Merge branch 'epic_188588775_csp_enabled' into 188655810-session-expi… #33149
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: full check suite | |
| on: | |
| push: | |
| schedule: | |
| - cron: '0 5 * * *' | |
| concurrency: | |
| group: qb-${{ github.ref }} | |
| # cancel-in-progress: true #This is temporary to avoid trunk GHA collisions | |
| env: | |
| REPORT_PATH: 'ci/cuke-report.json' | |
| CUCUMBER_SPLIT_CONFIGURATION_PATH: 'ci/cucumber-split-config.json' | |
| CLIENT: 'dc' | |
| jobs: | |
| view_linter: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: ruby/setup-ruby@v1 | |
| with: | |
| bundler-cache: true | |
| rubygems: 3.3.26 | |
| - name: Run View Linter | |
| run: | | |
| git fetch --no-tags --depth=1 origin trunk | |
| bundle exec rake view_translations_linter:lint_git_difference_changed_lines | |
| brakeman: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: ruby/setup-ruby@v1 | |
| with: | |
| bundler-cache: true | |
| rubygems: 3.3.26 | |
| - run: gem install brakeman | |
| - run: brakeman -i config/brakeman.ignore --add-checks-path checks --format html --out brakeman.html | |
| - name: upload brakeman failure report | |
| uses: actions/upload-artifact@v3 | |
| if: failure() | |
| with: | |
| name: Security Reports | |
| path: brakeman.html | |
| brakeman-engines: | |
| runs-on: ubuntu-20.04 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| engine: | |
| - benefit_markets | |
| - benefit_sponsors | |
| - financial_assistance | |
| - notifier | |
| - sponsored_benefits | |
| - transport_gateway | |
| - transport_profiles | |
| - ui_helpers | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: ruby/setup-ruby@v1 | |
| with: | |
| bundler-cache: true | |
| rubygems: 3.3.26 | |
| - run: gem install brakeman | |
| - name: Run Brakeman In ${{ matrix.engine }} | |
| run: | | |
| cd components/${{ matrix.engine }} | |
| brakeman -i config/brakeman.ignore --add-checks-path ../../engine_checks/ --format html --out ../../${{ matrix.engine }}.brakeman.html | |
| - name: upload brakeman failure report | |
| uses: actions/upload-artifact@v3 | |
| if: failure() | |
| with: | |
| name: Security Reports | |
| path: ${{ matrix.engine }}.brakeman.html | |
| engines: | |
| needs: [brakeman-engines] | |
| runs-on: ubuntu-20.04 | |
| services: | |
| rabbitmq: | |
| image: rabbitmq:latest | |
| ports: | |
| - 5672:5672 | |
| - 15672:15672 | |
| options: >- | |
| --name "rabbitmq" | |
| --health-cmd "rabbitmqctl node_health_check" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| mongo: | |
| image: mongo:4.2 | |
| ports: | |
| - 27017:27017 | |
| options: >- | |
| --name "mongo" | |
| --health-cmd mongo | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| redis: | |
| image: redis:3.2-alpine | |
| ports: | |
| - 6379 | |
| options: >- | |
| --name "redis" | |
| --health-cmd "redis-cli ping" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| engine-name: | |
| [ | |
| 'benefit_markets', | |
| 'notifier', | |
| 'sponsored_benefits', | |
| 'transport_gateway', | |
| 'transport_profiles' | |
| ] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: ruby/setup-ruby@v1 | |
| with: | |
| rubygems: 3.3.26 | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: '14' | |
| - name: restore Project Gems | |
| uses: actions/cache@v3 | |
| with: | |
| path: vendor/bundle | |
| key: v5-${{ matrix.engine-name }}-${{ hashFiles('**/Gemfile.lock') }} | |
| restore-keys: | | |
