Skip to content

Export xlsx FSP auth code (MTCN) #5446

Export xlsx FSP auth code (MTCN)

Export xlsx FSP auth code (MTCN) #5446

Workflow file for this run

name: CI
on:
push:
branches:
- develop
- staging
- master
- ephemeral-*
pull_request:
branches:
- develop
- staging
- master
- ephemeral-*
- long-term/*
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
frontend_tests:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: '18'
- name: Cache dependencies
uses: actions/cache@v4
with:
path: |
src/frontend/node_modules
src/frontend/.yarn
src/frontend/.yarn/cache
key: ${{ runner.os }}-node-${{ hashFiles('frontend/yarn.lock') }}
restore-keys: |
${{ runner.os }}-node-
- run: yarn install --frozen-lockfile
working-directory: src/frontend
- run: yarn lint
working-directory: src/frontend
- run: yarn test --watchAll=false
working-directory: src/frontend
build_and_push_dev:
runs-on: ubuntu-latest
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Checkout code
uses: actions/checkout@v4
- name: DockerHub login
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Determine Branch Name
id: branch_name
run: |
if [ "${{ github.event_name }}" = "push" ]; then
echo "BRANCH_NAME=${GITHUB_REF##*/}" >> $GITHUB_ENV
fi
- name: Push dev
run: |
docker buildx create --use
tags="-t ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \
-t ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-latest-dev"
if [ -n "${{ env.BRANCH_NAME }}" ]; then
tags="$tags -t ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ env.BRANCH_NAME }}-latest-dev"
fi
docker buildx build \
--cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-${{ github.sha }}-dev \
--cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-latest-dev \
--cache-to ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-${{ github.sha }}-dev \
--cache-to ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-latest-dev \
$tags \
-f ./docker/Dockerfile \
--target dev \
--push \
./
isort:
runs-on: ubuntu-latest
needs: [build_and_push_dev]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: DockerHub login
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Check
run: |
docker run --rm -i \
${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \
isort . --check-only
black:
runs-on: ubuntu-latest
needs: [build_and_push_dev]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: DockerHub login
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Check
run: |
docker run --rm -i \
${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \
black . --check
flake8:
runs-on: ubuntu-latest
needs: [build_and_push_dev]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: DockerHub login
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Check
run: |
docker run --rm -i \
${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \
flake8 .
mypy:
runs-on: ubuntu-latest
needs: [build_and_push_dev]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: DockerHub login
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Check
run: |
docker run --rm -i \
${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \
mypy .
build_and_push_dist:
needs: [build_and_push_dev]
runs-on: ubuntu-latest
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Checkout code
uses: actions/checkout@v4
- name: DockerHub login
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Determine Branch Name
id: branch_name
run: |
if [ "${{ github.event_name }}" = "push" ]; then
echo "BRANCH_NAME=${GITHUB_REF##*/}" >> $GITHUB_ENV
fi
- name: Push dist
run: |
docker buildx create --use
tags="-t ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dist \
-t ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}"
if [ -n "${{ env.BRANCH_NAME }}" ]; then
tags="$tags -t ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ env.BRANCH_NAME }}-latest-dist"
fi
# Base part of the command
build_command="docker buildx build \
--progress=plain \
--cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-${{ github.sha }}-dev \
--cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-latest-dev \
--cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-${{ github.sha }}-dist \
--cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-latest-dist \
--cache-to ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-${{ github.sha }}-dist \
