Skip to content

Renovate Update actions/checkout action to v4 #36

Renovate Update actions/checkout action to v4

Renovate Update actions/checkout action to v4 #36

Workflow file for this run

name: Test & Build
on:
pull_request:
branches:
- main
push:
branches:
- main
workflow_dispatch:
defaults:
run:
shell: bash
jobs:
test:
name: Unit/Integration Tests
runs-on: ubuntu-latest
steps:
- name: Set up Go 1.22
uses: actions/setup-go@v1
with:
go-version: 1.22
id: go
- name: Check out code
uses: actions/checkout@v4
- name: Run tests
run: make test
- name: Test Summary
uses: test-summary/action@v2
with:
paths: "test-results/unit-tests.xml"
if: always()
- name: Upload Code Coverage
uses: codecov/codecov-action@v3
with:
files: test-results/test-coverage.txt
fail_ci_if_error: false
verbose: true
lint:
name: Go Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Go Lint
run: make go-lint
cypress:
name: Cypress Tests
runs-on: ubuntu-latest
needs: test
steps:
- uses: actions/checkout@v4
- name: Run cypress
run: make cypress
- name: Store screenshots
uses: actions/upload-artifact@v3
if: failure()
with:
name: cypress-screenshots
path: cypress/screenshots
- name: Store logs
uses: actions/upload-artifact@v3
if: failure()
with:
name: cypress-logs
path: cypress/logs
build-and-push:
name: "Build & Push Containers"
runs-on: ubuntu-latest
needs: ['test', 'lint']
outputs:
branch: ${{ steps.set-outputs.outputs.branch }}
tag: ${{ steps.bump_version.outputs.tag }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: '0'
- name: Extract branch name
run: |
if [ "${{ github.head_ref }}" == "" ]; then
echo BRANCH_NAME=main >> $GITHUB_ENV
else
echo BRANCH_NAME=${{ github.head_ref }} >> $GITHUB_ENV
fi
id: extract_branch
- uses: unfor19/install-aws-cli-action@v1
- name: Build Container
run: make build
- name: Run Trivy vulnerability scanner
run: make scan
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'test-results/'
- name: Bump Version
id: bump_version
uses: anothrNick/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
INITIAL_VERSION: 1.0.0
DEFAULT_BUMP: minor
PRERELEASE: true
PRERELEASE_SUFFIX: ${{ env.BRANCH_NAME }}
RELEASE_BRANCHES: main
WITH_V: true
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
aws-region: eu-west-1
role-to-assume: arn:aws:iam::311462405659:role/sirius-actions-ci
role-duration-seconds: 3600
role-session-name: GitHubActions
- name: ECR Login
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
with:
registries: 311462405659
- name: Push Container
run: |
docker tag 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin:latest 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin:${{ steps.bump_version.outputs.tag }}
if [ $BRANCH_NAME == "main" ]; then
docker tag 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin:latest 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin:main-${{ steps.bump_version.outputs.tag }}
# We want all of the tags pushed
docker push --all-tags 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin
else
docker push 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin:${{ steps.bump_version.outputs.tag }}
fi
push-tags:
runs-on: ubuntu-latest
needs: build-and-push
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
steps:
- uses: actions/checkout@v4
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }}
aws-region: eu-west-1
role-to-assume: arn:aws:iam::997462338508:role/sirius-actions-ci
role-duration-seconds: 3600
role-session-name: GitHubActions
- name: Install AWS CLI
id: install-aws-cli
uses: unfor19/install-aws-cli-action@v1
- name: Push Tag to Parameter Store
run: |
aws ssm put-parameter --name "opg-sirius-supervision-finance-admin-latest-green-build" --type "String" --value "${{ needs.build-and-push.outputs.tag }}" --overwrite --region=eu-west-1