: env.IS_SINGLE_APP_BUILD == 'true' | |
run: tar -C build/${{ matrix.buildtype }} -cjf ${{ matrix.buildtype }}.tar.bz2 . | |
- name: Configure AWS credentials (1) | |
uses: ./.github/workflows/configure-aws-credentials | |
with: | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws_region: us-gov-west-1 | |
- name: Get AWS IAM role | |
uses: ./.github/workflows/inject-secrets | |
with: | |
ssm_parameter: /frontend-team/github-actions/parameters/AWS_FRONTEND_NONPROD_ROLE | |
env_variable_name: AWS_FRONTEND_NONPROD_ROLE | |
- name: Configure AWS Credentials (2) | |
uses: ./.github/workflows/configure-aws-credentials | |
with: | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws_region: us-gov-west-1 | |
role: ${{ env.AWS_FRONTEND_NONPROD_ROLE }} | |
role_duration: 900 | |
session_name: vsp-frontendteam-githubaction | |
- name: Upload build | |
run: | | |
aws s3 cp ${{ matrix.buildtype }}.tar.bz2 s3://vetsgov-website-builds-s3-upload/$GITHUB_SHA/${{ matrix.buildtype }}.tar.bz2 --acl public-read --region us-gov-west-1 | |
aws s3 cp BUILD_ARTIFACT.txt s3://vetsgov-website-builds-s3-upload-test/build-artifacts/$GITHUB_SHA.txt --acl public-read --region us-gov-west-1 | |
set-deploy-environments: | |
name: Set Environments to Deploy | |
needs: [archive, build] | |
if: always() && github.ref == 'refs/heads/main' && needs.archive.result == 'success' | |
runs-on: ubuntu-22.04 | |
outputs: | |
environments: ${{ steps.set-environments.outputs.environments }} | |
env: | |
DEPLOY_TO_PRODUCTION: true # Enables production deployments for apps on the allowlist when set to true | |
DEV: "{ | |
\\\"environment\\\": \\\"vagovdev\\\", | |
\\\"bucket\\\": \\\"dev.va.gov\\\", | |
\\\"asset_bucket\\\": \\\"dev-va-gov-assets\\\", | |
\\\"iam_role\\\": \\\"AWS_FRONTEND_NONPROD_ROLE\\\" | |
}" | |
STAGING: "{ | |
\\\"environment\\\": \\\"vagovstaging\\\", | |
\\\"bucket\\\": \\\"staging.va.gov\\\", | |
\\\"asset_bucket\\\": \\\"staging-va-gov-assets\\\", | |
\\\"iam_role\\\": \\\"AWS_FRONTEND_NONPROD_ROLE\\\" | |
}" | |
steps: | |
- name: Set environments for deploy matrix | |
id: set-environments | |
run: echo environments={\"include\":[${{env.DEV}},${{env.STAGING}}]} >> $GITHUB_OUTPUT | |
deploy: | |
name: Deploy | |
needs: [build, set-deploy-environments] | |
if: always() && github.ref == 'refs/heads/main' && needs.set-deploy-environments.result == 'success' | |
runs-on: ubuntu-22.04 | |
strategy: | |
matrix: ${{ fromJson(needs.set-deploy-environments.outputs.environments) }} | |
env: | |
IS_ISOLATED_APP_BUILD: ${{ needs.build.outputs.entry_names != '' }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017 | |
with: | |
fetch-depth: 0 | |
- name: Install dependencies | |
uses: ./.github/workflows/install | |
timeout-minutes: 30 | |
with: | |
key: ${{ hashFiles('yarn.lock') }} | |
yarn_cache_folder: .cache/yarn | |
path: | | |
.cache/yarn | |
node_modules | |
- name: Check if commit can be deployed | |
id: check-deployability | |
run: node ./script/github-actions/check-deployability.js | |
env: | |
BUILDTYPE: ${{ matrix.environment }} | |
- name: Configure AWS credentials (1) | |
if: steps.check-deployability.outputs.is_deployable == 'true' | |
uses: ./.github/workflows/configure-aws-credentials | |
with: | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws_region: us-gov-west-1 | |
- name: Get AWS IAM role | |
if: steps.check-deployability.outputs.is_deployable == 'true' | |
uses: ./.github/workflows/inject-secrets | |
with: | |
ssm_parameter: /frontend-team/github-actions/parameters/${{ matrix.iam_role }} | |
env_variable_name: ${{ matrix.iam_role }} | |
- name: Configure AWS Credentials (2) | |
if: steps.check-deployability.outputs.is_deployable == 'true' | |
uses: ./.github/workflows/configure-aws-credentials | |
