PFS-195 Generate & upload aged debt report #356
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test & Build | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| test: | |
| name: Unit/Integration Tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Set up Go 1.22 | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: 1.22 | |
| id: go | |
| - name: Check out code | |
| uses: actions/checkout@v4 | |
| - name: Run tests | |
| run: make test | |
| - name: Test Summary | |
| uses: test-summary/action@v2 | |
| with: | |
| paths: "test-results/unit-tests.xml" | |
| if: always() | |
| - name: Upload Code Coverage | |
| uses: codecov/codecov-action@v5 | |
| with: | |
| files: test-results/test-coverage.txt | |
| fail_ci_if_error: false | |
| verbose: true | |
| lint: | |
| name: Go Lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Go Lint | |
| run: make go-lint | |
| cypress: | |
| name: Cypress Tests | |
| runs-on: ubuntu-latest | |
| needs: test | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run cypress | |
| run: make cypress | |
| - name: Store screenshots | |
| uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: cypress-screenshots | |
| path: cypress/screenshots | |
| - name: Store logs | |
| uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: cypress-logs | |
| path: cypress/logs | |
| build-and-push: | |
| name: "Build & Push Containers" | |
| runs-on: ubuntu-latest | |
| needs: ['test', 'lint'] | |
| outputs: | |
| branch: ${{ steps.set-outputs.outputs.branch }} | |
| tag: ${{ steps.bump_version.outputs.tag }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: '0' | |
| - name: Extract branch name | |
| run: | | |
| if [ "${{ github.head_ref }}" == "" ]; then | |
| echo BRANCH_NAME=main >> $GITHUB_ENV | |
| else | |
| echo BRANCH_NAME=${{ github.head_ref }} >> $GITHUB_ENV | |
| fi | |
| id: extract_branch | |
| - uses: unfor19/install-aws-cli-action@v1 | |
| - name: Build Container | |
| run: make build | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
| aws-region: eu-west-1 | |
| role-to-assume: arn:aws:iam::311462405659:role/sirius-actions-ci | |
| role-duration-seconds: 3600 | |
| role-session-name: GitHubActions | |
| - name: ECR Login | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| with: | |
| registries: 311462405659 | |
| - name: Run Trivy Vulnerability Scanner | |
| env: | |
| TRIVY_DB_REPOSITORY: ${{ steps.login-ecr.outputs.registry }}/trivy-db-public-ecr/aquasecurity/trivy-db:2 | |
| TRIVY_JAVA_DB_REPOSITORY: ${{ steps.login-ecr.outputs.registry }}/trivy-db-public-ecr/aquasecurity/trivy-java-db:1 | |
| DOCKER_USERNAME: ${{ steps.login-ecr.outputs.docker_username_311462405659_dkr_ecr_eu_west_1_amazonaws_com }} | |
| DOCKER_PASSWORD: ${{ steps.login-ecr.outputs.docker_password_311462405659_dkr_ecr_eu_west_1_amazonaws_com }} | |
| run: make scan | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: 'test-results/' | |
| - name: Bump Version | |
| id: bump_version | |
| uses: anothrNick/[email protected] | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| INITIAL_VERSION: 1.0.0 | |
| DEFAULT_BUMP: minor | |
| PRERELEASE: true | |
| PRERELEASE_SUFFIX: ${{ env.BRANCH_NAME }} | |
| RELEASE_BRANCHES: main | |
| WITH_V: true | |
| - name: Generate Single Timestamp | |
| run: echo "TIMESTAMP=$(date +"%Y%m%d%H%M%S")" >> $GITHUB_ENV | |
| - name: Push Container | |
| run: | | |
| docker tag 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin:latest 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin:${{ steps.bump_version.outputs.tag }} | |
| docker tag 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin-api:latest 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin-api:${{ steps.bump_version.outputs.tag }} | |
| if [ $BRANCH_NAME == "main" ]; then | |
| docker tag 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin:latest 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin:main-${{ steps.bump_version.outputs.tag }} | |
| docker tag 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin-api:latest 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin-api:main-${{ steps.bump_version.outputs.tag }} | |
| docker tag 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin:latest 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin:main-${{ steps.bump_version.outputs.tag }}-$TIMESTAMP | |
| docker tag 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin-api:latest 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin-api:main-${{ steps.bump_version.outputs.tag }}-$TIMESTAMP | |
| # We want all of the tags pushed | |
| docker push --all-tags 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin | |
| docker push --all-tags 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin-api | |
| else | |
| docker push 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin:${{ steps.bump_version.outputs.tag }} | |
| docker push 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-finance-admin-api:${{ steps.bump_version.outputs.tag }} | |
| fi | |
| push-tags: | |
| runs-on: ubuntu-latest | |
| needs: build-and-push | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
| aws-region: eu-west-1 | |
| role-to-assume: arn:aws:iam::997462338508:role/sirius-actions-ci | |
| role-duration-seconds: 3600 | |
| role-session-name: GitHubActions | |
| - name: Install AWS CLI | |
| id: install-aws-cli | |
| uses: unfor19/install-aws-cli-action@v1 | |
| - name: Push Tag to Parameter Store | |
| run: | | |
| aws ssm put-parameter --name "opg-sirius-supervision-finance-admin-latest-green-build" --type "String" --value "${{ needs.build-and-push.outputs.tag }}" --overwrite --region=eu-west-1 |