diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 02d68ceaa4..4353197eef 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,345 +7,26 @@ on: - staging - master - ephemeral-* + - feat/short-run-only-on-pr pull_request: branches: - develop - staging - master - ephemeral-* - - long-term/* concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: - frontend_tests: + foo: runs-on: ubuntu-latest steps: - - name: Checkout code - uses: actions/checkout@v2 - - name: Use Node.js - uses: actions/setup-node@v2 - with: - node-version: '18' - - name: Cache dependencies - uses: actions/cache@v2 - with: - path: | - frontend/node_modules - frontend/.yarn - frontend/.yarn/cache - key: ${{ runner.os }}-node-${{ hashFiles('frontend/yarn.lock') }} - restore-keys: | - ${{ runner.os }}-node- - - run: yarn install --frozen-lockfile - working-directory: frontend - - run: yarn lint - working-directory: frontend - - run: yarn test --watchAll=false - working-directory: frontend - - build_and_push_dev: - runs-on: ubuntu-latest - steps: - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - name: Checkout code - uses: actions/checkout@v2 - - name: DockerHub login - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Determine Branch Name - id: branch_name - run: | - if [ "${{ github.event_name }}" = "push" ]; then - echo "BRANCH_NAME=${GITHUB_REF##*/}" >> $GITHUB_ENV - fi - - - name: Push dev - run: | - docker buildx create --use - - tags="-t ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \ - -t ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-latest-dev" - - if [ -n "${{ env.BRANCH_NAME }}" ]; then - tags="$tags -t ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ env.BRANCH_NAME }}-latest-dev" - fi - - docker buildx build \ - --cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-${{ github.sha }}-dev \ - --cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-latest-dev \ - --cache-to ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-${{ github.sha }}-dev \ - --cache-to ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-latest-dev \ - $tags \ - -f ./docker/Dockerfile \ - --target dev \ - --push \ - ./ - - isort: - runs-on: ubuntu-latest - needs: [build_and_push_dev] - steps: - - name: Checkout code - uses: actions/checkout@v2 - - name: DockerHub login - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Check + - name: Print if it's a PR or push run: | - docker run --rm -i \ - ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \ - isort . --check-only - - black: - runs-on: ubuntu-latest - needs: [build_and_push_dev] - steps: - - name: Checkout code - uses: actions/checkout@v2 - - name: DockerHub login - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Check - run: | - docker run --rm -i \ - ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \ - black . --check - - flake8: - runs-on: ubuntu-latest - needs: [build_and_push_dev] - steps: - - name: Checkout code - uses: actions/checkout@v2 - - name: DockerHub login - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Check - run: | - docker run --rm -i \ - ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \ - flake8 . - - mypy: - runs-on: ubuntu-latest - needs: [build_and_push_dev] - steps: - - name: Checkout code - uses: actions/checkout@v2 - - name: DockerHub login - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Check - run: | - docker run --rm -i \ - ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \ - mypy . - - build_and_push_dist: - needs: [build_and_push_dev] - runs-on: ubuntu-latest - steps: - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v1 - - name: Checkout code - uses: actions/checkout@v2 - - name: DockerHub login - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Determine Branch Name - id: branch_name - run: | - if [ "${{ github.event_name }}" = "push" ]; then - echo "BRANCH_NAME=${GITHUB_REF##*/}" >> $GITHUB_ENV - fi - - - name: Push dist - run: | - docker buildx create --use - - tags="-t ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dist \ - -t ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}" - - if [ -n "${{ env.BRANCH_NAME }}" ]; then - tags="$tags -t ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ env.BRANCH_NAME }}-latest-dist" - fi - - # Base part of the command - build_command="docker buildx build \ - --progress=plain \ - --cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-${{ github.sha }}-dev \ - --cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-latest-dev \ - --cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-${{ github.sha }}-dist \ - --cache-from ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-latest-dist \ - --cache-to ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-${{ github.sha }}-dist \ - --cache-to ${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:cache-core-latest-dist \ - $tags \ - -f ./docker/Dockerfile \ - --target dist \ - --push ./" - - if [ "${{ github.ref }}" = "refs/heads/master" ]; then - version=$(python3 -c "import sys; version=None; [version:=line.split('=')[1].strip().strip('\"') for line in open('backend/pyproject.toml', 'r') if line.strip().startswith('version =')]; print(version if version else sys.exit(1))") - tagged_image=${{ vars.DOCKERHUB_ORGANIZATION }}/hope:core-$version - build_command="$build_command -t $tagged_image" - fi - - eval $build_command - - unit_tests: - runs-on: ubuntu-latest - needs: [build_and_push_dev] - steps: - - name: Checkout code - uses: actions/checkout@v2 - - name: DockerHub login - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Unit tests - run: | - backend_image=${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev docker compose \ - -f ./deployment/docker-compose.tst.yml \ - run backend ./dev.sh test - - name: Upload coverage to Codecov - uses: codecov/codecov-action@v4 - with: - files: ./backend/coverage.xml - flags: unittests - token: ${{ secrets.CODECOV_TOKEN }} - verbose: true - - e2e_tests: - runs-on: ubuntu-latest - needs: [build_and_push_dist] - steps: - - name: Checkout code - uses: actions/checkout@v2 - - name: DockerHub login - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: E2E tests - run: | - dist_backend_image=${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dist dev_backend_image=${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev docker compose \ - -f ./deployment/docker-compose.selenium.yml \ - run selenium - - name: Upload Artifact - uses: actions/upload-artifact@v4 - if: always() - continue-on-error: true - with: - name: report - path: ./backend/report/ - retention-days: 5 - - name: Upload coverage to Codecov - uses: codecov/codecov-action@v4 - if: always() - continue-on-error: true - with: - files: ./backend/coverage.xml - flags: e2e - token: ${{ secrets.CODECOV_TOKEN }} - verbose: true - - trivy: - runs-on: ubuntu-latest - needs: [build_and_push_dist] - steps: - - name: Checkout code - uses: actions/checkout@v2 - - name: DockerHub login - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@master - with: - image-ref: '${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}' - format: 'table' - exit-code: '0' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH' - deploy: - runs-on: ubuntu-latest - needs: [e2e_tests, unit_tests, isort, black, flake8, mypy, frontend_tests] - if: | - github.event_name == 'push' && - ( - github.ref == 'refs/heads/develop' || - github.ref == 'refs/heads/staging' || - github.ref == 'refs/heads/master' || - github.ref == 'refs/heads/ephemeral-1' || - github.ref == 'refs/heads/ephemeral-2' || - github.ref == 'refs/heads/ephemeral-3' - ) - steps: - - name: Trigger deploy - run: | - # TODO: make it prettier - if [ ${{ github.ref }} == 'refs/heads/develop' ]; then - pipelineId=1159 - elif [ ${{ github.ref }} == 'refs/heads/staging' ]; then - pipelineId=1160 - elif [ ${{ github.ref }} == 'refs/heads/master' ]; then - pipelineId=1161,1165 - elif [ ${{ github.ref }} == 'refs/heads/ephemeral-1' ]; then - pipelineId=1164 - elif [ ${{ github.ref }} == 'refs/heads/ephemeral-2' ]; then - pipelineId=1253 - elif [ ${{ github.ref }} == 'refs/heads/ephemeral-3' ]; then - pipelineId=1283 + if [ "${{ github.event_name }}" = "pull_request" ]; then + echo "This is a PR" else - echo "No pipeline to trigger for ref ${{ github.ref }}" - exit 0 + echo "This is a push" fi - - IFS=',' read -ra pipelines <<< "$pipelineId" - for pipeline in "${pipelines[@]}"; do - jsonBody='{"variables": {"sha": {"isSecret": false, "value": "${{ github.sha }}"}, "tag": {"isSecret": false, "value": "core-${{ github.sha }}"}}}' - contentLength=$(echo -n $jsonBody | wc -c) - project=ICTD-HCT-MIS - organization=unicef - - echo Triggering deploy for pipeline $pipeline - echo JSON body: $jsonBody - - curl -v -L \ - -u ":${{ secrets.AZURE_PAT }}" \ - -H "Content-Type: application/json" \ - -H "Content-Length: $contentLength" \ - -d "$jsonBody" \ - https://dev.azure.com/$organization/$project/_apis/pipelines/$pipeline/runs?api-version=7.1-preview.1 - if [ $? -ne 0 ]; then - echo "Failed to trigger deploy for pipeline $pipeline" - exit 1 - fi - done