Merge remote-tracking branch 'origin/develop' into HEAD

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -34,11 +34,12 @@ body:
       label: Domain
       description: Which GovTool instance were you connected to?
       options:
+        - gov.tools
+        - preview.gov.tools
         - sanchogov.tools
         - dev-sanchogov.tools
         - test-sanchogov.tools
         - stage-sanchogov.tools
-        - preview.gov.tools
         - Custom setup
     validations:
       required: true

generate_report_details.sh → .github/scripts/generate_report_details.sh

@@ -7,5 +7,6 @@ else
   latest_number=$(echo "$gh_pages_content" | grep -Eo '[0-9]+' | sort -nr | head -n 1)
 fi
 
-echo "::set-output name=report_number::$((latest_number+1))"
-echo "::set-output name=report_url::https://$(dirname "$GH_PAGES").github.io/$(basename "$GH_PAGES")/$REPORT_NAME"
+echo "report_number=$((latest_number+1))" >> $GITHUB_OUTPUT
+echo "report_url=https://$(dirname "$GH_PAGES").github.io/$(basename "$GH_PAGES")/$REPORT_NAME" >> $GITHUB_OUTPUT
+

register_report.sh → .github/scripts/register_report.sh

@@ -8,8 +8,8 @@ cp -r gh-pages/* "$PROJECT_DIR" || true
 
 if grep -q "$REPORT_NAME" "$PROJECT_DIR/$PROJECT_FILE"; then
   echo "Project already exists"
-  echo "::set-output name=project_exists::true"
+  echo "project_exists=true">> $GITHUB_OUTPUT
 else
   echo "$REPORT_NAME" >> "$PROJECT_DIR/$PROJECT_FILE"
-  echo "::set-output name=project_exists::false" 
+  echo "project_exists=false">> $GITHUB_OUTPUT
 fi

.github/workflows/build-and-deploy-test-stack.yml

@@ -15,39 +15,64 @@ jobs:
   deploy:
     name: Deploy app
     runs-on: ubuntu-latest
-    env:
-      GRAFANA_ADMIN_PASSWORD: ${{ secrets.GRAFANA_ADMIN_PASSWORD }}
-      GRAFANA_SLACK_RECIPIENT: ${{ secrets.GRAFANA_SLACK_RECIPIENT }}
-      GRAFANA_SLACK_OAUTH_TOKEN: ${{ secrets.GRAFANA_SLACK_OAUTH_TOKEN }}
-      SENTRY_DSN_BACKEND: ${{ secrets.SENTRY_DSN_BACKEND }}
-      GTM_ID: ${{ secrets.GTM_ID }}
-      NPMRC_TOKEN: ${{ secrets.NPMRC_TOKEN }}
-      SENTRY_DSN_FRONTEND: ${{ secrets.SENTRY_DSN_FRONTEND }}
-      PIPELINE_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
-      USERSNAP_SPACE_API_KEY: ${{ secrets.USERSNAP_SPACE_API_KEY }}
-      APP_ENV: test
-      PDF_API_URL: ${{ secrets.PDF_API_URL}}
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
-      - name: Setup SSH agent
-        uses: webfactory/ssh-[email protected]
+      - name: Set up SSH and deploy
+        uses: appleboy/ssh-[email protected]
         with:
-          ssh-private-key: ${{ secrets.TEST_STACK_SSH_KEY }}
-
-      - name: Run Ansible playbook
-        uses: dawidd6/action-ansible-playbook@v2
-        with:
-          playbook: playbook.yml
-          directory: ./tests/test-infrastructure
+          host: ${{ secrets.TEST_STACK_SERVER_IP }}
+          username: ec2-user
           key: ${{ secrets.TEST_STACK_SSH_KEY }}
-          inventory: |
-            [test_server]
-            ${{ secrets.TEST_STACK_SERVER_IP }} ansible_user=ec2-user
-          options: |
-            --verbose
+          command_timeout: 100m ## Haskell container build takes a lot of time.
+          script: |
+            REPO_URL="https://github.com/${{ github.repository }}"
+            DEST_DIR="$HOME/Documents/govtool"
+
+            # Create parent directory if it does not exist
+            mkdir -p "$(dirname "$DEST_DIR")"
+
+            # Check if $DEST_DIR exists
+            if [ -d "$DEST_DIR" ]; then
+              if [ -d "$DEST_DIR/.git" ]; then
+                cd $DEST_DIR || exit
+                echo "Updating repository..."
+                git fetch --all
+                git checkout --force "$GOVTOOL_TAG"
+              else
+                echo "Not a git repository. Re-cloning..."
+                rm -rf "$DEST_DIR"
+                git clone "$REPO_URL" "$DEST_DIR"
+                cd "$DEST_DIR" || exit
+                git checkout --force "$GOVTOOL_TAG"
+              fi
+            else
+              echo "Directory does not exist. Cloning repository..."
+              git clone "$REPO_URL" "$DEST_DIR"
+              cd "$DEST_DIR" || exit
+              git checkout --force "$GOVTOOL_TAG"
+            fi
+
+            # Execute the build-and-deploy.sh script
+            cd $DEST_DIR/tests/test-infrastructure
+            ./build-and-deploy.sh update-images
+            docker system prune
+            (docker image ls -q | xargs docker image rm --force ) || echo "Images cleaned-up"
+          envs: GOVTOOL_TAG, GRAFANA_ADMIN_PASSWORD, GRAFANA_SLACK_RECIPIENT, GRAFANA_SLACK_OAUTH_TOKEN, SENTRY_DSN_BACKEND, GTM_ID, NPMRC_TOKEN, SENTRY_DSN_FRONTEND, PIPELINE_URL, USERSNAP_SPACE_API_KEY, APP_ENV, PDF_API_URL
         env:
           GOVTOOL_TAG: ${{ github.sha }}
+          GRAFANA_ADMIN_PASSWORD: ${{ secrets.GRAFANA_ADMIN_PASSWORD }}
+          GRAFANA_SLACK_RECIPIENT: ${{ secrets.GRAFANA_SLACK_RECIPIENT }}
+          GRAFANA_SLACK_OAUTH_TOKEN: ${{ secrets.GRAFANA_SLACK_OAUTH_TOKEN }}
+          SENTRY_DSN_BACKEND: ${{ secrets.SENTRY_DSN_BACKEND }}
+          GTM_ID: ${{ secrets.GTM_ID }}
+          NPMRC_TOKEN: ${{ secrets.NPMRC_TOKEN }}
+          SENTRY_DSN_FRONTEND: ${{ secrets.SENTRY_DSN_FRONTEND }}
+          PIPELINE_URL: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}
+          USERSNAP_SPACE_API_KEY: ${{ secrets.USERSNAP_SPACE_API_KEY }}
+          APP_ENV: test
+          PDF_API_URL: ${{ secrets.PDF_API_URL }}
+          KUBER_API_KEY: ${{secrets.KUBER_API_KEY}}

