Skip to content

fix: services/ui-src/package.json & services/ui-src/yarn.lock to redu… #11176

fix: services/ui-src/package.json & services/ui-src/yarn.lock to redu…

fix: services/ui-src/package.json & services/ui-src/yarn.lock to redu… #11176

Workflow file for this run

name: Deploy
on:
push:
branches:
- "*"
- "!skipci*"
concurrency:
group: ${{ github.ref_name }}
permissions:
id-token: write
contents: read
actions: read
jobs:
unit-tests:
name: Unit Tests
uses: ./.github/workflows/unittest-workflow.yml
secrets:
CODE_CLIMATE_ID: ${{ secrets.CODE_CLIMATE_ID }}
deploy:
runs-on: ubuntu-latest
env:
SLS_DEPRECATION_DISABLE: "*" # Turn off deprecation warnings in the pipeline
steps:
- uses: actions/checkout@v4
- name: set branch_name # Some integrations (Snyk) build very long branch names. This is a switch to make long branch names shorter.
run: |
BRANCH_NAME=$(./.github/setBranchName.sh ${{ github.ref_name }})
echo "branch_name=${BRANCH_NAME}" >> $GITHUB_ENV
- name: Validate branch name
run: ./.github/branchNameValidation.sh $STAGE_PREFIX$branch_name
- name: set branch specific variable names
run: ./.github/build_vars.sh set_names
- name: set variable values
run: ./.github/build_vars.sh set_values
env:
AWS_DEFAULT_REGION: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }}
AWS_OIDC_ROLE_TO_ASSUME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }}
STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }}
CODE_CLIMATE_ID: ${{ secrets.CODE_CLIMATE_ID }}
- name: Configure AWS credentials for GitHub Actions
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- uses: actions/setup-node@v4
with:
node-version-file: ".nvmrc"
- uses: actions/cache@v4
with:
path: "**/node_modules"
key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock', 'plugins/**') }}
- name: set path
run: |
echo "PATH=$(pwd)/node_modules/.bin/:$PATH" >> $GITHUB_ENV
- name: deploy
run: |
# When deploying multiple copies of this quickstart to the same AWS Account (not ideal), a prefix helps prevent stepping on each other.
# This can optionally be set as an GitHub Actions Secret
./run deploy --stage $STAGE_PREFIX$branch_name
- name: Endpoint
id: endpoint
run: |
APPLICATION_ENDPOINT=$(./output.sh ui ApplicationEndpointUrl $STAGE_PREFIX$branch_name)
echo "application_endpoint=$APPLICATION_ENDPOINT" >> $GITHUB_OUTPUT
echo "## Application Endpoint" >> $GITHUB_STEP_SUMMARY
echo "<$APPLICATION_ENDPOINT>" >> $GITHUB_STEP_SUMMARY
working-directory: services
outputs:
application_endpoint: ${{ steps.endpoint.outputs.application_endpoint}}
BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION: ${{ steps.set_names.outputs.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION }}
BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME: ${{ steps.set_names.outputs.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME }}
register-runner:
name: Register GitHub Runner
if: ${{ github.ref_name != 'master' && github.ref_name != 'val' && github.ref_name != 'production' }}
runs-on: ubuntu-latest
needs: deploy
env:
SLS_DEPRECATION_DISABLE: "*" # Turn off deprecation warnings in the pipeline
steps:
- name: Checkout
uses: actions/checkout@v4
- name: set branch_name
run: |
BRANCH_NAME=$(./.github/setBranchName.sh ${{ github.ref_name }})
echo "branch_name=${BRANCH_NAME}" >> $GITHUB_ENV
- name: set branch specific variable names
id: set_names
run: ./.github/build_vars.sh set_names
- name: set variable values
id: set_values
run: ./.github/build_vars.sh set_values
env:
AWS_DEFAULT_REGION: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }}
AWS_OIDC_ROLE_TO_ASSUME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }}
STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }}
- name: Configure AWS credentials for GitHub Actions
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }}
aws-region: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }}
- name: output account id
id: output_account_id
run: |
#!/bin/bash
AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
echo "Current Account ID: ${AWS_ACCOUNT_ID}"
- name: Get Github Actions CIDR Blocks
id: get-gha-cidrs
shell: bash
run: |
#!/bin/bash
GHA_RESP=$(curl --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' https://api.github.com/meta)
echo "Response for GHA runner CIDR blocks: $GHA_RESP"
IPV4_CIDR_ARR=($(echo $GHA_RESP | jq -r '.actions | .[]' | grep -v ':'))
GHA_CIDRS_IPV4=$(echo $(IFS=" "; echo ${IPV4_CIDR_ARR[*]}))
echo "GHA_CIDRS_IPV4=$GHA_CIDRS_IPV4" >> $GITHUB_OUTPUT
- name: Generate IP Set Name
id: gen-ip-set-name
run: |
#!/bin/bash
STAGE_GH_IPSET_NAME=$STAGE_PREFIX$branch_name-gh-ipset
