spike results #9849
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy | |
on: | |
push: | |
branches: | |
- "*" | |
- "dependabot/**" | |
- "!skipci*" | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
permissions: | |
id-token: write | |
contents: read | |
actions: read | |
jobs: | |
unit-tests: | |
name: Unit Tests | |
uses: ./.github/workflows/unittest-workflow.yml | |
if: github.ref == 'refs/heads/master' | |
secrets: | |
CODE_CLIMATE_ID: ${{ secrets.CODE_CLIMATE_ID }} | |
deploy: | |
runs-on: ubuntu-latest | |
env: | |
SLS_DEPRECATION_DISABLE: "*" # Turn off deprecation warnings in the pipeline | |
steps: | |
- name: set branch_name # Some integrations (Dependabot & Snyk) build very long branch names. This is a switch to make long branch names shorter. | |
run: | | |
echo "GITHUB_REF=${GITHUB_REF}" | |
if [[ "$GITHUB_REF" =~ ^refs/heads/dependabot/.* ]]; then | |
echo "branch_name=`echo ${GITHUB_REF##*/*-} | md5sum | head -c 10 | sed 's/^/x/'`" >> $GITHUB_ENV | |
elif [[ "$GITHUB_REF" =~ ^refs/.*/snyk-* ]]; then | |
echo "branch_name=`echo ${GITHUB_REF##*/*-} | head -c 10 | sed 's/^/s/'`" >> $GITHUB_ENV | |
else | |
echo "branch_name=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV | |
fi | |
- uses: actions/checkout@v3 | |
- name: 'Setup jq' | |
uses: dcarbone/install-jq-action@v2.1.0 | |
with: | |
version: '${{ inputs.version }}' | |
force: '${{ inputs.force }}' | |
- name: 'Check jq' | |
# language=sh | |
run: | | |
which jq | |
jq --version | |
- name: Validate branch name | |
run: ./.github/branchNameValidation.sh $STAGE_PREFIX$branch_name | |
- name: set branch specific variable names | |
run: ./.github/build_vars.sh set_names | |
- name: set variable values | |
run: ./.github/build_vars.sh set_values | |
env: | |
AWS_DEFAULT_REGION: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }} | |
AWS_OIDC_ROLE_TO_ASSUME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }} | |
STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
CODE_CLIMATE_ID: ${{ secrets.CODE_CLIMATE_ID }} | |
- name: Configure AWS credentials for GitHub Actions | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }} | |
aws-region: ${{ env.AWS_DEFAULT_REGION }} | |
- uses: actions/setup-node@v3 | |
with: | |
node-version-file: ".nvmrc" | |
- uses: actions/cache@v3 | |
with: | |
path: "**/node_modules" | |
key: ${{ runner.os }}-modules-${{ hashFiles('**/yarn.lock', 'plugins/**') }} | |
- name: set path | |
run: | | |
echo "PATH=$(pwd)/node_modules/.bin/:$PATH" >> $GITHUB_ENV | |
- name: deploy | |
run: | | |
# When deploying multiple copies of this quickstart to the same AWS Account (not ideal), a prefix helps prevent stepping on each other. | |
# This can optionally be set as an GitHub Actions Secret | |
./deploy.sh $STAGE_PREFIX$branch_name | |
- name: Endpoint | |
id: endpoint | |
run: | | |
APPLICATION_ENDPOINT=$(./output.sh ui ApplicationEndpointUrl $STAGE_PREFIX$branch_name) | |
echo "application_endpoint=$APPLICATION_ENDPOINT" >> $GITHUB_OUTPUT | |
echo "## Application Endpoint" >> $GITHUB_STEP_SUMMARY | |
echo "<$APPLICATION_ENDPOINT>" >> $GITHUB_STEP_SUMMARY | |
working-directory: services | |
outputs: | |
application_endpoint: ${{ steps.endpoint.outputs.application_endpoint}} | |
BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION: ${{ steps.set_names.outputs.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION }} | |
BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME: ${{ steps.set_names.outputs.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME }} | |
# run e2e tests after deploy completes | |
e2e-tests-init: | |
name: Initialize End To End Tests | |
if: ${{ github.ref != 'refs/heads/master' && github.ref != 'refs/heads/val' && github.ref != 'refs/heads/prod' }} | |
needs: | |
- deploy | |
runs-on: ubuntu-latest | |
steps: | |
- name: Verify Endpoint | |
if: ${{ needs.deploy.outputs.application_endpoint == ''}} | |
run: | | |
echo "No endpoint set, Check if the deploy workflow was successful." | |
exit 1 | |
- uses: actions/checkout@v3 | |
- name: set branch_name | |
run: | | |
echo "GITHUB_REF=${GITHUB_REF}" | |
if [[ "$GITHUB_REF" =~ ^refs/heads/dependabot/.* ]]; then | |
echo "branch_name=`echo ${GITHUB_REF##*/*-} | md5sum | head -c 10 | sed 's/^/x/'`" >> $GITHUB_ENV | |
elif [[ "$GITHUB_REF" =~ ^refs/.*/snyk-* ]]; then | |
echo "branch_name=`echo ${GITHUB_REF##*/*-} | head -c 10 | sed 's/^/s/'`" >> $GITHUB_ENV | |
else | |
echo "branch_name=${GITHUB_REF#refs/heads/}" >> $GITHUB_ENV | |
fi | |
- name: set branch specific variable names | |
id: set_names | |
run: ./.github/build_vars.sh set_names | |
- name: set variable values | |
id: set_values | |
run: ./.github/build_vars.sh set_values | |
env: | |
AWS_DEFAULT_REGION: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }} | |
AWS_OIDC_ROLE_TO_ASSUME: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }} | |
INFRASTRUCTURE_TYPE: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_INFRASTRUCTURE_TYPE] || secrets.INFRASTRUCTURE_TYPE || 'development' }} | |
STAGE_PREFIX: ${{ secrets.STAGE_PREFIX }} | |
COGNITO_TEST_USERS_PASSWORD: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_COGNITO_TEST_USERS_PASSWORD] || secrets.COGNITO_TEST_USERS_PASSWORD }} | |
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} | |
- uses: actions/setup-node@v3 | |
with: | |
node-version-file: ".nvmrc" | |
- name: Combine yarn.lock files to single file | |
run: find services -maxdepth 3 -name yarn.lock | xargs cat yarn.lock > combined-yarn.txt | |
- name: cache service dependencies | |
uses: actions/cache@v3 | |
with: | |
path: | | |
services/app-api/node_modules | |
services/uploads/node_modules | |
services/stream-functions/node_modules | |
services/ui/node_modules | |
services/ui-auth/node_modules | |
services/ui-src/node_modules | |
node_modules | |
key: ${{ runner.os }}-${{ hashFiles('combined-yarn.txt') }} | |
- name: Configure AWS credentials for GitHub Actions | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ env.AWS_OIDC_ROLE_TO_ASSUME }} | |
aws-region: ${{ env.AWS_DEFAULT_REGION }} | |
- name: Install dependencies | |
run: yarn install --frozen-lockfile | |
- name: set path | |
run: | | |
echo "PATH=$(pwd)/node_modules/.bin/:$PATH" >> $GITHUB_ENV | |
- name: Get Runner IP | |
id: get-ip | |
run: | | |
#!/bin/bash | |
# Get the IP address of the runner | |
IP_ADDRESS=$(curl https://api.ipify.org) | |
echo "Runner IP address: $IP_ADDRESS" | |
# Store the IP address as an output variable | |
echo "RUNNER_IP=$IP_ADDRESS/32" >> $GITHUB_OUTPUT | |
- name: Get Github Actions CIDR Blocks | |
id: get-gha-cidrs | |
shell: bash | |
run: | | |
#!/bin/bash | |
GHA_RESP=$(curl --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' https://api.github.com/meta) | |
