Skip to content

Bump @aws-sdk/lib-storage from 3.529.1 to 3.554.0 #9347

Bump @aws-sdk/lib-storage from 3.529.1 to 3.554.0

Bump @aws-sdk/lib-storage from 3.529.1 to 3.554.0 #9347

Workflow file for this run

name: Deploy
on:
push:
branches:
- '*'
- 'dependabot/**'
- '!skipci*'
- '!main'
permissions:
id-token: write
jobs:
begin-deployment:
name: Begin Deployment
runs-on: ubuntu-20.04
permissions:
deployments: write
outputs:
deploy-id: ${{ steps.ghdeployment.outputs.deployment_id }}
stage-name: ${{ steps.stage-name.outputs.stage-name-for-branch}}
app-version: ${{ steps.branch-name.outputs.app-version}}
changed-services: ${{ steps.changed-services-action.outputs.changed-services }}
steps:
- name: Check out repository
uses: actions/checkout@v4
with:
fetch-depth: 40
- name: Check for secrets
uses: ./.github/actions/check_secrets
with:
expected-secret: ${{ secrets.REACT_APP_AUTH_MODE }}
- name: set app version
id: app-version
shell: bash
run: echo "app-version=$(scripts/app_version.sh)" >> "$GITHUB_OUTPUT"
- name: set stage name
id: stage-name
shell: bash
run: |
echo "stage-name-for-branch=$(./scripts/stage_name_for_branch.sh ${GITHUB_REF#refs/heads/})" >> "$GITHUB_OUTPUT"
- name: set branch name
id: branch-name
shell: bash
run: echo "branch-name=$(echo ${GITHUB_REF#refs/heads/})" >> "$GITHUB_OUTPUT"
- name: lock this branch to prevent concurrent deploys
run: ./.github/github-lock.sh
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Setup env
uses: ./.github/actions/setup_env
- name: build scripts
shell: bash
run: npx lerna run build:ci-scripts
- name: run get_changed_services
id: changed-services-action
uses: ./scripts/get-changed-services/
with:
branchName: ${{ steps.branch-name.outputs.branch-name}}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: test we have changed services output
id: test
shell: bash
run: |
echo "${{steps.changed-services-action.outputs.changed-services}}"
- uses: chrnorm/deployment-action@v2
name: Create GitHub deployment
id: ghdeployment
with:
token: '${{ github.token }}'
environment: review-apps
transient-environment: true
description: stack ${{ steps.branch-name.outputs.stage-name-for-branch}}
initial-status: in_progress
web-unit-tests:
name: test - web unit tests
runs-on: ubuntu-20.04
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Setup env
uses: ./.github/actions/setup_env
- name: Generate GraphQL
run: npx lerna run gqlgen
- name: Generate Protos
run: npx lerna run generate --scope=app-proto
- name: Web Unit Tests
env:
REACT_APP_AUTH_MODE: AWS_COGNITO
DATABASE_URL: postgresql://postgres:shhhsecret@localhost:5432/postgres?schema=public&connection_limit=5 #pragma: allowlist secret
working-directory: services/app-web
run: yarn test:once --coverage
- name: upload app web gen directory
uses: actions/upload-artifact@v4
with:
name: app-web-gen
path: ./services/app-web/src/gen
- name: upload cypress gen directory
uses: actions/upload-artifact@v4
with:
name: cypress-gen
path: ./services/cypress/gen
- name: upload unit test coverage
uses: actions/upload-artifact@v4
with:
name: unit-test-coverage
path: ./services/app-web/coverage/coverage-final.json
- name: publish code coverage
uses: paambaati/[email protected]
continue-on-error: true
env:
CC_TEST_REPORTER_ID: f7474ffe9522492f5380eb86189480f352c841718c1fe6a63f169353c7cee243
with:
debug: true
coverageLocations: |
${{github.workspace}}/services/app-web/coverage/lcov.info:lcov
api-unit-tests:
name: test - api unit tests
runs-on: ubuntu-20.04
services:
postgres:
image: postgres:13.3
env:
REACT_APP_AUTH_MODE: AWS_COGNITO
POSTGRES_PASSWORD: shhhsecret #pragma: allowlist secret