--cache-to ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-latest-dist \
$tags \
-f ./docker/Dockerfile \
--target dist \
--push ./"
if [ "${{ github.ref }}" = "refs/heads/master" ]; then
version=$(python3 -c "import sys; version=None; [version:=line.split('=')[1].strip().strip('\"') for line in open('pyproject.toml', 'r') if line.strip().startswith('version =')]; print(version if version else sys.exit(1))")
tagged_image=${{ vars.DOCKERHUB_ORGANIZATION }}/hope:core-$version
build_command="$build_command -t $tagged_image"
fi
eval $build_command
unit_tests:
runs-on: ubuntu-latest
needs: [build_and_push_dev]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: DockerHub login
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Unit tests
run: |
dev_backend_image=${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev docker compose \
-f ./.github/helpers/docker-compose.tst.yml \
--profile unit \
run backend ./dev.sh test
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
with:
files: ./tests/test-coverage/coverage.xml
flags: unittests
token: ${{ secrets.CODECOV_TOKEN }}
verbose: true
e2e_tests:
runs-on: ubuntu-latest
needs: [build_and_push_dist]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: DockerHub login
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: E2E tests
run: |
extra_options=""
if [ "${{ github.event_name }}" = "pull_request" ]; then
extra_options="-m 'not night'"
fi
dist_backend_image=${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dist dev_backend_image=${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev docker compose \
-f ./.github/helpers/docker-compose.tst.yml \
-f ./.github/helpers/docker-compose.selenium.yml \
run backend bash -c "
waitforit -host=db -port=5432 -timeout=30
pytest -svvv -n 2 ./tests/selenium --cov-report xml:test-coverage/coverage.xml --html-report=./tests/selenium/output_data/report/report.html --randomly-seed=42 "
- name: Upload Artifact
uses: actions/upload-artifact@v4
if: always()
continue-on-error: true
with:
name: report
path: ./tests/report/
retention-days: 5
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
if: always()
continue-on-error: true
with:
files: ./test-coverage/coverage.xml
flags: e2e
token: ${{ secrets.CODECOV_TOKEN }}
verbose: true
trivy:
runs-on: ubuntu-latest
needs: [build_and_push_dist]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: DockerHub login
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Run Trivy vulnerability scanner
continue-on-error: true # due to getting TOOMANYREQUESTS
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}'
format: 'table'
exit-code: '0'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
deploy:
runs-on: ubuntu-latest
needs: [e2e_tests, unit_tests, isort, black, flake8, mypy, frontend_tests]
if: |
github.event_name == 'push' &&
(
github.ref == 'refs/heads/develop' ||
github.ref == 'refs/heads/staging' ||
github.ref == 'refs/heads/master' ||
github.ref == 'refs/heads/ephemeral-1' ||
github.ref == 'refs/heads/ephemeral-2' ||
github.ref == 'refs/heads/ephemeral-3'
)
steps:
- name: Trigger deploy
run: |
# TODO: make it prettier
if [ ${{ github.ref }} == 'refs/heads/develop' ]; then
pipelineId=1159
elif [ ${{ github.ref }} == 'refs/heads/staging' ]; then
pipelineId=1160
elif [ ${{ github.ref }} == 'refs/heads/master' ]; then
pipelineId=1161,1165
elif [ ${{ github.ref }} == 'refs/heads/ephemeral-1' ]; then
pipelineId=1164
elif [ ${{ github.ref }} == 'refs/heads/ephemeral-2' ]; then
pipelineId=1253
elif [ ${{ github.ref }} == 'refs/heads/ephemeral-3' ]; then
pipelineId=1283
else
echo "No pipeline to trigger for ref ${{ github.ref }}"
exit 0
fi
IFS=',' read -ra pipelines <<< "$pipelineId"
for pipeline in "${pipelines[@]}"; do
jsonBody='{"variables": {"sha": {"isSecret": false, "value": "${{ github.sha }}"}, "tag": {"isSecret": false, "value": "core-${{ github.sha }}"}}}'
contentLength=$(echo -n $jsonBody | wc -c)
project=ICTD-HCT-MIS
organization=unicef
echo Triggering deploy for pipeline $pipeline
echo JSON body: $jsonBody
curl -v -L \
-u ":${{ secrets.AZURE_PAT }}" \
-H "Content-Type: application/json" \
-H "Content-Length: $contentLength" \
-d "$jsonBody" \
https://dev.azure.com/$organization/$project/_apis/pipelines/$pipeline/runs?api-version=7.1-preview.1
if [ $? -ne 0 ]; then
echo "Failed to trigger deploy for pipeline $pipeline"
exit 1
fi
done