| v5-${{ matrix.engine-name }}-${{ hashFiles('**/Gemfile.lock') }} | |
| - name: bundle install | |
| run: | | |
| gem update --system --quiet --silent | |
| bundle config path vendor/bundle | |
| bundle install | |
| echo switching to ${{ matrix.engine-name }} | |
| cd components/${{ matrix.engine-name }} | |
| bundle config path ../../vendor/bundle | |
| echo testing caching | |
| echo installing ${{ matrix.engine-name }} dependencies | |
| bundle install | |
| - name: Restore Node Modules | |
| id: npm-cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: node_modules | |
| key: ${{ runner.os }}-node_modules-v14-${{ hashFiles('yarn.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node_modules-v14-${{ hashFiles('yarn.lock') }} | |
| - name: yarn install | |
| if: steps.npm-cache.outputs.cache-hit != 'true' | |
| run: | | |
| yarn install | |
| - name: run webpack | |
| run: | | |
| echo bundle config | |
| bundle config path vendor/bundle | |
| NODE_ENV=test RAILS_ENV=test ./bin/webpack | |
| - name: test engine | |
| env: | |
| COVERAGE: 'true' | |
| run: | | |
| root=`pwd -P` | |
| echo $root/components/${{ matrix.engine-name }} | |
| cd $root/components/${{ matrix.engine-name }} | |
| bundle config path ../../vendor/bundle | |
| bundle exec rspec | |
| - name: copy coverage report | |
| if: (github.event_name == 'push') && (github.ref == 'refs/heads/trunk') | |
| run: | | |
| root=`pwd -P` | |
| cd $root/components/${{ matrix.engine-name }} | |
| cp coverage/coverage.xml ${{ github.workspace }}/engines-${{ matrix.group }}_${{ strategy.job-total }}_coverage.xml | |
| - name: Upload coverage artifact | |
| if: (github.event_name == 'push') && (github.ref == 'refs/heads/trunk') | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: code-coverage | |
| path: ${{ github.workspace }}/engines-${{ matrix.group }}_${{ strategy.job-total }}_coverage.xml | |
| financial-assistance: | |
| needs: [brakeman-engines] | |
| runs-on: ubuntu-20.04 | |
| services: | |
| rabbitmq: | |
| image: rabbitmq:latest | |
| ports: | |
| - 5672:5672 | |
| - 15672:15672 | |
| options: >- | |
| --name "rabbitmq" | |
| --health-cmd "rabbitmqctl node_health_check" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| mongo: | |
| image: mongo:4.2 | |
| ports: | |
| - 27017:27017 | |
| options: >- | |
| --name "mongo" | |
| --health-cmd mongo | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| redis: | |
| image: redis:3.2-alpine | |
| ports: | |
| - 6379 | |
| options: >- | |
| --name "redis" | |
| --health-cmd "redis-cli ping" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| group: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: ruby/setup-ruby@v1 | |
| with: | |
| bundler-cache: true | |
| rubygems: 3.3.26 | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: '14' | |
| - name: Install Test Boosters gem | |
| run: gem install treye-semaphore_test_boosters --version '2.5.2' | |
| - name: Restore Node Modules | |
| id: npm-cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: node_modules | |
| key: ${{ runner.os }}-node_modules-v14-${{ hashFiles('yarn.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node_modules-v14-${{ hashFiles('yarn.lock') }} | |
| - name: Install node dependencies | |
| if: steps.npm-cache.outputs.cache-hit != 'true' | |
| run: yarn install | |
| - name: Run tests | |
| env: | |
| COVERAGE: 'true' | |
| TEST_BOOSTERS_RSPEC_TEST_FILE_PATTERN: 'components/financial_assistance/**/*_spec.rb' | |
