Mobile debts model #71819

Workflow file for this run

.github/workflows/code_checks.yml at 3a960d4

	name: Code Checks
	on:
	push:
	branches: [master]
	pull_request:
	types: [opened, reopened, synchronize]
	permissions:
	contents: read
	checks: write
	jobs:
	linting_and_security:
	name: Linting and Security
	env:
	BUNDLE_ENTERPRISE__CONTRIBSYS__COM: ${{ secrets.BUNDLE_ENTERPRISE__CONTRIBSYS__COM }}
	permissions: write-all
	runs-on: ubuntu-16-cores-latest
	steps:
	- uses: actions/checkout@v4

	- uses: ruby/setup-ruby@1d0e911f615a112e322369596f10ee0b95b010ae # v1.183.0
	with:
	bundler-cache: true

	- name: Remove Review label
	if: github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'ready-for-backend-review')
	uses: actions-ecosystem/action-remove-labels@v1
	with:
	number: ${{ github.event.pull_request.number }}
	labels: \|
	ready-for-backend-review

	- name: Run bundle-audit (checks gems for CVE issues)
	run: bundle exec bundle-audit check --update --ignore CVE-2024-27456

	- name: Run Rubocop
	run: bundle exec rubocop --parallel --format github

	- name: Run Brakeman
	run: bundle exec brakeman --ensure-latest --confidence-level=2 --format github

	- name: Add Lint Failure label
	if: failure() && github.event_name == 'pull_request' && !contains(github.event.pull_request.labels.*.name, 'lint-failure')
	uses: actions-ecosystem/action-add-labels@v1
	with:
	number: ${{ github.event.pull_request.number }}
	labels: \|
	lint-failure

	- name: Remove Lint Failure label
	if: success() && github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'lint-failure')
	uses: actions-ecosystem/action-remove-labels@v1
	with:
	number: ${{ github.event.pull_request.number }}
	labels: \|
	lint-failure
	tests:
	name: Test
	env:
	BUNDLE_ENTERPRISE__CONTRIBSYS__COM: ${{ secrets.BUNDLE_ENTERPRISE__CONTRIBSYS__COM }}
	CI: true
	RAILS_ENV: test
	TERM: xterm-256color
	DOCKER_BUILDKIT: 1
	COMPOSE_DOCKER_CLI_BUILD: 1
	permissions: write-all
	runs-on: ubuntu-16-cores-latest
	steps:
	- uses: actions/checkout@v4

	- uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKERHUB_USER }}
	password: ${{ secrets.DOCKERHUB_PASSWORD }}

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v4.0.2
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	aws-region: us-gov-west-1

	- name: Login to Amazon ECR
	id: ecr-login
	uses: aws-actions/amazon-ecr-login@v2.0.1
	with:
	mask-password: true

	- name: Setup Environment
	run: \|
	echo "VETS_API_USER_ID=$(id -u)" >> $GITHUB_ENV

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v3

	- name: Remove Review label
	if: github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'ready-for-backend-review')
	uses: actions-ecosystem/action-remove-labels@v1
	with:
	number: ${{ github.event.pull_request.number }}
	labels: \|
	ready-for-backend-review

	- name: Remove Test Passing label
	if: github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'test-passing')
	uses: actions-ecosystem/action-remove-labels@v1
	with:
	number: ${{ github.event.pull_request.number }}
	labels: \|
	test-passing

	- name: Build Docker Image
	uses: docker/build-push-action@v6
	env:
	DOCKER_BUILD_SUMMARY: false
	with:
	build-args: \|
	BUNDLE_ENTERPRISE__CONTRIBSYS__COM=${{ env.BUNDLE_ENTERPRISE__CONTRIBSYS__COM }}
	USER_ID=${{ env.VETS_API_USER_ID }}
	context: .
	push: false
	load: true
	tags: vets-api
	cache-from: type=gha
	cache-to: type=gha,mode=max

	- name: Setup Database
	uses: nick-fields/retry@7152eba30c6575329ac0576536151aca5a72780e # v3.0.0
	with:
	timeout_minutes: 20
	retry_wait_seconds: 3 # Seconds
	max_attempts: 3
	command: \|
	docker compose -f docker-compose.test.yml run web bash \
	-c "CI=true RAILS_ENV=test DISABLE_BOOTSNAP=true bundle exec parallel_test -n 13 -e 'bin/rails db:reset'"

