Skip to content

Allow to run CI from fork #1881

Allow to run CI from fork

Allow to run CI from fork #1881

Workflow file for this run

name: CI
on:
push:
branches:
- develop
- staging
- master
- ephemeral-*
pull_request:
branches:
- develop
- staging
- master
- ephemeral-*
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
frontend_tests:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Use Node.js
uses: actions/setup-node@v2
with:
node-version: '18'
- name: Cache dependencies
uses: actions/cache@v2
with:
path: |
frontend/node_modules
frontend/.yarn
frontend/.yarn/cache
key: ${{ runner.os }}-node-${{ hashFiles('frontend/yarn.lock') }}
restore-keys: |
${{ runner.os }}-node-
- run: yarn install --frozen-lockfile
working-directory: frontend
- run: yarn lint
working-directory: frontend
- run: yarn test --watchAll=false
working-directory: frontend
build_dev:
runs-on: ubuntu-latest
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Checkout code
uses: actions/checkout@v2
- name: Set up Docker environment
run: |
echo "DOCKERHUB_USERNAME=${{ secrets.DOCKERHUB_USERNAME }}" >> $GITHUB_ENV
echo "DOCKERHUB_TOKEN=${{ secrets.DOCKERHUB_TOKEN }}" >> $GITHUB_ENV
if [ -n "${{ vars.DOCKERHUB_ORGANIZATION }}" ]; then
echo "DOCKERHUB_ORGANIZATION=${{ vars.DOCKERHUB_ORGANIZATION }}" >> $GITHUB_ENV
else
echo "DOCKERHUB_ORGANIZATION=unicef" >> $GITHUB_ENV
fi
- name: DockerHub login
uses: docker/login-action@v1
if: ${{ env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN }}
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Push dev
run: |
docker buildx create --use
option=load
if [ -n "${{ env.DOCKERHUB_USERNAME }}" ] && [ -n "${{ env.DOCKERHUB_TOKEN }}" ]; then
option=push
fi
docker buildx build \
--progress=plain \
--cache-from type=gha,scope=${{ github.ref_name }} \
--cache-to type=gha,mode=max,scope=${{ github.ref_name }} \
-t ${{ env.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \
-t ${{ env.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-latest-dev \
-f ./docker/Dockerfile \
--target dev \
--$option \
./
- name: Save image to tar
if: ${{ !( env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN ) }}
run: |
docker save ${{ env.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev | gzip > /tmp/dev-image.tar.gz
- name: Upload Artifact
if: ${{ !( env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN ) }}
uses: actions/upload-artifact@v4
with:
name: dev-artifact
path: /tmp/dev-image.tar.gz
isort:
runs-on: ubuntu-latest
needs: [build_dev]
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up Docker environment
run: |
echo "DOCKERHUB_USERNAME=${{ secrets.DOCKERHUB_USERNAME }}" >> $GITHUB_ENV
echo "DOCKERHUB_TOKEN=${{ secrets.DOCKERHUB_TOKEN }}" >> $GITHUB_ENV
if [ -n "${{ vars.DOCKERHUB_ORGANIZATION }}" ]; then
echo "DOCKERHUB_ORGANIZATION=${{ vars.DOCKERHUB_ORGANIZATION }}" >> $GITHUB_ENV
else
echo "DOCKERHUB_ORGANIZATION=unicef" >> $GITHUB_ENV
fi
- name: Download Artifact
if: ${{ !( env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN ) }}
uses: actions/download-artifact@v4
