Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/main' into wip-lambda-tutorial
Browse files Browse the repository at this point in the history
  • Loading branch information
regularfry committed Oct 5, 2023
2 parents 1d23696 + 5f28100 commit 066872f
Show file tree
Hide file tree
Showing 35 changed files with 442 additions and 264 deletions.
2 changes: 1 addition & 1 deletion .github/actions/check-file-format/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,4 @@ runs:
shell: bash
run: |
export BRANCH_NAME=origin/${{ github.event.repository.default_branch }}
./scripts/githooks/check-file-format.sh
check=branch ./scripts/githooks/check-file-format.sh
1 change: 1 addition & 0 deletions .github/actions/cloc-repository/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ runs:
shell: bash
run: zip cloc-report.json.zip cloc-report.json
- name: "Upload CLOC report as an artefact"
if: ${{ !env.ACT }}
uses: actions/upload-artifact@v3
with:
name: cloc-report.json.zip
Expand Down
2 changes: 2 additions & 0 deletions .github/actions/scan-dependencies/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ runs:
shell: bash
run: zip sbom-repository-report.json.zip sbom-repository-report.json
- name: "Upload SBOM report as an artefact"
if: ${{ !env.ACT }}
uses: actions/upload-artifact@v3
with:
name: sbom-repository-report.json.zip
Expand All @@ -45,6 +46,7 @@ runs:
shell: bash
run: zip vulnerabilities-repository-report.json.zip vulnerabilities-repository-report.json
- name: "Upload vulnerabilities report as an artefact"
if: ${{ !env.ACT }}
uses: actions/upload-artifact@v3
with:
name: vulnerabilities-repository-report.json.zip
Expand Down
5 changes: 5 additions & 0 deletions .github/workflows/cicd-1-pull-request.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ on:

jobs:
metadata:
name: "Set CI/CD metadata"
runs-on: ubuntu-latest
timeout-minutes: 1
outputs:
Expand Down Expand Up @@ -66,6 +67,7 @@ jobs:
export DOES_PULL_REQUEST_EXIST="${{ steps.pr_exists.outputs.does_pull_request_exist }}"
make list-variables
commit-stage: # Recommended maximum execution time is 2 minutes
name: "Commit stage"
needs: [metadata]
uses: ./.github/workflows/stage-1-commit.yaml
with:
Expand All @@ -78,6 +80,7 @@ jobs:
version: "${{ needs.metadata.outputs.version }}"
secrets: inherit
test-stage: # Recommended maximum execution time is 5 minutes
name: "Test stage"
needs: [metadata, commit-stage]
uses: ./.github/workflows/stage-2-test.yaml
with:
Expand All @@ -90,6 +93,7 @@ jobs:
version: "${{ needs.metadata.outputs.version }}"
secrets: inherit
build-stage: # Recommended maximum execution time is 3 minutes
name: "Build stage"
needs: [metadata, test-stage]
uses: ./.github/workflows/stage-3-build.yaml
if: needs.metadata.outputs.does_pull_request_exist == 'true' || (github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'reopened'))
Expand All @@ -103,6 +107,7 @@ jobs:
version: "${{ needs.metadata.outputs.version }}"
secrets: inherit
acceptance-stage: # Recommended maximum execution time is 10 minutes
name: "Acceptance stage"
needs: [metadata, build-stage]
uses: ./.github/workflows/stage-4-acceptance.yaml
if: needs.metadata.outputs.does_pull_request_exist == 'true' || (github.event_name == 'pull_request' && (github.event.action == 'opened' || github.event.action == 'reopened'))
Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/cicd-2-publish.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ on:

jobs:
metadata:
name: "Set CI/CD metadata"
runs-on: ubuntu-latest
if: github.event.pull_request.merged == true
timeout-minutes: 1
Expand Down Expand Up @@ -45,6 +46,7 @@ jobs:
export VERSION="${{ steps.variables.outputs.version }}"
make list-variables
publish:
name: "Publish packages"
runs-on: ubuntu-latest
needs: [metadata]
if: github.event.pull_request.merged == true
Expand Down Expand Up @@ -78,13 +80,14 @@ jobs:
# asset_name: repository-template-${{ needs.metadata.outputs.version }}.tar.gz
# asset_content_type: "application/gzip"
success:
name: "Success notification"
runs-on: ubuntu-latest
needs: [publish]
steps:
- name: "Check prerequisites for notification"
id: check
run: echo "secret_exist=${{ secrets.TEAMS_NOTIFICATION_WEBHOOK_URL != '' }}" >> $GITHUB_OUTPUT
- name: "Notify on build completion"
- name: "Notify on publishing packages"
if: steps.check.outputs.secret_exist == 'true'
uses: nhs-england-tools/[email protected]
with:
Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/cicd-3-deploy.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ on:

jobs:
metadata:
name: "Set CI/CD metadata"
runs-on: ubuntu-latest
timeout-minutes: 1
outputs:
Expand Down Expand Up @@ -49,6 +50,7 @@ jobs:
export TAG="${{ steps.variables.outputs.tag }}"
make list-variables
deploy:
name: "Deploy to an environment"
runs-on: ubuntu-latest
needs: [metadata]
timeout-minutes: 10
Expand All @@ -57,13 +59,14 @@ jobs:
uses: actions/checkout@v4
# TODO: More jobs or/and steps here
# success:
# name: "Success notification"
# runs-on: ubuntu-latest
# needs: [deploy]
# steps:
# - name: "Check prerequisites for notification"
# id: check
# run: echo "secret_exist=${{ secrets.TEAMS_NOTIFICATION_WEBHOOK_URL != '' }}" >> $GITHUB_OUTPUT
# - name: "Notify on build completion"
# - name: "Notify on deployment to an environment"
# if: steps.check.outputs.secret_exist == 'true'
# uses: nhs-england-tools/[email protected]
# with:
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/stage-1-commit.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,9 @@ on:

jobs:
scan-secrets:
name: "Scan secrets"
runs-on: ubuntu-latest
timeout-minutes: 2
name: "Scan secrets"
steps:
- name: "Checkout code"
uses: actions/checkout@v4
Expand All @@ -45,9 +45,9 @@ jobs:
- name: "Scan secrets"
uses: ./.github/actions/scan-secrets
check-file-format:
name: "Check file format"
runs-on: ubuntu-latest
timeout-minutes: 2
name: "Check file format"
steps:
- name: "Checkout code"
uses: actions/checkout@v4
Expand All @@ -56,9 +56,9 @@ jobs:
- name: "Check file format"
uses: ./.github/actions/check-file-format
check-markdown-format:
name: "Check markdown format"
runs-on: ubuntu-latest
timeout-minutes: 2
name: "Check markdown format"
steps:
- name: "Checkout code"
uses: actions/checkout@v4
Expand All @@ -67,21 +67,21 @@ jobs:
- name: "Check markdown format"
uses: ./.github/actions/check-markdown-format
lint-terraform:
name: "Lint Terraform"
runs-on: ubuntu-latest
timeout-minutes: 2
name: "Lint Terraform"
steps:
- name: "Checkout code"
uses: actions/checkout@v4
- name: "Lint Terraform"
uses: ./.github/actions/lint-terraform
cloc-repository:
name: "Count lines of code"
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
timeout-minutes: 2
name: "Count lines of code"
steps:
- name: "Checkout code"
uses: actions/checkout@v4
Expand All @@ -95,12 +95,12 @@ jobs:
idp_aws_report_upload_role_name: "${{ secrets.IDP_AWS_REPORT_UPLOAD_ROLE_NAME }}"
idp_aws_report_upload_bucket_endpoint: "${{ secrets.IDP_AWS_REPORT_UPLOAD_BUCKET_ENDPOINT }}"
scan-dependencies:
name: "Scan dependencies"
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
timeout-minutes: 2
name: "Scan dependencies"
steps:
- name: "Checkout code"
uses: actions/checkout@v4
Expand Down
5 changes: 4 additions & 1 deletion .github/workflows/stage-2-test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ on:

jobs:
test-unit:
name: "Unit tests"
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
Expand All @@ -46,6 +47,7 @@ jobs:
run: |
echo "Nothing to save"
test-lint:
name: "Linting"
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
Expand All @@ -58,6 +60,7 @@ jobs:
run: |
echo "Nothing to save"
test-coverage:
name: "Test coverage"
needs: [test-unit]
runs-on: ubuntu-latest
timeout-minutes: 5
Expand All @@ -71,13 +74,13 @@ jobs:
run: |
echo "Nothing to save"
perform-static-analysis:
name: "Perform static analysis"
needs: [test-unit]
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
timeout-minutes: 5
name: "Perform static analysis"
steps:
- name: "Checkout code"
uses: actions/checkout@v4
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/stage-3-build.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ on:

jobs:
artefact-1:
name: "Artefact 1"
runs-on: ubuntu-latest
timeout-minutes: 3
steps:
Expand All @@ -50,6 +51,7 @@ jobs:
echo "Uploading artefact 1 ..."
# TODO: Use either action/cache or action/upload-artifact
artefact-2:
name: "Artefact 2"
runs-on: ubuntu-latest
timeout-minutes: 3
steps:
Expand Down
9 changes: 9 additions & 0 deletions .github/workflows/stage-4-acceptance.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ on:

