Merge branch 'main' of github.com:Enterprise-CMCS/managed-care-review… #9349
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy | |
on: | |
push: | |
branches: | |
- '*' | |
- 'dependabot/**' | |
- '!skipci*' | |
- '!main' | |
permissions: | |
id-token: write | |
jobs: | |
begin-deployment: | |
name: Begin Deployment | |
runs-on: ubuntu-20.04 | |
permissions: | |
deployments: write | |
outputs: | |
deploy-id: ${{ steps.ghdeployment.outputs.deployment_id }} | |
stage-name: ${{ steps.stage-name.outputs.stage-name-for-branch}} | |
app-version: ${{ steps.branch-name.outputs.app-version}} | |
changed-services: ${{ steps.changed-services-action.outputs.changed-services }} | |
steps: | |
- name: Check out repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 40 | |
- name: Check for secrets | |
uses: ./.github/actions/check_secrets | |
with: | |
expected-secret: ${{ secrets.REACT_APP_AUTH_MODE }} | |
- name: set app version | |
id: app-version | |
shell: bash | |
run: echo "app-version=$(scripts/app_version.sh)" >> "$GITHUB_OUTPUT" | |
- name: set stage name | |
id: stage-name | |
shell: bash | |
run: | | |
echo "stage-name-for-branch=$(./scripts/stage_name_for_branch.sh ${GITHUB_REF#refs/heads/})" >> "$GITHUB_OUTPUT" | |
- name: set branch name | |
id: branch-name | |
shell: bash | |
run: echo "branch-name=$(echo ${GITHUB_REF#refs/heads/})" >> "$GITHUB_OUTPUT" | |
- name: lock this branch to prevent concurrent deploys | |
run: ./.github/github-lock.sh | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Setup env | |
uses: ./.github/actions/setup_env | |
- name: build scripts | |
shell: bash | |
run: npx lerna run build:ci-scripts | |
- name: run get_changed_services | |
id: changed-services-action | |
uses: ./scripts/get-changed-services/ | |
with: | |
branchName: ${{ steps.branch-name.outputs.branch-name}} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: test we have changed services output | |
id: test | |
shell: bash | |
run: | | |
echo "${{steps.changed-services-action.outputs.changed-services}}" | |
- uses: chrnorm/deployment-action@v2 | |
name: Create GitHub deployment | |
id: ghdeployment | |
with: | |
token: '${{ github.token }}' | |
environment: review-apps | |
transient-environment: true | |
description: stack ${{ steps.branch-name.outputs.stage-name-for-branch}} | |
initial-status: in_progress | |
web-unit-tests: | |
name: test - web unit tests | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Check out repository | |
uses: actions/checkout@v4 | |
- name: Setup env | |
uses: ./.github/actions/setup_env | |
- name: Generate GraphQL | |
run: npx lerna run gqlgen | |
- name: Generate Protos | |
run: npx lerna run generate --scope=app-proto | |
- name: Web Unit Tests | |
env: | |
REACT_APP_AUTH_MODE: AWS_COGNITO | |
DATABASE_URL: postgresql://postgres:shhhsecret@localhost:5432/postgres?schema=public&connection_limit=5 #pragma: allowlist secret | |
working-directory: services/app-web | |
run: yarn test:once --coverage | |
- name: upload app web gen directory | |
uses: actions/upload-artifact@v4 | |
with: | |
name: app-web-gen | |
path: ./services/app-web/src/gen | |
- name: upload cypress gen directory | |
uses: actions/upload-artifact@v4 | |
with: | |
name: cypress-gen | |
path: ./services/cypress/gen | |
- name: upload unit test coverage | |
uses: actions/upload-artifact@v4 | |
with: | |
