opengovsg · tshuli · Dec 21, 2021 · Sep 22, 2021 · Sep 22, 2021 · Sep 23, 2021
diff --git a/.ebextensions/99datadog.config b/.ebextensions/99datadog.config
@@ -8,7 +8,7 @@ option_settings:
       value:  "<YOUR_DD_API_KEY>" # To set in AWS EB console only
     - namespace:  aws:elasticbeanstalk:application:environment
       option_name:  DD_AGENT_VERSION
-      value:  "7.31.0"
+      value:  "7.32.3"
     - namespace:  aws:elasticbeanstalk:application:environment
       option_name:  DD_ENV
       value:  "staging" # staging | production

diff --git a/.github/mergify.yml b/.github/mergify.yml
@@ -3,15 +3,13 @@ pull_request_rules:
     conditions:
       - author=dependabot[bot]
       - title~=bump [^\s]+ from ([\d]+)\..+ to \1\.
-      - check-success~=install
+      - check-success~=build
       - check-success~=test-frontend
       - check-success~=test-backend
-      - check-success~=test-e2e
       - check-success~=Analyze # CodeQL / Analyze
       - check-success~=CodeQL # CodeQL code scanning results
       - check-success~=GitGuardian
       - check-success~=Semantic Pull Request
-      - check-success~=Travis CI - Branch
       - check-success~=coverage/coveralls
       - check-success~=license/snyk
       - check-success~=security/snyk
@@ -24,15 +22,13 @@ pull_request_rules:
     conditions:
       - author=snyk-bot
       - title~=\[Snyk\] Security upgrade [^\s]+ from ([\d]+)\..+ to \1\.
-      - check-success~=install
+      - check-success~=build
       - check-success~=test-frontend
       - check-success~=test-backend
-      - check-success~=test-e2e
       - check-success~=Analyze # CodeQL / Analyze
       - check-success~=CodeQL # CodeQL code scanning results
       - check-success~=GitGuardian
       - check-success~=Semantic Pull Request
-      - check-success~=Travis CI - Branch
       - check-success~=coverage/coveralls
       - check-success~=license/snyk
       - check-success~=security/snyk

diff --git a/.github/semantic.yml b/.github/semantic.yml
@@ -0,0 +1,18 @@
+# Always validate the PR title, and ignore the commits
+# since we only squash commits
+titleOnly: true
+
+types:
+  - feat
+  - fix
+  - docs
+  - style
+  - refactor
+  # alias of refactor
+  - ref
+  - perf
+  - test
+  - build
+  - ci
+  - chore
+  - revert
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -2,13 +2,14 @@ name: CI
 
 on:
   push:
+  pull_request_target:
+    types: [opened, reopened]
   pull_request:
     types: [opened, reopened]
 
 jobs:
   install:
     runs-on: ubuntu-latest
-
     steps:
       - uses: actions/checkout@v2
       - name: Use Node.js
@@ -25,11 +26,29 @@ jobs:
             ${{ runner.OS }}-node-
             ${{ runner.OS }}-
       - run: npm ci
-
-  test-e2e:
+  lint:
     needs: install
     runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Use Node.js
+        uses: actions/setup-node@v1
+        with:
+          node-version: '14.x'
+      - name: Load Node.js modules
+        uses: actions/cache@v2
+        with:
+          # npm cache files are stored in `~/.npm` on Linux/macOS
+          path: ~/.npm
+          key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
+      - run: npm ci
+      - run: npm run lint-ci
 
