Skip to content

ID-792 Load Terms of Service docs from remote sources (#1201) #1264

ID-792 Load Terms of Service docs from remote sources (#1201)

ID-792 Load Terms of Service docs from remote sources (#1201) #1264

# Github action to Build Sam artifact, add/promote semantic tagging and then run tests
name: sam-build-tag-publish-and-run-tests
on:
pull_request:
paths-ignore: ['**.md']
push:
branches:
- develop
paths-ignore: ['**.md']
jobs:
sam-build-tag-publish-job:
runs-on: ubuntu-latest
permissions:
contents: 'read'
id-token: 'write'
outputs:
custom-version-json: ${{ steps.render-sam-version.outputs.custom-version-json }}
tag: ${{ steps.tag.outputs.tag }}
steps:
- uses: 'actions/checkout@v3'
- name: Bump the tag to a new version
uses: databiosphere/github-actions/actions/bumper@bumper-0.0.6
id: tag
env:
DEFAULT_BUMP: patch
GITHUB_TOKEN: ${{ secrets.BROADBOT_TOKEN }}
RELEASE_BRANCHES: develop
WITH_V: true
- name: debug outputs
run: |-
echo "github.ref ${{ github.ref }}"
echo "github.ref_name ${{ github.ref_name }}"
echo "GITHUB_REF_NAME ${GITHUB_REF_NAME}"
echo "github.ref_type ${{ github.ref_type }}"
echo "github.head_ref ${{ github.head_ref }}"
echo "github ${{ github }}"
# we need this because github can't actually provide the branch name reliably
# https://github.com/orgs/community/discussions/5251
- name: Extract branch
id: extract-branch
run: |
if [[ '${{ github.event_name }}' == 'push' ]]; then
BRANCH_NAME=${{ github.ref_name }}
elif [[ '${{ github.event_name }}' == 'pull_request' ]]; then
BRANCH_NAME=${{ github.head_ref }}
else
echo "Failed to extract branch information"
exit 1
fi
echo "name=$BRANCH_NAME" >> $GITHUB_OUTPUT
# Builds Sam elsewhere to protect secrets. Upon success, will tag the commit in git.
- name: dispatch build to terra-github-workflows
uses: broadinstitute/workflow-dispatch@v3
with:
workflow: sam-build
repo: broadinstitute/terra-github-workflows
ref: refs/heads/main
token: ${{ secrets.BROADBOT_TOKEN}} # github token for access to kick off a job in the private repo
inputs: '{ "repository": "${{ github.event.repository.full_name }}", "ref": "${{ steps.extract-branch.outputs.name }}", "sam-release-tag": "${{ steps.tag.outputs.tag }}" }'
- name: Render Sam version
id: render-sam-version
env:
GITHUB_CONTEXT: ${{ toJSON(github) }}
run: |
echo "$GITHUB_CONTEXT"
echo 'custom-version-json={\"sam\":{\"appVersion\":\"${{ steps.tag.outputs.tag }}\"}}' >> $GITHUB_OUTPUT
prepare-configs:
runs-on: ubuntu-latest
outputs:
log-results: ${{ steps.prepare-outputs.outputs.log-results }}
test-context: ${{ steps.prepare-outputs.outputs.test-context }}
steps:
- id: prepare-outputs
run: |-
echo 'log-results=true' >> $GITHUB_OUTPUT
if ${{ github.ref_name == 'develop' }}; then
echo 'test-context=dev-merge' >> $GITHUB_OUTPUT
else
echo 'test-context=pr-test' >> $GITHUB_OUTPUT
fi
report-to-sherlock:
# Report new Sam version to Broad DevOps
uses: broadinstitute/sherlock/.github/workflows/client-report-app-version.yaml@main
needs: [ sam-build-tag-publish-job ]
with:
new-version: ${{ needs.sam-build-tag-publish-job.outputs.tag }}
chart-name: 'sam'
permissions:
contents: 'read'
id-token: 'write'
set-version-in-dev:
# Put new Sam version in Broad dev environment
uses: broadinstitute/sherlock/.github/workflows/client-set-environment-app-version.yaml@main
needs: [ sam-build-tag-publish-job, report-to-sherlock ]
if: ${{ github.ref_name == 'develop' }}
with:
new-version: ${{ needs.sam-build-tag-publish-job.outputs.tag }}
chart-name: 'sam'
environment-name: 'dev'
secrets:
sync-git-token: ${{ secrets.BROADBOT_TOKEN }}
permissions:
id-token: 'write'
create-bee-workflow:
strategy:
matrix:
terra-env: [ dev ] # what versions of apps do we use to emulate types of environments
runs-on: ubuntu-latest
needs: [sam-build-tag-publish-job]
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: Echo Sam version
run: |
echo '${{ needs.sam-build-tag-publish-job.outputs.custom-version-json }}'
- name: dispatch to terra-github-workflows
uses: broadinstitute/workflow-dispatch@v3
with:
workflow: bee-create
repo: broadinstitute/terra-github-workflows
ref: refs/heads/main
token: ${{ secrets.BROADBOT_TOKEN}} # github token for access to kick off a job in the private repo
# manually recalculate b/c env context is broken https://github.com/actions/runner/issues/480
inputs: '{ "bee-name": "${{ github.event.repository.name }}-${{ github.run_id }}-${{ matrix.terra-env }}", "version-template": "${{ matrix.terra-env }}", "custom-version-json": "${{ needs.sam-build-tag-publish-job.outputs.custom-version-json }}" }'
sam-smoke-test-job:
strategy:
matrix:
terra-env: [ dev ] # what versions of apps do we use to emulate types of environments
testing-env: [ qa ] # what env resources to use, e.g. SA keys
runs-on: ubuntu-latest
needs: [create-bee-workflow]
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: dispatch to terra-github-workflows