with: | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws_region: us-gov-west-1 | |
role: ${{ env.AWS_FRONTEND_NONPROD_ROLE != '' && env.AWS_FRONTEND_NONPROD_ROLE || env.AWS_FRONTEND_PROD_ROLE }} | |
role_duration: 900 | |
session_name: vsp-frontendteam-githubaction | |
- name: Deploy | |
if: steps.check-deployability.outputs.is_deployable == 'true' | |
run: | | |
if [[ "${{ env.IS_ISOLATED_APP_BUILD }}" == "true" ]]; then | |
./script/github-actions/partial-deploy.sh -s $SRC -d $DEST -a $ASSET_DEST -v | |
else | |
./script/github-actions/deploy.sh -s $SRC -d $DEST -a $ASSET_DEST -v | |
fi | |
env: | |
SRC: s3://vetsgov-website-builds-s3-upload/${{ github.sha }}/${{ matrix.environment }}.tar.bz2 | |
DEST: s3://${{ matrix.bucket }} | |
ASSET_DEST: s3://${{ matrix.asset_bucket }} | |
cd-prod-deploy: | |
name: CD Production Deploy | |
runs-on: ubuntu-22.04 | |
needs: [build, set-deploy-environments] | |
if: ${{ needs.build.outputs.entry_names != '' && needs.build.outputs.continuous_deployment == 'true' }} | |
steps: | |
- name: Run CD Production Deploy workflow | |
run: | | |
curl -X POST \ | |
-H "Accept: application/vnd.github.v3+json" \ | |
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
https://api.github.com/repos/${{ github.repository }}/dispatches \ | |
-d '{"event_type":"cd-production-deploy", "client_payload": {"github_sha": "'"${{ github.sha }}"'","github_ref": "'"${{ github.ref }}"'"}}' | |
notify-failure: | |
name: Notify Failure | |
runs-on: ubuntu-22.04 | |
if: ${{ github.ref == 'refs/heads/main' && (failure() || cancelled()) }} | |
needs: [deploy, build] | |
env: | |
ALERT_TEAMS: true # Alerts teams for single/grouped app builds when set to true | |
DEVOPS_CHANNEL_ID: C37M86Y8G #devops-deploys | |
VETS_WEBSITE_CHANNEL_ID: C02V265VCGH #status-vets-website | |
steps: | |
- name: Checkout | |
uses: actions/checkout@cd7d8d697e10461458bc61a30d094dc601a8b017 | |
with: | |
fetch-depth: 0 | |
- name: Install dependencies | |
if: env.ALERT_TEAMS == 'true' | |
uses: ./.github/workflows/install | |
timeout-minutes: 30 | |
with: | |
key: ${{ hashFiles('yarn.lock') }} | |
yarn_cache_folder: .cache/yarn | |
path: | | |
.cache/yarn | |
node_modules | |
- name: Get changed applications | |
id: get-changed-apps | |
if: env.ALERT_TEAMS == 'true' | |
uses: ./.github/workflows/get-changed-apps | |
with: | |
output-type: 'slack_group' | |
- name: Notify application team in Slack | |
if: env.ALERT_TEAMS == 'true' && steps.get-changed-apps.outputs.slack_groups != '' | |
uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@main | |
continue-on-error: true | |
with: | |
payload: '{"attachments": [{"color": "#FF0800","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "${{steps.get-changed-apps.outputs.slack_groups}} CI for your application failed on the `main` branch in `vets-website`: <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}|${{github.run_id}}>\n For help troubleshooting, see the <https://depo-platform-documentation.scrollhelp.site/developer-docs/Handling-failed-single%2Fgrouped-application-pipelines.2066645150.html|documentation> on failed workflow runs."}}]}]}' | |
channel_id: ${{ env.VETS_WEBSITE_CHANNEL_ID }} | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
- name: Notify Slack | |
if: steps.get-changed-apps.outputs.slack_groups == '' | |
uses: department-of-veterans-affairs/platform-release-tools-actions/slack-notify@main | |
continue-on-error: true | |
with: | |
payload: '{"attachments": [{"color": "#FF0800","blocks": [{"type": "section","text": {"type": "mrkdwn","text": "`main` branch CI in `vets-website` failed: <https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}|${{github.run_id}}>"}}]}]}' | |
channel_id: ${{ env.VETS_WEBSITE_CHANNEL_ID }} | |
aws_id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |