Renovate Update Patch & Minor Updates #3506
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test & Build | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| test: | |
| name: Test Deputy Hub | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run Tests | |
| run: make unit-test | |
| - name: Publish Unit Test Results | |
| uses: EnricoMi/publish-unit-test-result-action@v2 | |
| if: ${{ always() }} | |
| with: | |
| check_name: "Unit Test Results" | |
| files: test-results/*.xml | |
| lint: | |
| name: GO lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run linting | |
| run: make go-lint | |
| acceptance-test: | |
| name: Acceptance Testing | |
| runs-on: ubuntu-latest | |
| needs: test | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run Axe | |
| run: make axe | |
| - name: Store screenshots | |
| uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: cypress-screenshots | |
| path: cypress/screenshots | |
| - name: Store logs | |
| uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: cypress-logs | |
| path: cypress/logs | |
| cypress: | |
| name: Cypress | |
| runs-on: ubuntu-latest | |
| needs: test | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Run cypress | |
| run: make cypress | |
| - name: Store screenshots | |
| uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: cypress-screenshots | |
| path: cypress/screenshots | |
| - name: Store logs | |
| uses: actions/upload-artifact@v4 | |
| if: failure() | |
| with: | |
| name: cypress-logs | |
| path: cypress/logs | |
| build: | |
| name: "Build & Push Containers" | |
| runs-on: ubuntu-latest | |
| needs: ['test', 'lint', 'acceptance-test', 'cypress'] | |
| outputs: | |
| branch: ${{ steps.set-outputs.outputs.branch }} | |
| tag: ${{ steps.bump_version.outputs.tag }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: '0' | |
| - name: Extract branch name | |
| run: | | |
| if [ "${{ github.head_ref }}" == "" ]; then | |
| echo BRANCH_NAME=main >> $GITHUB_ENV | |
| else | |
| echo BRANCH_NAME=${{ github.head_ref }} >> $GITHUB_ENV | |
| fi | |
| id: extract_branch | |
| - uses: unfor19/install-aws-cli-action@v1 | |
| - name: Build Container | |
| run: make build | |
| - name: Bump version | |
| id: bump_version | |
| uses: anothrNick/[email protected] | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| INITIAL_VERSION: 1.0.0 | |
| DEFAULT_BUMP: minor | |
| PRERELEASE: true | |
| PRERELEASE_SUFFIX: ${{ env.BRANCH_NAME }} | |
| RELEASE_BRANCHES: main | |
| WITH_V: true | |
| DRY_RUN: ${{ github.actor == 'renovate[bot]' }} | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
| aws-region: eu-west-1 | |
| role-to-assume: arn:aws:iam::311462405659:role/sirius-actions-ci | |
| role-duration-seconds: 3600 | |
| role-session-name: GitHubActions | |
| - name: ECR Login | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| with: | |
| registries: 311462405659 | |
| - name: Run Trivy vulnerability scanner | |
| env: | |
| TRIVY_DB_REPOSITORY: ${{ steps.login-ecr.outputs.registry }}/trivy-db-public-ecr/aquasecurity/trivy-db:2 | |
| TRIVY_JAVA_DB_REPOSITORY: ${{ steps.login-ecr.outputs.registry }}/trivy-db-public-ecr/aquasecurity/trivy-java-db:1 | |
| DOCKER_USERNAME: ${{ steps.login-ecr.outputs.docker_username_311462405659_dkr_ecr_eu_west_1_amazonaws_com }} | |
| DOCKER_PASSWORD: ${{ steps.login-ecr.outputs.docker_password_311462405659_dkr_ecr_eu_west_1_amazonaws_com }} | |
| run: make scan | |
| - name: Upload Trivy scan results to GitHub Security tab | |
| uses: github/codeql-action/upload-sarif@v3 | |
| if: always() | |
| with: | |
| sarif_file: 'test-results/trivy.sarif' | |
| - name: Push Container | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| DEPUTY_HUB_ECR_REPOSITORY: sirius/sirius-deputy-hub | |
| run: | | |
| docker tag 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-deputy-hub:latest $ECR_REGISTRY/$DEPUTY_HUB_ECR_REPOSITORY:${{ steps.bump_version.outputs.tag }} | |
| if [ $BRANCH_NAME == "main" ]; then | |
| docker tag 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-deputy-hub:latest $ECR_REGISTRY/$DEPUTY_HUB_ECR_REPOSITORY:main-${{ steps.bump_version.outputs.tag }} | |
| docker tag 311462405659.dkr.ecr.eu-west-1.amazonaws.com/sirius/sirius-deputy-hub:latest $ECR_REGISTRY/$DEPUTY_HUB_ECR_REPOSITORY:main-${{ steps.bump_version.outputs.tag }}-$(date +"%Y%m%d%H%M%S") | |
| # We want all of the tags pushed | |
| docker push --all-tags $ECR_REGISTRY/$DEPUTY_HUB_ECR_REPOSITORY | |
| else | |
| docker push $ECR_REGISTRY/$DEPUTY_HUB_ECR_REPOSITORY:${{ steps.bump_version.outputs.tag }} | |
| fi | |
| push-tags: | |
| runs-on: ubuntu-latest | |
| needs: build | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_ACTIONS }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_ACTIONS }} | |
| aws-region: eu-west-1 | |
| role-to-assume: arn:aws:iam::997462338508:role/sirius-actions-ci | |
| role-duration-seconds: 3600 | |
| role-session-name: GitHubActions | |
| - name: Install AWS CLI | |
| id: install-aws-cli | |
| uses: unfor19/install-aws-cli-action@v1 | |
| - name: Push Tag to Parameter Store | |
| run: | | |
| aws ssm put-parameter --name "opg-sirius-supervision-deputy-hub-latest-green-build" --type "String" --value "${{ needs.build.outputs.tag}}" --overwrite --region=eu-west-1 | |
| - name: Trigger Dev Deploy | |
| shell: bash | |
| run: curl -u ${{ secrets.JENKINS_API_USER }}:${{ secrets.JENKINS_API_TOKEN }} "https://${{ secrets.JENKINS_URL }}/job/Sirius/job/Deploy_to_Development/build?token=${{ secrets.JENKINS_API_TOKEN_NAME }}&cause=Triggered+by+opg-sirius-supervision-deputy-hub" |