| run: rspec_booster --job ${{ matrix.group }}/${{ strategy.job-total }} | |
| - name: copy coverage report | |
| if: (github.event_name == 'push') && (github.ref == 'refs/heads/trunk') | |
| run: | | |
| cp coverage/coverage.xml ${{ github.workspace }}/coverage/fa_${{ matrix.group }}_${{ strategy.job-total }}_coverage.xml | |
| - name: Upload coverage artifact | |
| uses: actions/upload-artifact@v3 | |
| if: (github.event_name == 'push') && (github.ref == 'refs/heads/trunk') | |
| with: | |
| name: code-coverage | |
| path: ${{ github.workspace }}/coverage/fa_${{ matrix.group }}_${{ strategy.job-total }}_coverage.xml | |
| benefit-sponsors: | |
| needs: [brakeman-engines] | |
| runs-on: ubuntu-20.04 | |
| services: | |
| rabbitmq: | |
| image: rabbitmq:latest | |
| ports: | |
| - 5672:5672 | |
| - 15672:15672 | |
| options: >- | |
| --name "rabbitmq" | |
| --health-cmd "rabbitmqctl node_health_check" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| mongo: | |
| image: mongo:4.2 | |
| ports: | |
| - 27017:27017 | |
| options: >- | |
| --name "mongo" | |
| --health-cmd mongo | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| redis: | |
| image: redis:3.2-alpine | |
| ports: | |
| - 6379 | |
| options: >- | |
| --name "redis" | |
| --health-cmd "redis-cli ping" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| group: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: ruby/setup-ruby@v1 | |
| with: | |
| rubygems: 3.3.26 | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: '14' | |
| - name: Restore Project Gems | |
| uses: actions/cache@v3 | |
| with: | |
| path: vendor/bundle | |
| key: benefit_sponsors-${{ hashFiles('**/Gemfile.lock') }} | |
| restore-keys: | | |
| benefit_sponsors-${{ hashFiles('**/Gemfile.lock') }} | |
| - name: bundle install | |
| run: | | |
| gem update --system --quiet --silent | |
| bundle config path vendor/bundle | |
| bundle install | |
| cd components/benefit_sponsors | |
| bundle config path ../../vendor/bundle | |
| bundle install | |
| gem install treye-semaphore_test_boosters --version '2.5.2' | |
| - name: Restore Node Modules | |
| id: npm-cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: node_modules | |
| key: ${{ runner.os }}-node_modules-v14-${{ hashFiles('yarn.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node_modules-v14-${{ hashFiles('yarn.lock') }} | |
| - name: yarn install | |
| if: steps.npm-cache.outputs.cache-hit != 'true' | |
| run: yarn install | |
| - name: run webpack | |
| run: | | |
| bundle config path vendor/bundle | |
| NODE_ENV=test RAILS_ENV=test ./bin/webpack | |
| - name: test engine | |
| env: | |
| RSPEC_SPLIT_CONFIGURATION_PATH: '${{ github.workspace }}/ci/benefit_sponsors-split-config.json' | |
| COVERAGE: 'true' | |
| run: | | |
| cd components/benefit_sponsors | |
| bundle config path ../../vendor/bundle | |
| rspec_booster --job ${{ matrix.group }}/${{ strategy.job-total }} | |
| - name: copy coverage report | |
| if: (github.event_name == 'push') && (github.ref == 'refs/heads/trunk') | |
| run: | | |
| cd components/benefit_sponsors | |
| cp coverage/coverage.xml ${{ github.workspace }}/bs-${{ matrix.group }}_${{ strategy.job-total }}_coverage.xml | |
| - name: Upload coverage artifact | |
| if: (github.event_name == 'push') && (github.ref == 'refs/heads/trunk') | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: code-coverage | |
| path: ${{ github.workspace }}/bs-${{ matrix.group }}_${{ strategy.job-total }}_coverage.xml | |
| rspec: | |
