Skip to content

Master 1.77

Master 1.77 #6120

Workflow file for this run

name: ci
on:
push:
pull_request:
types: [opened, reopened]
env:
PRODUCTION_BRANCH: refs/heads/release
STAGING_BRANCH: refs/heads/edge
EB_APP_PRODUCTION: gosg-production
EB_ENV_PRODUCTION: go-production
EB_ENV_EDU_PRODUCTION: edu-production
EB_ENV_HEALTH_PRODUCTION: health-production
EB_APP_STAGING: gosg-stag
EB_ENV_STAGING: go-staging
EB_ENV_EDU_STAGING: edu-staging
EB_ENV_HEALTH_STAGING: health-staging
ECR_URL: 116366738264.dkr.ecr.ap-southeast-1.amazonaws.com
ECR_REPO: gogovsg
SENTRY_URL: https://sentry.io/
SENTRY_ORG: gogovsg
SENTRY_PROJECT_PRODUCTION: gogovsg-prod
SENTRY_PROJECT_STAGING: gogovsg-staging
SENTRY_DNS_PRODUCTION: https://[email protected]/5193500
SENTRY_DNS_STAGING: https://[email protected]/5185989
jobs:
ci:
name: CI
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v2
- name: Use Node.js
uses: actions/setup-node@v1
with:
node-version: '16.x'
- name: Cache Node.js modules
uses: actions/cache@v2
with:
# npm cache files are stored in `~/.npm` on Linux/macOS
path: ~/.npm
key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.OS }}-node-
${{ runner.OS }}-
- run: npm ci --legacy-peer-deps
- run: npm run lint
- run: npx lockfile-lint --type npm --path package-lock.json --validate-https --allowed-hosts npm
- run: npm run build
env:
ASSET_VARIANT: gov
test:
name: Test
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v2
- name: Use Node.js
uses: actions/setup-node@v1
with:
node-version: '16.x'
- name: Cache Node.js modules
uses: actions/cache@v2
with:
# npm cache files are stored in `~/.npm` on Linux/macOS
path: ~/.npm
key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.OS }}-node-
${{ runner.OS }}-
- run: npm ci --legacy-peer-deps
- run: npm run test
- name: Coveralls
uses: coverallsapp/github-action@master
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
testcafe:
name: End To End Tests
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v2
- name: Use Node.js
uses: actions/setup-node@v1
with:
node-version: '16.x'
- name: Cache Node.js modules
uses: actions/cache@v2
with:
# npm cache files are stored in `~/.npm` on Linux/macOS
path: ~/.npm
key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.OS }}-node-
${{ runner.OS }}-
- run: npm ci --legacy-peer-deps
- run: echo CLOUDMERSIVE_KEY=${{secrets.CLOUDMERSIVE_KEY}} >> .env
- run: npm run test:e2e-headless
integration:
name: Integration Tests
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v2
- name: Use Node.js
uses: actions/setup-node@v1
with:
node-version: '16.x'
- name: Cache Node.js modules
uses: actions/cache@v2
with:
# npm cache files are stored in `~/.npm` on Linux/macOS
path: ~/.npm
key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.OS }}-node-
${{ runner.OS }}-
- run: npm ci --legacy-peer-deps
- run: npm run dev &
- run: sleep 270
- run: npm run test:integration
gatekeep:
name: Determine if Build & Deploy is needed
outputs:
proceed: ${{ steps.determine_proceed.outputs.proceed }}
runs-on: ubuntu-22.04
if: github.event_name == 'push'
steps:
- shell: python
id: determine_proceed
run: |
import os
ref = os.environ['GITHUB_REF']
prod = os.environ['PRODUCTION_BRANCH']
stage = os.environ['STAGING_BRANCH']
if ref == prod or ref == stage:
print('::set-output name=proceed::true')
else:
print('::set-output name=proceed::false')
sentry:
name: Upload sourcemap to Sentry
runs-on: ubuntu-22.04
needs: [gatekeep]
if: needs.gatekeep.outputs.proceed == 'true'
steps:
- uses: actions/checkout@v2
- name: Use Node.js
uses: actions/setup-node@v1
with:
node-version: '16.x'
- name: Cache Node.js modules
uses: actions/cache@v2
with:
# npm cache files are stored in `~/.npm` on Linux/macOS
path: ~/.npm
key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.OS }}-node-
${{ runner.OS }}-
- run: npm ci --legacy-peer-deps
- name: Select Sentry variables
shell: python
run: |
import os
branch = os.environ['GITHUB_REF']
staging = os.environ['STAGING_BRANCH']
production = os.environ['PRODUCTION_BRANCH']
sentry_project_staging = os.environ['SENTRY_PROJECT_STAGING']
sentry_dns_staging = os.environ['SENTRY_DNS_STAGING']
sentry_project_production = os.environ['SENTRY_PROJECT_PRODUCTION']
sentry_dns_production = os.environ['SENTRY_DNS_PRODUCTION']
github_env = os.environ['GITHUB_ENV']
file = open(github_env, 'a')
if branch == staging:
file.write('SENTRY_PROJECT={}\n'.format(sentry_project_staging))
file.write('SENTRY_DNS={}\n'.format(sentry_dns_staging))
elif branch == production:
file.write('SENTRY_PROJECT={}\n'.format(sentry_project_production))
file.write('SENTRY_DNS={}\n'.format(sentry_dns_production))
file.close()
- name: Upload to Sentry
run: npm run build
env:
ASSET_VARIANT: gov
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
build-gogov:
name: Build and push for gogov
runs-on: ubuntu-22.04
needs: [gatekeep]
if: needs.gatekeep.outputs.proceed == 'true'
outputs:
branch: ${{ steps.extract_branch.outputs.branch }}
tag: ${{steps.extract_tag.outputs.tag}}
steps:
- uses: actions/checkout@v2
- name: Extract branch name
shell: bash
run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
id: extract_branch
- name: Extract ECR tag
shell: bash
run: echo "##[set-output name=tag;]$(echo ghactions-${BRANCH}-${SHA})"
id: extract_tag
env:
BRANCH: ${{ steps.extract_branch.outputs.branch }}
SHA: ${{ github.sha }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-southeast-1
- name: Login to Amazon ECR
id: login_ecr
uses: aws-actions/amazon-ecr-login@v1
- run: |
if [[ $GITHUB_REF == $STAGING_BRANCH ]]; then
echo SERVERLESS_STAGE=staging >> $GITHUB_ENV;
elif [[ $GITHUB_REF == $PRODUCTION_BRANCH ]]; then
echo SERVERLESS_STAGE=production >> $GITHUB_ENV;
fi
- name: Build, tag, and push image to Amazon ECR
env:
REPO: ${{ env.ECR_URL }}/${{ env.ECR_REPO }}
TAG: ${{ steps.extract_tag.outputs.tag }}
run: |
docker build --tag my-image --build-arg __ASSET_VARIANT=gov --build-arg __DD_SERVICE=go-gov --build-arg __DD_ENV=${SERVERLESS_STAGE} .
docker tag my-image ${REPO}:${TAG}
docker push ${REPO}:${TAG}
deploy-gogov:
name: Deploy to Elastic Beanstalk and AWS Lambda for gogov
runs-on: ubuntu-22.04
needs: [ci, test, integration, gatekeep, build-gogov]
if: needs.gatekeep.outputs.proceed == 'true'
steps:
- uses: actions/checkout@v2
- name: Use Node.js 16.x
uses: actions/setup-node@v1
with:
node-version: '16.x'
- run: |
echo SERVERLESS_SERVICE=gogovsg >> $GITHUB_ENV;
if [[ $GITHUB_REF == $STAGING_BRANCH ]]; then
echo BRANCH_ENV=staging >> $GITHUB_ENV;
elif [[ $GITHUB_REF == $PRODUCTION_BRANCH ]]; then
echo BRANCH_ENV=production >> $GITHUB_ENV;
fi
- name: Package Dockerrun.aws.json
run: |
sed -i -e "s|@REPO|$REPO|g" Dockerrun.aws.json
sed -i -e "s|@TAG|$TAG|g" Dockerrun.aws.json
