From 53aa2b76dfb8558ba59c8f0228bb30fd795e9622 Mon Sep 17 00:00:00 2001 From: Andrew Newton Date: Thu, 2 Jan 2025 09:44:56 +0000 Subject: [PATCH 1/7] fix: add check to stop prereleases passing PREP, run full regression vol-functional-test workflows for int and prep --- .github/workflows/cd.yaml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml index 7996ec82c0..60c4a8fba1 100644 --- a/.github/workflows/cd.yaml +++ b/.github/workflows/cd.yaml @@ -346,7 +346,7 @@ jobs: name: Run Tests on INT needs: - terraform_env_int - uses: dvsa/vol-functional-tests/.github/workflows/e2eSmoke.yaml@main + uses: dvsa/vol-functional-tests/.github/workflows/e2eFullRegression.yaml@main with: platform_env: int aws_role: ${{ vars.ACCOUNT_NONPROD_TEST_OIDC_ROLE }} @@ -451,7 +451,7 @@ jobs: if: ${{ always() && !cancelled() && !failure() && needs.terraform_env_prep.result == 'success' }} needs: - terraform_env_prep - uses: dvsa/vol-functional-tests/.github/workflows/e2eSmoke.yaml@main + uses: dvsa/vol-functional-tests/.github/workflows/e2eFullRegression.yaml@main with: platform_env: prep aws_role: ${{ vars.ACCOUNT_PROD_TEST_OIDC_ROLE }} @@ -466,7 +466,16 @@ jobs: terraform_env_prod: name: Environment (prod) - if: ${{ always() && !cancelled() && !failure() && needs.release-please.outputs.release_created }} + if: | + always() && + !cancelled() && + !failure() && + needs.release-please.outputs.release_created && + !contains(needs.get-version.outputs.api, '-') && + !contains(needs.get-version.outputs.cli, '-') && + !contains(needs.get-version.outputs.selfserve, '-') && + !contains(needs.get-version.outputs.internal, '-') && + !contains(needs.get-version.outputs.assets, '-') concurrency: group: terraform-environment-prod needs: From 9fd2c783598d6fc6891826eb1dc44b62f32aaaf0 Mon Sep 17 00:00:00 2001 From: Andrew Newton Date: Thu, 2 Jan 2025 16:18:19 +0000 Subject: [PATCH 2/7] feat: split int/selfserve regression tests to call 2 new seperate workflows --- .github/workflows/cd.yaml | 48 ++++++++++++++++++++++++++++++++++----- 1 file changed, 42 insertions(+), 6 deletions(-) diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml index 60c4a8fba1..46db8c2245 100644 --- a/.github/workflows/cd.yaml +++ b/.github/workflows/cd.yaml @@ -341,12 +341,30 @@ jobs: pull-requests: write secrets: inherit - test_int: + test_int_selfserve: if: ${{ always() && !cancelled() && !failure() && needs.terraform_env_int.result == 'success' }} - name: Run Tests on INT + name: Run Selfserve Regression Tests on INT needs: - terraform_env_int - uses: dvsa/vol-functional-tests/.github/workflows/e2eFullRegression.yaml@main + uses: dvsa/vol-functional-tests/.github/workflows/e2eSelfServeRegression.yaml@main + with: + platform_env: int + aws_role: ${{ vars.ACCOUNT_NONPROD_TEST_OIDC_ROLE }} + bucket_name: ${{ vars.ACCOUNT_NONPROD_S3_REPORT_BUCKET }} + bucket_key: ${{ vars.S3_REPORT_BUCKET_KEY }} + batch_job_queue: ${{ vars.ACCOUNT_NONPROD_BATCH_JOB_QUEUE }} + batch_job_definition: ${{ vars.ACCOUNT_NONPROD_BATCH_JOB_DEFINITION }} + permissions: + contents: write + id-token: write + checks: write + + test_int_internal: + if: ${{ always() && !cancelled() && !failure() && needs.terraform_env_int.result == 'success' }} + name: Run Internal Regression Tests on INT + needs: + - terraform_env_int + uses: dvsa/vol-functional-tests/.github/workflows/e2eInternalRegression.yaml@main with: platform_env: int aws_role: ${{ vars.ACCOUNT_NONPROD_TEST_OIDC_ROLE }} @@ -446,12 +464,30 @@ jobs: pull-requests: write secrets: inherit - test_prep: - name: Run Tests on PREP + test_prep_selfserve: + name: Run Selfserve Regression Tests on PREP + if: ${{ always() && !cancelled() && !failure() && needs.terraform_env_prep.result == 'success' }} + needs: + - terraform_env_prep + uses: dvsa/vol-functional-tests/.github/workflows/e2eSelfServeRegression.yaml@main + with: + platform_env: prep + aws_role: ${{ vars.ACCOUNT_PROD_TEST_OIDC_ROLE }} + bucket_name: ${{ vars.ACCOUNT_PROD_S3_REPORT_BUCKET }} + bucket_key: ${{ vars.S3_REPORT_BUCKET_KEY }} + batch_job_queue: ${{ vars.ACCOUNT_PROD_BATCH_JOB_QUEUE }} + batch_job_definition: ${{ vars.ACCOUNT_PROD_BATCH_JOB_DEFINITION }} + permissions: + contents: write + id-token: write + checks: write + + test_prep_internal: + name: Run Internal Regression Tests on PREP if: ${{ always() && !cancelled() && !failure() && needs.terraform_env_prep.result == 'success' }} needs: - terraform_env_prep - uses: dvsa/vol-functional-tests/.github/workflows/e2eFullRegression.yaml@main + uses: dvsa/vol-functional-tests/.github/workflows/e2eInternalRegression.yaml@main with: platform_env: prep aws_role: ${{ vars.ACCOUNT_PROD_TEST_OIDC_ROLE }} From 00b4b76fd42a6643ddecd7412a3c0ccea6a761d3 Mon Sep 17 00:00:00 2001 From: Andrew Newton Date: Fri, 3 Jan 2025 07:17:27 +0000 Subject: [PATCH 