Skip to content

feat(kotoutumiskoulutus): add audit logging #2049

feat(kotoutumiskoulutus): add audit logging

feat(kotoutumiskoulutus): add audit logging #2049

Workflow file for this run

name: Build
on:
push:
branches:
- main
pull_request:
jobs:
determine_action:
runs-on: ubuntu-24.04
outputs:
action: ${{ github.ref_name == 'main' && 'deploy' || 'diff' }}
steps:
- run: echo nothing to see here
list_changes:
name: List changes
runs-on: ubuntu-24.04
outputs:
mise: ${{ steps.filter.outputs.mise }}
infra: ${{ steps.filter.outputs.infra }}
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v3
id: filter
with:
filters: |
mise:
- '.mise.toml'
- '.mise.*.toml'
infra:
- 'infra/**'
update_tools_cache:
name: Update tools cache if changed
runs-on: ubuntu-24.04
needs: list_changes
steps:
- uses: actions/checkout@v4
- name: Install tools
if: needs.list_changes.outputs.mise == 'true'
uses: jdx/mise-action@v2
with:
experimental: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
submit_dependencies:
name: Submit dependencies
runs-on: ubuntu-24.04
permissions:
contents: write
needs: update_tools_cache
steps:
- uses: actions/checkout@v4
- name: Install tools
uses: jdx/mise-action@v2
with:
experimental: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Update dependency graph
uses: advanced-security/[email protected]
with:
directory: server
ignore-maven-wrapper: "true"
check_generated_sources:
name: Check generated sources
runs-on: ubuntu-24.04
needs: update_tools_cache
steps:
- uses: actions/checkout@v4
- name: Install tools
uses: jdx/mise-action@v2
with:
experimental: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Generate sources
run: mvn generate-sources
working-directory: server
- name: Check for differences in generated sources
run: git diff --exit-code
server_tests:
name: Server tests
runs-on: ubuntu-24.04
needs: update_tools_cache
env:
MISE_ENV: ci
steps:
- uses: actions/checkout@v4
- name: Install tools
uses: jdx/mise-action@v2
with:
experimental: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Build with Maven
run: mvn -B package --file pom.xml
working-directory: server
frontend_tests:
name: Frontend tests
timeout-minutes: 60
runs-on: ubuntu-24.04
needs: update_tools_cache
steps:
- uses: actions/checkout@v4
- name: Install tools
uses: jdx/mise-action@v2
with:
experimental: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Start DB
run: docker compose up -d db
working-directory: server
- name: Install dependencies
run: npm ci
working-directory: e2e
- name: Install Playwright Browsers
run: npx playwright install --with-deps
working-directory: e2e
- name: Run Playwright tests
run: npx playwright test
working-directory: e2e
- uses: actions/upload-artifact@v4
if: ${{ !cancelled() }}
with:
name: playwright-report
path: e2e/playwright-report/
retention-days: 30
lint:
name: Check code formatting
runs-on: ubuntu-24.04
needs: update_tools_cache
steps:
- uses: actions/checkout@v4
- name: Install tools
uses: jdx/mise-action@v2
with:
experimental: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Check formatting
run: ./scripts/check-formatting.sh
build_image:
name: Build image
runs-on: ubuntu-24.04
needs:
- check_generated_sources
- server_tests
- frontend_tests
- lint
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
- name: Install tools
uses: jdx/mise-action@v2
with:
experimental: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Log in to utility account
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: eu-west-1
role-to-assume: arn:aws:iam::961341524988:role/kitu-github-actions-role
- uses: aws-actions/amazon-ecr-login@v2
id: login-ecr
- uses: docker/setup-buildx-action@v3
- uses: docker/build-push-action@v6
with:
push: ${{ github.ref_name == 'main' }}
tags: ${{ steps.login-ecr.outputs.registry }}/kitu:${{ github.sha }}
cache-from: type=gha
cache-to: type=gha,mode=max
deploy_util:
name: Util
uses: ./.github/workflows/_deploy-env.yml
needs:
- list_changes
- update_tools_cache
- determine_action
if: needs.determine_action.outputs.action == 'deploy' || needs.list_changes.outputs.infra == 'true'
with:
environment: Util
action: ${{ needs.determine_action.outputs.action }}
deploy_dev:
name: Dev
needs:
- build_image
- determine_action
- deploy_util
uses: ./.github/workflows/_deploy-env.yml
if: needs.determine_action.outputs.action == 'deploy' || needs.list_changes.outputs.infra == 'true'
with:
environment: Dev
action: ${{ needs.determine_action.outputs.action }}
deploy_test:
name: Test
needs:
- determine_action
- deploy_dev
uses: ./.github/workflows/_deploy-env.yml
if: needs.determine_action.outputs.action == 'deploy' || needs.list_changes.outputs.infra == 'true'
with:
environment: Test
action: ${{ needs.determine_action.outputs.action }}
deploy_prod:
name: Prod
needs:
- determine_action
- deploy_test
uses: ./.github/workflows/_deploy-env.yml
if: needs.determine_action.outputs.action == 'deploy' || needs.list_changes.outputs.infra == 'true'
with:
environment: Prod
action: ${{ needs.determine_action.outputs.action }}