# Set health checks to wait until postgres has started
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: Setup env
uses: ./.github/actions/setup_env
- name: Generate GraphQL
run: npx lerna run gqlgen
- name: Generate Protos
run: npx lerna run generate
- name: Generate Prisma
env:
NODE_OPTIONS: --max_old_space_size=6000
REACT_APP_AUTH_MODE: AWS_COGNITO
DATABASE_URL: postgresql://postgres:shhhsecret@localhost:5432/postgres?schema=public&connection_limit=5 #pragma: allowlist secret
working-directory: services/app-api
run: |
npx lerna run generate --scope=app-api
npx prisma migrate reset --force
- name: API Unit Tests
env:
stage: ${steps.stage-name.outputs.stage-name-for-branch}
NODE_OPTIONS: --max_old_space_size=6000
REACT_APP_OTEL_COLLECTOR_URL: ${{vars.REACT_APP_OTEL_COLLECTOR_URL}}
REACT_APP_AUTH_MODE: AWS_COGNITO
DATABASE_URL: postgresql://postgres:shhhsecret@localhost:5432/postgres?schema=public&connection_limit=5 #pragma: allowlist secret
working-directory: services/app-api
run: |
yarn test:once --coverage
- name: upload api test coverage
uses: actions/upload-artifact@v4
with:
name: api-test-coverage
path: ./services/app-api/coverage/coverage-final.json
- name: publish code coverage
uses: paambaati/[email protected]
continue-on-error: true
env:
CC_TEST_REPORTER_ID: f7474ffe9522492f5380eb86189480f352c841718c1fe6a63f169353c7cee243
with:
debug: true
coverageLocations: |
${{github.workspace}}/services/app-api/coverage/lcov.info:lcov
build-prisma-client-lambda-layer:
name: build - postgres prisma layer
runs-on: ubuntu-20.04
steps:
- name: Check out repository
uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: yarn
- name: Get yarn cache directory path
shell: bash
id: yarn-cache-dir-path
run: echo "dir=$(yarn cache dir)" >> "$GITHUB_OUTPUT"
- name: Install packages
working-directory: services/app-api
run: PRISMA_CLI_BINARY_TARGETS=rhel-openssl-1.0.x yarn install --prefer-offline --frozen-lockfile --cache-folder ${{ steps.yarn-cache-dir-path.outputs.dir }}
- name: Generate protos
run: npx lerna run generate && npx lerna run build --scope=app-proto
# Generate Prisma Client and binary that can run in a lambda environment
- name: Prepare prisma client
working-directory: services/app-api
env:
PRISMA_CLI_BINARY_TARGETS: rhel-openssl-1.0.x
run: yarn prisma generate
- name: Prepare "@prisma/client" lambda layer
working-directory: services/app-api
run: ./scripts/prepare-prisma-layer.sh
- uses: actions/upload-artifact@v4
with:
name: lambda-layers-prisma-client-migration
path: ./services/app-api/lambda-layers-prisma-client-migration
- uses: actions/upload-artifact@v4
with:
name: lambda-layers-prisma-client-engine
path: ./services/app-api/lambda-layers-prisma-client-engine
build-clamav-layer:
name: build - clamav layer
runs-on: ubuntu-20.04
steps:
- name: Check out repository
uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: yarn
- name: Prepare ClamAV layer
working-directory: services/uploads/src/avLayer
run: ./dockerbuild.sh
- uses: actions/upload-artifact@v4
with:
name: lambda-layers-clamav
path: ./services/uploads/src/avLayer/build/lambda_layer.zip
deploy-infra:
needs: [begin-deployment, build-clamav-layer]
uses: Enterprise-CMCS/managed-care-review/.github/workflows/deploy-infra-to-env.yml@main
with:
environment: dev
stage_name: ${{ needs.begin-deployment.outputs.stage-name}}
changed_services: ${{ needs.begin-deployment.outputs.changed-services }}
aws_default_region: ${{ vars.AWS_DEFAULT_REGION }}
secrets:
aws_account_id: ${{ secrets.DEV_AWS_ACCOUNT_ID }}
nr_license_key: ${{ secrets.NR_LICENSE_KEY }}
slack_webhook_url: ${{ secrets.SLACK_WEBHOOK }}