3/7] fix: split regression into selservice/internal steps --- .github/workflows/cd.yaml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml index 46db8c2245..e7eb56a313 100644 --- a/.github/workflows/cd.yaml +++ b/.github/workflows/cd.yaml @@ -381,10 +381,12 @@ jobs: name: Rollback INT Deployment if: | always() && - (needs.test_int.result == 'failure' || needs.test_int.result == 'cancelled') && - needs.terraform_env_int.result == 'success' + (needs.test_int_selfserve.result == 'failure' || needs.test_int_selfserve.result == 'cancelled' || + needs.test_int_internal.result == 'failure' || needs.test_int_internal.result == 'cancelled') && + needs.terraform_env_int.result == 'success' needs: - - test_int + - test_int_selfserve + - test_int_internal - terraform_env_int uses: ./.github/workflows/deploy-environment.yaml with: @@ -428,7 +430,8 @@ jobs: - release-please - orchestrator - terraform_env_int - - test_int + - test_int_internal + - test_int_selfserve uses: ./.github/workflows/deploy-account.yaml with: account: prod @@ -519,6 +522,8 @@ jobs: - get-version - orchestrator - terraform_env_prep + - test_prep_selfserve + - test_prep_internal uses: ./.github/workflows/deploy-environment.yaml with: environment: prod From 932b671d4e72197c1b032484bda34f06ebeaa1f5 Mon Sep 17 00:00:00 2001 From: Andrew Newton Date: Fri, 3 Jan 2025 09:33:51 +0000 Subject: [PATCH 4/7] fix: add liquibase version to sort trivy failure --- infra/docker/liquibase/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/docker/liquibase/Dockerfile b/infra/docker/liquibase/Dockerfile index 23ec7338cc..42490dd16a 100644 --- a/infra/docker/liquibase/Dockerfile +++ b/infra/docker/liquibase/Dockerfile @@ -1,4 +1,4 @@ -FROM liquibase/liquibase +FROM liquibase/liquibase:4.30 USER root COPY changelog /liquibase/changelog COPY entrypoint.sh /liquibase/ From 50b656e760f65d98f1d9e61ba69f27e592e289e7 Mon Sep 17 00:00:00 2001 From: Andrew Newton Date: Mon, 6 Jan 2025 13:43:34 +0000 Subject: [PATCH 5/7] fix: dont run some php steps when app context is not set --- .github/workflows/php.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/php.yaml b/.github/workflows/php.yaml index ad2149ef3e..1e5f035102 100644 --- a/.github/workflows/php.yaml +++ b/.github/workflows/php.yaml @@ -28,6 +28,7 @@ jobs: defaults: run: working-directory: app/${{ inputs.project }} + if: ${{ needs.orchestrator.outputs.should-build-app }} steps: - uses: actions/checkout@v4 with: @@ -56,6 +57,7 @@ jobs: name: Test needs: - warm-cache + if: ${{ needs.orchestrator.outputs.should-build-app }} runs-on: ubuntu-latest defaults: run: From 82ef977d41db6eaff87865581a7e1c9d3c54d58e Mon Sep 17 00:00:00 2001 From: Andrew Newton Date: Mon, 6 Jan 2025 13:48:29 +0000 Subject: [PATCH 6/7] fix: include liquibase in docker matrix --- .github/workflows/ci.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index b2e4cfd26f..620a948f7a 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -234,11 +234,13 @@ jobs: - cli - selfserve - internal + - liquibase exclude: - project: ${{ needs.orchestrator.outputs.should-build-api-docker && 'ignored' || 'api' }} - project: ${{ needs.orchestrator.outputs.should-build-cli-docker && 'ignored' || 'cli' }} - project: ${{ needs.orchestrator.outputs.should-build-selfserve-docker && 'ignored' || 'selfserve' }} - project: ${{ needs.orchestrator.outputs.should-build-internal-docker && 'ignored' || 'internal' }} + - project: ${{ needs.orchestrator.outputs.should-build-liquibase-docker && 'ignored' || 'liquibase' }} uses: ./.github/workflows/docker.yaml with: project: ${{ matrix.project }} From 4299e7725a800acfe96c4b994b010a20e30fcfe3 Mon Sep 17 00:00:00 2001 From: Andrew Newton Date: Mon, 6 Jan 2025 15:39:11 +0000 Subject: [PATCH 7/7] fix: liquibase exclude from app CI process --- .github/workflows/ci.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 620a948f7a..6333102676 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -84,6 +84,8 @@ jobs: dir_names: true files: | infra/docker/** + files_ignore: | + infra/docker/liquibase/** # since_last_remote_commit: true - uses: tj-actions/changed-files@v45 id: changed-accounts-terraform-files @@ -234,13 +236,11 @@ jobs: - cli - selfserve - internal - - liquibase exclude: - project: ${{ needs.orchestrator.outputs.should-build-api-docker && 'ignored' || 'api' }} - project: ${{ needs.orchestrator.outputs.should-build-cli-docker && 'ignored' || 'cli' }} - project: ${{ needs.orchestrator.outputs.should-build-selfserve-docker && 'ignored' || 'selfserve' }} - project: ${{ needs.orchestrator.outputs.should-build-internal-docker && 'ignored' || 'internal' }} - - project: ${{ needs.orchestrator.outputs.should-build-liquibase-docker && 'ignored' || 'liquibase' }} uses: ./.github/workflows/docker.yaml with: project: ${{ matrix.project }}