PRMDR 496 - CSP Policies #421
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# .github/workflows/terraform-dev | |
name: 'CI UI - Development CI Feature Branch to Main' | |
on: | |
push: | |
branches: | |
- main | |
paths: | |
- 'app/**' | |
pull_request: | |
branches: | |
- main | |
paths: | |
- 'app/**' | |
permissions: | |
pull-requests: write | |
id-token: write # This is required for requesting the JWT | |
contents: read # This is required for actions/checkout | |
jobs: | |
react_testing_job: | |
runs-on: ubuntu-latest | |
environment: development | |
strategy: | |
matrix: | |
node-version: [16.x] | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Use Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v1 | |
with: | |
node-version: ${{ matrix.node-version }} | |
- name: Configure React environment vars | |
env: | |
ENDPOINT_DOC_STORE_API: http://test-endpoint.com | |
AWS_REGION: test region | |
OIDC_PROVIDER_ID: not provided yet | |
BUILD_ENV: development | |
IMAGE_VERSION: 'ndr-${{ vars.BUILD_ENV }}-app:${{ github.sha }}' | |
run: | | |
./react-environment-config.sh | |
working-directory: ./app | |
shell: bash | |
- run: make clean-install | |
- run: make test-ui | |
install-cypress-build: | |
runs-on: ubuntu-22.04 | |
needs: ['react_testing_job'] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Cypress install | |
run: npm install --legacy-peer-deps | |
working-directory: ./app | |
- name: Configure React environment vars | |
env: | |
ENDPOINT_DOC_STORE_API: http://test-endpoint.com | |
AWS_REGION: test region | |
OIDC_PROVIDER_ID: not provided yet | |
BUILD_ENV: development | |
CI: false # Eslint treats warnings as errors when process.env.CI = true. | |
IMAGE_VERSION: 'ndr-${{ vars.BUILD_ENV }}-app:${{ github.sha }}' | |
run: | | |
./react-environment-config.sh | |
working-directory: ./app | |
shell: bash | |
- name: Cypress build | |
uses: cypress-io/github-action@v5 | |
with: | |
# Disable running of tests within install job | |
install: false | |
runTests: false | |
build: npm run build | |
working-directory: ./app | |
- name: Save build folder | |
uses: actions/upload-artifact@v3 | |
with: | |
name: build | |
if-no-files-found: error | |
path: ./app/build | |
cypress-run-chrome: | |
runs-on: ubuntu-22.04 | |
needs: install-cypress-build | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Download the build folder | |
uses: actions/download-artifact@v3 | |
with: | |
name: build | |
path: ./app/build | |
# Npm run will run the app locally, we want to test the built application with env vars using serve | |
- name: Install serve globally | |
run: npm install -g serve | |
- name: Cypress install | |
run: | | |
npm install --legacy-peer-deps | |
working-directory: ./app | |
- name: Cypress run | |
uses: cypress-io/github-action@v6 | |
with: | |
install: false | |
start: serve -s build | |
browser: chrome | |
working-directory: ./app | |
env: | |
CYPRESS_BASE_URL: 'http://localhost:3000/' | |
CYPRESS_RUN_AS_SMOKETEST: false | |
cypress-run-firefox: | |
runs-on: ubuntu-22.04 | |
needs: install-cypress-build | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Download the build folder | |
uses: actions/download-artifact@v3 | |
with: | |
name: build | |
path: ./app/build | |
# Npm run will run the app locally, we want to test the built application with env vars using serve | |
- name: Install serve globally | |
run: npm install -g serve | |
- name: Cypress install | |
run: | | |
npm install --legacy-peer-deps | |
working-directory: ./app | |
- name: Cypress run | |
uses: cypress-io/github-action@v5 | |
with: | |
install: false | |
start: serve -s build | |
browser: firefox | |
working-directory: ./app | |
env: | |
CYPRESS_BASE_URL: 'http://localhost:3000/' | |