echo "Response for GHA runner CIDR blocks: $GHA_RESP" | |
IPV4_CIDR_ARR=($(echo $GHA_RESP | jq -r '.actions | .[]' | grep -v ':')) | |
GHA_CIDRS_IPV4=$(echo $(IFS=" "; echo ${IPV4_CIDR_ARR[*]})) | |
echo "GHA_CIDRS_IPV4=$GHA_CIDRS_IPV4" >> $GITHUB_OUTPUT | |
- name: Generate IP Set Name | |
id: gen-ip-set-name | |
run: | | |
STAGE_GH_IPSET_NAME=$STAGE_PREFIX$branch_name-gh-ipset | |
echo "Github IP Set name: $STAGE_GH_IPSET_NAME" | |
echo "STAGE_GH_IPSET_NAME=$STAGE_GH_IPSET_NAME" >> $GITHUB_OUTPUT | |
- name: Fetch AWS IP set Metadata | |
id: fetch-ip-set-info | |
run: | | |
#!/bin/bash | |
# Fetch AWS IP set ARNs using AWS CLI and store them in a variable | |
AWS_IP_SET_INFO=$(aws wafv2 list-ip-sets --scope=CLOUDFRONT) | |
# Store the IP set ARNs in an output variable using GITHUB_OUTPUT | |
IPSET_NAME=${{ steps.gen-ip-set-name.outputs.STAGE_GH_IPSET_NAME }} | |
IPSET=$(jq '.IPSets | map(select(.Name == "'${IPSET_NAME}'")) | .[]' <<< ${AWS_IP_SET_INFO}) | |
[ -z "$IPSET" ] && echo "IP Set with name ${IPSET_NAME} was not located. Exiting..." && exit 1 | |
echo "IP Set metadata: ${IPSET}" | |
#Get Values from the IP SET | |
IPSET_ID=$(jq -r '.Id' <<< ${IPSET}) | |
echo "IPSET_ARN=$IPSET_ARN" >> $GITHUB_OUTPUT | |
echo "IPSET_NAME=$IPSET_NAME" >> $GITHUB_OUTPUT | |
echo "IPSET_ID=$IPSET_ID" >> $GITHUB_OUTPUT | |
- name: Update IP Set | |
id: update-ip-set | |
run: ./.github/waf-controller.sh set ${{ steps.fetch-ip-set-info.outputs.IPSET_NAME }} ${{ steps.fetch-ip-set-info.outputs.IPSET_ID }} ${{ steps.get-gha-cidrs.outputs.GHA_CIDRS_IPV4 }} | |
env: | |
AWS_RETRY_MODE: adaptive | |
AWS_MAX_ATTEMPTS: 10 | |
outputs: | |
application_endpoint: ${{ needs.deploy.outputs.application_endpoint }} | |
ipset_name: ${{ steps.fetch-ip-set-info.outputs.IPSET_NAME }} | |
ipset_id: ${{ steps.fetch-ip-set-info.outputs.IPSET_ID }} | |
setup-tests: | |
name: "Setup End To End Tests" | |
uses: ./.github/workflows/cypress-workflow.yml | |
needs: | |
- e2e-tests-init | |
with: | |
test-path: "init" | |
test-endpoint: "${{ needs.e2e-tests-init.outputs.application_endpoint }}" | |
secrets: | |
slack-url: ${{ secrets.SLACK_WEBHOOK_URL }} | |
cypress-user1: ${{ secrets.CYPRESS_TEST_USER_1 }} | |
cypress-user2: ${{ secrets.CYPRESS_TEST_USER_2 }} | |
cypress-user3: ${{ secrets.CYPRESS_TEST_USER_3 }} | |
cypress-user4: ${{ secrets.CYPRESS_TEST_USER_4 }} | |
cypress-password: ${{ secrets.CYPRESS_TEST_PASSWORD_1 }} | |
child-e2e-measure-tests: | |
name: "Child End To End Tests" | |
uses: ./.github/workflows/cypress-workflow.yml | |
needs: | |
- e2e-tests-init | |
- setup-tests | |
with: | |
test-path: "measures/child" | |
test-endpoint: "${{ needs.e2e-tests-init.outputs.application_endpoint }}" | |
secrets: | |
slack-url: ${{ secrets.SLACK_WEBHOOK_URL }} | |
cypress-user1: ${{ secrets.CYPRESS_TEST_USER_1 }} | |
cypress-user2: ${{ secrets.CYPRESS_TEST_USER_2 }} | |
cypress-user3: ${{ secrets.CYPRESS_TEST_USER_3 }} | |
cypress-user4: ${{ secrets.CYPRESS_TEST_USER_4 }} | |
cypress-password: ${{ secrets.CYPRESS_TEST_PASSWORD_1 }} | |
adult-e2e-measure-tests: | |
name: "Adult End To End Tests" | |
uses: ./.github/workflows/cypress-workflow.yml | |
needs: | |
- e2e-tests-init | |
- setup-tests | |
with: | |
test-path: "measures/adult" | |
test-endpoint: "${{ needs.e2e-tests-init.outputs.application_endpoint }}" | |