	- name: Run Specs
	timeout-minutes: 20
	run: \|
	docker compose -f docker-compose.test.yml run web bash \
	-c "CI=true DISABLE_BOOTSNAP=true bundle exec parallel_rspec spec/ modules/ -n 13 -o '--color --tty'"

	- name: Upload Coverage Report
	uses: actions/upload-artifact@v4
	if: always()
	with:
	name: Coverage Report
	path: coverage
	include-hidden-files: true

	- name: Upload Test Results
	uses: actions/upload-artifact@v4
	if: always()
	with:
	name: Test Results
	path: log/*.xml
	if-no-files-found: ignore

	- name: Add Test Failure label
	if: failure() && github.event_name == 'pull_request'
	uses: actions-ecosystem/action-add-labels@v1
	with:
	number: ${{ github.event.pull_request.number }}
	labels: \|
	test-failure

	- name: Remove Test Failure label
	if: success() && github.event_name == 'pull_request'
	uses: actions-ecosystem/action-remove-labels@v1
	with:
	number: ${{ github.event.pull_request.number }}
	labels: \|
	test-failure

	- name: Add Test Passing label
	if: success() && github.event_name == 'pull_request'
	uses: actions-ecosystem/action-add-labels@v1
	with:
	number: ${{ github.event.pull_request.number }}
	labels: \|
	test-passing

	- name: Add omit-backend-approval label
	if: \|
	github.event_name == 'pull_request' && github.event.pull_request.draft == false &&
	(
	contains(toJSON(github.event.pull_request.requested_teams.*.name), 'mobile') \|\|
	contains(toJSON(github.event.pull_request.requested_teams.*.name), 'lighthouse') \|\|
	contains(toJSON(github.event.pull_request.requested_teams.*.name), 'identity')
	)
	uses: actions-ecosystem/action-add-labels@v1
	with:
	number: ${{ github.event.pull_request.number }}
	labels: \|
	omit-backend-approval

	- name: Add require-backend-approval label
	uses: actions-ecosystem/action-add-labels@v1
	if: \|
	github.event_name == 'pull_request' && github.event.pull_request.draft == false &&
	!contains(toJSON(github.event.pull_request.requested_teams.*.name), 'mobile') &&
	!contains(toJSON(github.event.pull_request.requested_teams.*.name), 'lighthouse') &&
	!contains(toJSON(github.event.pull_request.requested_teams.*.name), 'identity')
	with:
	number: ${{ github.event.pull_request.number }}
	labels: \|
	require-backend-approval

	- name: Add Review label
	uses: actions-ecosystem/action-add-labels@v1
	if: \|
	github.event_name == 'pull_request' && success() && github.event.pull_request.draft == false &&
	!contains(github.event.pull_request.labels.*.name, 'code-health-failure') &&
	!contains(github.event.pull_request.labels.*.name, 'codeowners-addition-failure') &&
	!contains(github.event.pull_request.labels.*.name, 'codeowners-delete-failure') &&
	!contains(github.event.pull_request.labels.*.name, 'lint-failure') &&
	!contains(github.event.pull_request.labels.*.name, 'test-failure')
	with:
	number: ${{ github.event.pull_request.number }}
	labels: \|
	ready-for-backend-review

	publish_results:
	name: Publish Test Results and Coverage
	if: always()
	needs: [tests]
	permissions: write-all
	runs-on: ubuntu-16-cores-latest

	steps:
	- uses: actions/download-artifact@v4

	- name: Publish Test Results to GitHub
	uses: EnricoMi/publish-unit-test-result-action@v2
	if: always()
	with:
	check_name: Test Results
	comment_mode: off
	files: Test Results/*.xml
	github_token: ${{ secrets.GITHUB_TOKEN }}

	- name: Fix up coverage report to work with coverage-check-action
	run: sed -i 's/"line"/"covered_percent"/g' 'Coverage Report/.last_run.json'

	- name: Publish Coverage Report
	uses: devmasx/coverage-check-action@v1.2.0
	if: hashFiles('Coverage Report/.last_run.json') != ''
	with:
	type: simplecov
	result_path: Coverage Report/.last_run.json
	min_coverage: 90
	token: ${{ secrets.GITHUB_TOKEN }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Mobile debts model #71819

Workflow file

Mobile debts model #71819

Jobs

Run details

Workflow file for this run