name: unit-test-coverage | |
path: ./services/app-web/coverage/coverage-final.json | |
- name: publish code coverage | |
uses: paambaati/[email protected] | |
continue-on-error: true | |
env: | |
CC_TEST_REPORTER_ID: f7474ffe9522492f5380eb86189480f352c841718c1fe6a63f169353c7cee243 | |
with: | |
debug: true | |
coverageLocations: | | |
${{github.workspace}}/services/app-web/coverage/lcov.info:lcov | |
api-unit-tests: | |
name: test - api unit tests | |
runs-on: ubuntu-20.04 | |
services: | |
postgres: | |
image: postgres:13.3 | |
env: | |
REACT_APP_AUTH_MODE: AWS_COGNITO | |
POSTGRES_PASSWORD: shhhsecret #pragma: allowlist secret | |
# Set health checks to wait until postgres has started | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
ports: | |
- 5432:5432 | |
steps: | |
- name: Check out repository | |
uses: actions/checkout@v4 | |
- name: Setup env | |
uses: ./.github/actions/setup_env | |
- name: Generate GraphQL | |
run: npx lerna run gqlgen | |
- name: Generate Protos | |
run: npx lerna run generate | |
- name: Generate Prisma | |
env: | |
NODE_OPTIONS: --max_old_space_size=6000 | |
REACT_APP_AUTH_MODE: AWS_COGNITO | |
DATABASE_URL: postgresql://postgres:shhhsecret@localhost:5432/postgres?schema=public&connection_limit=5 #pragma: allowlist secret | |
working-directory: services/app-api | |
run: | | |
npx lerna run generate --scope=app-api | |
npx prisma migrate reset --force | |
- name: API Unit Tests | |
env: | |
stage: ${steps.stage-name.outputs.stage-name-for-branch} | |
NODE_OPTIONS: --max_old_space_size=6000 | |
REACT_APP_OTEL_COLLECTOR_URL: ${{vars.REACT_APP_OTEL_COLLECTOR_URL}} | |
REACT_APP_AUTH_MODE: AWS_COGNITO | |
DATABASE_URL: postgresql://postgres:shhhsecret@localhost:5432/postgres?schema=public&connection_limit=5 #pragma: allowlist secret | |
working-directory: services/app-api | |
run: | | |
yarn test:once --coverage | |
- name: upload api test coverage | |
uses: actions/upload-artifact@v4 | |
with: | |
name: api-test-coverage | |
path: ./services/app-api/coverage/coverage-final.json | |
- name: publish code coverage | |
uses: paambaati/[email protected] | |
continue-on-error: true | |
env: | |
CC_TEST_REPORTER_ID: f7474ffe9522492f5380eb86189480f352c841718c1fe6a63f169353c7cee243 | |
with: | |
debug: true | |
coverageLocations: | | |
${{github.workspace}}/services/app-api/coverage/lcov.info:lcov | |
build-prisma-client-lambda-layer: | |
name: build - postgres prisma layer | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Check out repository | |
uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: '.nvmrc' | |
cache: yarn | |
- name: Get yarn cache directory path | |
shell: bash | |
id: yarn-cache-dir-path | |
run: echo "dir=$(yarn cache dir)" >> "$GITHUB_OUTPUT" | |
- name: Install packages | |
working-directory: services/app-api | |
run: PRISMA_CLI_BINARY_TARGETS=rhel-openssl-1.0.x yarn install --prefer-offline --frozen-lockfile --cache-folder ${{ steps.yarn-cache-dir-path.outputs.dir }} | |
- name: Generate protos | |
run: npx lerna run generate && npx lerna run build --scope=app-proto | |
# Generate Prisma Client and binary that can run in a lambda environment | |
- name: Prepare prisma client | |
working-directory: services/app-api | |
env: | |
PRISMA_CLI_BINARY_TARGETS: rhel-openssl-1.0.x | |
run: yarn prisma generate | |
- name: Prepare "@prisma/client" lambda layer | |