secrets: | |
slack-url: ${{ secrets.SLACK_WEBHOOK_URL }} | |
cypress-user1: ${{ secrets.CYPRESS_TEST_USER_1 }} | |
cypress-user2: ${{ secrets.CYPRESS_TEST_USER_2 }} | |
cypress-user3: ${{ secrets.CYPRESS_TEST_USER_3 }} | |
cypress-user4: ${{ secrets.CYPRESS_TEST_USER_4 }} | |
cypress-password: ${{ secrets.CYPRESS_TEST_PASSWORD_1 }} | |
health-home-e2e-measure-tests: | |
name: "Health Home End To End Measure Tests" | |
uses: ./.github/workflows/cypress-workflow.yml | |
needs: | |
- e2e-tests-init | |
- setup-tests | |
with: | |
test-path: "measures/healthhome" | |
test-endpoint: "${{ needs.e2e-tests-init.outputs.application_endpoint }}" | |
secrets: | |
slack-url: ${{ secrets.SLACK_WEBHOOK_URL }} | |
cypress-user1: ${{ secrets.CYPRESS_TEST_USER_1 }} | |
cypress-user2: ${{ secrets.CYPRESS_TEST_USER_2 }} | |
cypress-user3: ${{ secrets.CYPRESS_TEST_USER_3 }} | |
cypress-user4: ${{ secrets.CYPRESS_TEST_USER_4 }} | |
cypress-password: ${{ secrets.CYPRESS_TEST_PASSWORD_1 }} | |
e2e-feature-tests: | |
name: End To End Feature Tests | |
uses: ./.github/workflows/cypress-workflow.yml | |
needs: | |
- e2e-tests-init | |
- setup-tests | |
with: | |
test-path: "features" | |
test-endpoint: "${{ needs.e2e-tests-init.outputs.application_endpoint }}" | |
secrets: | |
slack-url: ${{ secrets.SLACK_WEBHOOK_URL }} | |
cypress-user1: ${{ secrets.CYPRESS_TEST_USER_1 }} | |
cypress-user2: ${{ secrets.CYPRESS_TEST_USER_2 }} | |
cypress-user3: ${{ secrets.CYPRESS_TEST_USER_3 }} | |
cypress-user4: ${{ secrets.CYPRESS_TEST_USER_4 }} | |
cypress-password: ${{ secrets.CYPRESS_TEST_PASSWORD_1 }} | |
a11y-tests: | |
name: Accessibility Tests | |
needs: | |
- e2e-tests-init | |
- e2e-feature-tests | |
- child-e2e-measure-tests | |
- adult-e2e-measure-tests | |
- health-home-e2e-measure-tests | |
uses: ./.github/workflows/cypress-workflow.yml | |
with: | |
test-path: "a11y" | |
test-endpoint: "${{ needs.e2e-tests-init.outputs.application_endpoint }}" | |
secrets: | |
slack-url: ${{ secrets.SLACK_WEBHOOK_URL }} | |
cypress-user1: ${{ secrets.CYPRESS_TEST_USER_1 }} | |
cypress-user2: ${{ secrets.CYPRESS_TEST_USER_2 }} | |
cypress-user3: ${{ secrets.CYPRESS_TEST_USER_3 }} | |
cypress-user4: ${{ secrets.CYPRESS_TEST_USER_4 }} | |
cypress-password: ${{ secrets.CYPRESS_TEST_PASSWORD_1 }} | |
cleanup: | |
name: Deslist GHA Runner CIDR Blocks | |
if: ${{ github.ref != 'refs/heads/master' && github.ref != 'refs/heads/val' && github.ref != 'refs/heads/prod' }} | |
runs-on: ubuntu-latest | |
needs: | |
- e2e-tests-init | |
- e2e-feature-tests | |
- child-e2e-measure-tests | |
- adult-e2e-measure-tests | |
- health-home-e2e-measure-tests | |
- deploy | |
- a11y-tests | |
env: | |
SLS_DEPRECATION_DISABLE: "*" # Turn off deprecation warnings in the pipeline | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Configure AWS credentials for GitHub Actions | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_OIDC_ROLE_TO_ASSUME] || secrets.AWS_OIDC_ROLE_TO_ASSUME }} | |
aws-region: ${{ secrets[env.BRANCH_SPECIFIC_VARNAME_AWS_DEFAULT_REGION] || secrets.AWS_DEFAULT_REGION }} | |
- name: clean-up-iplist | |
id: reset-ip-set | |
run: ./.github/waf-controller.sh set ${{ needs.e2e-tests-init.outputs.ipset_name }} ${{ needs.e2e-tests-init.outputs.ipset_id }} '[]' | |
env: | |
AWS_RETRY_MODE: adaptive | |
AWS_MAX_ATTEMPTS: 10 |