jobs:
environment-set-up:
name: "Environment set up"
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
Expand All @@ -49,6 +50,7 @@ jobs:
run: |
echo "Deploying application..."
test-contract:
name: "Contract test"
runs-on: ubuntu-latest
needs: environment-set-up
timeout-minutes: 10
Expand All @@ -62,6 +64,7 @@ jobs:
run: |
echo "Nothing to save"
test-security:
name: "Security test"
runs-on: ubuntu-latest
needs: environment-set-up
timeout-minutes: 10
Expand All @@ -75,6 +78,7 @@ jobs:
run: |
echo "Nothing to save"
test-ui:
name: "UI test"
runs-on: ubuntu-latest
needs: environment-set-up
timeout-minutes: 10
Expand All @@ -88,6 +92,7 @@ jobs:
run: |
echo "Nothing to save"
test-ui-performance:
name: "UI performance test"
runs-on: ubuntu-latest
needs: environment-set-up
timeout-minutes: 10
Expand All @@ -101,6 +106,7 @@ jobs:
run: |
echo "Nothing to save"
test-integration:
name: "Integration test"
runs-on: ubuntu-latest
needs: environment-set-up
timeout-minutes: 10
Expand All @@ -114,6 +120,7 @@ jobs:
run: |
echo "Nothing to save"
test-accessibility:
name: "Accessibility test"
runs-on: ubuntu-latest
needs: environment-set-up
timeout-minutes: 10
Expand All @@ -127,6 +134,7 @@ jobs:
run: |
echo "Nothing to save"
test-load:
name: "Load test"
runs-on: ubuntu-latest
needs: environment-set-up
timeout-minutes: 10
Expand All @@ -140,6 +148,7 @@ jobs:
run: |
echo "Nothing to save"
environment-tear-down:
name: "Environment tear down"
runs-on: ubuntu-latest
needs:
[
Expand Down
3 changes: 2 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
# WARNING: Please, DO NOT edit this section of the file! It is maintained in the repository template.

.scannerwork
*cloc-report*.json
*cloc*report*.json
*sbom*report*.json
*vulnerabilities*report*.json
*report*json.zip
.version

*.code-workspace
Expand Down
20 changes: 7 additions & 13 deletions .tool-versions
Original file line number Diff line number Diff line change
@@ -1,20 +1,11 @@
nodejs 18.17.1 # Always check AWS and Azure runtime support
python 3.11.4 # Always check AWS and Azure runtime support
terraform 1.5.6
pre-commit 3.3.3
# This file is for you! Please, updated to the versions agreed by your team.

terraform 1.5.7
pre-commit 3.4.0

# ==============================================================================
# The section below is reserved for Docker image versions.

# alpine, SEE: https://hub.docker.com/_/alpine/tags
# docker/alpine 3.18.3@sha256:c5c5fda71656f28e49ac9c5416b3643eaa6a108a8093151d6d1afc9463be8e33

# nodejs, SEE: https://hub.docker.com/_/node/tags
# docker/node 18.17.1-alpine3.18@sha256:982b5b6f07cd9241c9ebb163829067deac8eaefc57cfa8f31927f4b18943d971

# python, SEE: https://hub.docker.com/_/python/tags
# docker/python 3.11.4-alpine3.18@sha256:0135ae6442d1269379860b361760ad2cf6ab7c403d21935a8015b48d5bf78a86

# terraform, SEE: https://hub.docker.com/r/hashicorp/terraform/tags
# docker/hashicorp/terraform 1.5.6@sha256:180a7efa983386a27b43657ed610e9deed9e6c3848d54f9ea9b6cb8a5c8c25f5

Expand All @@ -23,3 +14,6 @@ pre-commit 3.3.3

# hadolint, SEE: https://hub.docker.com/r/hadolint/hadolint/tags
# docker/hadolint/hadolint 2.12.0-alpine@sha256:7dba9a9f1a0350f6d021fb2f6f88900998a4fb0aaf8e4330aa8c38544f04db42

# ghcr.io/nhs-england-tools/github-runner-image, SEE: https://github.com/nhs-england-tools/github-runner-image/pkgs/container/github-runner-image
# docker/ghcr.io/nhs-england-tools/github-runner-image 20230909-321fd1e-rt@sha256:ce4fd6035dc450a50d3cbafb4986d60e77cb49a71ab60a053bb1b9518139a646
Loading

0 comments on commit 066872f

Please sign in to comment.