CYPRESS_RUN_AS_SMOKETEST: false | |
cypress-run-edge: | |
runs-on: ubuntu-22.04 | |
needs: install-cypress-build | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Download the build folder | |
uses: actions/download-artifact@v3 | |
with: | |
name: build | |
path: ./app/build | |
# Npm run will run the app locally, we want to test the built application with env vars using serve | |
- name: Install serve globally | |
run: npm install -g serve | |
- name: Cypress install | |
run: | | |
npm install --legacy-peer-deps | |
working-directory: ./app | |
- name: Cypress install | |
run: npm install --legacy-peer-deps | |
working-directory: ./app | |
- name: Cypress run | |
uses: cypress-io/github-action@v5 | |
with: | |
install: false | |
start: serve -s build | |
browser: edge | |
working-directory: ./app | |
env: | |
CYPRESS_BASE_URL: 'http://localhost:3000/' | |
CYPRESS_RUN_AS_SMOKETEST: false | |
react_build_and_deploy_docker_image: | |
runs-on: ubuntu-latest | |
environment: development | |
needs: ['cypress-run-edge', 'cypress-run-firefox', 'cypress-run-chrome'] | |
defaults: | |
run: | |
working-directory: ./app | |
if: github.ref == 'refs/heads/main' | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
role-to-assume: ${{ secrets.AWS_ASSUME_ROLE }} | |
role-skip-session-tagging: true | |
aws-region: ${{ vars.AWS_REGION }} | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- uses: dkershner6/aws-ssm-getparameters-action@v1 | |
with: | |
parameterPairs: '/ndr/${{ vars.BUILD_ENV }}/api_endpoint = DOC_STORE_API_ENDPOINT' | |
withDecryption: 'true' # defaults to true | |
- name: Configure React environment vars | |
env: | |
ENDPOINT_DOC_STORE_API: ${{ env.DOC_STORE_API_ENDPOINT }} | |
AWS_REGION: ${{ vars.AWS_REGION }} | |
OIDC_PROVIDER_ID: not provided yet | |
BUILD_ENV: development | |
IMAGE_VERSION: 'ndr-${{ vars.BUILD_ENV }}-app:${{ github.sha }}' | |
run: | | |
./react-environment-config.sh | |
- name: Build, tag, and push image to Amazon ECR | |
id: build-image | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_REPOSITORY: ${{ secrets.AWS_ECR_REPO_NAME }} | |
IMAGE_TAG: latest | |
IMAGE_TAG_SHA: ${{ github.sha }} | |
run: | | |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG_SHA . | |
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG_SHA | |
echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG_SHA" >> $GITHUB_OUTPUT | |
# Looks like the ECS does not check for image updates, as such we need to force a new task definition to run the new image | |
# We will always use the "latest" image tag so we do not need to modify the task-definition | |
- name: Download task definition | |
id: download-task | |
run: | | |
aws ecs describe-task-definition --task-definition ${{ vars.BUILD_ENV }}-ndr-service-task --query taskDefinition > task-definition.json | |
echo "::set-output name=revision::$(cat task-definition.json | jq .revision)" | |
- name: Fill in the new image ID in the Amazon ECS task definition | |
id: task-def | |
uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
with: | |
task-definition: ./app/task-definition.json | |
container-name: ${{ vars.BUILD_ENV }}-app-container | |
image: ${{ steps.build-image.outputs.image }} | |
- name: Deploy Amazon ECS task definition | |
uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
with: | |
task-definition: ./app/task-definition.json | |
service: ${{ vars.BUILD_ENV }}-ecs-cluster-service | |
cluster: ${{ vars.BUILD_ENV }}-app-cluster | |
wait-for-service-stability: true | |
- name: De-register previous revision | |
run: | | |
aws ecs deregister-task-definition \ | |
--task-definition ${{ vars.BUILD_ENV }}-ndr-service-task:${{ steps.download-task.outputs.revision }} |