deploy-app:
needs:
[
begin-deployment,
build-prisma-client-lambda-layer,
web-unit-tests,
api-unit-tests,
deploy-infra,
]
if: |
always() &&
(needs.deploy-infra.result == 'success' || needs.deploy-infra.result == 'skipped') &&
needs.web-unit-tests.result == 'success' &&
needs.api-unit-tests.result == 'success' &&
needs.build-prisma-client-lambda-layer.result == 'success' &&
needs.begin-deployment.result == 'success'
uses: Enterprise-CMCS/managed-care-review/.github/workflows/deploy-app-to-env.yml@main
with:
environment: dev
stage_name: ${{ needs.begin-deployment.outputs.stage-name }}
app_version: ${{ needs.begin-deployment.outputs.app-version }}
changed_services: ${{ needs.begin-deployment.outputs.changed-services }}
aws_default_region: ${{ vars.AWS_DEFAULT_REGION }}
secrets:
aws_account_id: ${{ secrets.DEV_AWS_ACCOUNT_ID }}
react_app_auth_mode: AWS_COGNITO
nr_license_key: ${{ secrets.NR_LICENSE_KEY }}
finishing-prep:
name: Finishing Prep
needs: [deploy-infra, begin-deployment, deploy-app]
environment: dev
if: |
always()
&& (needs.begin-deployment.result == 'success')
&& (needs.deploy-infra.result == 'success' || needs.deploy-infra.result == 'skipped')
&& (needs.deploy-app.result == 'success' || needs.deploy-app.result == 'skipped')
runs-on: ubuntu-20.04
outputs:
application-endpoint: ${{ steps.save-app-endpoint.outputs.app-endpoint }}
api-endpoint: ${{ steps.save-api-endpoint.outputs.api-endpoint }}
cypress-uuid: ${{ steps.uuid.outputs.value }}
cognito-user-pool-id: ${{ steps.save-cognito-user-pool-id.outputs.value }}
cognito-region: ${{ steps.save-cognito-region.outputs.value }}
cognito-identity-pool-id: ${{ steps.save-cognito-identity-pool-id.outputs.value }}
cognito-user-pool-web-client-id: ${{ steps.save-cognito-user-pool-web-client-id.outputs.value }}
steps:
- uses: actions/checkout@v4
- name: Setup env
uses: ./.github/actions/setup_env
- name: Get AWS credentials
uses: ./.github/actions/get_aws_credentials
with:
region: ${{ vars.AWS_DEFAULT_REGION }}
account-id: ${{ secrets.DEV_AWS_ACCOUNT_ID }}
stage-name: ${{ needs.begin-deployment.outputs.stage-name }}
changed-services: ${{ needs.begin-deployment.outputs.changed-services }}
- name: Create Test Users
env:
STAGE_NAME: ${{ needs.begin-deployment.outputs.stage-name }}
TEST_USERS_PASS: ${{ secrets.TEST_USERS_PASS }}
run: |
cd scripts
yarn tsc
node ./add_cypress_test_users.js $STAGE_NAME $TEST_USERS_PASS
- name: Run migrate to turn on Aurora
id: run-migrations
working-directory: services/app-api
env:
STAGE_NAME: ${{ needs.begin-deployment.outputs.stage-name }}
run: |
./scripts/invoke-migrate-lambda.sh app-api-$STAGE_NAME-migrate
- name: get application endpoint
id: save-app-endpoint
env:
STAGE_NAME: ${{ needs.begin-deployment.outputs.stage-name }}
run: |
cd services
endpoint=$(./output.sh ui CloudFrontEndpointUrl $STAGE_NAME)
echo $endpoint
echo "app-endpoint=$endpoint" >> "$GITHUB_OUTPUT"
- name: get api endpoint
id: save-api-endpoint
env:
STAGE_NAME: ${{ needs.begin-deployment.outputs.stage-name }}
run: |
cd services
endpoint=$(./output.sh infra-api ApiGatewayRestApiUrl $STAGE_NAME)
echo "api-endpoint=$endpoint" >> "$GITHUB_OUTPUT"
- name: get cognito user pool id
id: save-cognito-user-pool-id
env:
STAGE_NAME: ${{ needs.begin-deployment.outputs.stage-name }}
run: |
cd services
endpoint=$(./output.sh ui-auth UserPoolId $STAGE_NAME)
echo "value=$endpoint" >> "$GITHUB_OUTPUT"
- name: get cognito region
id: save-cognito-region
env:
STAGE_NAME: ${{ needs.begin-deployment.outputs.stage-name }}
run: |
cd services
endpoint=$(./output.sh ui-auth Region $STAGE_NAME)
echo "value=$endpoint" >> "$GITHUB_OUTPUT"