with:
name: dev-artifact
path: /tmp
- name: Load image from tar
if: ${{ !( env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN ) }}
run: |
gunzip -c /tmp/dev-image.tar.gz | docker load
- name: Check
run: |
docker run --rm -i \
${{ env.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \
isort . --check-only
black:
runs-on: ubuntu-latest
needs: [build_dev]
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up Docker environment
run: |
echo "DOCKERHUB_USERNAME=${{ secrets.DOCKERHUB_USERNAME }}" >> $GITHUB_ENV
echo "DOCKERHUB_TOKEN=${{ secrets.DOCKERHUB_TOKEN }}" >> $GITHUB_ENV
if [ -n "${{ vars.DOCKERHUB_ORGANIZATION }}" ]; then
echo "DOCKERHUB_ORGANIZATION=${{ vars.DOCKERHUB_ORGANIZATION }}" >> $GITHUB_ENV
else
echo "DOCKERHUB_ORGANIZATION=unicef" >> $GITHUB_ENV
fi
- name: Download Artifact
if: ${{ !( env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN ) }}
uses: actions/download-artifact@v4
with:
name: dev-artifact
path: /tmp
- name: Load image from tar
if: ${{ !( env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN ) }}
run: |
gunzip -c /tmp/dev-image.tar.gz | docker load
- name: Check
run: |
docker run --rm -i \
${{ env.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \
black . --check
flake8:
runs-on: ubuntu-latest
needs: [build_dev]
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up Docker environment
run: |
echo "DOCKERHUB_USERNAME=${{ secrets.DOCKERHUB_USERNAME }}" >> $GITHUB_ENV
echo "DOCKERHUB_TOKEN=${{ secrets.DOCKERHUB_TOKEN }}" >> $GITHUB_ENV
if [ -n "${{ vars.DOCKERHUB_ORGANIZATION }}" ]; then
echo "DOCKERHUB_ORGANIZATION=${{ vars.DOCKERHUB_ORGANIZATION }}" >> $GITHUB_ENV
else
echo "DOCKERHUB_ORGANIZATION=unicef" >> $GITHUB_ENV
fi
- name: Download Artifact
if: ${{ !( env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN ) }}
uses: actions/download-artifact@v4
with:
name: dev-artifact
path: /tmp
- name: Load image from tar
if: ${{ !( env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN ) }}
run: |
gunzip -c /tmp/dev-image.tar.gz | docker load
- name: Check
run: |
docker run --rm -i \
${{ env.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \
flake8 .
mypy:
runs-on: ubuntu-latest
needs: [build_dev]
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up Docker environment
run: |
echo "DOCKERHUB_USERNAME=${{ secrets.DOCKERHUB_USERNAME }}" >> $GITHUB_ENV
echo "DOCKERHUB_TOKEN=${{ secrets.DOCKERHUB_TOKEN }}" >> $GITHUB_ENV
if [ -n "${{ vars.DOCKERHUB_ORGANIZATION }}" ]; then
echo "DOCKERHUB_ORGANIZATION=${{ vars.DOCKERHUB_ORGANIZATION }}" >> $GITHUB_ENV
else
echo "DOCKERHUB_ORGANIZATION=unicef" >> $GITHUB_ENV
fi
- name: Download Artifact
if: ${{ !( env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN ) }}
uses: actions/download-artifact@v4
with:
name: dev-artifact
path: /tmp
- name: Load image from tar
if: ${{ !( env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN ) }}
run: |
gunzip -c /tmp/dev-image.tar.gz | docker load
- name: Check
run: |
docker run --rm -i \
${{ env.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev \
mypy .