echo "Github IP Set name: $STAGE_GH_IPSET_NAME"
echo "STAGE_GH_IPSET_NAME=$STAGE_GH_IPSET_NAME" >> $GITHUB_OUTPUT
- name: Fetch AWS IP Set Metadata
id: fetch-ip-set-info
run: |
#!/bin/bash
# Fetch AWS IP set ARNs using AWS CLI and store them in a variable
AWS_IP_SET_INFO=$(aws wafv2 list-ip-sets --scope=CLOUDFRONT)
echo "Outputting AWS IP Set Info: ${AWS_IP_SET_INFO}"
# Store the IP set ARNs in an output variable using GITHUB_OUTPUT
IPSET_NAME=${{ steps.gen-ip-set-name.outputs.STAGE_GH_IPSET_NAME }}
IPSET=$(jq '.IPSets | map(select(.Name == "'${IPSET_NAME}'")) | .[]' <<< ${AWS_IP_SET_INFO})
[ -z "$IPSET" ] && echo "IP Set with name ${IPSET_NAME} was not located. Exiting..." && exit 1
echo "IP Set metadata: ${IPSET}"
#Get Values from the IP SET
IPSET_ID=$(jq -r '.Id' <<< ${IPSET})
echo "IPSET_ARN=$IPSET_ARN" >> $GITHUB_OUTPUT
echo "IPSET_NAME=$IPSET_NAME" >> $GITHUB_OUTPUT
echo "IPSET_ID=$IPSET_ID" >> $GITHUB_OUTPUT
- name: Update IP Set
id: update-ip-set
run: ./.github/waf-controller.sh set ${{ steps.fetch-ip-set-info.outputs.IPSET_NAME }} ${{ steps.fetch-ip-set-info.outputs.IPSET_ID }} ${{ steps.get-gha-cidrs.outputs.GHA_CIDRS_IPV4 }}
env:
AWS_RETRY_MODE: adaptive
AWS_MAX_ATTEMPTS: 10
outputs:
ipset_name: ${{ steps.fetch-ip-set-info.outputs.IPSET_NAME }}
ipset_id: ${{ steps.fetch-ip-set-info.outputs.IPSET_ID }}
e2e-tests-init:
name: Initialize End To End Tests
if: ${{ always() && !cancelled() && needs.deploy.result == 'success' && github.ref_name != 'master' && github.ref_name != 'val' && github.ref_name != 'prod' }}
needs:
- deploy
- register-runner
runs-on: ubuntu-latest
steps:
- name: Verify Endpoint
if: ${{ needs.deploy.outputs.application_endpoint == ''}}
run: |
echo "No endpoint set, Check if the deploy workflow was successful."
exit 1
- uses: actions/checkout@v4
- name: set branch_name
run: |
BRANCH_NAME=$(./.github/setBranchName.sh ${{ github.ref_name }})
echo "branch_name=${BRANCH_NAME}" >> $GITHUB_ENV
- name: set branch specific variable names
id: set_names
run: ./.github/build_vars.sh set_names
- name: set variable values
id: set_values
run: ./.github/build_vars.sh set_values
env:
AWS_DEFAULT_REGION: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }}
AWS_OIDC_ROLE_TO_ASSUME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }}
INFRASTRUCTURE_TYPE: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_INFRASTRUCTURE_TYPE] || secrets.INFRASTRUCTURE_TYPE || 'development' }}
STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }}
COGNITO_TEST_USERS_PASSWORD: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_COGNITO_TEST_USERS_PASSWORD] || secrets.COGNITO_TEST_USERS_PASSWORD }}
- uses: actions/setup-node@v4
with:
node-version-file: ".nvmrc"
- name: Combine yarn.lock files to single file
run: find services -maxdepth 3 -name yarn.lock | xargs cat yarn.lock > combined-yarn.txt
- name: cache service dependencies
uses: actions/cache@v4
with:
path: |
services/app-api/node_modules
services/uploads/node_modules
services/ui/node_modules
services/ui-auth/node_modules
services/ui-src/node_modules
node_modules
key: ${{ runner.os }}-${{ hashFiles('combined-yarn.txt') }}
- name: Configure AWS credentials for GitHub Actions
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: Install dependencies
run: yarn install --frozen-lockfile
- name: set path
run: |
echo "PATH=$(pwd)/node_modules/.bin/:$PATH" >> $GITHUB_ENV
outputs:
application_endpoint: ${{ needs.deploy.outputs.application_endpoint }}
e2e-tests:
name: "Run End To End Tests"
uses: ./.github/workflows/cypress-workflow.yml
needs:
- e2e-tests-init
with:
test-path: "e2e"
test-endpoint: "${{ needs.e2e-tests-init.outputs.application_endpoint }}"
secrets:
cypress-user2: ${{ secrets.CYPRESS_STATE_USER_2 }}
cypress-user4: ${{ secrets.CYPRESS_STATE_USER_4 }}
cypress-admin-user: ${{ secrets.CYPRESS_ADMIN_USER }}
cypress-password: ${{ secrets.CYPRESS_QMR_PASSWORD }}
cleanup:
name: Delist GHA Runner CIDR Blocks
if: ${{ github.ref_name != 'master' && github.ref_name != 'val' && github.ref_name != 'prod' }}
runs-on: ubuntu-latest
needs:
- deploy
- e2e-tests-init
- e2e-tests
- register-runner
env:
SLS_DEPRECATION_DISABLE: "*" # Turn off deprecation warnings in the pipeline
steps:
- uses: actions/checkout@v4
- name: Configure AWS credentials for GitHub Actions
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }}
aws-region: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }}
- name: clean-up-iplist
id: reset-ip-set
run: ./.github/waf-controller.sh set ${{ needs.register-runner.outputs.ipset_name }} ${{ needs.register-runner.outputs.ipset_id }} '[]'
env:
AWS_RETRY_MODE: adaptive
AWS_MAX_ATTEMPTS: 10