Renovate Update Patch & Minor Updates #2011
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test & Build | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| identify: | |
| name: Identify version | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: "0" | |
| - name: Define commit SHA and branch | |
| id: commit_branch | |
| run: | | |
| if [ "${{ github.head_ref }}" == "" ]; then | |
| echo "COMMIT=${{github.sha}}" >> $GITHUB_OUTPUT | |
| echo "BRANCH=main" >> $GITHUB_OUTPUT | |
| else | |
| echo "COMMIT=${{github.event.pull_request.head.sha}}" >> $GITHUB_OUTPUT | |
| echo "BRANCH=${{github.head_ref}}" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Bump version | |
| id: bump_version | |
| uses: anothrNick/github-tag-action@1.70.0 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| INITIAL_VERSION: 1.0.0 | |
| DEFAULT_BRANCH: main | |
| DEFAULT_BUMP: minor | |
| PRERELEASE: true | |
| PRERELEASE_SUFFIX: ${{ steps.commit_branch.outputs.BRANCH }} | |
| RELEASE_BRANCHES: main | |
| WITH_V: true | |
| outputs: | |
| commit: ${{ steps.commit_branch.outputs.COMMIT }} | |
| branch: ${{ steps.commit_branch.outputs.BRANCH }} | |
| tag: ${{ steps.bump_version.outputs.tag }} | |
| build: | |
| name: Build User Management | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Cache Images | |
| uses: actions/cache@v4 | |
| with: | |
| path: /tmp/images | |
| key: ${{ runner.os }}-images-${{ github.run_id }}-${{ github.run_number }} | |
| - name: Build Images | |
| run: | | |
| make build | |
| mkdir -p /tmp/images | |
| docker save -o /tmp/images/app.tar 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius-user-management:latest | |
| docker save -o /tmp/images/pact-stub.tar opg-sirius-user-management-pact-stub:latest | |
| test: | |
| name: Test User Management | |
| needs: [identify] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Cache GO Dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.gocache | |
| key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} | |
| restore-keys: | | |
| ${{ runner.os }}-go- | |
| - name: Run Tests | |
| run: make unit-test | |
| - name: Publish Unit Test Results | |
| uses: EnricoMi/publish-unit-test-result-action@v2 | |
| if: ${{ always() && github.actor != 'dependabot[bot]' }} | |
| with: | |
| check_name: "Unit Test Results" | |
| files: test-results/unit-tests.xml | |
| - name: Publish pacts | |
| if: github.actor != 'dependabot[bot]' | |
| run: | | |
| docker compose run --rm test-runner pact-broker publish ./pacts/sirius-user-management-sirius.json \ | |
| --consumer-app-version ${{ needs.identify.outputs.commit }} \ | |
| --branch ${{ needs.identify.outputs.branch }} \ | |
| --tag ${{ needs.identify.outputs.tag }} \ | |
| --broker-base-url https://pact-broker.api.opg.service.justice.gov.uk \ | |
| --broker-username admin \ | |
| --broker-password ${{ secrets.PACT_BROKER_PASSWORD }} | |
| - name: Compare pacts | |
| if: github.actor == 'dependabot[bot]' | |
| env: | |
| PACT_DIR: ./pacts | |
| PACT_BROKER_URL: https://pact-broker.api.opg.service.justice.gov.uk | |
| run: | | |
| curl ${PACT_BROKER_URL}/pacts/provider/sirius/consumer/sirius-user-management/latest > /tmp/latest-pact.json | |
| (diff <(jq --sort-keys . ${PACT_DIR}/sirius-user-management-sirius.json) <(jq --sort-keys . /tmp/latest-pact.json) || true) | (! grep '<') | |
| - name: Upload Code Coverage | |
| uses: codecov/codecov-action@v4 | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| with: | |
| files: test-results/test-coverage.txt | |
| fail_ci_if_error: true | |
| verbose: true | |
| - name: Persist Pacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: pacts | |
| path: | | |
| ./pacts/sirius-user-management-sirius.json | |
| ./pacts/ignored-ignored.json | |
| lint: | |
| name: GO lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run linting | |
| run: make lint | |
| cypress: | |
| name: Cypress | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build | |
| - test | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Cache Images | |
| uses: actions/cache@v4 | |
| with: | |
| path: /tmp/images | |
| key: ${{ runner.os }}-images-${{ github.run_id }}-${{ github.run_number }} | |
| - name: Download Artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: pacts | |
| path: ./pacts | |
| - name: Restore images | |
| run: | | |
| docker load -i /tmp/images/app.tar | |
| docker load -i /tmp/images/pact-stub.tar | |
| - name: Run Cypress tests | |
| run: make cypress | |
| - name: Upload Cypress screenshots | |
| uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: cypress-screenshots | |
| path: cypress/screenshots | |
| push: | |
| name: "Build & Push Containers" | |
| runs-on: ubuntu-latest | |
| needs: [identify, "build", "test", "lint", "cypress"] | |
| if: github.actor != 'dependabot[bot]' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: "0" | |
| - uses: unfor19/install-aws-cli-action@v1 | |
| - name: Cache Images | |
| uses: actions/cache@v4 | |
| with: | |
| path: /tmp/images | |
| key: ${{ runner.os }}-images-${{ github.run_id }}-${{ github.run_number }} | |
| - name: Restore Image | |
| run: | | |
| docker load -i /tmp/images/app.tar | |
| - name: Trivy Image Vulnerability Scanner | |
| run: make scan | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| if: always() | |
| with: | |
| sarif_file: "test-results/trivy.sarif" | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
| aws-region: eu-west-1 | |
| role-to-assume: arn:aws:iam::311462405659:role/sirius-actions-ci | |
| role-duration-seconds: 3600 | |
| role-session-name: GitHubActions | |
| - name: ECR Login | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| with: | |
| registries: 311462405659 | |
| - name: Push Container | |
| run: | | |
| docker tag 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius-user-management:latest 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius-user-management:${{ needs.identify.outputs.tag }} | |
| if [ "${{ needs.identify.outputs.branch }}" == "main" ]; then | |
| # We want all of the tags pushed | |
| docker tag 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius-user-management:latest 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius-user-management:main-${{ needs.identify.outputs.tag }} | |
| docker push --all-tags 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius-user-management | |
| else | |
| docker push 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius-user-management:${{ needs.identify.outputs.tag }} | |
| fi | |
| push-tags: | |
| runs-on: ubuntu-latest | |
| needs: [identify, push] | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
| aws-region: eu-west-1 | |
| role-to-assume: arn:aws:iam::997462338508:role/sirius-actions-ci | |
| role-duration-seconds: 3600 | |
| role-session-name: GitHubActions | |
| - name: Install AWS CLI | |
| id: install-aws-cli | |
| uses: unfor19/install-aws-cli-action@v1 | |
| - name: Push Tag to Parameter Store | |
| run: | | |
| aws ssm put-parameter --name "opg-sirius-user-management-latest-green-build" --type "String" --value "${{needs.identify.outputs.tag}}" --overwrite --region=eu-west-1 | |
| - name: Trigger Dev Deploy | |
| shell: bash | |
| run: curl -u ${{ secrets.JENKINS_API_USER }}:${{ secrets.JENKINS_API_TOKEN }} "https://${{ secrets.JENKINS_URL }}/job/Sirius/job/Deploy_to_Development/build?token=${{ secrets.JENKINS_API_TOKEN_NAME }}&cause=Triggered+by+opg-sirius-user-management" |