build_dist:
needs: [build_dev]
runs-on: ubuntu-latest
steps:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Checkout code
uses: actions/checkout@v2
- name: Set up Docker environment
run: |
echo "DOCKERHUB_USERNAME=${{ secrets.DOCKERHUB_USERNAME }}" >> $GITHUB_ENV
echo "DOCKERHUB_TOKEN=${{ secrets.DOCKERHUB_TOKEN }}" >> $GITHUB_ENV
if [ -n "${{ vars.DOCKERHUB_ORGANIZATION }}" ]; then
echo "DOCKERHUB_ORGANIZATION=${{ vars.DOCKERHUB_ORGANIZATION }}" >> $GITHUB_ENV
else
echo "DOCKERHUB_ORGANIZATION=unicef" >> $GITHUB_ENV
fi
- name: DockerHub login
uses: docker/login-action@v1
if: ${{ env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN }}
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Push dist
run: |
docker buildx create --use
option=load
if [ -n "${{ env.DOCKERHUB_USERNAME }}" ] && [ -n "${{ env.DOCKERHUB_TOKEN }}" ]; then
option=push
fi
# Base part of the command
build_command="docker buildx build \
--progress=plain \
--cache-from type=gha,scope=${{ github.ref_name }} \
--cache-to type=gha,mode=max,scope=${{ github.ref_name }} \
-t ${{ env.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dist \
-t ${{ env.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }} \
-f ./docker/Dockerfile \
--target dist \
--$option ./"
if [ -n "${{ env.DOCKERHUB_USERNAME }}" ] && [ -n "${{ env.DOCKERHUB_TOKEN }}" ] && [ "${{ github.ref }}" = "refs/heads/master" ]; then
version=$(python3 -c "import sys; version=None; [version:=line.split('=')[1].strip().strip('\"') for line in open('backend/pyproject.toml', 'r') if line.strip().startswith('version =')]; print(version if version else sys.exit(1))")
tagged_image=${{ env.DOCKERHUB_ORGANIZATION }}/hope:core-$version
build_command="$build_command -t $tagged_image"
fi
eval $build_command
- name: Save image to tar
if: ${{ !( env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN ) }}
run: |
docker save ${{ env.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dist | gzip > /tmp/dist-image.tar.gz
- name: Upload Artifact
if: ${{ !( env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN ) }}
uses: actions/upload-artifact@v4
with:
name: dist-artifact
path: /tmp/dist-image.tar.gz
unit_tests:
runs-on: ubuntu-latest
needs: [build_dev]
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up Docker environment
run: |
echo "DOCKERHUB_USERNAME=${{ secrets.DOCKERHUB_USERNAME }}" >> $GITHUB_ENV
echo "DOCKERHUB_TOKEN=${{ secrets.DOCKERHUB_TOKEN }}" >> $GITHUB_ENV
if [ -n "${{ vars.DOCKERHUB_ORGANIZATION }}" ]; then
echo "DOCKERHUB_ORGANIZATION=${{ vars.DOCKERHUB_ORGANIZATION }}" >> $GITHUB_ENV
else
echo "DOCKERHUB_ORGANIZATION=unicef" >> $GITHUB_ENV
fi
- name: Download Artifact
if: ${{ !( env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN ) }}
uses: actions/download-artifact@v4
with:
name: dev-artifact
path: /tmp
- name: Load image from tar
if: ${{ !( env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN ) }}
run: |
gunzip -c /tmp/dev-image.tar.gz | docker load
- name: Unit tests
run: |
backend_image=${{ env.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev docker compose \
-f ./deployment/docker-compose.tst.yml \
run backend ./dev.sh test
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
with:
files: ./backend/coverage.xml
flags: unittests
token: ${{ secrets.CODECOV_TOKEN }}
verbose: true
e2e_tests:
runs-on: ubuntu-latest
needs: [build_dist]
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up Docker environment
run: |
echo "DOCKERHUB_USERNAME=${{ secrets.DOCKERHUB_USERNAME }}" >> $GITHUB_ENV
echo "DOCKERHUB_TOKEN=${{ secrets.DOCKERHUB_TOKEN }}" >> $GITHUB_ENV
if [ -n "${{ vars.DOCKERHUB_ORGANIZATION }}" ]; then
echo "DOCKERHUB_ORGANIZATION=${{ vars.DOCKERHUB_ORGANIZATION }}" >> $GITHUB_ENV
else
echo "DOCKERHUB_ORGANIZATION=unicef" >> $GITHUB_ENV
fi
- name: Download Dev Artifact
