Skip to content

PWNN-2097 Ability to select DfE approved or CAB approved framework #3459

PWNN-2097 Ability to select DfE approved or CAB approved framework

PWNN-2097 Ability to select DfE approved or CAB approved framework #3459

name: "CI/CD - Full Pipeline"
on:
pull_request:
push:
branches:
- main
- development
- production
jobs:
build_test:
name: Build (Test)
runs-on: ubuntu-20.04
outputs:
docker_image: ${{ steps.build.outputs.docker_image }}
if: ${{ github.ref != 'refs/heads/production' && github.ref != 'refs/heads/development' }}
steps:
- uses: actions/checkout@v4.1.6
- uses: ./.github/workflows/actions/build-docker-image
name: Build docker image
id: build
with:
target: test
ghcr_username: ${{ github.actor }}
ghcr_password: ${{ secrets.GITHUB_TOKEN }}
build_release:
name: Build (Release)
runs-on: ubuntu-20.04
outputs:
docker_image: ${{ steps.build.outputs.docker_image }}
steps:
- uses: actions/checkout@v4.1.6
- uses: ./.github/workflows/actions/build-docker-image
name: Build docker image
id: build
with:
target: app
ghcr_username: ${{ github.actor }}
ghcr_password: ${{ secrets.GITHUB_TOKEN }}
brakeman:
name: Checks - Brakeman
needs: build_test
runs-on: ubuntu-20.04
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3.3.0
- run: docker run ${{ needs.build_test.outputs.docker_image }} bundle exec brakeman
rubocop:
name: Checks - Rubocop
needs: build_test
runs-on: ubuntu-20.04
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3.3.0
- run: docker run ${{ needs.build_test.outputs.docker_image }} bundle exec rubocop
jest:
name: Checks - Jest
needs: build_test
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v4.1.6
- name: Install node modules
run: yarn install
- name: Run tests
run: yarn jest
rspec:
name: Checks - Rspec
needs: build_test
runs-on: ubuntu-20.04
strategy:
fail-fast: false
matrix:
ci_node_total: [6]
ci_node_index: [0, 1, 2, 3, 4, 5]
services:
postgres:
image: postgres
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: password
POSTGRES_HOST_AUTH_METHOD: trust
ports:
- 5432:5432
redis:
image: redis
ports:
- 6379:6379
chrome:
image: selenium/standalone-chrome:95.0-chromedriver-95.0
ports:
- 4444:4444
steps:
- name: Run Rspec tests
run: |
docker run \
--network ${{ job.container.network }} \
--name test_container \
-e RAILS_ENV=test \
-e DATABASE_URL=postgres://postgres:password@postgres:5432/buy-for-your-school-test \
-e DATABASE_CLEANER_ALLOW_REMOTE_DATABASE_URL="true" \
-e DOCKER=true \
-e SELENIUM_HUB_URL=http://chrome:4444/wd/hub \
-e REDIS_URL=redis://redis:6379 \
-e APPLICATION_URL=http://localhost:3000 \
-e SECRET_KEY_BASE=test \
-e CONTENTFUL_SPACE=test \
-e CONTENTFUL_ENVIRONMENT=master \
-e CONTENTFUL_DELIVERY_TOKEN=123 \
-e CONTENTFUL_PREVIEW_TOKEN=123 \
-e CONTENTFUL_ENTRY_CACHING=false \
-e CONTENTFUL_WEBHOOK_API_KEY=test \
-e NOTIFY_API_KEY=development_team-12345678-1234-1234-1234-abcd12345678-12345678-1234-1234-1234-abcd12345678 \
-e MS_GRAPH_TENANT=test \
-e MS_GRAPH_CLIENT_ID=test \
-e MS_GRAPH_CLIENT_SECRET=test \
-e MS_GRAPH_SHARED_MAILBOX_USER_ID=test \
-e MS_GRAPH_SHARED_MAILBOX_NAME=mailbox \
-e MS_GRAPH_SHARED_MAILBOX_ADDRESS=test@mailbox.com \
-e CLAMAV_REST_SERVICE_URL=test \
-e DSI_ENV=test \
-e DFE_SIGN_IN_IDENTIFIER=service \
-e DFE_SIGN_IN_API_SECRET=secret \
-e PROC_OPS_TEAM="DSI Caseworkers" \
-e QUALTRICS_SURVEY_URL=https://dferesearch.fra1.qualtrics.com \
-e SUPPORT_EMAIL=email@example.gov.uk \
-e FAF_FRAMEWORK_ENDPOINT=http://faf.test \
-e FAF_WEBHOOK_SECRET=test \
-e CI_NODE_TOTAL=${{ matrix.ci_node_total }} \
-e CI_NODE_INDEX=${{ matrix.ci_node_index }} \
${{ needs.build_test.outputs.docker_image }} \
bash -c "bundle exec rake 'knapsack:rspec[--tag ~flaky]'"
- name: Get coverage from container
run: |
mkdir coverage