.github/workflows/frontend_sonar_scan.yml

@@ -12,35 +12,35 @@ jobs:
     runs-on: ubuntu-latest
     permissions: read-all
     steps:
-    - uses: actions/checkout@v4
-      with:
-        fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
 
-    - name: Cache dependencies
-      uses: actions/cache@v2
-      with:
-        path: govtool/frontend/node_modules
-        key: ${{ runner.os }}-node-${{ hashFiles('govtool/frontend/package-lock.json') }}
+      - name: Cache dependencies
+        uses: actions/cache@v2
+        with:
+          path: govtool/frontend/node_modules
+          key: ${{ runner.os }}-node-${{ hashFiles('govtool/frontend/package-lock.json') }}
 
-    - name: Set up Node.js
-      uses: actions/setup-node@v4
-      with:
-        node-version-file: "govtool/frontend/.nvmrc"
-        registry-url: "https://registry.npmjs.org/"
-        scope: "@intersect.mbo"
-    - name: 🧪 Test
-      working-directory: govtool/frontend
-      env:
-        NODE_OPTIONS: "--max_old_space_size=6144"
-        NODE_AUTH_TOKEN: ${{ secrets.NPMRC_TOKEN }}
-      run: |
-        npm ci
-        npm run test:coverage
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: "govtool/frontend/.nvmrc"
+          registry-url: "https://registry.npmjs.org/"
+          scope: "@intersect.mbo"
+      - name: 🧪 Test
+        working-directory: govtool/frontend
+        env:
+          NODE_OPTIONS: "--max_old_space_size=6144"
+          NODE_AUTH_TOKEN: ${{ secrets.NPMRC_TOKEN }}
+        run: |
+          npm ci
+          npm run test:coverage
 
-    - uses: sonarsource/sonarqube-scan-action@master
-      if: always()
-      with:
-        projectBaseDir: govtool/frontend
-      env:
-        SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        SONAR_HOST_URL: https://sonarcloud.io
+      - uses: sonarsource/sonarqube-scan-action@master
+        if: always()
+        with:
+          projectBaseDir: govtool/frontend
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          SONAR_HOST_URL: https://sonarcloud.io

