Renovate Update Patch & Minor Updates (#589) #3510
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test & Build | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| identify: | |
| name: Identify version | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: "0" | |
| - name: Define commit SHA and branch | |
| id: commit_branch | |
| run: | | |
| if [ "${{ github.head_ref }}" == "" ]; then | |
| echo "COMMIT=${{github.sha}}" >> $GITHUB_OUTPUT | |
| echo "BRANCH=main" >> $GITHUB_OUTPUT | |
| else | |
| echo "COMMIT=${{github.event.pull_request.head.sha}}" >> $GITHUB_OUTPUT | |
| echo "BRANCH=${{github.head_ref}}" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Bump version | |
| id: bump_version | |
| uses: anothrNick/github-tag-action@1.71.0 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| INITIAL_VERSION: 1.0.0 | |
| DEFAULT_BRANCH: main | |
| DEFAULT_BUMP: minor | |
| PRERELEASE: true | |
| PRERELEASE_SUFFIX: ${{ steps.commit_branch.outputs.BRANCH }} | |
| RELEASE_BRANCHES: main | |
| WITH_V: true | |
| outputs: | |
| commit: ${{ steps.commit_branch.outputs.COMMIT }} | |
| branch: ${{ steps.commit_branch.outputs.BRANCH }} | |
| tag: ${{ steps.bump_version.outputs.tag }} | |
| build: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Cache Images | |
| uses: actions/cache@v4 | |
| with: | |
| path: /tmp/images | |
| key: ${{ runner.os }}-images-${{ github.run_id }}-${{ github.run_number }} | |
| - name: Build Images | |
| run: | | |
| make build | |
| mkdir -p /tmp/images | |
| docker save -o /tmp/images/app.tar 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-lpa-frontend:latest | |
| test: | |
| name: Test | |
| runs-on: ubuntu-latest | |
| needs: [identify] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Cache Dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: .gocache | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Run Tests | |
| run: make unit-test | |
| - name: Publish pacts | |
| run: | | |
| docker compose run --rm test-runner pact-broker publish ./pacts/sirius-lpa-frontend-sirius.json \ | |
| --consumer-app-version ${{ needs.identify.outputs.commit }} \ | |
| --branch ${{ needs.identify.outputs.branch }} \ | |
| --tag ${{ needs.identify.outputs.tag }} \ | |
| --broker-base-url https://pact-broker.api.opg.service.justice.gov.uk \ | |
| --broker-username admin \ | |
| --broker-password ${{ secrets.PACT_BROKER_PASSWORD }} | |
| - name: Upload Code Coverage | |
| uses: codecov/codecov-action@v5 | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| with: | |
| files: test-results/test-coverage.txt | |
| fail_ci_if_error: true | |
| lint: | |
| name: Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Go & Yarn Lint | |
| run: make lint | |
| acceptance-test: | |
| name: Acceptance Testing | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - test | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Cache Images | |
| uses: actions/cache@v4 | |
| with: | |
| path: /tmp/images | |
| key: ${{ runner.os }}-images-${{ github.run_id }}-${{ github.run_number }} | |
| - name: Restore Images | |
| run: | | |
| docker load -i /tmp/images/app.tar | |
| - name: Run pa11y | |
| run: | | |
| make pa11y | |
| - name: Run Lighthouse | |
| run: | | |
| make lighthouse | |
| cypress: | |
| name: Cypress | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - test | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Cache Images | |
| uses: actions/cache@v4 | |
| with: | |
| path: /tmp/images | |
| key: ${{ runner.os }}-images-${{ github.run_id }}-${{ github.run_number }} | |
| - name: Restore images | |
| run: | | |
