From c30e76c0cadba2fb2916322ab0a0478dac818240 Mon Sep 17 00:00:00 2001 From: marcellmueller Date: Fri, 7 Jun 2024 08:47:56 -0700 Subject: [PATCH] refactor: separate test.yaml jobs --- .github/workflows/build.yaml | 267 +++++++++++++++ .github/workflows/test-containers.yaml | 212 ++++++++++++ .github/workflows/test.yaml | 443 +------------------------ 3 files changed, 480 insertions(+), 442 deletions(-) create mode 100644 .github/workflows/build.yaml create mode 100644 .github/workflows/test-containers.yaml diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 0000000000..2e197eb6e2 --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,267 @@ +name: Build BCIERS containers + +on: + push: + branches: [develop, main] + pull_request: + branches: [develop, main] + workflow_dispatch: + +# Cancel current job when pushing new commit into the PR +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + backend-docker-build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v3 + with: + install: true + - name: Docker meta + id: meta + uses: docker/metadata-action@v5 + with: + images: ghcr.io/bcgov/cas-reg-backend + tags: | + type=sha,format=long,prefix= + latest + type=ref,event=pr + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Cache Docker layers + uses: actions/cache@v4 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-bc_obps-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-bc_obps + - name: Build image + uses: docker/build-push-action@v5 + with: + context: bc_obps + builder: ${{ steps.buildx.outputs.name }} + push: true + file: bc_obps/Dockerfile + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + + # nx-docker-build-registration: + # runs-on: ubuntu-latest + # defaults: + # run: + # working-directory: ./bciers + # needs: backend-docker-build + # steps: + # - name: Checkout + # uses: actions/checkout@v4 + # with: + # fetch-depth: 0 + # - name: Setup Docker Buildx + # uses: docker/setup-buildx-action@v2 + # - name: Docker metadata + # id: meta + # uses: docker/metadata-action@v3 + # with: + # images: ghcr.io/bcgov/cas-reg-frontend + # tags: | + # type=sha,format=long,prefix= + # latest + # type=ref,event=pr + # - name: Login to GitHub Container Registry + # uses: docker/login-action@v2 + # with: + # registry: ghcr.io + # username: ${{ github.repository_owner }} + # password: ${{ secrets.GITHUB_TOKEN }} + # - name: Install dependencies + # run: | + # corepack enable + # yarn install --immutable + # cd ../bciers && yarn install --immutable + # - uses: actions/setup-node@v3 + # - name: Derive appropriate SHAs for base and head for `nx affected` commands + # uses: nrwl/nx-set-shas@v4 + # with: + # # This will need to be updated when giraffe-develop merges with develop + # main-branch-name: "develop" + # - name: Cache Docker layers + # uses: actions/cache@v3 + # with: + # path: /tmp/.buildx-cache + # key: ${{ runner.os }}-buildx-bciers-registration${{ github.sha }} + # restore-keys: | + # ${{ runner.os }}-buildx-bciers-registration + # - name: Build images + # env: + # INPUT_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # INPUT_PUSH: true + # INPUT_TAGS: ${{ steps.meta.outputs.tags }} + # INPUT_LABELS: ${{ steps.meta.output.labels }} + # INPUT_CACHE_FROM: type=local,src=/tmp/.buildx-cache + # INPUT_CACHE_TO: type=local,dest=/tmp/.buildx-cache-new + # run: | + # npx nx container registration --skip-nx-cache + # # Temp fix + # # https://github.com/docker/build-push-action/issues/252 + # # https://github.com/moby/buildkit/issues/1896 + # - name: Move cache + # run: | + # rm -rf /tmp/.buildx-cache + # mv /tmp/.buildx-cache-new /tmp/.buildx-cache + + nx-docker-build-registration1: + runs-on: ubuntu-latest + defaults: + run: + working-directory: ./bciers + needs: backend-docker-build + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Docker