Report Azure auth error description (#2018) #3562
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "CI/CD - Full Pipeline" | |
on: | |
pull_request: | |
push: | |
branches: | |
- main | |
- development | |
- production | |
jobs: | |
build_test: | |
name: Build (Test) | |
runs-on: ubuntu-20.04 | |
outputs: | |
docker_image: ${{ steps.build.outputs.docker_image }} | |
if: ${{ github.ref != 'refs/heads/production' && github.ref != 'refs/heads/development' }} | |
steps: | |
- uses: actions/[email protected] | |
- uses: ./.github/workflows/actions/build-docker-image | |
name: Build docker image | |
id: build | |
with: | |
target: test | |
ghcr_username: ${{ github.actor }} | |
ghcr_password: ${{ secrets.GITHUB_TOKEN }} | |
build_release: | |
name: Build (Release) | |
runs-on: ubuntu-20.04 | |
outputs: | |
docker_image: ${{ steps.build.outputs.docker_image }} | |
steps: | |
- uses: actions/[email protected] | |
- uses: ./.github/workflows/actions/build-docker-image | |
name: Build docker image | |
id: build | |
with: | |
target: app | |
ghcr_username: ${{ github.actor }} | |
ghcr_password: ${{ secrets.GITHUB_TOKEN }} | |
brakeman: | |
name: Checks - Brakeman | |
needs: build_test | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Set up Docker Buildx | |
uses: docker/[email protected] | |
- run: docker run ${{ needs.build_test.outputs.docker_image }} bundle exec brakeman | |
rubocop: | |
name: Checks - Rubocop | |
needs: build_test | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Set up Docker Buildx | |
uses: docker/[email protected] | |
- run: docker run ${{ needs.build_test.outputs.docker_image }} bundle exec rubocop | |
jest: | |
name: Checks - Jest | |
needs: build_test | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/[email protected] | |
- name: Install node modules | |
run: yarn install | |
- name: Run tests | |
run: yarn jest | |
rspec: | |
name: Checks - Rspec | |
needs: build_test | |
runs-on: ubuntu-20.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
ci_node_total: [6] | |
ci_node_index: [0, 1, 2, 3, 4, 5] | |
services: | |
postgres: | |
image: postgres | |
env: | |
POSTGRES_USER: postgres | |
POSTGRES_PASSWORD: password | |
POSTGRES_HOST_AUTH_METHOD: trust | |
ports: | |
- 5432:5432 | |
redis: | |
image: redis | |
ports: | |
- 6379:6379 | |
chrome: | |
image: selenium/standalone-chrome:95.0-chromedriver-95.0 | |
ports: | |
- 4444:4444 | |
steps: | |
- name: Run Rspec tests | |
run: | | |
docker run \ | |
--network ${{ job.container.network }} \ | |
--name test_container \ | |
-e RAILS_ENV=test \ | |
-e DATABASE_URL=postgres://postgres:password@postgres:5432/buy-for-your-school-test \ | |
-e DATABASE_CLEANER_ALLOW_REMOTE_DATABASE_URL="true" \ | |
-e DOCKER=true \ | |
-e SELENIUM_HUB_URL=http://chrome:4444/wd/hub \ | |
-e REDIS_URL=redis://redis:6379 \ | |
-e APPLICATION_URL=http://localhost:3000 \ | |
-e SECRET_KEY_BASE=test \ | |
-e CONTENTFUL_SPACE=test \ | |