working-directory: services/app-api | |
run: ./scripts/prepare-prisma-layer.sh | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: lambda-layers-prisma-client-migration | |
path: ./services/app-api/lambda-layers-prisma-client-migration | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: lambda-layers-prisma-client-engine | |
path: ./services/app-api/lambda-layers-prisma-client-engine | |
build-clamav-layer: | |
name: build - clamav layer | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Check out repository | |
uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: '.nvmrc' | |
cache: yarn | |
- name: Prepare ClamAV layer | |
working-directory: services/uploads/src/avLayer | |
run: ./dockerbuild.sh | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: lambda-layers-clamav | |
path: ./services/uploads/src/avLayer/build/lambda_layer.zip | |
deploy-infra: | |
needs: [begin-deployment, build-clamav-layer] | |
uses: Enterprise-CMCS/managed-care-review/.github/workflows/deploy-infra-to-env.yml@main | |
with: | |
environment: dev | |
stage_name: ${{ needs.begin-deployment.outputs.stage-name}} | |
changed_services: ${{ needs.begin-deployment.outputs.changed-services }} | |
aws_default_region: ${{ vars.AWS_DEFAULT_REGION }} | |
secrets: | |
aws_account_id: ${{ secrets.DEV_AWS_ACCOUNT_ID }} | |
nr_license_key: ${{ secrets.NR_LICENSE_KEY }} | |
slack_webhook_url: ${{ secrets.SLACK_WEBHOOK }} | |
deploy-app: | |
needs: | |
[ | |
begin-deployment, | |
build-prisma-client-lambda-layer, | |
web-unit-tests, | |
api-unit-tests, | |
deploy-infra, | |
] | |
if: | | |
always() && | |
(needs.deploy-infra.result == 'success' || needs.deploy-infra.result == 'skipped') && | |
needs.web-unit-tests.result == 'success' && | |
needs.api-unit-tests.result == 'success' && | |
needs.build-prisma-client-lambda-layer.result == 'success' && | |
needs.begin-deployment.result == 'success' | |
uses: Enterprise-CMCS/managed-care-review/.github/workflows/deploy-app-to-env.yml@main | |
with: | |
environment: dev | |
stage_name: ${{ needs.begin-deployment.outputs.stage-name }} | |
app_version: ${{ needs.begin-deployment.outputs.app-version }} | |
changed_services: ${{ needs.begin-deployment.outputs.changed-services }} | |
aws_default_region: ${{ vars.AWS_DEFAULT_REGION }} | |
secrets: | |
aws_account_id: ${{ secrets.DEV_AWS_ACCOUNT_ID }} | |
react_app_auth_mode: AWS_COGNITO | |
nr_license_key: ${{ secrets.NR_LICENSE_KEY }} | |
finishing-prep: | |
name: Finishing Prep | |
needs: [deploy-infra, begin-deployment, deploy-app] | |
environment: dev | |
if: | | |
always() | |
&& (needs.begin-deployment.result == 'success') | |
&& (needs.deploy-infra.result == 'success' || needs.deploy-infra.result == 'skipped') | |
&& (needs.deploy-app.result == 'success' || needs.deploy-app.result == 'skipped') | |
runs-on: ubuntu-20.04 | |
outputs: | |
application-endpoint: ${{ steps.save-app-endpoint.outputs.app-endpoint }} | |
api-endpoint: ${{ steps.save-api-endpoint.outputs.api-endpoint }} | |
cypress-uuid: ${{ steps.uuid.outputs.value }} | |
cognito-user-pool-id: ${{ steps.save-cognito-user-pool-id.outputs.value }} | |
cognito-region: ${{ steps.save-cognito-region.outputs.value }} | |
cognito-identity-pool-id: ${{ steps.save-cognito-identity-pool-id.outputs.value }} | |
cognito-user-pool-web-client-id: ${{ steps.save-cognito-user-pool-web-client-id.outputs.value }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup env | |
