.github/workflows/build-frontend.yml

name: Build Frontend

on:
  push:
    branches:
      - dev
      - main
    tags:
      - 'r-*'
  pull_request:
    branches:
      - dev
      - main

jobs:
  build:
    name: Build Frontend
    runs-on: ubuntu-latest
    if: ((github.ref == 'refs/heads/dev') || (github.base_ref == 'main') || (github.base_ref == 'dev'))
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

    steps:
      # Checkout the current working code base
      - name: Checkout working branch
        uses: actions/checkout@v4

      # Installs the correct Node version for the project
      - name: Setup Node.js for use with actions
        uses: actions/setup-node@v4
        with:
          node-version: 20

      - name: Build frontend (includes Node package install)
        run: |
          npm ci --include=dev
          npm run build:production
  deploy_with_tekton: 
    name: Monitor Dev Deployment
    environment: dev
    runs-on: ubuntu-latest 
    if: ((github.ref == 'refs/heads/dev') && (github.event_name != 'pull_request') && (github.actor != 'dependabot[bot]'))
    needs: build
    steps:
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.FPCC_AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.FPCC_AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{  secrets.FPCC_DEFAULT_AWS_REGION  }}
      - name: "Setup kubectl"
        run: |
          aws eks update-kubeconfig --name ${{  secrets.FV_CLUSTER_NAME  }} --region ${{  secrets.FPCC_DEFAULT_AWS_REGION  }}
      - name: "Setup RUNID"
        run: |
          echo "RUNID=$(kubectl -n ${{  secrets.TEKTON_NAMESPACE  }} get pr --sort-by=.status.completionTime -l triggers.tekton.dev/trigger=${{  secrets.TEKTON_INTERCEPTOR_NAME  }} | grep 'fv-web-webhook-' | head -n 1 | cut -d ' ' -f 1)" >> "$GITHUB_ENV";
      - name: "Check RUNID Validity"
        run: |
          echo "The run ID associated with this deployment is ${{  env.RUNID  }}";
          if [${{  env.RUNID  }} == ""]; 
          then echo "No running pipeline associated with this branch, or the state of the pipeline is ambiguous.";
          exit 1;
          fi
      - name: "Monitor RUNID"
        run: |
          echo "The run ID associated with this deployment is ${{  env.RUNID  }}";
          kubectl get events -n ${{  secrets.TEKTON_NAMESPACE  }} | grep "${{  env.RUNID  }}";
          echo -e "\n========================================================================================================================================================================"
          echo "Running repo cloning..."
          kubectl wait --for=condition=Succeeded TaskRun ${{  env.RUNID  }}-${{  vars.PIPELINE_STEP1  }} --timeout=300s -n ${{  secrets.TEKTON_NAMESPACE  }}
          kubectl logs pod/${{  env.RUNID  }}-${{  vars.PIPELINE_STEP1  }}-pod -n ${{  secrets.TEKTON_NAMESPACE  }} 
          echo -e "\n========================================================================================================================================================================"
          echo "Running image build..."
          kubectl wait --for=condition=Succeeded TaskRun ${{  env.RUNID  }}-${{  vars.PIPELINE_STEP2  }} --timeout=300s -n ${{  secrets.TEKTON_NAMESPACE  }}
          kubectl logs pod/${{  env.RUNID  }}-${{  vars.PIPELINE_STEP2  }}-pod -n ${{  secrets.TEKTON_NAMESPACE  }}
          sleep 1;
          echo -e "\n========================================================================================================================================================================"
          kubectl get events -n ${{  secrets.TEKTON_NAMESPACE  }} | grep "${{  env.RUNID  }}";
          echo "Running URL adjustments for fv-web..."
          kubectl wait --for=condition=Succeeded TaskRun ${{  env.RUNID  }}-${{  vars.PIPELINE_STEP3  }} --timeout=300s -n ${{  secrets.TEKTON_NAMESPACE  }}
          kubectl logs pod/${{  env.RUNID  }}-${{  vars.PIPELINE_STEP3  }}-pod -n ${{  secrets.TEKTON_NAMESPACE  }}
          sleep 1;
          echo -e "\n========================================================================================================================================================================"
          echo "Running Helm-upgrade..."
          kubectl wait --for=condition=Succeeded TaskRun ${{  env.RUNID  }}-${{  vars.PIPELINE_STEP4  }} --timeout=300s -n ${{  secrets.TEKTON_NAMESPACE  }}
          kubectl logs pod/${{  env.RUNID  }}-${{  vars.PIPELINE_STEP4  }}-pod -n ${{  secrets.TEKTON_NAMESPACE  }} 
          sleep 1;
          echo -e "\n========================================================================================================================================================================"
          kubectl get events -n ${{  secrets.TEKTON_NAMESPACE  }} | grep "${{  env.RUNID  }}";
          echo "Wrapping up pipeline monitoring";

  deploy_with_tekton_preprod: 
    name: Monitor Preprod Deployment
    environment: preprod
    runs-on: ubuntu-latest 
    if: ((github.ref == 'refs/heads/main') && (github.event_name != 'pull_request') && (github.actor != 'dependabot[bot]'))
    steps:
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.FPCC_AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.FPCC_AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{  secrets.FPCC_DEFAULT_AWS_REGION  }}
      - name: "Setup kubectl"
        run: |
          aws eks update-kubeconfig --name ${{  secrets.FV_CLUSTER_NAME  }} --region ${{  secrets.FPCC_DEFAULT_AWS_REGION  }}
      - name: "Setup RUNID"
        run: |
          echo "RUNID=$(kubectl -n ${{  secrets.TEKTON_NAMESPACE  }} get pr --sort-by=.status.completionTime -l triggers.tekton.dev/trigger=${{  secrets.TEKTON_INTERCEPTOR_NAME  }} | grep 'fv-web-webhook-' | head -n 1 | cut -d ' ' -f 1)" >> "$GITHUB_ENV";
      - name: "Check RUNID Validity"
        run: |
          echo "The run ID associated with this deployment is ${{  env.RUNID  }}";
          if [${{  env.RUNID  }} == ""]; 
          then echo "No running pipeline associated with this branch, or the state of the pipeline is ambiguous.";
          exit 1;
          fi
      - name: "Monitor RUNID"
        run: |
          echo "The run ID associated with this deployment is ${{  env.RUNID  }}";
          kubectl get events -n ${{  secrets.TEKTON_NAMESPACE  }} | grep "${{  env.RUNID  }}";
          echo "===================================================================================="
          echo "Running repo cloning..."
          kubectl wait --for=condition=Succeeded TaskRun ${{  env.RUNID  }}-${{  vars.PIPELINE_STEP1  }} --timeout=300s -n ${{  secrets.TEKTON_NAMESPACE  }}
          kubectl logs pod/${{  env.RUNID  }}-${{  vars.PIPELINE_STEP1  }}-pod -n ${{  secrets.TEKTON_NAMESPACE  }} 
          echo "===================================================================================="
          echo "Running image build..."
          kubectl wait --for=condition=Succeeded TaskRun ${{  env.RUNID  }}-${{  vars.PIPELINE_STEP2  }} --timeout=300s -n ${{  secrets.TEKTON_NAMESPACE  }}
          kubectl logs pod/${{  env.RUNID  }}-${{  vars.PIPELINE_STEP2  }}-pod -n ${{  secrets.TEKTON_NAMESPACE  }}
          sleep 1;
          echo "===================================================================================="
          kubectl get events -n ${{  secrets.TEKTON_NAMESPACE  }} | grep "${{  env.RUNID  }}";
                    echo "Running URL adjustments for fv-web..."
          kubectl wait --for=condition=Succeeded TaskRun ${{  env.RUNID  }}-${{  vars.PIPELINE_STEP3  }} --timeout=300s -n ${{  secrets.TEKTON_NAMESPACE  }}
          kubectl logs pod/${{  env.RUNID  }}-${{  vars.PIPELINE_STEP3  }}-pod -n ${{  secrets.TEKTON_NAMESPACE  }}
          sleep 1;
          echo "===================================================================================="
          echo "Running Helm-upgrade..."
          kubectl wait --for=condition=Succeeded TaskRun ${{  env.RUNID  }}-${{  vars.PIPELINE_STEP4  }} --timeout=300s -n ${{  secrets.TEKTON_NAMESPACE  }}
          kubectl logs pod/${{  env.RUNID  }}-${{  vars.PIPELINE_STEP4  }}-pod -n ${{  secrets.TEKTON_NAMESPACE  }} 
          sleep 1;
          echo "===================================================================================="
          kubectl get events -n ${{  secrets.TEKTON_NAMESPACE  }} | grep "${{  env.RUNID  }}";
          echo "Wrapping up pipeline monitoring";

  deploy_with_tekton_prod: 
    name: Monitor Prod Deployment
    environment: prod
    runs-on: ubuntu-latest 
    if: ((github.ref_type == 'tag') && (startsWith(github.ref_name, 'r-')) && (github.event_name != 'pull_request') && (github.actor != 'dependabot[bot]'))
    steps:
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.FPCC_AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.FPCC_AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{  secrets.FPCC_DEFAULT_AWS_REGION  }}
      - name: "Setup kubectl"
        run: |
          aws eks update-kubeconfig --name ${{  secrets.FV_CLUSTER_NAME  }} --region ${{  secrets.FPCC_DEFAULT_AWS_REGION  }}
      - name: "Setup RUNID"
        run: |
          echo "RUNID=$(kubectl -n ${{  secrets.TEKTON_NAMESPACE  }} get pr --sort-by=.status.completionTime -l triggers.tekton.dev/trigger=${{  secrets.TEKTON_INTERCEPTOR_NAME  }} | grep 'fv-web-webhook-' | head -n 1 | cut -d ' ' -f 1)" >> "$GITHUB_ENV";
      - name: "Check RUNID Validity"
        run: |
          echo "The run ID associated with this deployment is ${{  env.RUNID  }}";
          if [${{  env.RUNID  }} == ""]; 
          then echo "No running pipeline associated with this branch, or the state of the pipeline is ambiguous.";
          exit 1;
          fi
      - name: "Monitor RUNID"
        run: |
          echo "The run ID associated with this deployment is ${{  env.RUNID  }}";
          kubectl get events -n ${{  secrets.TEKTON_NAMESPACE  }} | grep "${{  env.RUNID  }}";
          echo "===================================================================================="
          echo "Running repo cloning..."
          kubectl wait --for=condition=Succeeded TaskRun ${{  env.RUNID  }}-${{  vars.PIPELINE_STEP1  }} --timeout=300s -n ${{  secrets.TEKTON_NAMESPACE  }}
          kubectl logs pod/${{  env.RUNID  }}-${{  vars.PIPELINE_STEP1  }}-pod -n ${{  secrets.TEKTON_NAMESPACE  }} 
          echo "===================================================================================="
          echo "Running image build..."
          kubectl wait --for=condition=Succeeded TaskRun ${{  env.RUNID  }}-${{  vars.PIPELINE_STEP2  }} --timeout=300s -n ${{  secrets.TEKTON_NAMESPACE  }}
          kubectl logs pod/${{  env.RUNID  }}-${{  vars.PIPELINE_STEP2  }}-pod -n ${{  secrets.TEKTON_NAMESPACE  }}
          sleep 1;
          echo "===================================================================================="
          kubectl get events -n ${{  secrets.TEKTON_NAMESPACE  }} | grep "${{  env.RUNID  }}";
          echo "Running URL adjustments for fv-web..."
          kubectl wait --for=condition=Succeeded TaskRun ${{  env.RUNID  }}-${{  vars.PIPELINE_STEP3  }} --timeout=300s -n ${{  secrets.TEKTON_NAMESPACE  }}
          kubectl logs pod/${{  env.RUNID  }}-${{  vars.PIPELINE_STEP3  }}-pod -n ${{  secrets.TEKTON_NAMESPACE  }}
          sleep 1;
          echo "===================================================================================="
          echo "Running Helm-upgrade..."
          kubectl wait --for=condition=Succeeded TaskRun ${{  env.RUNID  }}-${{  vars.PIPELINE_STEP4  }} --timeout=300s -n ${{  secrets.TEKTON_NAMESPACE  }}
          kubectl logs pod/${{  env.RUNID  }}-${{  vars.PIPELINE_STEP4  }}-pod -n ${{  secrets.TEKTON_NAMESPACE  }} 
          sleep 1;
          echo "===================================================================================="
          kubectl get events -n ${{  secrets.TEKTON_NAMESPACE  }} | grep "${{  env.RUNID  }}";
          echo "Wrapping up pipeline monitoring";

  image_scan:
    name: Check Image for vulnerabilities in Dev
    environment: dev
    runs-on: ubuntu-22.04
    needs: deploy_with_tekton
    if: ((github.ref == 'refs/heads/dev') && (github.event_name != 'pull_request'))
    steps:
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.FPCC_AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.FPCC_AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{  secrets.FPCC_DEFAULT_AWS_REGION  }}
      - name: "Run image scan"
        run: |
          aws ecr start-image-scan --repository-name ${{ secrets.ECR_REPO_NAME }} --image-id imageTag=build-${{ github.head_ref }}${{ github.sha }}
          aws ecr wait image-scan-complete --repository-name ${{ secrets.ECR_REPO_NAME }} --image-id imageTag=build-${{ github.head_ref }}${{ github.sha }}
          echo "List of findings are below"
          aws ecr describe-image-scan-findings --image-id imageTag=build-${{ github.head_ref }}${{ github.sha }} --repository-name ${{ secrets.ECR_REPO_NAME }} | jq .imageScanFindings.findings
          aws ecr describe-image-scan-findings --image-id imageTag=build-${{ github.head_ref }}${{ github.sha }} --repository-name ${{ secrets.ECR_REPO_NAME }} | if [[ $(grep  '\"severity\": \"CRITICAL\"') ]]; then echo "CRTICAL Vulnerabilities present in this deployment"; exit 1; fi
          aws ecr describe-image-scan-findings --image-id imageTag=build-${{ github.head_ref }}${{ github.sha }} --repository-name ${{ secrets.ECR_REPO_NAME }} | if [[ $(grep  '\"severity\": \"HIGH\"') ]]; then echo "HIGH Vulnerabilities present in this deployment"; exit 1; fi