if: ${{ !( env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN ) }}
uses: actions/download-artifact@v4
with:
name: dev-artifact
path: /tmp
- name: Download Dist Artifact
if: ${{ !( env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN ) }}
uses: actions/download-artifact@v4
with:
name: dist-artifact
path: /tmp
- name: Load images from tar
if: ${{ !( env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN ) }}
run: |
gunzip -c /tmp/dev-image.tar.gz | docker load
gunzip -c /tmp/dist-image.tar.gz | docker load
- name: E2E tests
run: |
dist_backend_image=${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dist dev_backend_image=${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}-dev docker compose \
-f ./deployment/docker-compose.selenium.yml \
run selenium
- name: Upload Artifact
uses: actions/upload-artifact@v4
if: always()
continue-on-error: true
with:
name: report
path: ./backend/report/
retention-days: 5
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
if: always()
continue-on-error: true
with:
files: ./backend/coverage.xml
flags: e2e
token: ${{ secrets.CODECOV_TOKEN }}
verbose: true
trivy:
runs-on: ubuntu-latest
needs: [build_dist]
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set up Docker environment
run: |
echo "DOCKERHUB_USERNAME=${{ secrets.DOCKERHUB_USERNAME }}" >> $GITHUB_ENV
echo "DOCKERHUB_TOKEN=${{ secrets.DOCKERHUB_TOKEN }}" >> $GITHUB_ENV
if [ -n "${{ vars.DOCKERHUB_ORGANIZATION }}" ]; then
echo "DOCKERHUB_ORGANIZATION=${{ vars.DOCKERHUB_ORGANIZATION }}" >> $GITHUB_ENV
else
echo "DOCKERHUB_ORGANIZATION=unicef" >> $GITHUB_ENV
fi
- name: Download Dist Artifact
if: ${{ !( env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN ) }}
uses: actions/download-artifact@v4
with:
name: dist-artifact
path: /tmp
- name: Load images from tar
if: ${{ !( env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN ) }}
run: |
gunzip -c /tmp/dist-image.tar.gz | docker load
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: '${{ vars.DOCKERHUB_ORGANIZATION }}/hope-support-images:core-${{ github.sha }}'
format: 'table'
exit-code: '0'
ignore-unfixed: true
vuln-type: 'os,library'
severity: 'CRITICAL,HIGH'
deploy:
runs-on: ubuntu-latest
needs: [e2e_tests, unit_tests, isort, black, flake8, mypy, frontend_tests]
if: |
github.event_name == 'push' &&
(
github.ref == 'refs/heads/develop' ||
github.ref == 'refs/heads/staging' ||
github.ref == 'refs/heads/master' ||
github.ref == 'refs/heads/ephemeral-1' ||
github.ref == 'refs/heads/ephemeral-2' ||
github.ref == 'refs/heads/ephemeral-3'
)
steps:
- name: Trigger deploy
run: |
# TODO: make it prettier
if [ ${{ github.ref }} == 'refs/heads/develop' ]; then
pipelineId=1159
elif [ ${{ github.ref }} == 'refs/heads/staging' ]; then
pipelineId=1160
elif [ ${{ github.ref }} == 'refs/heads/master' ]; then
pipelineId=1161,1165
elif [ ${{ github.ref }} == 'refs/heads/ephemeral-1' ]; then
pipelineId=1164
elif [ ${{ github.ref }} == 'refs/heads/ephemeral-2' ]; then
pipelineId=1253
elif [ ${{ github.ref }} == 'refs/heads/ephemeral-3' ]; then
pipelineId=1283
else
echo "No pipeline to trigger for ref ${{ github.ref }}"
exit 0
fi
IFS=',' read -ra pipelines <<< "$pipelineId"
for pipeline in "${pipelines[@]}"; do
jsonBody='{"variables": {"sha": {"isSecret": false, "value": "${{ github.sha }}"}, "tag": {"isSecret": false, "value": "core-${{ github.sha }}"}}}'
contentLength=$(echo -n $jsonBody | wc -c)
project=ICTD-HCT-MIS
organization=unicef
echo Triggering deploy for pipeline $pipeline
echo JSON body: $jsonBody
curl -v -L \
-u ":${{ secrets.AZURE_PAT }}" \
-H "Content-Type: application/json" \
-H "Content-Length: $contentLength" \
-d "$jsonBody" \
https://dev.azure.com/$organization/$project/_apis/pipelines/$pipeline/runs?api-version=7.1-preview.1
if [ $? -ne 0 ]; then
echo "Failed to trigger deploy for pipeline $pipeline"
exit 1
fi
done