- name: get cognito identity pool id
id: save-cognito-identity-pool-id
env:
STAGE_NAME: ${{ needs.begin-deployment.outputs.stage-name }}
run: |
cd services
endpoint=$(./output.sh ui-auth IdentityPoolId $STAGE_NAME)
echo "value=$endpoint" >> "$GITHUB_OUTPUT"
- name: get cognito user pool web client id
id: save-cognito-user-pool-web-client-id
env:
STAGE_NAME: ${{ needs.begin-deployment.outputs.stage-name }}
run: |
cd services
endpoint=$(./output.sh ui-auth UserPoolClientId $STAGE_NAME)
echo "value=$endpoint" >> "$GITHUB_OUTPUT"
- name: get storybook endpoint
id: save-storybook-endpoint
env:
STAGE_NAME: ${{ needs.begin-deployment.outputs.stage-name }}
run: |
cd services
endpoint=$(./output.sh storybook CloudFrontEndpointUrl $STAGE_NAME)
echo $endpoint
echo "storybook-endpoint=$endpoint" >> "$GITHUB_OUTPUT"
end-deployment:
needs: [begin-deployment, deploy-app, finishing-prep]
if: always() && needs.begin-deployment.result == 'success'
name: End Deployment
runs-on: ubuntu-20.04
permissions:
deployments: write
steps:
- uses: actions/checkout@v4
- name: Update deployment status (failure)
if: failure() && needs.begin-deployment.result == 'success'
uses: chrnorm/deployment-status@v2
with:
token: '${{ github.token }}'
state: 'failure'
deployment_id: ${{ needs.begin-deployment.outputs.deploy-id }}
- name: Update deployment status (success)
if: needs.deploy-app.result == 'success'
uses: chrnorm/deployment-status@v2
with:
token: '${{ github.token }}'
environment-url: ${{ needs.finishing-prep.outputs.application-endpoint }}
state: 'success'
deployment-id: ${{ needs.begin-deployment.outputs.deploy-id }}
# GitHub creates a deployment each time you reference an environment, and you can't opt out: https://github.com/actions/runner/issues/2120
# We need to clean them up manually so they don't spam our PRs
- name: Clean up dev deployments
uses: ./.github/actions/clean_up_deployments
with:
environment: dev
cypress:
name: cypress-run
timeout-minutes: 25
needs: [deploy-app, finishing-prep]
if: always() && needs.finishing-prep.result == 'success'
runs-on: ubuntu-20.04
container:
image: cypress/browsers:node18.12.0-chrome107
options: --user 1001
permissions:
deployments: write
strategy:
fail-fast: true
matrix:
# run copies of the current job in parallel
containers: [1, 2, 3, 4, 5, 6, 7, 8]
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
name: app-web-gen
path: ./services/app-web/src/gen
- uses: actions/download-artifact@v4
with:
name: cypress-gen
path: ./services/cypress/gen
- name: check ip
id: check-ip
shell: bash
run: curl ifconfig.me/ip
- name: Cypress hack
run: |
export DISPLAY=:1
Xvfb :1 -screen 0 1024x768x16 2>/dev/null &
- name: Cypress -- Chrome
id: cypress
uses: cypress-io/github-action@v6
with:
config: baseUrl=${{ needs.finishing-prep.outputs.application-endpoint }}
record: true
parallel: true
browser: chrome
group: 'Chrome'
ci-build-id: ${{ github.run_id }}-${{ github.run_attempt }}
# Point to the cypress config file from root
config-file: services/cypress/cypress.config.ts
env:
REACT_APP_AUTH_MODE: AWS_COGNITO
CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TEST_USERS_PASS: ${{ secrets.TEST_USERS_PASS }}
REACT_APP_API_URL: ${{ needs.finishing-prep.outputs.api-endpoint }}
COGNITO_USER_POOL_ID: ${{ needs.finishing-prep.outputs.cognito-user-pool-id }}
COGNITO_REGION: ${{ needs.finishing-prep.outputs.cognito-region }}
COGNITO_IDENTITY_POOL_ID: ${{ needs.finishing-prep.outputs.cognito-identity-pool-id }}
COGNITO_USER_POOL_WEB_CLIENT_ID: ${{ needs.finishing-prep.outputs.cognito-user-pool-web-client-id }}