.github/workflows/merge.yaml

@@ -20,6 +20,7 @@ jobs:
   check-build-deploy:
     environment:  ${{ (github.ref_name == 'main' && 'prod-govtool') || (github.ref_name == 'staging' && 'pre-prod-govtool') || (github.ref_name == 'test' && 'qa-govtool') || (github.ref_name == 'develop' && 'dev-govtool') }}
     strategy:
+      fail-fast: false
       matrix:
         include:
           - workdir: ./govtool/backend
@@ -120,9 +121,10 @@ jobs:
           context: ${{ matrix.workdir }}
           file: ${{ matrix.dockerfile }}
           tags: ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }}
-          load: true
+          load: false
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache
+          outputs: type=docker,dest=/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar
           build-args: |
             VITE_APP_ENV=${{ secrets.VITE_APP_ENV }}
             VITE_BASE_URL=${{ secrets.VITE_BASE_URL }}
@@ -145,42 +147,18 @@ jobs:
       - name: Scan Docker image with Dockle
         id: dockle
         run: |
-            wget https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz
-            tar zxvf dockle_0.4.14_Linux-64bit.tar.gz
+            wget -q https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz
+            tar zxf dockle_0.4.14_Linux-64bit.tar.gz
             sudo mv dockle /usr/local/bin
 
-            dockle --exit-level fatal --format json --output ${{ matrix.workdir }}/dockle_scan_output.json ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }}
+            dockle --exit-code 1 --exit-level fatal --format json -ak GHC_RELEASE_KEY -ak CABAL_INSTALL_RELEASE_KEY -ak STACK_RELEASE_KEY -ak KEY_SHA512 --input '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar' --output ${{ matrix.workdir }}/dockle_scan_output.json
             echo " dockle exited w/ $?"
             cat ${{ matrix.workdir }}/dockle_scan_output.json
 
             echo "outcome=success" >> $GITHUB_OUTPUT
 
       - name: Push Docker image to GHCR
         run: |
+          docker load -i '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar'
+          rm -rf '/tmp/image-${{ matrix.name }}-${{ env.ENVIRONMENT }}.tar'
           docker push ${{ steps.image_lowercase.outputs.lowercase }}:${{ env.TAG }}
-
-      - name: Deploy with Qovery
-        if: github.ref == 'refs/heads/develop'
-        env:
-          QOVERY_CLI_ACCESS_TOKEN: ${{secrets.QOVERY_CLI_ACCESS_TOKEN }}
-        run: |
-
-          echo "Deploying on $ENVIRONMENT"
-          echo "Organization - ${{ vars.ORGANIZATION }}"
-          echo "Project - ${{ vars.PROJECT }}"
-
-          # Download and install Qovery CLI
-          curl -s https://get.qovery.com | bash
-
-          qovery container list \
-          --organization ${{ vars.ORGANIZATION }} \
-          --project ${{ vars.PROJECT }} \
-          --environment $ENVIRONMENT
-
-          qovery container deploy \
-            --organization ${{ vars.ORGANIZATION }} \
-            --project ${{ vars.PROJECT }} \
-            --environment $ENVIRONMENT \
-            --container ${{ matrix.qovery_container_name }} \
-            --tag ${{ env.TAG }} \
-            --watch

