feat(kotoutumiskoulutus): add audit logging #2049
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
jobs: | |
determine_action: | |
runs-on: ubuntu-24.04 | |
outputs: | |
action: ${{ github.ref_name == 'main' && 'deploy' || 'diff' }} | |
steps: | |
- run: echo nothing to see here | |
list_changes: | |
name: List changes | |
runs-on: ubuntu-24.04 | |
outputs: | |
mise: ${{ steps.filter.outputs.mise }} | |
infra: ${{ steps.filter.outputs.infra }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dorny/paths-filter@v3 | |
id: filter | |
with: | |
filters: | | |
mise: | |
- '.mise.toml' | |
- '.mise.*.toml' | |
infra: | |
- 'infra/**' | |
update_tools_cache: | |
name: Update tools cache if changed | |
runs-on: ubuntu-24.04 | |
needs: list_changes | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install tools | |
if: needs.list_changes.outputs.mise == 'true' | |
uses: jdx/mise-action@v2 | |
with: | |
experimental: true | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
submit_dependencies: | |
name: Submit dependencies | |
runs-on: ubuntu-24.04 | |
permissions: | |
contents: write | |
needs: update_tools_cache | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install tools | |
uses: jdx/mise-action@v2 | |
with: | |
experimental: true | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Update dependency graph | |
uses: advanced-security/[email protected] | |
with: | |
directory: server | |
ignore-maven-wrapper: "true" | |
check_generated_sources: | |
name: Check generated sources | |
runs-on: ubuntu-24.04 | |
needs: update_tools_cache | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install tools | |
uses: jdx/mise-action@v2 | |
with: | |
experimental: true | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Generate sources | |
run: mvn generate-sources | |
working-directory: server | |
- name: Check for differences in generated sources | |
run: git diff --exit-code | |
server_tests: | |
name: Server tests | |
runs-on: ubuntu-24.04 | |
needs: update_tools_cache | |
env: | |
MISE_ENV: ci | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install tools | |
uses: jdx/mise-action@v2 | |
with: | |
experimental: true | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build with Maven | |
run: mvn -B package --file pom.xml | |
working-directory: server | |
frontend_tests: | |
name: Frontend tests | |
timeout-minutes: 60 | |
runs-on: ubuntu-24.04 | |
needs: update_tools_cache | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install tools | |
uses: jdx/mise-action@v2 | |
with: | |
experimental: true | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Start DB | |
run: docker compose up -d db | |
working-directory: server | |
- name: Install dependencies | |
run: npm ci | |
working-directory: e2e | |
- name: Install Playwright Browsers | |
run: npx playwright install --with-deps | |
working-directory: e2e | |
- name: Run Playwright tests | |
run: npx playwright test | |
working-directory: e2e | |
- uses: actions/upload-artifact@v4 | |
if: ${{ !cancelled() }} | |
with: | |
name: playwright-report | |
path: e2e/playwright-report/ | |
retention-days: 30 | |
lint: | |
name: Check code formatting | |
runs-on: ubuntu-24.04 | |
needs: update_tools_cache | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install tools | |
uses: jdx/mise-action@v2 | |
with: | |
experimental: true | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Check formatting | |
run: ./scripts/check-formatting.sh | |
build_image: | |
name: Build image | |
runs-on: ubuntu-24.04 | |
needs: | |
- check_generated_sources | |
- server_tests | |
- frontend_tests | |
- lint | |
permissions: | |
id-token: write | |
contents: read | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install tools | |
uses: jdx/mise-action@v2 | |
with: | |
experimental: true | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Log in to utility account | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-region: eu-west-1 | |
role-to-assume: arn:aws:iam::961341524988:role/kitu-github-actions-role | |
- uses: aws-actions/amazon-ecr-login@v2 | |
id: login-ecr | |
- uses: docker/setup-buildx-action@v3 | |
- uses: docker/build-push-action@v6 | |
with: | |
push: ${{ github.ref_name == 'main' }} | |
tags: ${{ steps.login-ecr.outputs.registry }}/kitu:${{ github.sha }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
deploy_util: | |
name: Util | |
uses: ./.github/workflows/_deploy-env.yml | |
needs: | |
- list_changes | |
- update_tools_cache | |
- determine_action | |
if: needs.determine_action.outputs.action == 'deploy' || needs.list_changes.outputs.infra == 'true' | |
with: | |
environment: Util | |
action: ${{ needs.determine_action.outputs.action }} | |
deploy_dev: | |
name: Dev | |
needs: | |
- build_image | |
- determine_action | |
- deploy_util | |
uses: ./.github/workflows/_deploy-env.yml | |
if: needs.determine_action.outputs.action == 'deploy' || needs.list_changes.outputs.infra == 'true' | |
with: | |
environment: Dev | |
action: ${{ needs.determine_action.outputs.action }} | |
deploy_test: | |
name: Test | |
needs: | |
- determine_action | |
- deploy_dev | |
uses: ./.github/workflows/_deploy-env.yml | |
if: needs.determine_action.outputs.action == 'deploy' || needs.list_changes.outputs.infra == 'true' | |
with: | |
environment: Test | |
action: ${{ needs.determine_action.outputs.action }} | |
deploy_prod: | |
name: Prod | |
needs: | |
- determine_action | |
- deploy_test | |
uses: ./.github/workflows/_deploy-env.yml | |
if: needs.determine_action.outputs.action == 'deploy' || needs.list_changes.outputs.infra == 'true' | |
with: | |
environment: Prod | |
action: ${{ needs.determine_action.outputs.action }} |