# Overwrites folder directories in cypress config because in CI we run from root
CYPRESS_SUPPORT_FILE: services/cypress/support/index.ts
CYPRESS_FIXTURES_FOLDER: services/cypress/fixtures
CYPRESS_SPEC_PATTERN: services/cypress/integration/**/*.spec.ts
CYPRESS_SCREEN_SHOTS_FOLDER: services/cypress/screenshots
CYPRESS_VIDEOS_FOLDER: services/cypress/videos
- name: Upload cypress screenshots
uses: actions/upload-artifact@v4
if: failure() && steps.cypress.outcome == 'failure'
with:
name: cypress-screenshots-${{ matrix.containers}}
path: services/cypress/screenshots
- name: Upload cypress video
uses: actions/upload-artifact@v4
if: always() && steps.cypress.outcome != 'skipped'
with:
name: cypress-videos-${{ matrix.containers}}
path: services/cypress/videos
- name: upload partial cypress coverage
uses: actions/upload-artifact@v4
with:
name: partial-cypress-coverage-${{ matrix.containers}}
path: ./coverage-cypress/lcov.info
- name: upload partial cypress coverage json
uses: actions/upload-artifact@v4
with:
name: cypress-json-coverage-${{ matrix.containers}}
path: ./coverage-cypress/coverage-final.json
- name: publish code coverage
uses: paambaati/[email protected]
continue-on-error: true
env:
CC_TEST_REPORTER_ID: f7474ffe9522492f5380eb86189480f352c841718c1fe6a63f169353c7cee243
with:
debug: true
coverageLocations: |
${{github.workspace}}/coverage-cypress/lcov.info
coverage:
name: test-coverage
needs: [cypress]
if: always() && needs.finishing-prep.result == 'success'
runs-on: ubuntu-latest
permissions:
deployments: write
strategy:
fail-fast: false
steps:
- uses: actions/checkout@v4
- name: Collate test coverage reports
run: |
ls
echo $(pwd)
cd ./services/app-web
echo $(pwd)
ls
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
- name: Create combined test coverage report
run: |
echo "Combining all coverage reports"
echo "prepare the folders to hold the reports"
mkdir -p reports
mkdir -p cypress_temp
mkdir -p .nyc_output
echo "listing current folder"
ls
echo "listing a cypress folder"
ls ./cypress-json-coverage-1/
echo "copy the separate cypress reports from parallel runs to one folder"
cp ./cypress-json-coverage-1/coverage-final.json ./cypress_temp/from-cypress-1.json
cp ./cypress-json-coverage-2/coverage-final.json ./cypress_temp/from-cypress-2.json
cp ./cypress-json-coverage-3/coverage-final.json ./cypress_temp/from-cypress-3.json
cp ./cypress-json-coverage-4/coverage-final.json ./cypress_temp/from-cypress-4.json
cp ./cypress-json-coverage-5/coverage-final.json ./cypress_temp/from-cypress-5.json
cp ./cypress-json-coverage-6/coverage-final.json ./cypress_temp/from-cypress-6.json
cp ./cypress-json-coverage-7/coverage-final.json ./cypress_temp/from-cypress-7.json
cp ./cypress-json-coverage-8/coverage-final.json ./cypress_temp/from-cypress-8.json
echo "merge the collected cypress reports into one report"
npx nyc merge cypress_temp ./reports/from-cypress.json
echo "Temp merge done"
ls ./cypress_temp
echo "copy the web and api coverage reports to the reports folder"
cp ./api-test-coverage/coverage-final.json ./reports/from-api.json
cp ./unit-test-coverage/coverage-final.json ./reports/from-unit-test.json
echo "Copied all files"
echo "merge the cypress, web, and api reports into one report"
npx nyc merge reports && mv coverage.json .nyc_output/out.json
echo "generate the html report from the combined coverage report"
mkdir -p coverage-all && npx nyc report --reporter lcov --reporter text --reporter json-summary --report-dir coverage-all
cd coverage-all
echo "Coverage reports merged"
- name: Upload combined test coverage
uses: actions/upload-artifact@v4
with:
name: combined-test-coverage
path: ./coverage-all/