sed -i -e "s|@DD_API_KEY|$DD_API_KEY|g" -e "s|@DD_SERVICE|$DD_SERVICE|g" -e "s|@DD_ENV|$DD_ENV|g" .ebextensions/99datadog.config
zip -r "deploy.zip" .ebextensions Dockerrun.aws.json
env:
REPO: ${{env.ECR_URL}}/${{env.ECR_REPO}}
TAG: ${{ needs.build-gogov.outputs.tag }}
DD_API_KEY: ${{ secrets.DD_API_KEY }}
DD_ENV: ${{ env.BRANCH_ENV }}
DD_SERVICE: go-gov
- name: Get timestamp
shell: bash
run: echo "##[set-output name=timestamp;]$(env TZ=Asia/Singapore date '+%Y%m%d%H%M%S')"
id: get_timestamp
- name: Get Elastic Beanstalk label
shell: bash
run: echo "##[set-output name=label;]$(echo ${TAG}-${TIMESTAMP})"
id: get_label
env:
TAG: ${{ needs.build-gogov.outputs.tag }}
TIMESTAMP: ${{ steps.get_timestamp.outputs.timestamp }}
- name: Select Elastic Beanstalk variables
shell: python
run: |
import os
branch = os.environ['GITHUB_REF']
staging = os.environ['STAGING_BRANCH']
production = os.environ['PRODUCTION_BRANCH']
eb_app_staging = os.environ['EB_APP_STAGING']
eb_env_staging = os.environ['EB_ENV_STAGING']
eb_app_production = os.environ['EB_APP_PRODUCTION']
eb_env_production = os.environ['EB_ENV_PRODUCTION']
if branch == staging:
print('::set-output name=eb_app::' + eb_app_staging)
print('::set-output name=eb_env::' + eb_env_staging)
elif branch == production:
print('::set-output name=eb_app::' + eb_app_production)
print('::set-output name=eb_env::' + eb_env_production)
id: select_eb_vars
- name: Deploy to EB
uses: opengovsg/beanstalk-deploy@v11
with:
aws_access_key: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
application_name: ${{ steps.select_eb_vars.outputs.eb_app }}
environment_name: ${{ steps.select_eb_vars.outputs.eb_env }}
version_label: ${{ steps.get_label.outputs.label }}
region: ap-southeast-1
deployment_package: deploy.zip
wait_for_deployment: false
wait_for_environment_recovery: false
- name: serverless deploy
uses: opengovsg/[email protected]
with:
args: -c "serverless plugin install --name serverless-plugin-include-dependencies && serverless deploy --stage=$BRANCH_ENV --conceal --verbose"
entrypoint: /bin/bash
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
SERVERLESS_SERVICE: ${{ env.SERVERLESS_SERVICE }}
build-edu:
name: Build and push for edu
runs-on: ubuntu-22.04
needs: [gatekeep]
if: needs.gatekeep.outputs.proceed == 'true'
outputs:
branch: ${{ steps.extract_branch.outputs.branch }}
tag: ${{steps.extract_tag.outputs.tag}}
steps:
- uses: actions/checkout@v2
- name: Extract branch name
shell: bash
run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
id: extract_branch
- name: Extract ECR tag
shell: bash
run: echo "##[set-output name=tag;]$(echo ghactions-${BRANCH}-${SHA}-edu)"
id: extract_tag
env:
BRANCH: ${{ steps.extract_branch.outputs.branch }}
SHA: ${{ github.sha }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-southeast-1
- name: Login to Amazon ECR
id: login_ecr
uses: aws-actions/amazon-ecr-login@v1
- run: |
if [[ $GITHUB_REF == $STAGING_BRANCH ]]; then
echo SERVERLESS_STAGE=staging >> $GITHUB_ENV;
elif [[ $GITHUB_REF == $PRODUCTION_BRANCH ]]; then
echo SERVERLESS_STAGE=production >> $GITHUB_ENV;
fi
- name: Build, tag, and push image to Amazon ECR
env:
REPO: ${{ env.ECR_URL }}/${{ env.ECR_REPO }}
TAG: ${{ steps.extract_tag.outputs.tag }}
run: |
docker build --tag my-image --build-arg __ASSET_VARIANT=edu --build-arg __DD_SERVICE=go-edu --build-arg __DD_ENV=${SERVERLESS_STAGE} .