| docker load -i /tmp/images/app.tar | |
| - name: Run app | |
| run: make cypress | |
| - name: Upload Cypress screenshots | |
| uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: cypress-screenshots | |
| path: cypress/screenshots | |
| push: | |
| name: Push Images | |
| runs-on: ubuntu-latest | |
| needs: [identify, "build", "test", "lint", "acceptance-test", "cypress"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: "0" | |
| - uses: unfor19/install-aws-cli-action@v1 | |
| - name: Cache Images | |
| uses: actions/cache@v4 | |
| with: | |
| path: /tmp/images | |
| key: ${{ runner.os }}-images-${{ github.run_id }}-${{ github.run_number }} | |
| - name: Restore Image | |
| run: docker load -i /tmp/images/app.tar | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
| aws-region: eu-west-1 | |
| role-to-assume: arn:aws:iam::311462405659:role/sirius-actions-ci | |
| role-duration-seconds: 3600 | |
| role-session-name: GitHubActions | |
| - name: ECR Login | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| with: | |
| registries: 311462405659 | |
| - name: Run Trivy | |
| env: | |
| TRIVY_DB_REPOSITORY: ${{ steps.login-ecr.outputs.registry }}/trivy-db-public-ecr/aquasecurity/trivy-db:2 | |
| TRIVY_JAVA_DB_REPOSITORY: ${{ steps.login-ecr.outputs.registry }}/trivy-db-public-ecr/aquasecurity/trivy-java-db:1 | |
| DOCKER_USERNAME: ${{ steps.login-ecr.outputs.docker_username_311462405659_dkr_ecr_eu_west_1_amazonaws_com }} | |
| DOCKER_PASSWORD: ${{ steps.login-ecr.outputs.docker_password_311462405659_dkr_ecr_eu_west_1_amazonaws_com }} | |
| run: make scan | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| if: always() | |
| with: | |
| sarif_file: "test-results/trivy.sarif" | |
| - name: Push Container | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| ECR_REPOSITORY: sirius/sirius-lpa-frontend | |
| run: | | |
| docker tag 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-lpa-frontend:latest $ECR_REGISTRY/$ECR_REPOSITORY:${{ needs.identify.outputs.tag }} | |
| if [ "${{ needs.identify.outputs.branch }}" == "main" ]; then | |
| # We want all of the tags pushed | |
| docker tag 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-lpa-frontend:latest $ECR_REGISTRY/$ECR_REPOSITORY:main-${{ needs.identify.outputs.tag }} | |
| docker tag 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-lpa-frontend:latest $ECR_REGISTRY/$ECR_REPOSITORY:main-${{ needs.identify.outputs.tag }}-$(date +"%Y%m%d%H%M%S") | |
| docker push --all-tags $ECR_REGISTRY/$ECR_REPOSITORY | |
| else | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:${{ needs.identify.outputs.tag }} | |
| fi | |
| echo "Container tag: ${{ needs.identify.outputs.tag }}" >> $GITHUB_STEP_SUMMARY | |
| push-tags: | |
| runs-on: ubuntu-latest | |
| needs: [identify, push] | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
| aws-region: eu-west-1 | |
| role-to-assume: arn:aws:iam::997462338508:role/sirius-actions-ci | |
| role-duration-seconds: 3600 | |
| role-session-name: GitHubActions | |
| - name: Install AWS CLI | |
| id: install-aws-cli | |
| uses: unfor19/install-aws-cli-action@v1 | |
| - name: Push Tag to Parameter Store | |
| run: | | |
| aws ssm put-parameter --name "opg-sirius-lpa-frontend-latest-green-build" --type "String" --value "${{ needs.identify.outputs.tag }}" --overwrite --region=eu-west-1 | |
| - name: Trigger Dev Deploy | |
| shell: bash | |
| run: curl -u ${{ secrets.JENKINS_API_USER }}:${{ secrets.JENKINS_API_TOKEN }} "https://${{ secrets.JENKINS_URL }}/job/Sirius/job/Deploy_to_Development/build?token=${{ secrets.JENKINS_API_TOKEN_NAME }}&cause=Triggered+by+opg-sirius-lpa-frontend" |