metadata + id: meta + uses: docker/metadata-action@v3 + with: + images: ghcr.io/bcgov/cas-reg1-frontend + tags: | + type=sha,format=long,prefix= + latest + type=ref,event=pr + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Install dependencies + run: | + corepack enable + yarn install --immutable + cd ../bciers && yarn install --immutable + - uses: actions/setup-node@v3 + - name: Derive appropriate SHAs for base and head for `nx affected` commands + uses: nrwl/nx-set-shas@v4 + with: + # This will need to be updated when giraffe-develop merges with develop + main-branch-name: "develop" + - name: Cache Docker layers + uses: actions/cache@v3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-bciers-registration1${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-bciers-registration1 + - name: Build images + env: + INPUT_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + INPUT_PUSH: true + INPUT_TAGS: ${{ steps.meta.outputs.tags }} + INPUT_LABELS: ${{ steps.meta.output.labels }} + INPUT_CACHE_FROM: type=local,src=/tmp/.buildx-cache + INPUT_CACHE_TO: type=local,dest=/tmp/.buildx-cache-new + run: | + npx nx container registration1 --skip-nx-cache + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + + nx-docker-build-reporting: + runs-on: ubuntu-latest + defaults: + run: + working-directory: ./bciers + needs: backend-docker-build + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Docker metadata + id: meta + uses: docker/metadata-action@v3 + with: + images: ghcr.io/bcgov/cas-rep-frontend + tags: | + type=sha,format=long,prefix= + latest + type=ref,event=pr + - name: Login to GitHub Container Registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Install dependencies + run: | + corepack enable + yarn install --immutable + cd ../bciers && yarn install --immutable + - uses: actions/setup-node@v3 + - name: Derive appropriate SHAs for base and head for `nx affected` commands + uses: nrwl/nx-set-shas@v4 + with: + # This will need to be updated when giraffe-develop merges with develop + main-branch-name: "develop" + - name: Cache Docker layers + uses: actions/cache@v3 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-bciers-reporting${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx-bciers-reporting + - name: Build images + env: + INPUT_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + INPUT_PUSH: true + INPUT_TAGS: ${{ steps.meta.outputs.tags }} + INPUT_LABELS: ${{ steps.meta.output.labels }} + INPUT_CACHE_FROM: type=local,src=/tmp/.buildx-cache + INPUT_CACHE_TO: type=local,dest=/tmp/.buildx-cache-new + run: | + npx nx container reporting --skip-nx-cache + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + + # Call the test containers workflow after all the containers have been built + test-containers: + needs: + [ + backend-docker-build, + nx-docker-build-registration1, + nx-docker-build-reporting, + ] + uses: ./.github/workflows/test-containers.yaml + secrets: inherit diff --git a/.github/workflows/test-containers.yaml b/.github/workflows/test-containers.yaml new file mode 100644 index 0000000000..714e602c8c --- /dev/null +++ b/.github/workflows/test-containers.yaml @@ -0,0 +1,212 @@ +name: Test BCIERS containers + +on: + workflow_call: + +env: + PGUSER: postgres + DJANGO_SECRET_KEY: ${{ secrets.DJANGO_SECRET_KEY }} + KEYCLOAK_CLIENT_ID: ${{ secrets.KEYCLOAK_CLIENT_ID }} + KEYCLOAK_CLIENT_SECRET: ${{ secrets.KEYCLOAK_CLIENT_SECRET }} + NEXTAUTH_SECRET: ${{ secrets.NEXTAUTH_SECRET }} + +# Cancel current job when pushing new commit into the PR +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +jobs: + install-dev-tools: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: dev env setup + uses: ./.github/actions/dev-env-setup + - run: yarn install --immutable + working-directory: ./bciers + + zap-owasp: + needs: [install-dev-tools] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: dev env setup + uses: ./.github/actions/dev-env-setup + - name: run app locally + uses: ./.github/actions/local-app-run + with: + django_secret_key: ${{ env.DJANGO_SECRET_KEY }} + - name: ZAP Frontend Scan + uses: zaproxy/action-baseline@v0.12.0 + with: + token: ${{ secrets.GITHUB_TOKEN }} + docker_name: "ghcr.io/zaproxy/zaproxy:stable" + target: "http://localhost:3000/" + rules_file_name: ".zap/rules-frontend.tsv" + cmd_options: "-a -d -T 5 -m 2" + issue_title: OWASP Baseline - Frontend + fail_action: false + - name: ZAP Backend Scan + uses: zaproxy/action-baseline@v0.12.0 + with: + token: ${{ secrets.GITHUB_TOKEN }} + docker_name: "ghcr.io/zaproxy/zaproxy:stable" + target: "http://0.0.0.0:8000/" + rules_file_name: ".zap/rules-backend.tsv" + cmd_options: "-a -d -T 5 -m 2" + issue_title: OWASP Baseline - Backend + fail_action: false + + e2e-tests: + name: ๐Ÿงช e2e tests ${{ matrix.project }} + needs: [install-dev-tools] + runs-on: ubuntu-latest + timeout-minutes: 60 + strategy: + fail-fast: false + matrix: + include: + - project: chromium + os: ubuntu-latest + cache_dir: ~/.cache/ms-playwright + - project: firefox + os: ubuntu-latest + cache_dir: ~/.cache/ms-playwright + # Commented out because of flakey issues with webkit in CI + # - project: webkit + # os: macos-latest + # cache_dir: ~/Library/Caches/ms-playwright + steps: + - uses: actions/checkout@v4 + + - name: ๐ŸŽ setup dev env + uses: ./.github/actions/dev-env-setup + + - name: ๐ŸŽ setup local app + uses: ./.github/actions/local-app-run + with: + django_secret_key: ${{ env.DJANGO_SECRET_KEY }} + keycloak_client_id: ${{ env.KEYCLOAK_CLIENT_ID }} + keycloak_client_secret: ${{ env.KEYCLOAK_CLIENT_SECRET }} + nextauth_secret: ${{ env.NEXTAUTH_SECRET }} + - name: โšก๏ธ cache Playwright binaries + uses: actions/cache@v4 + id: playwright-cache + with: + path: ${{ matrix.cache_dir }} + key: ${{ runner.os }}-${{ matrix.project }}-ms-playwright-registration + + - name: ๐Ÿ“ฅ install Playwright ${{ matrix.project }} + if: steps.playwright-cache.outputs.cache-hit != 'true' + run: npx playwright install --with-deps ${{ matrix.project }} + working-directory: ./bciers/apps/registration1 + + - name: ๐ŸŽญ Run Playwright Tests + run: | + npx happo-e2e -- npx playwright test --project=${{ matrix.project }} bciers/apps/registration1/e2e/* + env: + XDEBUG: pw:api,pw:browser* + API_URL: http://127.0.0.1:8000/api/ + DB_USER: postgres + DB_NAME: registration + DB_PORT: 5432 + DB_HOST: localhost + E2E_BASEURL: http://localhost:3000/ + E2E_CAS_USER: ${{ secrets.E2E_CAS_USER }} + E2E_CAS_USER_GUID: ${{ secrets.E2E_CAS_USER_GUID }} + E2E_CAS_USER_PASSWORD: ${{ secrets.E2E_CAS_USER_PASSWORD}} + E2E_CAS_ADMIN_STORAGE: ${{ secrets.E2E_CAS_ADMIN_STORAGE}} + E2E_CAS_ANALYST_STORAGE: ${{ secrets.E2E_CAS_ANALYST_STORAGE}} + E2E_CAS_PENDING_STORAGE: ${{ secrets.E2E_CAS_PENDING_STORAGE}} + E2E_INDUSTRY_USER_ADMIN: bc-cas-dev + E2E_INDUSTRY_USER_ADMIN_GUID: ${{ secrets.E2E_INDUSTRY_USER_ADMIN_GUID }} + E2E_INDUSTRY_USER_ADMIN_PASSWORD: ${{ secrets.E2E_INDUSTRY_USER_ADMIN_PASSWORD }} + E2E_INDUSTRY_USER_ADMIN_STORAGE: ${{ secrets.E2E_INDUSTRY_USER_ADMIN_STORAGE}} + E2E_INDUSTRY_USER: bc-cas-dev-secondary + E2E_INDUSTRY_USER_GUID: ${{ secrets.E2E_INDUSTRY_USER_GUID }} + E2E_INDUSTRY_USER_PASSWORD: ${{ secrets.E2E_INDUSTRY_USER_PASSWORD }} + E2E_INDUSTRY_USER_STORAGE: ${{ secrets.E2E_INDUSTRY_USER_STORAGE}} + E2E_NEW_USER: bc-cas-dev-three + E2E_NEW_USER_GUID: ${{ secrets.E2E_NEW_USER_GUID }} + E2E_NEW_USER_PASSWORD: ${{ secrets.E2E_NEW_USER_PASSWORD }} + E2E_NEW_USER_STORAGE: ${{ secrets.E2E_NEW_USER_STORAGE}} + HAPPO_API_KEY: ${{ secrets.HAPPO_API_KEY }} + HAPPO_API_SECRET: ${{ secrets.HAPPO_API_SECRET }} + HAPPO_NONCE: ${{ github.sha }} + SMTP_CONNECTION_STRING: smtp://@localhost:1025 + working-directory: ./bciers/apps/registration1 + - name: ๐Ÿ’พ save ${{ matrix.project }} report artifact + # prefer to upload the report only in case of test failure + if: failure() + uses: actions/upload-artifact@v4 + with: + # Store all of the reports separately by reconfiguring the report name + name: blob-report-${{ matrix.project }} + path: bciers/blob-report + retention-days: 1 + # Merge the e2e blob reports to one HTML report + e2e-report: + name: ๐Ÿ“Š e2e report artifact + runs-on: ubuntu-latest + needs: [e2e-tests] + if: ${{ always() && contains(needs.*.result, 'failure') }} + steps: + - name: Download blob reports from GitHub Actions Artifacts + uses: actions/download-artifact@v4 + with: + path: all-blob-reports + # To minimize the report file size only download Chromium reports + # If you want to debug other reports, add the * pattern back in temporarily + pattern: blob-report-chromium #blob-report-* + merge-multiple: true + + - name: Merge into HTML Report + run: npx playwright merge-reports --reporter html ./all-blob-reports + - name: Upload HTML report + uses: actions/upload-artifact@v4 + with: + name: playwright-report + path: playwright-report + retention-days: 14 + # Ensure the e2e tests and e2e report completed successfully + e2e: + if: ${{ always() }} + runs-on: ubuntu-latest + needs: [e2e-tests] + steps: + - run: exit 1 + if: >- + ${{ + contains(needs.*.result, 'failure') + || contains(needs.*.result, 'cancelled') + || contains(needs.*.result, 'skipped') + }} + + happo-finalize: + runs-on: ubuntu-latest + needs: [e2e-tests] + steps: + - uses: actions/checkout@v4 + - name: dev env setup + uses: ./.github/actions/dev-env-setup + - name: finalize happo e2e tests + env: + HAPPO_API_KEY: ${{ secrets.HAPPO_API_KEY }} + HAPPO_API_SECRET: ${{ secrets.HAPPO_API_SECRET }} + HAPPO_NONCE: ${{ github.sha }} + run: npx happo-e2e finalize + working-directory: ./bciers/apps/registration1 + + backend-tests: + needs: [install-dev-tools] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: dev env setup + uses: ./.github/actions/dev-env-setup + - name: run app locally + uses: ./.github/actions/local-app-run + with: + django_secret_key: ${{ env.DJANGO_SECRET_KEY }} + - name: Run pytest + working-directory: ./bc_obps + run: make pythontests diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 73dee50c52..bd8f34cce4 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -2,7 +2,7 @@ name: Test Registration App on: push: - branches: [develop, main, dylan/nx-3] + branches: [develop, main] pull_request: branches: [develop, main] workflow_dispatch: @@ -78,447 +78,6 @@ jobs: key: pre-commit-${{ env.PY }}-${{ hashFiles('.pre-commit-config.yaml') }}-v4 - run: pip install -r requirements.txt - uses: pre-commit/action@v3.0.1 - backend-docker-build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v3 - with: - install: true - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: ghcr.io/bcgov/cas-reg-backend - tags: | - type=sha,format=long,prefix= - latest - type=ref,event=pr - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Cache Docker layers - uses: actions/cache@v4 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-bc_obps-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-bc_obps - - name: Build image - uses: docker/build-push-action@v5 - with: - context: bc_obps - builder: ${{ steps.buildx.outputs.name }} - push: true - file: bc_obps/Dockerfile - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache-new - # Temp fix - # https://github.com/docker/build-push-action/issues/252 - # https://github.com/moby/buildkit/issues/1896 - - name: Move cache - run: | - rm -rf /tmp/.buildx-cache - mv /tmp/.buildx-cache-new /tmp/.buildx-cache - - nx-docker-build-registration: - runs-on: ubuntu-latest - defaults: - run: - working-directory: ./bciers - needs: backend-docker-build - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Setup Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Docker metadata - id: meta - uses: docker/metadata-action@v3 - with: - images: ghcr.io/bcgov/cas-reg-frontend - tags: | - type=sha,format=long,prefix= - latest - type=ref,event=pr - - name: Login to GitHub Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Install dependencies - run: | - corepack enable - yarn install --immutable - cd ../bciers && yarn install --immutable - - uses: actions/setup-node@v3 - - name: Derive appropriate SHAs for base and head for `nx affected` commands - uses: nrwl/nx-set-shas@v4 - with: - # This will need to be updated when giraffe-develop merges with develop - main-branch-name: "develop" - - name: Cache Docker layers - uses: actions/cache@v3 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-bciers-registration${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-bciers-registration - - name: Build images - env: - INPUT_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - INPUT_PUSH: true - INPUT_TAGS: ${{ steps.meta.outputs.tags }} - INPUT_LABELS: ${{ steps.meta.output.labels }} - INPUT_CACHE_FROM: type=local,src=/tmp/.buildx-cache - INPUT_CACHE_TO: type=local,dest=/tmp/.buildx-cache-new - run: | - npx nx container registration --skip-nx-cache - # Temp fix - # https://github.com/docker/build-push-action/issues/252 - # https://github.com/moby/buildkit/issues/1896 - - name: Move cache - run: | - rm -rf /tmp/.buildx-cache - mv /tmp/.buildx-cache-new /tmp/.buildx-cache - - nx-docker-build-registration1: - runs-on: ubuntu-latest - defaults: - run: - working-directory: ./bciers - needs: backend-docker-build - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Setup Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Docker metadata - id: meta - uses: docker/metadata-action@v3 - with: - images: ghcr.io/bcgov/cas-reg1-frontend - tags: | - type=sha,format=long,prefix= - latest - type=ref,event=pr - - name: Login to GitHub Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Install dependencies - run: | - corepack enable - yarn install --immutable - cd ../bciers && yarn install --immutable - - uses: actions/setup-node@v3 - - name: Derive appropriate SHAs for base and head for `nx affected` commands - uses: nrwl/nx-set-shas@v4 - with: - # This will need to be updated when giraffe-develop merges with develop - main-branch-name: "develop" - - name: Cache Docker layers - uses: actions/cache@v3 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-bciers-registration1${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-bciers-registration1 - - name: Build images - env: - INPUT_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - INPUT_PUSH: true - INPUT_TAGS: ${{ steps.meta.outputs.tags }} - INPUT_LABELS: ${{ steps.meta.output.labels }} - INPUT_CACHE_FROM: type=local,src=/tmp/.buildx-cache - INPUT_CACHE_TO: type=local,dest=/tmp/.buildx-cache-new - run: | - npx nx container registration1 --skip-nx-cache - # Temp fix - # https://github.com/docker/build-push-action/issues/252 - # https://github.com/moby/buildkit/issues/1896 - - name: Move cache - run: | - rm -rf /tmp/.buildx-cache - mv /tmp/.buildx-cache-new /tmp/.buildx-cache - - nx-docker-build-reporting: - runs-on: ubuntu-latest - defaults: - run: - working-directory: ./bciers - needs: backend-docker-build - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Setup Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Docker metadata - id: meta - uses: docker/metadata-action@v3 - with: - images: ghcr.io/bcgov/cas-rep-frontend - tags: | - type=sha,format=long,prefix= - latest - type=ref,event=pr - - name: Login to GitHub Container Registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Install dependencies - run: | - corepack enable - yarn install --immutable - cd ../bciers && yarn install --immutable - - uses: actions/setup-node@v3 - - name: Derive appropriate SHAs for base and head for `nx affected` commands - uses: nrwl/nx-set-shas@v4 - with: - # This will need to be updated when giraffe-develop merges with develop - main-branch-name: "develop" - - name: Cache Docker layers - uses: actions/cache@v3 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildx-bciers-reporting${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildx-bciers-reporting - - name: Build images - env: - INPUT_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - INPUT_PUSH: true - INPUT_TAGS: ${{ steps.meta.outputs.tags }} - INPUT_LABELS: ${{ steps.meta.output.labels }} - INPUT_CACHE_FROM: type=local,src=/tmp/.buildx-cache - INPUT_CACHE_TO: type=local,dest=/tmp/.buildx-cache-new - run: | - npx nx container reporting --skip-nx-cache - # Temp fix - # https://github.com/docker/build-push-action/issues/252 - # https://github.com/moby/buildkit/issues/1896 - - name: Move cache - run: | - rm -rf /tmp/.buildx-cache - mv /tmp/.buildx-cache-new /tmp/.buildx-cache - - zap-owasp: - needs: - [ - "backend-docker-build", - "nx-docker-build-registration", - "install-dev-tools", - ] - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: dev env setup - uses: ./.github/actions/dev-env-setup - - name: run app locally - uses: ./.github/actions/local-app-run - with: - django_secret_key: ${{ env.DJANGO_SECRET_KEY }} - - name: ZAP Frontend Scan - uses: zaproxy/action-baseline@v0.12.0 - with: - token: ${{ secrets.GITHUB_TOKEN }} - docker_name: "ghcr.io/zaproxy/zaproxy:stable" - target: "http://localhost:3000/" - rules_file_name: ".zap/rules-frontend.tsv" - cmd_options: "-a -d -T 5 -m 2" - issue_title: OWASP Baseline - Frontend - fail_action: false - - name: ZAP Backend Scan - uses: zaproxy/action-baseline@v0.12.0 - with: - token: ${{ secrets.GITHUB_TOKEN }} - docker_name: "ghcr.io/zaproxy/zaproxy:stable" - target: "http://0.0.0.0:8000/" - rules_file_name: ".zap/rules-backend.tsv" - cmd_options: "-a -d -T 5 -m 2" - issue_title: OWASP Baseline - Backend - fail_action: false - - e2e-tests: - name: ๐Ÿงช e2e tests ${{ matrix.project }} - needs: - - backend-docker-build - - nx-docker-build-registration - - install-dev-tools - runs-on: ubuntu-latest - timeout-minutes: 60 - strategy: - fail-fast: false - matrix: - include: - - project: chromium - os: ubuntu-latest - cache_dir: ~/.cache/ms-playwright - - project: firefox - os: ubuntu-latest - cache_dir: ~/.cache/ms-playwright - # Commented out because of flakey issues with webkit in CI - # - project: webkit - # os: macos-latest - # cache_dir: ~/Library/Caches/ms-playwright - steps: - - uses: actions/checkout@v4 - - - name: ๐ŸŽ setup dev env - uses: ./.github/actions/dev-env-setup - - - name: ๐ŸŽ setup local app - uses: ./.github/actions/local-app-run - with: - django_secret_key: ${{ env.DJANGO_SECRET_KEY }} - keycloak_client_id: ${{ env.KEYCLOAK_CLIENT_ID }} - keycloak_client_secret: ${{ env.KEYCLOAK_CLIENT_SECRET }} - nextauth_secret: ${{ env.NEXTAUTH_SECRET }} - - name: โšก๏ธ cache Playwright binaries - uses: actions/cache@v4 - id: playwright-cache - with: - path: ${{ matrix.cache_dir }} - key: ${{ runner.os }}-${{ matrix.project }}-ms-playwright-registration - - - name: ๐Ÿ“ฅ install Playwright ${{ matrix.project }} - if: steps.playwright-cache.outputs.cache-hit != 'true' - run: npx playwright install --with-deps ${{ matrix.project }} - working-directory: ./bciers/apps/registration1 - - - name: ๐ŸŽญ Run Playwright Tests - run: | - npx happo-e2e -- npx playwright test --project=${{ matrix.project }} bciers/apps/registration1/e2e/* - env: - XDEBUG: pw:api,pw:browser* - API_URL: http://127.0.0.1:8000/api/ - DB_USER: postgres - DB_NAME: registration - DB_PORT: 5432 - DB_HOST: localhost - E2E_BASEURL: http://localhost:3000/ - E2E_CAS_USER: ${{ secrets.E2E_CAS_USER }} - E2E_CAS_USER_GUID: ${{ secrets.E2E_CAS_USER_GUID }} - E2E_CAS_USER_PASSWORD: ${{ secrets.E2E_CAS_USER_PASSWORD}} - E2E_CAS_ADMIN_STORAGE: ${{ secrets.E2E_CAS_ADMIN_STORAGE}} - E2E_CAS_ANALYST_STORAGE: ${{ secrets.E2E_CAS_ANALYST_STORAGE}} - E2E_CAS_PENDING_STORAGE: ${{ secrets.E2E_CAS_PENDING_STORAGE}} - E2E_INDUSTRY_USER_ADMIN: bc-cas-dev - E2E_INDUSTRY_USER_ADMIN_GUID: ${{ secrets.E2E_INDUSTRY_USER_ADMIN_GUID }} - E2E_INDUSTRY_USER_ADMIN_PASSWORD: ${{ secrets.E2E_INDUSTRY_USER_ADMIN_PASSWORD }} - E2E_INDUSTRY_USER_ADMIN_STORAGE: ${{ secrets.E2E_INDUSTRY_USER_ADMIN_STORAGE}} - E2E_INDUSTRY_USER: bc-cas-dev-secondary - E2E_INDUSTRY_USER_GUID: ${{ secrets.E2E_INDUSTRY_USER_GUID }} - E2E_INDUSTRY_USER_PASSWORD: ${{ secrets.E2E_INDUSTRY_USER_PASSWORD }} - E2E_INDUSTRY_USER_STORAGE: ${{ secrets.E2E_INDUSTRY_USER_STORAGE}} - E2E_NEW_USER: bc-cas-dev-three - E2E_NEW_USER_GUID: ${{ secrets.E2E_NEW_USER_GUID }} - E2E_NEW_USER_PASSWORD: ${{ secrets.E2E_NEW_USER_PASSWORD }} - E2E_NEW_USER_STORAGE: ${{ secrets.E2E_NEW_USER_STORAGE}} - HAPPO_API_KEY: ${{ secrets.HAPPO_API_KEY }} - HAPPO_API_SECRET: ${{ secrets.HAPPO_API_SECRET }} - HAPPO_NONCE: ${{ github.sha }} - SMTP_CONNECTION_STRING: smtp://@localhost:1025 - working-directory: ./bciers/apps/registration1 - - name: ๐Ÿ’พ save ${{ matrix.project }} report artifact - # prefer to upload the report only in case of test failure - if: failure() - uses: actions/upload-artifact@v4 - with: - # Store all of the reports separately by reconfiguring the report name - name: blob-report-${{ matrix.project }} - path: bciers/blob-report - retention-days: 1 - # Merge the e2e blob reports to one HTML report - e2e-report: - name: ๐Ÿ“Š e2e report artifact - runs-on: ubuntu-latest - needs: [e2e-tests] - if: ${{ always() && contains(needs.*.result, 'failure') }} - steps: - - name: Download blob reports from GitHub Actions Artifacts - uses: actions/download-artifact@v4 - with: - path: all-blob-reports - # To minimize the report file size only download Chromium reports - # If you want to debug other reports, add the * pattern back in temporarily - pattern: blob-report-chromium #blob-report-* - merge-multiple: true - - - name: Merge into HTML Report - run: npx playwright merge-reports --reporter html ./all-blob-reports - - name: Upload HTML report - uses: actions/upload-artifact@v4 - with: - name: playwright-report - path: playwright-report - retention-days: 14 - # Ensure the e2e tests and e2e report completed successfully - e2e: - if: ${{ always() }} - runs-on: ubuntu-latest - needs: [e2e-tests] - steps: - - run: exit 1 - if: >- - ${{ - contains(needs.*.result, 'failure') - || contains(needs.*.result, 'cancelled') - || contains(needs.*.result, 'skipped') - }} - - happo-finalize: - runs-on: ubuntu-latest - needs: [e2e-tests] - steps: - - uses: actions/checkout@v4 - - name: dev env setup - uses: ./.github/actions/dev-env-setup - - name: finalize happo e2e tests - env: - HAPPO_API_KEY: ${{ secrets.HAPPO_API_KEY }} - HAPPO_API_SECRET: ${{ secrets.HAPPO_API_SECRET }} - HAPPO_NONCE: ${{ github.sha }} - run: npx happo-e2e finalize - working-directory: ./bciers/apps/registration1 - - backend-tests: - needs: - [ - "backend-docker-build", - "nx-docker-build-registration", - "install-dev-tools", - ] - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: dev env setup - uses: ./.github/actions/dev-env-setup - - name: run app locally - uses: ./.github/actions/local-app-run - with: - django_secret_key: ${{ env.DJANGO_SECRET_KEY }} - - name: Run pytest - working-directory: ./bc_obps - run: make pythontests check-migrations: needs: install-dev-tools runs-on: ubuntu-latest