+  build:
+    needs: lint
+    runs-on: ubuntu-latest
+    env:
+      NODE_OPTIONS: '--max-old-space-size=4096'
     steps:
       - uses: actions/checkout@v2
       - name: Use Node.js
@@ -43,12 +62,11 @@ jobs:
           path: ~/.npm
           key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
       - run: npm ci
-      - run: npm run test-e2e
+      - run: npm run build
 
   test-frontend:
-    needs: install
+    needs: lint
     runs-on: ubuntu-latest
-
     steps:
       - uses: actions/checkout@v2
       - name: Use Node.js
@@ -65,9 +83,8 @@ jobs:
       - run: npm run test-frontend
 
   test-backend:
-    needs: install
+    needs: lint
     runs-on: ubuntu-latest
-
     steps:
       - uses: actions/checkout@v2
       - name: Use Node.js

diff --git a/.github/workflows/deploy-eb.yml b/.github/workflows/deploy-eb.yml
@@ -0,0 +1,89 @@
+name: Deploy to AWS Elastic Beanstalk
+on:
+  push:
+    branches: # There should be 4 environments in github actions secrets: release, staging, staging-alt, uat. This is different from the DEPLOY_ENV secret which corresponds to elastic beanstalk environment name
+      - release
+      - staging
+      - staging-alt
+      - uat
+
+jobs:
+  set_environment:
+    outputs:
+      current_env: ${{ steps.set-environment.outputs.current_env }}
+    runs-on: ubuntu-latest
+    steps:
+      - id: set-environment
+        run: echo "::set-output name=current_env::${{github.ref_name}}"
+
+  build_deploy_application:
+    needs: set_environment
+    environment:
+      name: ${{ needs.set_environment.outputs.current_env }}
+    env:
+      IMAGE_TAG: github-actions-${{ github.sha }}-${{ github.run_id }}-${{github.run_attempt}}
+      BRANCH: ${{ needs.set_environment.outputs.current_env }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v2
+        with:
+          node-version: '14'
+          cache: 'npm'
+      - name: Build
+        env:
+          NODE_OPTIONS: '--max-old-space-size=4096'
+        run: |
+          npm ci
+          set -e
+          npm_config_mode=yes npx lockfile-lint --type npm --path package.json --validate-https --allowed-hosts npm
+          npm run lint-ci
+          npm run build
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v1
+
+      - name: Build, tag, and push image to Amazon ECR
+        env:
+          ECR_REPOSITORY: ${{ secrets.ECR_REPO }}
+        run: |
+          docker build -f Dockerfile.production -t $ECR_REPOSITORY:$IMAGE_TAG .
+          docker tag $ECR_REPOSITORY:$IMAGE_TAG $ECR_REPOSITORY:$BRANCH
+          docker push -a $ECR_REPOSITORY
+          sed -i -e "s/@TAG/$IMAGE_TAG/g" Dockerrun.aws.json 
+          zip -r "$IMAGE_TAG.zip" .ebextensions Dockerrun.aws.json
+
+      - name: Copy to S3
+        env:
+          BUCKET_NAME: ${{ secrets.BUCKET_NAME }}
+        run: |
+          aws s3 cp $IMAGE_TAG.zip s3://$BUCKET_NAME/$IMAGE_TAG.zip
+
+      - name: Create application version
+        env:
+          BUCKET_NAME: ${{ secrets.BUCKET_NAME }}
+          APP_NAME: ${{ secrets.APP_NAME }}
+        run: |
+          TRUNCATED_DESC=$(echo "${{github.event.head_commit.message}}" | cut -b1-180)
+          aws elasticbeanstalk create-application-version --application-name $APP_NAME \
+          --version-label $IMAGE_TAG \
+          --source-bundle S3Bucket=$BUCKET_NAME,S3Key=$IMAGE_TAG.zip \
+          --description "$TRUNCATED_DESC"
+
+      - name: Update EB environment
+        id: update-eb-1
+        env:
+          APP_NAME: ${{ secrets.APP_NAME }}
+          DEPLOY_ENV: ${{ secrets.DEPLOY_ENV }}
+        run: |
+          aws elasticbeanstalk update-environment --application-name $APP_NAME \
+            --environment-name $DEPLOY_ENV \
+            --version-label $IMAGE_TAG
diff --git a/.gitignore b/.gitignore
@@ -26,6 +26,10 @@ dist/
 *passphrase*
 *.key
 
+# VSCode
+# ==============
+.dccache
+
 # Sublime editor
 # ==============
 *.sublime-project

diff --git a/.travis.yml b/.travis.yml