Enable Dependabot checks for Github Actions #5230
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI and CD | |
on: | |
pull_request: | |
push: | |
branches: | |
- main | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
test: | |
runs-on: ubuntu-latest | |
env: | |
RACK_ENV: test | |
RAILS_ENV: test | |
DATABASE_URL: "postgresql://postgres:postgres@127.0.0.1/laa-apply-for-criminal-legal-aid-test" | |
services: | |
postgres: | |
image: postgres:15.2-alpine | |
env: | |
POSTGRES_DB: laa-apply-for-criminal-legal-aid-test | |
POSTGRES_USER: postgres | |
POSTGRES_PASSWORD: postgres | |
ports: | |
- 5432:5432 | |
options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5 | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Setup Ruby and install gems | |
uses: ruby/setup-ruby@v1 | |
with: | |
bundler-cache: true | |
- name: Find yarn cache location | |
id: yarn-cache-dir-path | |
run: echo "dir=$(yarn cache dir)" >> $GITHUB_OUTPUT | |
- name: JS package cache | |
uses: actions/cache@v3 | |
id: yarn-cache | |
with: | |
path: ${{ steps.yarn-cache-dir-path.outputs.dir }} | |
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} | |
restore-keys: | | |
${{ runner.os }}-yarn- | |
- name: Install packages with yarn | |
run: yarn install --frozen-lockfile --ignore-scripts | |
- name: Precompile assets | |
run: bin/rails assets:precompile | |
- name: Setup test database | |
run: bin/rails db:prepare | |
- name: Run linters and tests | |
run: bundle exec rake | |
- name: Upload rspec coverage (if failure) | |
if: failure() | |
uses: actions/upload-artifact@v3 | |
with: | |
name: rspec-coverage | |
path: coverage/* | |
build: | |
runs-on: ubuntu-latest | |
needs: test | |
if: github.ref == 'refs/heads/main' | |
permissions: | |
id-token: write # This is required for requesting the JWT | |
contents: read # This is required for actions/checkout | |
outputs: | |
ecr_url: ${{ steps.ecr-url-output.outputs.ecr_url }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
# Assume role in Cloud Platform | |
- uses: aws-actions/configure-aws-credentials@v3 | |
with: | |
role-to-assume: ${{ secrets.ECR_ROLE_TO_ASSUME }} | |
aws-region: ${{ vars.ECR_REGION }} | |
# Login to container repository | |
- uses: aws-actions/amazon-ecr-login@v1 | |
id: login-ecr | |
- name: Store ECR endpoint as output | |
id: ecr-url-output | |
run: echo "ecr_url=${{ steps.login-ecr.outputs.registry }}/${{ vars.ECR_REPOSITORY }}" >> $GITHUB_OUTPUT | |
- name: Store current date | |
run: echo "BUILD_DATE=$(date +%Y%m%d%H%M)" >> $GITHUB_ENV | |
- name: Build | |
run: | | |
docker build \ | |
--label build.git.sha=${{ github.sha }} \ | |
--label build.git.branch=${{ github.ref }} \ | |
--label build.date=${{ env.BUILD_DATE }} \ | |
--build-arg APP_BUILD_DATE=${{ env.BUILD_DATE }} \ | |
--build-arg APP_BUILD_TAG=${{ github.ref }} \ | |
--build-arg APP_GIT_COMMIT=${{ github.sha }} \ | |
-t app . | |
- name: Push to ECR | |
id: ecr | |
env: | |
ECR_URL: ${{ steps.ecr-url-output.outputs.ecr_url }} | |
run: | | |
docker tag app $ECR_URL:${{ github.sha }} | |
docker tag app $ECR_URL:staging.latest | |
docker push $ECR_URL:${{ github.sha }} | |
docker push $ECR_URL:staging.latest | |
deploy-staging: | |
runs-on: ubuntu-latest | |
needs: build | |
environment: staging | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Deploy staging | |
uses: ./.github/actions/deploy | |
with: | |
environment-name: staging | |
git-crypt-key: ${{ secrets.GIT_CRYPT_KEY }} | |
ecr-url: ${{ needs.build.outputs.ecr_url }} | |
kube-cert: ${{ secrets.KUBE_STAGING_CERT }} | |
kube-token: ${{ secrets.KUBE_STAGING_TOKEN }} | |
kube-cluster: ${{ secrets.KUBE_STAGING_CLUSTER }} | |
kube-namespace: ${{ secrets.KUBE_STAGING_NAMESPACE }} | |
deploy-production: | |
runs-on: ubuntu-latest | |
needs: [build, deploy-staging] | |
environment: production | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Deploy production | |
uses: ./.github/actions/deploy | |
with: | |
environment-name: production | |
git-crypt-key: ${{ secrets.GIT_CRYPT_KEY }} | |
ecr-url: ${{ needs.build.outputs.ecr_url }} | |
kube-cert: ${{ secrets.KUBE_PRODUCTION_CERT }} | |
kube-token: ${{ secrets.KUBE_PRODUCTION_TOKEN }} | |
kube-cluster: ${{ secrets.KUBE_PRODUCTION_CLUSTER }} | |
kube-namespace: ${{ secrets.KUBE_PRODUCTION_NAMESPACE }} |