docker tag my-image ${REPO}:${TAG}
docker push ${REPO}:${TAG}
deploy-edu:
name: Deploy to Elastic Beanstalk and AWS Lambda for edu
runs-on: ubuntu-22.04
needs: [ci, test, integration, gatekeep, build-edu]
if: needs.gatekeep.outputs.proceed == 'true'
steps:
- uses: actions/checkout@v2
- name: Use Node.js 16.x
uses: actions/setup-node@v1
with:
node-version: '16.x'
- run: |
echo SERVERLESS_SERVICE=edu >> $GITHUB_ENV;
if [[ $GITHUB_REF == $STAGING_BRANCH ]]; then
echo BRANCH_ENV=staging >> $GITHUB_ENV;
elif [[ $GITHUB_REF == $PRODUCTION_BRANCH ]]; then
echo BRANCH_ENV=production >> $GITHUB_ENV;
fi
- name: Package Dockerrun.aws.json
run: |
sed -i -e "s|@REPO|$REPO|g" Dockerrun.aws.json
sed -i -e "s|@TAG|$TAG|g" Dockerrun.aws.json
sed -i -e "s|@DD_API_KEY|$DD_API_KEY|g" -e "s|@DD_SERVICE|$DD_SERVICE|g" -e "s|@DD_ENV|$DD_ENV|g" .ebextensions/99datadog.config
zip -r "deploy.zip" .ebextensions Dockerrun.aws.json
env:
REPO: ${{env.ECR_URL}}/${{env.ECR_REPO}}
TAG: ${{ needs.build-edu.outputs.tag }}
DD_API_KEY: ${{ secrets.DD_API_KEY }}
DD_ENV: ${{ env.BRANCH_ENV }}
DD_SERVICE: go-edu
- name: Get timestamp
shell: bash
run: echo "##[set-output name=timestamp;]$(env TZ=Asia/Singapore date '+%Y%m%d%H%M%S')"
id: get_timestamp
- name: Get Elastic Beanstalk label
shell: bash
run: echo "##[set-output name=label;]$(echo ${TAG}-${TIMESTAMP})"
id: get_label
env:
TAG: ${{ needs.build-edu.outputs.tag }}
TIMESTAMP: ${{ steps.get_timestamp.outputs.timestamp }}
- name: Select Elastic Beanstalk variables
shell: python
run: |
import os
branch = os.environ['GITHUB_REF']
staging = os.environ['STAGING_BRANCH']
production = os.environ['PRODUCTION_BRANCH']
eb_app_staging = os.environ['EB_APP_STAGING']
eb_env_edu_staging = os.environ['EB_ENV_EDU_STAGING']
eb_app_production = os.environ['EB_APP_PRODUCTION']
eb_env_edu_production = os.environ['EB_ENV_EDU_PRODUCTION']
if branch == staging:
print('::set-output name=eb_app::' + eb_app_staging)
print('::set-output name=eb_env_edu::' + eb_env_edu_staging)
elif branch == production:
print('::set-output name=eb_app::' + eb_app_production)
print('::set-output name=eb_env_edu::' + eb_env_edu_production)
id: select_eb_vars
- name: Deploy to EB edu
uses: opengovsg/beanstalk-deploy@v11
if: steps.select_eb_vars.outputs.eb_env_edu
with:
aws_access_key: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
application_name: ${{ steps.select_eb_vars.outputs.eb_app }}
environment_name: ${{ steps.select_eb_vars.outputs.eb_env_edu }}
version_label: ${{ steps.get_label.outputs.label }}
region: ap-southeast-1
deployment_package: deploy.zip
use_existing_version_if_available: true
wait_for_deployment: false
wait_for_environment_recovery: false
- name: serverless deploy
uses: opengovsg/[email protected]
with:
args: -c "serverless plugin install --name serverless-plugin-include-dependencies && serverless deploy --stage=$BRANCH_ENV --conceal --verbose"
entrypoint: /bin/bash
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
SERVERLESS_SERVICE: ${{ env.SERVERLESS_SERVICE }}
build-health:
name: Build and push for health
runs-on: ubuntu-22.04
needs: [gatekeep]
if: needs.gatekeep.outputs.proceed == 'true'
outputs:
branch: ${{ steps.extract_branch.outputs.branch }}
tag: ${{steps.extract_tag.outputs.tag}}
steps:
- uses: actions/checkout@v2
- name: Extract branch name
shell: bash
run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
id: extract_branch
- name: Extract ECR tag
shell: bash
run: echo "##[set-output name=tag;]$(echo ghactions-${BRANCH}-${SHA}-health)"
id: extract_tag
env:
BRANCH: ${{ steps.extract_branch.outputs.branch }}
SHA: ${{ github.sha }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-southeast-1
- name: Login to Amazon ECR
id: login_ecr
uses: aws-actions/amazon-ecr-login@v1
- run: |
if [[ $GITHUB_REF == $STAGING_BRANCH ]]; then
echo SERVERLESS_STAGE=staging >> $GITHUB_ENV;
elif [[ $GITHUB_REF == $PRODUCTION_BRANCH ]]; then
echo SERVERLESS_STAGE=production >> $GITHUB_ENV;
fi
- name: Build, tag, and push image to Amazon ECR
env:
REPO: ${{ env.ECR_URL }}/${{ env.ECR_REPO }}
TAG: ${{ steps.extract_tag.outputs.tag }}
run: |
docker build --tag my-image --build-arg __ASSET_VARIANT=health --build-arg __DD_SERVICE=go-health --build-arg __DD_ENV=${SERVERLESS_STAGE} .