docker cp test_container:/srv/app/coverage/.resultset.json coverage/.resultset-${{ matrix.ci_node_index }}.json
- name: Remove test container
run: docker rm test_container
- name: Store test coverage
uses: actions/upload-artifact@v4.3.3
with:
name: coverage-report-${{ matrix.ci_node_index }}
path: coverage/.resultset-${{ matrix.ci_node_index }}.json
rspec_quarentine:
name: Checks - Rspec (Quarantined tests)
needs: build_test
runs-on: ubuntu-20.04
services:
postgres:
image: postgres
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: password
POSTGRES_HOST_AUTH_METHOD: trust
ports:
- 5432:5432
redis:
image: redis
ports:
- 6379:6379
chrome:
image: selenium/standalone-chrome:95.0-chromedriver-95.0
ports:
- 4444:4444
steps:
- name: Run Quarantined Rspec tests
continue-on-error: true
run: |
docker run \
--network ${{ job.container.network }} \
--name test_container \
-e RAILS_ENV=test \
-e DATABASE_URL=postgres://postgres:password@postgres:5432/buy-for-your-school-test \
-e DATABASE_CLEANER_ALLOW_REMOTE_DATABASE_URL="true" \
-e DOCKER=true \
-e SELENIUM_HUB_URL=http://chrome:4444/wd/hub \
-e REDIS_URL=redis://redis:6379 \
-e APPLICATION_URL=http://localhost:3000 \
-e SECRET_KEY_BASE=test \
-e CONTENTFUL_SPACE=test \
-e CONTENTFUL_ENVIRONMENT=master \
-e CONTENTFUL_DELIVERY_TOKEN=123 \
-e CONTENTFUL_PREVIEW_TOKEN=123 \
-e CONTENTFUL_ENTRY_CACHING=false \
-e CONTENTFUL_WEBHOOK_API_KEY=test \
-e NOTIFY_API_KEY=development_team-12345678-1234-1234-1234-abcd12345678-12345678-1234-1234-1234-abcd12345678 \
-e MS_GRAPH_TENANT=test \
-e MS_GRAPH_CLIENT_ID=test \
-e MS_GRAPH_CLIENT_SECRET=test \
-e MS_GRAPH_SHARED_MAILBOX_USER_ID=test \
-e MS_GRAPH_SHARED_MAILBOX_NAME=mailbox \
-e MS_GRAPH_SHARED_MAILBOX_ADDRESS=test@mailbox.com \
-e CLAMAV_REST_SERVICE_URL=test \
-e DSI_ENV=test \
-e DFE_SIGN_IN_IDENTIFIER=service \
-e DFE_SIGN_IN_API_SECRET=secret \
-e PROC_OPS_TEAM="DSI Caseworkers" \
-e QUALTRICS_SURVEY_URL=https://dferesearch.fra1.qualtrics.com \
-e SUPPORT_EMAIL=email@example.gov.uk \
-e FAF_FRAMEWORK_ENDPOINT=http://faf.test \
-e FAF_WEBHOOK_SECRET=test \
${{ needs.build_test.outputs.docker_image }} \
bash -c "bundle exec rspec --tag flaky || bundle exec rspec --only-failure"
- name: Get coverage from container
run: |
mkdir coverage
docker cp test_container:/srv/app/coverage/.resultset.json coverage/.resultset-quarantine.json
- name: Remove test container
run: docker rm test_container
- name: Store test coverage
uses: actions/upload-artifact@v4.3.3
with:
name: coverage-report-quarantine
path: coverage/.resultset-quarantine.json
collate_test_coverage:
name: Checks - Produce test coverage report
needs: [build_test, rspec, rspec_quarentine]
runs-on: ubuntu-20.04
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3.3.0
- name: Download all test coverage
uses: actions/download-artifact@v4.1.7
with:
path: coverage
pattern: coverage-report-*
merge-multiple: true
- name: Generate collated test coverage
run: |
CONTAINER_ID=$(docker run -di ${{ needs.build_test.outputs.docker_image }} "/bin/sh")
docker cp coverage $CONTAINER_ID:/srv/app
docker exec $CONTAINER_ID bash -c "ruby lib/code_coverage_collate.rb"
docker cp $CONTAINER_ID:/srv/app/coverage/index.html coverage
docker cp $CONTAINER_ID:/srv/app/coverage/assets coverage
docker cp $CONTAINER_ID:/srv/app/coverage/.last_run.json coverage
docker stop $CONTAINER_ID
docker rm $CONTAINER_ID
- name: Store collated test coverage
uses: actions/upload-artifact@v4.3.3
with:
name: full-coverage-report
path: |
coverage/*
!coverage/.last_run.json
- name: Store last run
uses: actions/upload-artifact@v4.3.3
with:
name: last-run
path: coverage/.last_run.json
- name: Delete intermediate artifacts
uses: geekyeggo/delete-artifact@v5.0.0
with:
name: coverage-report-*
comment_coverage:
name: Comment coverage on PR
needs: collate_test_coverage
runs-on: ubuntu-20.04
if: ${{ github.event_name == 'pull_request' }}
steps:
- name: Download coverage from current run
uses: actions/download-artifact@v4.1.7
with:
path: coverage/current
pattern: last-run
- run: echo current_coverage=$(cat coverage/current/last-run/.last_run.json) >> $GITHUB_ENV
- name: Store coverage from current run
id: current-run-coverage
run: |
echo branch=${{ fromJson(env.current_coverage).result.branch }} >> $GITHUB_OUTPUT
echo line=${{ fromJson(env.current_coverage).result.line }} >> $GITHUB_OUTPUT
- name: Post comment
uses: thollander/actions-comment-pull-request@v2.5.0
with:
message: |
# Test coverage
**Line:** ${{ steps.current-run-coverage.outputs.line }}%
**Branch:** ${{ steps.current-run-coverage.outputs.branch }}%
release_dev:
name: Deploy release (Dev)
runs-on: ubuntu-20.04
needs: build_release
environment: az-dev
if: github.ref == 'refs/heads/development'
steps:
- uses: actions/checkout@v4.1.6
- uses: ./.github/workflows/actions/deploy-az
with:
docker_image_and_tag: ${{ needs.build_release.outputs.docker_image }}
az_credentials: ${{ secrets.AZURE_SP_CREDENTIALS }}
container_app_name: ${{ secrets.CONTAINER_APP_NAME }}
resource_group_name: ${{ secrets.RESOURCE_GROUP_NAME }}
release_staging:
name: Deploy release (Staging)
runs-on: ubuntu-20.04
needs: build_release
environment: az-staging
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v4.1.6
- uses: ./.github/workflows/actions/deploy-az
with:
docker_image_and_tag: ${{ needs.build_release.outputs.docker_image }}
az_credentials: ${{ secrets.AZURE_SP_CREDENTIALS }}
container_app_name: ${{ secrets.CONTAINER_APP_NAME }}
resource_group_name: ${{ secrets.RESOURCE_GROUP_NAME }}
release_production:
name: Deploy release (Production)
runs-on: ubuntu-20.04
needs: build_release
environment: az-production
if: github.ref == 'refs/heads/production'
steps:
- uses: actions/checkout@v4.1.6
- uses: ./.github/workflows/actions/deploy-az
with:
docker_image_and_tag: ${{ needs.build_release.outputs.docker_image }}
az_credentials: ${{ secrets.AZURE_SP_CREDENTIALS }}
container_app_name: ${{ secrets.CONTAINER_APP_NAME }}
resource_group_name: ${{ secrets.RESOURCE_GROUP_NAME }}
data_regression_copy_to_original:
name: Data regression testing - trigger copy to pre-release-original-data
needs: release_production
runs-on: ubuntu-20.04
steps:
- uses: Azure/pipelines@v1.2
with:
azure-devops-project-url: "https://dfe-ssp.visualstudio.com/S174-Get%20Help%20Buying%20for%20Schools"
azure-pipeline-name: "Pre-release Original Data sync"
azure-devops-token: ${{ secrets.AZURE_DEVOPS_TOKEN }}
data_regression_copy_to_modified:
name: Data regression testing - trigger copy to pre-release-modified-data
needs: release_production
runs-on: ubuntu-20.04
steps:
- uses: Azure/pipelines@v1.2
with:
azure-devops-project-url: "https://dfe-ssp.visualstudio.com/S174-Get%20Help%20Buying%20for%20Schools"
azure-pipeline-name: "Pre-release Modified Data sync"
azure-devops-token: ${{ secrets.AZURE_DEVOPS_TOKEN }}
data_regression_migrate_modified:
name: Data regression testing - apply migrations to pre-release-modified-data
needs: [build_release, release_staging]
runs-on: ubuntu-20.04
env:
PRE_RELEASE_MODIFIED_DATA_DB_URL: ${{ secrets.PRE_RELEASE_MODIFIED_DATA_DB_URL }}
steps:
- name: Run migrations against pre-release-modified-data
run: |
docker run --rm \
-e RAILS_ENV=production \
-e DATABASE_URL=${{ env.PRE_RELEASE_MODIFIED_DATA_DB_URL }} \
-e DOCKER=true \
-e SECRET_KEY_BASE=production \
-e APPLICATION_URL=https://www.get-help-buying-for-schools.service.gov.uk \
${{ needs.build_release.outputs.docker_image }} \
bash -c "bundle exec rails db:migrate"