uses: broadinstitute/workflow-dispatch@v3
with:
workflow: .github/workflows/sam-smoke-tests.yaml
repo: broadinstitute/terra-github-workflows
ref: refs/heads/main
token: ${{ secrets.BROADBOT_TOKEN }} # github token for access to kick off a job in the private repo
# manually recalculate b/c env context is broken https://github.com/actions/runner/issues/480
# The smoke tests just need an access token for an enabled user on the Sam host that is being tested.
inputs: '{ "sam-hostname": "sam.${{ github.event.repository.name }}-${{ github.run_id }}-${{ matrix.terra-env }}.bee.envs-terra.bio", "ENV": "${{ matrix.testing-env }}", "smoke-test-user-email": "firecloud-${{ matrix.testing-env }}@broad-dsde-${{ matrix.testing-env }}.iam.gserviceaccount.com" }'
sam-swat-test-job:
strategy:
matrix:
terra-env: [ dev ] # what versions of apps do we use to emulate types of environments
testing-env: [ qa ] # what env resources to use, e.g. SA keys
runs-on: ubuntu-latest
needs: [sam-smoke-test-job, prepare-configs]
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: dispatch to terra-github-workflows
uses: broadinstitute/workflow-dispatch@v3
with:
workflow: .github/workflows/sam-swat-tests.yaml
repo: broadinstitute/terra-github-workflows
ref: refs/heads/main
token: ${{ secrets.BROADBOT_TOKEN}} # github token for access to kick off a job in the private repo
# manually recalculate b/c env context is broken https://github.com/actions/runner/issues/480
inputs: '{ "bee-name": "${{ github.event.repository.name }}-${{ github.run_id }}-${{ matrix.terra-env }}", "ENV": "${{ matrix.testing-env }}", "log-results": "${{ needs.prepare-configs.outputs.log-results }}", "test-context": "${{ needs.prepare-configs.outputs.test-context }}", "caller_run_id": "${{ github.run_id }}" }'
rawls-swat-test-job:
strategy:
matrix:
terra-env: [ dev ] # what versions of apps do we use to emulate types of environments
testing-env: [ qa ] # what env resources to use, e.g. SA keys
test-group: [
{ group_name: workspaces, tag: "-n org.broadinstitute.dsde.test.api.AuthDomainsTest -n org.broadinstitute.dsde.test.api.BillingsTest -n org.broadinstitute.dsde.test.api.WorkspacesTest" },
{ group_name: analysis_journeys, tag: "-n org.broadinstitute.dsde.test.api.DataRepoSnapshotsTest" },
{ group_name: workflows, tag: "-n org.broadinstitute.dsde.test.api.MethodsTest" }
] # Rawls test groups
runs-on: ubuntu-latest
needs: [sam-smoke-test-job]
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: dispatch to terra-github-workflows
env:
rawls_base_test_entrypoint: "testOnly -- -l ProdTest -l NotebooksCanaryTest"
uses: broadinstitute/workflow-dispatch@v3
with:
workflow: .github/workflows/rawls-swat-tests.yaml
repo: broadinstitute/terra-github-workflows
ref: refs/heads/main
token: ${{ secrets.BROADBOT_TOKEN }} # github token for access to kick off a job in the private repo
# manually recalculate b/c env context is broken https://github.com/actions/runner/issues/480
inputs: '{ "bee-name": "${{ github.event.repository.name }}-${{ github.run_id }}-${{ matrix.terra-env }}", "ENV": "${{ matrix.testing-env }}", "test-group-name": "${{ matrix.test-group.group_name }}", "test-command": "${{ env.rawls_base_test_entrypoint }} ${{ matrix.test-group.tag }}", "java-version": "17" }'
orch-swat-test-job:
strategy:
matrix:
terra-env: [ dev ] # what versions of apps do we use to emulate types of environments
testing-env: [ qa ] # what env resources to use, e.g. SA keys
runs-on: ubuntu-latest
needs: [sam-smoke-test-job]
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: dispatch to terra-github-workflows
uses: broadinstitute/workflow-dispatch@v3
with:
workflow: .github/workflows/orch-swat-tests.yaml
repo: broadinstitute/terra-github-workflows
ref: refs/heads/main
token: ${{ secrets.BROADBOT_TOKEN}} # github token for access to kick off a job in the private repo
# manually recalculate b/c env context is broken https://github.com/actions/runner/issues/480
inputs: '{ "bee-name": "${{ github.event.repository.name }}-${{ github.run_id }}-${{ matrix.terra-env }}", "ENV": "${{ matrix.testing-env }}" }'
destroy-bee-workflow:
strategy:
matrix:
terra-env: [ dev ] # what versions of apps do we use to emulate types of environments
runs-on: ubuntu-latest
needs: [sam-swat-test-job, rawls-swat-test-job, orch-swat-test-job]
if: always() # always run to confirm bee is destroyed
permissions:
contents: 'read'
id-token: 'write'
steps:
- name: dispatch to terra-github-workflows
uses: broadinstitute/workflow-dispatch@v3
with:
workflow: bee-destroy
repo: broadinstitute/terra-github-workflows
ref: refs/heads/main
token: ${{ secrets.BROADBOT_TOKEN}} # github token for access to kick off a job in the private repo
# manually recalculate b/c env context is broken https://github.com/actions/runner/issues/480
inputs: '{ "bee-name": "${{ github.event.repository.name }}-${{ github.run_id }}-${{ matrix.terra-env }}" }'