| needs: [brakeman, brakeman-engines] | |
| runs-on: ubuntu-latest | |
| services: | |
| rabbitmq: | |
| image: rabbitmq:latest | |
| ports: | |
| - 5672:5672 | |
| - 15672:15672 | |
| options: >- | |
| --name "rabbitmq" | |
| --health-cmd "rabbitmqctl node_health_check" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| mongo: | |
| image: mongo:4.2 | |
| ports: | |
| - 27017:27017 | |
| options: >- | |
| --name "mongo" | |
| --health-cmd mongo | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| redis: | |
| image: redis:3.2-alpine | |
| ports: | |
| - 6379 | |
| options: >- | |
| --name "redis" | |
| --health-cmd "redis-cli ping" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| group: | |
| [ | |
| 1, | |
| 2, | |
| 3, | |
| 4, | |
| 5, | |
| 6, | |
| 7, | |
| 8, | |
| 9, | |
| 10, | |
| 11, | |
| 12, | |
| 13, | |
| 14, | |
| 15, | |
| 16, | |
| 17, | |
| 18, | |
| 19, | |
| 20, | |
| 21, | |
| 22, | |
| 23, | |
| ] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: ruby/setup-ruby@v1 | |
| with: | |
| bundler-cache: true | |
| rubygems: 3.3.26 | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: '14' | |
| - name: Install Test Boosters gem | |
| run: gem install treye-semaphore_test_boosters --version '2.5.2' | |
| - name: Restore Node Modules | |
| id: npm-cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: node_modules | |
| key: ${{ runner.os }}-node_modules-v14-${{ hashFiles('yarn.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node_modules-v14-${{ hashFiles('yarn.lock') }} | |
| - name: Install node dependencies | |
| if: steps.npm-cache.outputs.cache-hit != 'true' | |
| run: yarn install | |
| - name: Run tests | |
| env: | |
| COVERAGE: 'true' | |
| RSPEC_SPLIT_CONFIGURATION_PATH: 'ci/rspec-split-config.json' | |
| TEST_BOOSTERS_RSPEC_TEST_FILE_PATTERN: '{spec,components/benefit_markets,components/benefit_sponsors,components/financial_assistance,components/notifier,components/sponsored_benefits,components/transport_gateway,components/transport_profiles}/**/*_spec.rb' | |
| run: rspec_booster --job ${{ matrix.group }}/${{ strategy.job-total }} | |
| - name: copy coverage report | |
| if: (github.event_name == 'push') && (github.ref == 'refs/heads/trunk') | |
| run: | | |
| cp coverage/coverage.xml ${{ github.workspace }}/coverage/${{ matrix.group }}_${{ strategy.job-total }}_coverage.xml | |
| - name: Upload coverage artifact | |
| uses: actions/upload-artifact@v3 | |
| if: (github.event_name == 'push') && (github.ref == 'refs/heads/trunk') | |
| with: | |
| name: code-coverage | |
| path: ${{ github.workspace }}/coverage/${{ matrix.group }}_${{ strategy.job-total }}_coverage.xml | |
| cucumber: | |
| needs: [brakeman, brakeman-engines] | |
| runs-on: ubuntu-latest | |
| services: | |
| rabbitmq: | |
| image: rabbitmq:latest | |
| ports: | |
| - 5672:5672 | |
| - 15672:15672 | |
| options: >- | |
| --name "rabbitmq" | |
| --health-cmd "rabbitmqctl node_health_check" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| mongo: | |
| image: mongo:4.2 | |
| ports: | |
| - 27017:27017 | |
| options: >- | |
| --name "mongo" | |
| --health-cmd mongo | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| redis: | |
| image: redis:3.2-alpine | |
| ports: | |
| - 6379 | |
| options: >- | |
| --name "redis" | |
| --health-cmd "redis-cli ping" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| group: | |
| [ | |
| 1, | |
| 2, | |
| 3, | |
| 4, | |
| 5, | |
| 6, | |
| 7, | |
| 8, | |
| 9, | |
