Skip to content

wip (#2371)

wip (#2371) #1762

Workflow file for this run

name: Promote
on:
push:
branches:
- 'main'
jobs:
unit-tests:
name: test - unit tests
runs-on: ubuntu-20.04
outputs:
app-version: ${{ steps.branch-name.outputs.app-version}}
changed-services: "[
'app-api',
'app-web',
'postgres',
'storybook',
'ui-auth',
'ui',
'uploads',
'run-migrations',
'prisma-layer',
'infra-api',
'github-oidc'
]"
services:
postgres:
image: postgres:13.3
env:
REACT_APP_AUTH_MODE: IDM
POSTGRES_PASSWORD: shhhsecret #pragma: allowlist secret
# Set health checks to wait until postgres has started
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432
steps:
- name: Check out repository
uses: actions/checkout@v4
- name: lock this branch to prevent concurrent builds
run: ./.github/github-lock.sh
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: set app version
id: app-version
shell: bash
run: echo "::set-output name=app-version::$(scripts/app_version.sh)"
- name: Setup env
uses: ./.github/actions/setup_env
- name: Unit Tests
env:
REACT_APP_AUTH_MODE: IDM
DATABASE_URL: postgresql://postgres:shhhsecret@localhost:5432/postgres?schema=public&connection_limit=5 #pragma: allowlist secret
NODE_OPTIONS: --max_old_space_size=6000
run: ./dev test --unit
- name: publish code coverage
uses: paambaati/[email protected]
continue-on-error: true
env:
CC_TEST_REPORTER_ID: f7474ffe9522492f5380eb86189480f352c841718c1fe6a63f169353c7cee243
with:
debug: true
coverageLocations: |
${{github.workspace}}/services/app-api/coverage/lcov.info:lcov
${{github.workspace}}/services/app-web/coverage/lcov.info:lcov
build-prisma-client-lambda-layer:
name: build - postgres prisma layer
runs-on: ubuntu-20.04
steps:
- name: Check out repository
uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: 'yarn'
- name: Get yarn cache directory path
shell: bash
id: yarn-cache-dir-path
run: echo "::set-output name=dir::$(yarn cache dir)"
- name: Install packages
working-directory: services/app-api
run: PRISMA_CLI_BINARY_TARGETS=rhel-openssl-1.0.x yarn install --prefer-offline --frozen-lockfile --cache-folder ${{ steps.yarn-cache-dir-path.outputs.dir }}
- name: Generate protos
run: npx lerna run generate --scope=app-proto
# Generate Prisma Client and binary that can run in a lambda environment
- name: Prepare prisma client
working-directory: services/app-api
run: PRISMA_CLI_BINARY_TARGETS=rhel-openssl-1.0.x yarn prisma generate
- name: Prepare "@prisma/client" lambda layer
working-directory: services/app-api
run: ./scripts/prepare-prisma-layer.sh
- uses: actions/upload-artifact@v4
with:
name: lambda-layers-prisma-client-migration
path: ./services/app-api/lambda-layers-prisma-client-migration
- uses: actions/upload-artifact@v4
with:
name: lambda-layers-prisma-client-engine
path: ./services/app-api/lambda-layers-prisma-client-engine
build-clamav-layer:
name: build - clamav layer
runs-on: ubuntu-20.04
steps:
- name: Check out repository
uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
cache: yarn
- name: Prepare ClamAV layer
working-directory: services/uploads/src/avLayer
run: ./dockerbuild.sh
- uses: actions/upload-artifact@v4
with:
name: lambda-layers-clamav
path: ./services/uploads/src/avLayer/build/lambda_layer.zip
promote-infra-dev:
needs: [build-prisma-client-lambda-layer, build-clamav-layer, unit-tests]
uses: Enterprise-CMCS/managed-care-review/.github/workflows/deploy-infra-to-env.yml@main
with:
environment: dev
stage_name: main
changed_services: ${{ needs.unit-tests.outputs.changed-services}}
aws_default_region: ${{ vars.AWS_DEFAULT_REGION }}
secrets:
aws_account_id: ${{ secrets.DEV_AWS_ACCOUNT_ID }}
nr_license_key: ${{ secrets.NR_LICENSE_KEY }}
slack_webhook_url: ${{ secrets.SLACK_WEBHOOK }}
promote-app-dev:
needs: [promote-infra-dev, build-prisma-client-lambda-layer, unit-tests]
uses: Enterprise-CMCS/managed-care-review/.github/workflows/deploy-app-to-env.yml@main
with:
environment: dev
stage_name: main
app_version: ${{ needs.unit-tests.outputs.app-version }}
changed_services: ${{ needs.unit-tests.outputs.changed-services}}
aws_default_region: ${{ vars.AWS_DEFAULT_REGION }}
secrets:
aws_account_id: ${{ secrets.DEV_AWS_ACCOUNT_ID }}
react_app_auth_mode: IDM
nr_license_key: ${{ secrets.NR_LICENSE_KEY }}
promote-infra-val:
needs: [promote-app-dev, unit-tests]
uses: Enterprise-CMCS/managed-care-review/.github/workflows/deploy-infra-to-env.yml@main
