Build

Feature/dp 998 user management translations #4638

Workflow file for this run

	# Run github actions locally with act https://github.com/nektos/act
	# act --container-architecture linux/amd64 --artifact-server-path ./build/artifacts -W ./.github/workflows/build.yml

	name: Build

	on:
	push:
	branches: [main]
	tags: ['*']
	pull_request:

	jobs:
	test:

	runs-on: ubuntu-latest
	name: Tests
	strategy:
	matrix:
	dotnet-version: [ '8.0.x' ]

	steps:
	- uses: actions/checkout@v4
	- name: Setup dotnet ${{ matrix.dotnet-version }}
	uses: actions/setup-dotnet@v4
	with:
	dotnet-version: ${{ matrix.dotnet-version }}
	- uses: actions/cache@v4
	with:
	path: ~/.nuget/packages
	key: ${{ runner.os }}-nuget-${{ hashFiles('*/.csproj') }}
	restore-keys: \|
	${{ runner.os }}-nuget
	- name: Build
	run: make build OpenAPI
	- name: Test
	run: make test TEST_OPTIONS="--logger trx --results-directory 'TestResults-${{ matrix.dotnet-version }}'"
	- name: Upload test results
	uses: actions/upload-artifact@v4
	with:
	name: test-results-dotnet-${{ matrix.dotnet-version }}
	path: TestResults-${{ matrix.dotnet-version }}
	if: ${{ always() }}
	- name: Upload OpenAPI contracts
	uses: actions/upload-artifact@v4
	with:
	name: OpenAPI
	path: OpenAPI

	package:
	runs-on: ubuntu-latest
	name: Build containers
	env:
	DOCKER_BUILDKIT: 1
	COMPOSE_DOCKER_CLI_BUILD: 1
	CDP_ORGANISATION_APP_PORT: 8888
	CDP_TENANT_PORT: 8811
	CDP_ORGANISATION_PORT: 8822
	CDP_PERSON_PORT: 8833
	CDP_FORMS_PORT: 8844
	CDP_DATA_SHARING_PORT: 8855
	CDP_ENTITY_VERIFICATION_PORT: 8094
	outputs:
	version: ${{ steps.version.outputs.version }}
	images: ${{ steps.save.outputs.images }}
	images_json: ${{ steps.save.outputs.images_json }}
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- name: Determine the version
	id: version
	run: \|
	COMMIT_REF=$(if [ "$GITHUB_EVENT_NAME" == "pull_request" ]; then echo "${{ github.event.pull_request.head.sha }}"; else echo "${GITHUB_SHA:-HEAD}"; fi)
	CURRENT_COMMIT=$(make version-commit COMMIT_REF=$COMMIT_REF)
	CURRENT_TAG=$([[ "${GITHUB_REF:0:10}" = "refs/tags/" ]] && echo ${GITHUB_REF#refs/tags/} \|\| echo "")
	LAST_TAG=$(make last-tag)
	VERSION=$([[ "${CURRENT_TAG}" = "" ]] && echo "${LAST_TAG}-${CURRENT_COMMIT}" \|\| echo "$CURRENT_TAG")
	echo "Version: $VERSION"
	echo "version=${VERSION}" >> $GITHUB_OUTPUT
	- name: Build
	run: make build-docker VERSION=${IMAGE_VERSION}
	env:
	IMAGE_VERSION: ${{ steps.version.outputs.version }}
	- name: Start services
	run: make up
	env:
	IMAGE_VERSION: ${{ steps.version.outputs.version }}
	- name: Verify services
	run: make verify-up
	env:
	IMAGE_VERSION: ${{ steps.version.outputs.version }}
	- name: Test migrations
	run: make db
	env:
	IMAGE_VERSION: ${{ steps.version.outputs.version }}
	- name: Stop services
	run: make down
	env:
	IMAGE_VERSION: ${{ steps.version.outputs.version }}
	- name: Save Docker Images
	id: save
	run: \|
	IMAGES=$(docker images \| awk '$1 ~ /cabinetoffice\/cdp-/ && $2 ~ /^'$IMAGE_VERSION'$/ { print $1":"$2}' \| tr '\n' ' ')
	IMAGES_JSON=$(echo $IMAGES \| tr " " "\n" \| jq -R . \| jq -c -s .)
	echo "Images to be saved: $IMAGES"
	echo "Images to be saved (json): $IMAGES_JSON"
	docker save -o cdp-images.tar $IMAGES
	echo "images=${IMAGES}" >> $GITHUB_OUTPUT
	echo "images_json=${IMAGES_JSON}" >> $GITHUB_OUTPUT
	env:
	IMAGE_VERSION: ${{ steps.version.outputs.version }}
	- name: Upload Docker Images as Artifacts
	uses: actions/upload-artifact@v4
	with:
	name: docker-images
	path: cdp-images.tar

	vulnerability-scan:
	# since we do not fail the build for now, but the report is to get feedback, only run it on the main branch and tags
	if: (github.ref == 'refs/heads/main' \|\| startsWith(github.ref, 'refs/tags/')) && github.repository_owner == 'cabinetoffice'
	runs-on: ubuntu-latest
	name: Scan for vulnerabilities
	needs: [test, package]
	strategy:
	matrix:
	image: ${{ fromJSON(needs.package.outputs.images_json) }}
	steps:
	- uses: actions/checkout@v4

	- name: Download Docker Images
	uses: actions/download-artifact@v4
	with:
	name: docker-images
	- name: Load Docker Images
	run: docker load -i cdp-images.tar

	- name: Determine the category
	id: category
	run: \|
	image=${{ matrix.image }}
	category=${image%%:*}
	echo "category=$category" >> $GITHUB_OUTPUT
	- name: Scan ${{ matrix.image }}
	uses: anchore/scan-action@v5
	id: scan
	with:
	image: "${{ matrix.image }}"
	fail-build: false
	severity-cutoff: critical
	output-format: sarif
	- name: Upload Image Vulnerability Reports
	uses: github/codeql-action/upload-sarif@v3
	with:
	sarif_file: ${{ steps.scan.outputs.sarif }}
	category: ${{ steps.category.outputs.category }}

	publish:
	if: (github.ref == 'refs/heads/main' \|\| startsWith(github.ref, 'refs/tags/')) && github.repository_owner == 'cabinetoffice'
	runs-on: ubuntu-latest
	name: Publish containers
	needs: [test, package]
	env:
	DOCKER_BUILDKIT: 1
	COMPOSE_DOCKER_CLI_BUILD: 1
	IMAGE_VERSION: ${{ needs.package.outputs.version }}
	IMAGES: ${{ needs.package.outputs.images }}

	steps:
	- uses: actions/checkout@v4

	- name: Download Docker Images
	uses: actions/download-artifact@v4
	with:
	name: docker-images

	- name: Load Docker Images
	run: docker load -i cdp-images.tar

	- name: Set up AWS CLI
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	aws-region: eu-west-2

	- name: Login to Amazon ECR
	id: login-ecr
	uses: aws-actions/amazon-ecr-login@v2

	- name: Tag and Push Docker Images
	run: make aws-push-to-ecr AWS_ACCOUNT_ID="${{ secrets.AWS_ACCOUNT_ID }}" IMAGES="${{ env.IMAGES }}"

	- name: Store Version in SSM Parameter Store
	run: \|
	aws ssm put-parameter --name "cdp-sirsi-service-version" --value "${{ env.IMAGE_VERSION }}" --type String --overwrite

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Feature/dp 998 user management translations #4638

Workflow file

Feature/dp 998 user management translations #4638

Jobs

Run details

Workflow file for this run