.github/workflows/pr.yaml

@@ -16,6 +16,7 @@ permissions:
 jobs:
   static-checks:
     strategy:
+      fail-fast: false
       matrix:
         include:
           - workdir: ./govtool/backend
@@ -107,9 +108,10 @@ jobs:
           context: ${{ matrix.workdir }}
           file: ${{ matrix.dockerfile }}
           tags: ${{ steps.image_lowercase.outputs.lowercase }}
-          load: true
-          # cache-from: type=local,src=/tmp/.buildx-cache
-          # cache-to: type=local,dest=/tmp/.buildx-cache
+          load: false
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache
+          outputs: type=docker,dest=/tmp/image-${{ matrix.name }}-${{ github.sha }}-pr.tar
           build-args: |
             VITE_APP_ENV=${{ secrets.VITE_APP_ENV }}
             VITE_BASE_URL=${{ secrets.VITE_BASE_URL }}
@@ -125,17 +127,12 @@ jobs:
       - name: Scan Docker image with Dockle
         id: dockle
         run: |
-            set -ex
-            wget https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz
-            tar zxvf dockle_0.4.14_Linux-64bit.tar.gz
+            wget -q https://github.com/goodwithtech/dockle/releases/download/v0.4.14/dockle_0.4.14_Linux-64bit.tar.gz
+            tar zxf dockle_0.4.14_Linux-64bit.tar.gz
             sudo mv dockle /usr/local/bin
-            docker images
-            docker image prune -af --filter "until=1h"
-            docker save ${{ steps.image_lowercase.outputs.lowercase }} -o image.tar || :
-            touch ${{ matrix.workdir }}/dockle_scan_output.json
-            dockle --input image.tar --exit-level fatal --format json --output ${{ matrix.workdir }}/dockle_scan_output.json || :
-            rm -rf image.tar
-            echo " dockle exited w/ $?"
+
+            dockle --exit-code 1 --exit-level fatal -ak GHC_RELEASE_KEY -ak CABAL_INSTALL_RELEASE_KEY -ak STACK_RELEASE_KEY -ak KEY_SHA512 --format json --input '/tmp/image-${{ matrix.name }}-${{ github.sha }}-pr.tar' --output ${{ matrix.workdir }}/dockle_scan_output.json
+            rm -rf '/tmp/image-${{ matrix.name }}-${{ github.sha }}-pr.tar'
             cat ${{ matrix.workdir }}/dockle_scan_output.json
 
             echo "outcome=success" >> $GITHUB_OUTPUT

.github/workflows/test_backend.yml

@@ -72,8 +72,8 @@ jobs:
         id: register-project
         if: ${{success()}}
         run: |
-          chmod +x ./register_report.sh
-          ./register_report.sh
+          chmod +x .github/scripts/register_report.sh
+          .github/scripts/register_report.sh
       - if: steps.register-project.outputs.project_exists != 'true'
         uses: JamesIves/github-pages-deploy-action@v4
         with:
@@ -85,8 +85,8 @@ jobs:
       - name: Generate report details
         id: report-details
         run: |
-          chmod +x ./generate_report_details.sh
-          ./generate_report_details.sh
+          chmod +x .github/scripts/generate_report_details.sh
+          .github/scripts/generate_report_details.sh
 
       - name: Build report
         uses: simple-elf/allure-report-action@master
@@ -102,8 +102,8 @@ jobs:
 
       - name: Generate Latest Report
         run: |
-          chmod +x ./generate_latest_report_redirect.sh
-          ./generate_latest_report_redirect.sh ${{steps.report-details.outputs.report_number}}
+          chmod +x .github/scripts/generate_latest_report_redirect.sh
+          .github/scripts/generate_latest_report_redirect.sh ${{steps.report-details.outputs.report_number}}
 
       - name: Deploy report to Github Pages
         uses: JamesIves/github-pages-deploy-action@v4

.github/workflows/test_integration_playwright.yml

@@ -106,8 +106,8 @@ jobs:
         id: register-project
         if: ${{success()}}
         run: |
-          chmod +x ./register_report.sh
-          ./register_report.sh
+          chmod +x .github/scripts/register_report.sh
+          .github/scripts/register_report.sh
       - if: steps.register-project.outputs.project_exists != 'true'
         uses: JamesIves/github-pages-deploy-action@v4
         with:
@@ -119,8 +119,8 @@ jobs:
       - name: Generate report details
         id: report-details
         run: |
-          chmod +x ./generate_report_details.sh
-          ./generate_report_details.sh
+          chmod +x .github/scripts/generate_report_details.sh
+          .github/scripts/generate_report_details.sh
 
       - name: Build report
         uses: simple-elf/allure-report-action@master
@@ -137,8 +137,8 @@ jobs:
 
       - name: Generate Latest Report
         run: |
-          chmod +x ./generate_latest_report_redirect.sh
-          ./generate_latest_report_redirect.sh ${{steps.report-details.outputs.report_number}}
+          chmod +x .github/scripts/generate_latest_report_redirect.sh
+          .github/scripts/generate_latest_report_redirect.sh ${{steps.report-details.outputs.report_number}}
 
       - name: Deploy report to Github Pages
         uses: JamesIves/github-pages-deploy-action@v4

.github/workflows/test_storybook.yml

@@ -23,7 +23,7 @@ jobs:
         run: |
           npm config set @intersect.mbo:registry "https://registry.npmjs.org/" --location=global
           npm config set //registry.npmjs.org/:_authToken ${NPMRC_TOKEN} --location=global  
-          npm install
+          npm ci
       - name: Install Playwright
         run: npx playwright install --with-deps
       - name: Build Storybook