docker tag my-image ${REPO}:${TAG}
docker push ${REPO}:${TAG}
deploy-health:
name: Deploy to Elastic Beanstalk and AWS Lambda for health
runs-on: ubuntu-22.04
needs: [ci, test, integration, gatekeep, build-health]
if: needs.gatekeep.outputs.proceed == 'true'
steps:
- uses: actions/checkout@v2
- name: Use Node.js 16.x
uses: actions/setup-node@v1
with:
node-version: '16.x'
- run: |
echo SERVERLESS_SERVICE=health >> $GITHUB_ENV;
if [[ $GITHUB_REF == $STAGING_BRANCH ]]; then
echo BRANCH_ENV=staging >> $GITHUB_ENV;
elif [[ $GITHUB_REF == $PRODUCTION_BRANCH ]]; then
echo BRANCH_ENV=production >> $GITHUB_ENV;
fi
- name: Package Dockerrun.aws.json
run: |
sed -i -e "s|@REPO|$REPO|g" Dockerrun.aws.json
sed -i -e "s|@TAG|$TAG|g" Dockerrun.aws.json
sed -i -e "s|@DD_API_KEY|$DD_API_KEY|g" -e "s|@DD_SERVICE|$DD_SERVICE|g" -e "s|@DD_ENV|$DD_ENV|g" .ebextensions/99datadog.config
zip -r "deploy.zip" .ebextensions Dockerrun.aws.json
env:
REPO: ${{env.ECR_URL}}/${{env.ECR_REPO}}
TAG: ${{ needs.build-health.outputs.tag }}
DD_API_KEY: ${{ secrets.DD_API_KEY }}
DD_ENV: ${{ env.BRANCH_ENV }}
DD_SERVICE: go-health
- name: Get timestamp
shell: bash
run: echo "##[set-output name=timestamp;]$(env TZ=Asia/Singapore date '+%Y%m%d%H%M%S')"
id: get_timestamp
- name: Get Elastic Beanstalk label
shell: bash
run: echo "##[set-output name=label;]$(echo ${TAG}-${TIMESTAMP})"
id: get_label
env:
TAG: ${{ needs.build-health.outputs.tag }}
TIMESTAMP: ${{ steps.get_timestamp.outputs.timestamp }}
- name: Select Elastic Beanstalk variables
shell: python
run: |
import os
branch = os.environ['GITHUB_REF']
staging = os.environ['STAGING_BRANCH']
production = os.environ['PRODUCTION_BRANCH']
eb_app_staging = os.environ['EB_APP_STAGING']
eb_env_health_staging = os.environ['EB_ENV_HEALTH_STAGING']
eb_app_production = os.environ['EB_APP_PRODUCTION']
eb_env_health_production = os.environ['EB_ENV_HEALTH_PRODUCTION']
if branch == staging:
print('::set-output name=eb_app::' + eb_app_staging)
print('::set-output name=eb_env_health::' + eb_env_health_staging)
elif branch == production:
print('::set-output name=eb_app::' + eb_app_production)
print('::set-output name=eb_env_health::' + eb_env_health_production)
id: select_eb_vars
- name: Deploy to EB health
uses: opengovsg/beanstalk-deploy@v11
if: steps.select_eb_vars.outputs.eb_env_health
with:
aws_access_key: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
application_name: ${{ steps.select_eb_vars.outputs.eb_app }}
environment_name: ${{ steps.select_eb_vars.outputs.eb_env_health }}
version_label: ${{ steps.get_label.outputs.label }}
region: ap-southeast-1
deployment_package: deploy.zip
use_existing_version_if_available: true
wait_for_deployment: false
wait_for_environment_recovery: false
- name: serverless deploy
uses: opengovsg/[email protected]
with:
args: -c "serverless plugin install --name serverless-plugin-include-dependencies && serverless deploy --stage=$BRANCH_ENV --conceal --verbose"
entrypoint: /bin/bash
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
SERVERLESS_SERVICE: ${{ env.SERVERLESS_SERVICE }}