uses: ./.github/actions/setup_env | |
- name: Get AWS credentials | |
uses: ./.github/actions/get_aws_credentials | |
with: | |
region: ${{ vars.AWS_DEFAULT_REGION }} | |
account-id: ${{ secrets.DEV_AWS_ACCOUNT_ID }} | |
stage-name: ${{ needs.begin-deployment.outputs.stage-name }} | |
changed-services: ${{ needs.begin-deployment.outputs.changed-services }} | |
- name: Create Test Users | |
env: | |
STAGE_NAME: ${{ needs.begin-deployment.outputs.stage-name }} | |
TEST_USERS_PASS: ${{ secrets.TEST_USERS_PASS }} | |
run: | | |
cd scripts | |
yarn tsc | |
node ./add_cypress_test_users.js $STAGE_NAME $TEST_USERS_PASS | |
- name: Run migrate to turn on Aurora | |
id: run-migrations | |
working-directory: services/app-api | |
env: | |
STAGE_NAME: ${{ needs.begin-deployment.outputs.stage-name }} | |
run: | | |
./scripts/invoke-migrate-lambda.sh app-api-$STAGE_NAME-migrate | |
- name: get application endpoint | |
id: save-app-endpoint | |
env: | |
STAGE_NAME: ${{ needs.begin-deployment.outputs.stage-name }} | |
run: | | |
cd services | |
endpoint=$(./output.sh ui CloudFrontEndpointUrl $STAGE_NAME) | |
echo $endpoint | |
echo "app-endpoint=$endpoint" >> "$GITHUB_OUTPUT" | |
- name: get api endpoint | |
id: save-api-endpoint | |
env: | |
STAGE_NAME: ${{ needs.begin-deployment.outputs.stage-name }} | |
run: | | |
cd services | |
endpoint=$(./output.sh infra-api ApiGatewayRestApiUrl $STAGE_NAME) | |
echo "api-endpoint=$endpoint" >> "$GITHUB_OUTPUT" | |
- name: get cognito user pool id | |
id: save-cognito-user-pool-id | |
env: | |
STAGE_NAME: ${{ needs.begin-deployment.outputs.stage-name }} | |
run: | | |
cd services | |
endpoint=$(./output.sh ui-auth UserPoolId $STAGE_NAME) | |
echo "value=$endpoint" >> "$GITHUB_OUTPUT" | |
- name: get cognito region | |
id: save-cognito-region | |
env: | |
STAGE_NAME: ${{ needs.begin-deployment.outputs.stage-name }} | |
run: | | |
cd services | |
endpoint=$(./output.sh ui-auth Region $STAGE_NAME) | |
echo "value=$endpoint" >> "$GITHUB_OUTPUT" | |
- name: get cognito identity pool id | |
id: save-cognito-identity-pool-id | |
env: | |
STAGE_NAME: ${{ needs.begin-deployment.outputs.stage-name }} | |
run: | | |
cd services | |
endpoint=$(./output.sh ui-auth IdentityPoolId $STAGE_NAME) | |
echo "value=$endpoint" >> "$GITHUB_OUTPUT" | |
- name: get cognito user pool web client id | |
id: save-cognito-user-pool-web-client-id | |
env: | |
STAGE_NAME: ${{ needs.begin-deployment.outputs.stage-name }} | |
run: | | |
cd services | |
endpoint=$(./output.sh ui-auth UserPoolClientId $STAGE_NAME) | |
echo "value=$endpoint" >> "$GITHUB_OUTPUT" | |
- name: get storybook endpoint | |
id: save-storybook-endpoint | |
env: | |
STAGE_NAME: ${{ needs.begin-deployment.outputs.stage-name }} | |
run: | | |
cd services | |
endpoint=$(./output.sh storybook CloudFrontEndpointUrl $STAGE_NAME) | |
echo $endpoint | |
echo "storybook-endpoint=$endpoint" >> "$GITHUB_OUTPUT" | |
end-deployment: | |
needs: [begin-deployment, deploy-app, finishing-prep] | |
if: always() && needs.begin-deployment.result == 'success' | |
name: End Deployment | |
runs-on: ubuntu-20.04 | |
permissions: | |
deployments: write | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Update deployment status (failure) | |
if: failure() && needs.begin-deployment.result == 'success' | |
uses: chrnorm/deployment-status@v2 | |
