Skip to content

PDU Targeting

PDU Targeting #2816

Workflow file for this run

name: CI
on:
push:
branches:
- develop
- staging
- master
- ephemeral-*
pull_request:
branches:
- develop
- staging
- master
- ephemeral-*
- long-term/*
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
frontend_tests:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Use Node.js
uses: actions/setup-node@v2
with:
node-version: '18'
- name: Cache dependencies
uses: actions/cache@v2
with:
path: |
frontend/node_modules
frontend/.yarn
frontend/.yarn/cache
key: ${{ runner.os }}-node-${{ hashFiles('frontend/yarn.lock') }}
restore-keys: |
${{ runner.os }}-node-
- run: yarn install --frozen-lockfile
working-directory: frontend
- run: yarn lint
working-directory: frontend
- run: yarn test --watchAll=false
working-directory: frontend
build_and_push_dev:
runs-on: ubuntu-latest
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Checkout code
uses: actions/checkout@v2
- name: DockerHub login
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Push dev
run: |
docker buildx create --use
docker buildx build \
--cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-${{ github.sha }}-dev \
--cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-latest-dev \
--cache-to ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-${{ github.sha }}-dev \
--cache-to ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-latest-dev \
-t ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \
-t ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-latest-dev \
-f ./docker/Dockerfile \
--target dev \
--push \
./
isort:
runs-on: ubuntu-latest
needs: [build_and_push_dev]
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: DockerHub login
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Check
run: |
docker run --rm -i \
${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \
isort . --check-only
black:
runs-on: ubuntu-latest
needs: [build_and_push_dev]
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: DockerHub login
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Check
run: |
docker run --rm -i \
${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \
black . --check
flake8:
runs-on: ubuntu-latest
needs: [build_and_push_dev]
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: DockerHub login
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Check
run: |
docker run --rm -i \
${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \
flake8 .
mypy:
runs-on: ubuntu-latest
needs: [build_and_push_dev]
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: DockerHub login
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Check
run: |
docker run --rm -i \
${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \
mypy .
build_and_push_dist:
needs: [build_and_push_dev]
runs-on: ubuntu-latest
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Checkout code
uses: actions/checkout@v2
- name: DockerHub login
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Push dist
run: |
docker buildx create --use
# Base part of the command
build_command="docker buildx build \
--progress=plain \
--cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-${{ github.sha }}-dev \
--cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-latest-dev \
--cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-${{ github.sha }}-dist \
--cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-latest-dist \
--cache-to ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-${{ github.sha }}-dist \
--cache-to ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-latest-dist \
-t ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dist \
-t ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }} \
-f ./docker/Dockerfile \
--target dist \
--push ./"
if [ "${{ github.ref }}" = "refs/heads/master" ]; then
version=$(python3 -c "import sys; version=None; [version:=line.split('=')[1].strip().strip('\"') for line in open('backend/pyproject.toml', 'r') if line.strip().startswith('version =')]; print(version if version else sys.exit(1))")
tagged_image=${{ vars.DOCKERHUB_ORGANIZATION }}/hope:core-$version
build_command="$build_command -t $tagged_image"
fi
eval $build_command
unit_tests:
runs-on: ubuntu-latest
needs: [build_and_push_dev]
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: DockerHub login
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Unit tests
run: |
backend_image=${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev docker compose \
-f ./deployment/docker-compose.tst.yml \
run backend ./dev.sh test
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
with:
files: ./backend/coverage.xml
flags: unittests
token: ${{ secrets.CODECOV_TOKEN }}
verbose: true
e2e_tests:
runs-on: ubuntu-latest
needs: [build_and_push_dist]
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: DockerHub login
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: E2E tests
run: |
dist_backend_image=${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dist dev_backend_image=${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev docker compose \
-f ./deployment/docker-compose.selenium.yml \
run selenium
- name: Upload Artifact
uses: actions/upload-artifact@v4
if: always()
continue-on-error: true
with:
name: report
path: ./backend/report/
retention-days: 5
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
if: always()
continue-on-error: true
with:
files: ./backend/coverage.xml
flags: e2e
token: ${{ secrets.CODECOV_TOKEN }}
verbose: true
trivy:
runs-on: ubuntu-latest
needs: [build_and_push_dist]
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: DockerHub login
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}'
format: 'table'
exit-code: '0'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
deploy:
runs-on: ubuntu-latest
needs: [e2e_tests, unit_tests, isort, black, flake8, mypy, frontend_tests]
if: |
github.event_name == 'push' &&
(
github.ref == 'refs/heads/develop' ||
github.ref == 'refs/heads/staging' ||
github.ref == 'refs/heads/master' ||
github.ref == 'refs/heads/ephemeral-1' ||
github.ref == 'refs/heads/ephemeral-2' ||
github.ref == 'refs/heads/ephemeral-3'
)
steps:
- name: Trigger deploy
run: |
# TODO: make it prettier
if [ ${{ github.ref }} == 'refs/heads/develop' ]; then
pipelineId=1159
elif [ ${{ github.ref }} == 'refs/heads/staging' ]; then
pipelineId=1160
elif [ ${{ github.ref }} == 'refs/heads/master' ]; then
pipelineId=1161,1165
elif [ ${{ github.ref }} == 'refs/heads/ephemeral-1' ]; then
pipelineId=1164
elif [ ${{ github.ref }} == 'refs/heads/ephemeral-2' ]; then
pipelineId=1253
elif [ ${{ github.ref }} == 'refs/heads/ephemeral-3' ]; then
pipelineId=1283
else
echo "No pipeline to trigger for ref ${{ github.ref }}"
exit 0
fi
IFS=',' read -ra pipelines <<< "$pipelineId"
for pipeline in "${pipelines[@]}"; do
jsonBody='{"variables": {"sha": {"isSecret": false, "value": "${{ github.sha }}"}, "tag": {"isSecret": false, "value": "core-${{ github.sha }}"}}}'
contentLength=$(echo -n $jsonBody | wc -c)
project=ICTD-HCT-MIS
organization=unicef
echo Triggering deploy for pipeline $pipeline
echo JSON body: $jsonBody
curl -v -L \
-u ":${{ secrets.AZURE_PAT }}" \
-H "Content-Type: application/json" \
-H "Content-Length: $contentLength" \
-d "$jsonBody" \
https://dev.azure.com/$organization/$project/_apis/pipelines/$pipeline/runs?api-version=7.1-preview.1
if [ $? -ne 0 ]; then
echo "Failed to trigger deploy for pipeline $pipeline"
exit 1
fi
done