with:
environment: val
stage_name: val
changed_services: ${{ needs.unit-tests.outputs.changed-services}}
aws_default_region: ${{ vars.AWS_DEFAULT_REGION }}
secrets:
aws_account_id: ${{ secrets.VAL_AWS_ACCOUNT_ID }}
nr_license_key: ${{ secrets.NR_LICENSE_KEY }}
slack_webhook_url: ${{ secrets.SLACK_WEBHOOK }}
promote-app-val:
needs: [promote-app-dev, promote-infra-val, unit-tests]
uses: Enterprise-CMCS/managed-care-review/.github/workflows/deploy-app-to-env.yml@main
with:
environment: val
stage_name: val
app_version: ${{ needs.unit-tests.outputs.app-version }}
changed_services: ${{ needs.unit-tests.outputs.changed-services}}
aws_default_region: ${{ vars.AWS_DEFAULT_REGION }}
secrets:
aws_account_id: ${{ secrets.VAL_AWS_ACCOUNT_ID }}
react_app_auth_mode: IDM
nr_license_key: ${{ secrets.NR_LICENSE_KEY }}
promote-infra-prod:
needs: [promote-app-val, unit-tests]
uses: Enterprise-CMCS/managed-care-review/.github/workflows/deploy-infra-to-env.yml@main
with:
environment: prod
stage_name: prod
changed_services: ${{ needs.unit-tests.outputs.changed-services}}
aws_default_region: ${{ vars.AWS_DEFAULT_REGION }}
secrets:
aws_account_id: ${{ secrets.PROD_AWS_ACCOUNT_ID }}
nr_license_key: ${{ secrets.NR_LICENSE_KEY }}
slack_webhook_url: ${{ secrets.SLACK_WEBHOOK }}
promote-app-prod:
needs: [promote-app-val, promote-infra-prod, unit-tests]
uses: Enterprise-CMCS/managed-care-review/.github/workflows/deploy-app-to-env.yml@main
with:
environment: prod
stage_name: prod
app_version: ${{ needs.unit-tests.outputs.app-version }}
changed_services: ${{ needs.unit-tests.outputs.changed-services}}
aws_default_region: ${{ vars.AWS_DEFAULT_REGION }}
secrets:
aws_account_id: ${{ secrets.PROD_AWS_ACCOUNT_ID }}
react_app_auth_mode: IDM
nr_license_key: ${{ secrets.NR_LICENSE_KEY }}
cypress-prod:
name: prod - cypress
needs: [promote-app-prod]
runs-on: ubuntu-20.04
container:
image: cypress/browsers:node16.17.0-chrome106
options: --user 1001
strategy:
fail-fast: false
steps:
- uses: actions/checkout@v4
- name: check ip
id: check-ip
shell: bash
run: curl ifconfig.me/ip
- name: Generate unique ID for Cypress
id: uuid
run: echo "::set-output name=value::sha-$GITHUB_SHA-time-$(date +"%s")"
- name: Setup env
uses: ./.github/actions/setup_env
- uses: actions/download-artifact@v4
with:
name: app-web-gen deploy prod
path: ./services/app-web/src/gen
- uses: actions/download-artifact@v4
with:
name: cypress-gen deploy prod
path: ./services/cypress/gen
- name: Cypress chrome fix
run: |
export DISPLAY=:1
Xvfb :1 -screen 0 1024x768x16 2>/dev/null &
- name: Cypress on Prod -- Chrome
id: cypress
uses: cypress-io/github-action@v6
with:
install: false
config: baseUrl=https://mc-review.onemac.cms.gov
spec: services/cypress/integration/promoteWorkflow/promote.spec.ts
record: true
parallel: false
browser: chrome
group: 'Chrome - prod'
ci-build-id: ${{ steps.uuid.outputs.value }}
# Point to the cypress config file from root
config-file: services/cypress/cypress.config.ts
env:
REACT_APP_AUTH_MODE: IDM
CYPRESS_RECORD_KEY: ${{ secrets.CYPRESS_RECORD_KEY }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Overwrites folder directories in cypress config because in CI we run from root
CYPRESS_SUPPORT_FILE: services/cypress/support/index.ts
CYPRESS_FIXTURES_FOLDER: services/cypress/fixtures
CYPRESS_SPEC_PATTERN: services/cypress/integration/**/*.spec.ts
CYPRESS_SCREEN_SHOTS_FOLDER: services/cypress/screenshots
CYPRESS_VIDEOS_FOLDER: services/cypress/videos
- name: Upload cypress video
uses: actions/upload-artifact@v4
if: failure() && steps.cypress.outcome == 'failure'
with:
name: cypress-videos
path: services/cypress/videos
slack:
name: Slack notification on failure
runs-on: ubuntu-20.04
needs: [cypress-prod, promote-app-val]
if: always()
steps:
# this action sets env.WORKFLOW_CONCLUSION so we can call a
# failure notification if any part of the workflow fails
- uses: technote-space/workflow-conclusion-action@v3
- name: Alert Slack On Failure
uses: rtCamp/action-slack-notify@v2
if: (env.WORKFLOW_CONCLUSION == 'failure' || needs.cypress-prod.result == 'skipped' || needs.promote-app-val.result == 'skipped')
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
SLACK_USERNAME: Deploy Alerts
SLACK_ICON_EMOJI: ':bell:'
SLACK_COLOR: failure
SLACK_FOOTER: ''
MSG_MINIMAL: actions url,commit