with: | |
token: '${{ github.token }}' | |
state: 'failure' | |
deployment_id: ${{ needs.begin-deployment.outputs.deploy-id }} | |
- name: Update deployment status (success) | |
if: needs.deploy-app.result == 'success' | |
uses: chrnorm/deployment-status@v2 | |
with: | |
token: '${{ github.token }}' | |
environment-url: ${{ needs.finishing-prep.outputs.application-endpoint }} | |
state: 'success' | |
deployment-id: ${{ needs.begin-deployment.outputs.deploy-id }} | |
# GitHub creates a deployment each time you reference an environment, and you can't opt out: https://github.com/actions/runner/issues/2120 | |
# We need to clean them up manually so they don't spam our PRs | |
- name: Clean up dev deployments | |
uses: ./.github/actions/clean_up_deployments | |
with: | |
environment: dev | |
cypress: | |
name: cypress-run | |
timeout-minutes: 25 | |
needs: [deploy-app, finishing-prep] | |
if: always() && needs.finishing-prep.result == 'success' | |
runs-on: ubuntu-20.04 | |
container: | |
image: cypress/browsers:node18.12.0-chrome107 | |
options: --user 1001 | |
permissions: | |
deployments: write | |
strategy: | |
fail-fast: true | |
matrix: | |
# run copies of the current job in parallel | |
containers: [1, 2, 3, 4, 5, 6, 7, 8] | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v4 | |
with: | |
name: app-web-gen | |
path: ./services/app-web/src/gen | |
- uses: actions/download-artifact@v4 | |
with: | |
name: cypress-gen | |
path: ./services/cypress/gen | |
- name: check ip | |
id: check-ip | |
shell: bash | |
run: curl ifconfig.me/ip | |
- name: Cypress hack | |
run: | | |
export DISPLAY=:1 | |
Xvfb :1 -screen 0 1024x768x16 2>/dev/null & | |
- name: Cypress -- Chrome | |
id: cypress | |
uses: cypress-io/github-action@v6 | |
with: | |
config: baseUrl=${{ needs.finishing-prep.outputs.application-endpoint }} | |
record: true | |
parallel: true | |
browser: chrome | |
group: 'Chrome' | |
ci-build-id: ${{ github.run_id }}-${{ github.run_attempt }} | |
# Point to the cypress config file from root | |
config-file: services/cypress/cypress.config.ts | |
env: | |
REACT_APP_AUTH_MODE: AWS_COGNITO | |
CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }} | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
TEST_USERS_PASS: ${{ secrets.TEST_USERS_PASS }} | |
REACT_APP_API_URL: ${{ needs.finishing-prep.outputs.api-endpoint }} | |
COGNITO_USER_POOL_ID: ${{ needs.finishing-prep.outputs.cognito-user-pool-id }} | |
COGNITO_REGION: ${{ needs.finishing-prep.outputs.cognito-region }} | |
COGNITO_IDENTITY_POOL_ID: ${{ needs.finishing-prep.outputs.cognito-identity-pool-id }} | |
COGNITO_USER_POOL_WEB_CLIENT_ID: ${{ needs.finishing-prep.outputs.cognito-user-pool-web-client-id }} | |
# Overwrites folder directories in cypress config because in CI we run from root | |
CYPRESS_SUPPORT_FILE: services/cypress/support/index.ts | |
CYPRESS_FIXTURES_FOLDER: services/cypress/fixtures | |
CYPRESS_SPEC_PATTERN: services/cypress/integration/**/*.spec.ts | |
CYPRESS_SCREEN_SHOTS_FOLDER: services/cypress/screenshots | |
CYPRESS_VIDEOS_FOLDER: services/cypress/videos | |
- name: Upload cypress screenshots | |
uses: actions/upload-artifact@v4 | |
if: failure() && steps.cypress.outcome == 'failure' | |
with: | |
name: cypress-screenshots-${{ matrix.containers}} | |
path: services/cypress/screenshots | |
- name: Upload cypress video | |