| 10, | |
| 11, | |
| 12, | |
| 13, | |
| 14, | |
| 15, | |
| 16, | |
| 17, | |
| 18, | |
| 19, | |
| 20, | |
| 21, | |
| 22, | |
| 23, | |
| 24, | |
| 25, | |
| 26, | |
| 27, | |
| 28, | |
| 29, | |
| 30, | |
| 31, | |
| 32, | |
| 33, | |
| 34, | |
| 35, | |
| 36, | |
| 37, | |
| 38, | |
| 39, | |
| 40, | |
| 41, | |
| 42, | |
| 43, | |
| 44, | |
| ] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: ruby/setup-ruby@v1 | |
| with: | |
| bundler-cache: true | |
| rubygems: 3.3.26 | |
| - uses: actions/setup-node@v3 | |
| with: | |
| node-version: '14' | |
| - name: Install Test boosters gem | |
| run: gem install treye-semaphore_test_boosters --version '2.5.2' | |
| - name: Restore Node Modules | |
| id: npm-cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: node_modules | |
| key: ${{ runner.os }}-node_modules-v14-${{ hashFiles('yarn.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node_modules-v14-${{ hashFiles('yarn.lock') }} | |
| - name: Install node dependencies | |
| if: steps.npm-cache.outputs.cache-hit != 'true' | |
| run: yarn install | |
| - name: Run tests | |
| env: | |
| COVERAGE: 'true' | |
| run: cucumber_booster --job ${{ matrix.group }}/${{ strategy.job-total }} | |
| - name: copy coverage report | |
| if: (github.event_name == 'push') && (github.ref == 'refs/heads/trunk') | |
| run: | | |
| cp coverage/coverage.xml ${{ github.workspace }}/coverage/cukes-${{ matrix.group }}_${{ strategy.job-total }}_coverage.xml | |
| - name: Upload coverage artifact | |
| uses: actions/upload-artifact@v3 | |
| if: (github.event_name == 'push') && (github.ref == 'refs/heads/trunk') | |
| with: | |
| name: code-coverage | |
| path: ${{ github.workspace }}/coverage/cukes-${{ matrix.group }}_${{ strategy.job-total }}_coverage.xml | |
| quality-workbench: | |
| needs: [engines, benefit-sponsors, rspec, cucumber] | |
| if: always() | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| check: [engines, benefit-sponsors, rspec, cucumber] | |
| steps: | |
| - name: Check build matrix status | |
| env: | |
| CHECK: ${{ matrix.check }} | |
| if: needs[env.CHECK].result != 'success' | |
| run: exit 1 | |
| code-coverage-summary: | |
| if: (github.event_name == 'push') && (github.ref == 'refs/heads/trunk') | |
| needs: [rspec, cucumber] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Download code coverage artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: code-coverage | |
| path: coverage | |
| - name: Setup .NET Core # Required to execute ReportGenerator | |
| uses: actions/setup-dotnet@v3 | |
| with: | |
| dotnet-version: 6.x | |
| dotnet-quality: 'ga' | |
| - name: ReportGenerator | |
| uses: danielpalme/[email protected] | |
| with: | |
| reports: coverage/*.xml | |
| targetdir: coveragereport | |
| reporttypes: HtmlInline;MarkdownSummary;MarkdownSummaryGithub;Badges | |
| - name: Display structure of downloaded files | |
| run: ls -R | |
| - name: Upload coverage report artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: code-coverage-report | |
| path: coveragereport/* | |
| - name: Write to Job Summary | |
| run: cat coveragereport/SummaryGithub.md >> $GITHUB_STEP_SUMMARY | |
| - name: copy coverage badge | |
| run: | | |
| mkdir coverage-save | |
| cp coveragereport/badge_linecoverage.svg coverage-save/ | |
| - name: Publish coverage badge to coverage-badge branch | |
| uses: JamesIves/github-pages-deploy-action@v4 | |
| with: | |
| branch: coverage-artifacts | |
| folder: coverage-save/ | |