-
Notifications
You must be signed in to change notification settings - Fork 2
205 lines (197 loc) · 6.68 KB
/
test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
name: Test CIF App
on:
push:
branches: [develop, main]
pull_request:
branches: [develop, main]
env:
PGUSER: postgres
PROGRAM_DIRECTOR_NAME: director name
PROGRAM_DIRECTOR_EMAIL: [email protected]
jobs:
install-dev-tools:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- run: make install_dev_tools
- run: make stop_pg # cleanly stop the database, otherwise it will complain in the subsequent jobs
- run: yarn install --frozen-lockfile
working-directory: ./app
yarn-test:
needs: install-dev-tools
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- run: yarn test
working-directory: ./app
yarn-audit:
needs: install-dev-tools
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- run: yarn audit-deps
working-directory: ./app
db-schema-is-up-to-date:
needs: install-dev-tools
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- run: make deploy_db_migrations
- run: yarn build:schema
working-directory: ./app
- run: git diff --exit-code || (echo 'The contents of the `schema` folder are out of sync with `app/server/schema.graphql`. Did you forget to \"yarn build:schema\"?' && false)
db-revert-migrations:
needs: install-dev-tools
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- run: make test_revert_migrations
db-tests:
needs: install-dev-tools
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- run: make db_unit_tests
- run: make db_style_tests
pre-commit:
needs: install-dev-tools
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- name: set pre-commit cache directory
run: |
echo "PRE_COMMIT_HOME=$GITHUB_WORKSPACE/.pre-commit-cache" >> $GITHUB_ENV
- name: set PY
run: echo "PY=$(python -VV | sha256sum | cut -d' ' -f1)" >> $GITHUB_ENV
- name: create commitlint COMMIT_EDITMSG if not exists
run: |
if test -f ".git/COMMIT_EDITMSG"; then
echo "COMMIT_EDITMSG EXISTS, skipping"
else
touch .git/COMMIT_EDITMSG
fi
- uses: actions/cache@v3
with:
path: |
./.pre-commit-cache
key: pre-commit-${{ env.PY }}-${{ hashFiles('.pre-commit-config.yaml') }}-v3
- run: pre-commit run --all-files
docker-build:
runs-on: ubuntu-latest
strategy:
matrix:
include:
- image: ghcr.io/bcgov/cas-cif-app
context: .
dockerfile: app/Dockerfile
name: app
- image: ghcr.io/bcgov/cas-cif-schema
context: .
dockerfile: schema/Dockerfile
name: schema
- image: ghcr.io/bcgov/cas-cif-test-backups
context: .
dockerfile: database_backup_test/Dockerfile
name: testBackups
name: Build ${{ matrix.name }} docker image
steps:
- uses: actions/checkout@v3
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2
with:
install: true
- name: Docker meta
id: meta
uses: docker/metadata-action@v3
with:
images: ${{ matrix.image }}
tags: |
type=sha,format=long,prefix=
latest
type=ref,event=pr
- name: Login to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Cache Docker layers
uses: actions/cache@v3
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ matrix.name }}-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-${{ matrix.name }}
- name: Build image
uses: docker/build-push-action@v3
with:
context: ${{ matrix.context }}
builder: ${{ steps.buildx.outputs.name }}
push: true
file: ${{ matrix.dockerfile }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
# Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
- name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
e2e:
needs: ["docker-build", "install-dev-tools"]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- name: run app locally
uses: ./.github/actions/local-app-run
- name: run e2e tests
env:
CYPRESS_TEST_INTERNAL_USERNAME: ${{ secrets.TEST_INTERNAL_USERNAME }}
CYPRESS_TEST_INTERNAL_PASSWORD: ${{ secrets.TEST_INTERNAL_PASSWORD }}
CYPRESS_TEST_ADMIN_USERNAME: ${{ secrets.TEST_ADMIN_USERNAME }}
CYPRESS_TEST_ADMIN_PASSWORD: ${{ secrets.TEST_ADMIN_PASSWORD }}
CYPRESS_TEST_UNAUTHORIZED_USERNAME: ${{ secrets.TEST_UNAUTHORIZED_USERNAME }}
CYPRESS_TEST_UNAUTHORIZED_PASSWORD: ${{ secrets.TEST_UNAUTHORIZED_PASSWORD }}
HAPPO_API_KEY: ${{ secrets.HAPPO_API_KEY }}
HAPPO_API_SECRET: ${{ secrets.HAPPO_API_SECRET }}
run: yarn test:e2e
working-directory: ./app
zap-owasp:
needs: ["docker-build", "install-dev-tools"]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: dev env setup
uses: ./.github/actions/dev-env-setup
- name: run app locally
uses: ./.github/actions/local-app-run
- name: ZAP Base Scan
uses: zaproxy/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
docker_name: "ghcr.io/zaproxy/zaproxy:stable"
target: "http://localhost:3004/"
rules_file_name: ".zap/rules.tsv"
cmd_options: "-a -d -T 5 -m 2"
issue_title: OWASP Baseline
fail_action: false