uses: actions/upload-artifact@v4 | |
if: always() && steps.cypress.outcome != 'skipped' | |
with: | |
name: cypress-videos-${{ matrix.containers}} | |
path: services/cypress/videos | |
- name: upload partial cypress coverage | |
uses: actions/upload-artifact@v4 | |
with: | |
name: partial-cypress-coverage-${{ matrix.containers}} | |
path: ./coverage-cypress/lcov.info | |
- name: upload partial cypress coverage json | |
uses: actions/upload-artifact@v4 | |
with: | |
name: cypress-json-coverage-${{ matrix.containers}} | |
path: ./coverage-cypress/coverage-final.json | |
- name: publish code coverage | |
uses: paambaati/[email protected] | |
continue-on-error: true | |
env: | |
CC_TEST_REPORTER_ID: f7474ffe9522492f5380eb86189480f352c841718c1fe6a63f169353c7cee243 | |
with: | |
debug: true | |
coverageLocations: | | |
${{github.workspace}}/coverage-cypress/lcov.info | |
coverage: | |
name: test-coverage | |
needs: [cypress] | |
if: always() && needs.finishing-prep.result == 'success' | |
runs-on: ubuntu-latest | |
permissions: | |
deployments: write | |
strategy: | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Collate test coverage reports | |
run: | | |
ls | |
echo $(pwd) | |
cd ./services/app-web | |
echo $(pwd) | |
ls | |
- uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v4 | |
- name: Create combined test coverage report | |
run: | | |
echo "Combining all coverage reports" | |
echo "prepare the folders to hold the reports" | |
mkdir -p reports | |
mkdir -p cypress_temp | |
mkdir -p .nyc_output | |
echo "listing current folder" | |
ls | |
echo "listing a cypress folder" | |
ls ./cypress-json-coverage-1/ | |
echo "copy the separate cypress reports from parallel runs to one folder" | |
cp ./cypress-json-coverage-1/coverage-final.json ./cypress_temp/from-cypress-1.json | |
cp ./cypress-json-coverage-2/coverage-final.json ./cypress_temp/from-cypress-2.json | |
cp ./cypress-json-coverage-3/coverage-final.json ./cypress_temp/from-cypress-3.json | |
cp ./cypress-json-coverage-4/coverage-final.json ./cypress_temp/from-cypress-4.json | |
cp ./cypress-json-coverage-5/coverage-final.json ./cypress_temp/from-cypress-5.json | |
cp ./cypress-json-coverage-6/coverage-final.json ./cypress_temp/from-cypress-6.json | |
cp ./cypress-json-coverage-7/coverage-final.json ./cypress_temp/from-cypress-7.json | |
cp ./cypress-json-coverage-8/coverage-final.json ./cypress_temp/from-cypress-8.json | |
echo "merge the collected cypress reports into one report" | |
npx nyc merge cypress_temp ./reports/from-cypress.json | |
echo "Temp merge done" | |
ls ./cypress_temp | |
echo "copy the web and api coverage reports to the reports folder" | |
cp ./api-test-coverage/coverage-final.json ./reports/from-api.json | |
cp ./unit-test-coverage/coverage-final.json ./reports/from-unit-test.json | |
echo "Copied all files" | |
echo "merge the cypress, web, and api reports into one report" | |
npx nyc merge reports && mv coverage.json .nyc_output/out.json | |
echo "generate the html report from the combined coverage report" | |
mkdir -p coverage-all && npx nyc report --reporter lcov --reporter text --reporter json-summary --report-dir coverage-all | |
cd coverage-all | |
echo "Coverage reports merged" | |
- name: Upload combined test coverage | |
uses: actions/upload-artifact@v4 | |
with: | |
name: combined-test-coverage | |
path: ./coverage-all/ |