-e CONTENTFUL_ENVIRONMENT=master \ | |
-e CONTENTFUL_DELIVERY_TOKEN=123 \ | |
-e CONTENTFUL_PREVIEW_TOKEN=123 \ | |
-e CONTENTFUL_ENTRY_CACHING=false \ | |
-e CONTENTFUL_WEBHOOK_API_KEY=test \ | |
-e NOTIFY_API_KEY=development_team-12345678-1234-1234-1234-abcd12345678-12345678-1234-1234-1234-abcd12345678 \ | |
-e MS_GRAPH_TENANT=test \ | |
-e MS_GRAPH_CLIENT_ID=test \ | |
-e MS_GRAPH_CLIENT_SECRET=test \ | |
-e MS_GRAPH_SHARED_MAILBOX_USER_ID=test \ | |
-e MS_GRAPH_SHARED_MAILBOX_NAME=mailbox \ | |
-e [email protected] \ | |
-e CLAMAV_REST_SERVICE_URL=test \ | |
-e DSI_ENV=test \ | |
-e DFE_SIGN_IN_IDENTIFIER=service \ | |
-e DFE_SIGN_IN_API_SECRET=secret \ | |
-e PROC_OPS_TEAM="DSI Caseworkers" \ | |
-e QUALTRICS_SURVEY_URL=https://dferesearch.fra1.qualtrics.com \ | |
-e [email protected] \ | |
-e FAF_FRAMEWORK_ENDPOINT=http://faf.test \ | |
-e FAF_WEBHOOK_SECRET=test \ | |
-e CI_NODE_TOTAL=${{ matrix.ci_node_total }} \ | |
-e CI_NODE_INDEX=${{ matrix.ci_node_index }} \ | |
${{ needs.build_test.outputs.docker_image }} \ | |
bash -c "bundle exec rake 'knapsack:rspec[--tag ~flaky]'" | |
- name: Get coverage from container | |
run: | | |
mkdir coverage | |
docker cp test_container:/srv/app/coverage/.resultset.json coverage/.resultset-${{ matrix.ci_node_index }}.json | |
- name: Remove test container | |
run: docker rm test_container | |
- name: Store test coverage | |
uses: actions/[email protected] | |
with: | |
name: coverage-report-${{ matrix.ci_node_index }} | |
path: coverage/.resultset-${{ matrix.ci_node_index }}.json | |
rspec_quarentine: | |
name: Checks - Rspec (Quarantined tests) | |
needs: build_test | |
runs-on: ubuntu-20.04 | |
services: | |
postgres: | |
image: postgres | |
env: | |
POSTGRES_USER: postgres | |
POSTGRES_PASSWORD: password | |
POSTGRES_HOST_AUTH_METHOD: trust | |
ports: | |
- 5432:5432 | |
redis: | |
image: redis | |
ports: | |
- 6379:6379 | |
chrome: | |
image: selenium/standalone-chrome:95.0-chromedriver-95.0 | |
ports: | |
- 4444:4444 | |
steps: | |
- name: Run Quarantined Rspec tests | |
continue-on-error: true | |
run: | | |
docker run \ | |
--network ${{ job.container.network }} \ | |
--name test_container \ | |
-e RAILS_ENV=test \ | |
-e DATABASE_URL=postgres://postgres:password@postgres:5432/buy-for-your-school-test \ | |
-e DATABASE_CLEANER_ALLOW_REMOTE_DATABASE_URL="true" \ | |
-e DOCKER=true \ | |
-e SELENIUM_HUB_URL=http://chrome:4444/wd/hub \ | |
-e REDIS_URL=redis://redis:6379 \ | |
-e APPLICATION_URL=http://localhost:3000 \ | |
-e SECRET_KEY_BASE=test \ | |
-e CONTENTFUL_SPACE=test \ | |
-e CONTENTFUL_ENVIRONMENT=master \ | |
-e CONTENTFUL_DELIVERY_TOKEN=123 \ | |
-e CONTENTFUL_PREVIEW_TOKEN=123 \ | |
-e CONTENTFUL_ENTRY_CACHING=false \ | |
-e CONTENTFUL_WEBHOOK_API_KEY=test \ | |
-e NOTIFY_API_KEY=development_team-12345678-1234-1234-1234-abcd12345678-12345678-1234-1234-1234-abcd12345678 \ | |
-e MS_GRAPH_TENANT=test \ | |
-e MS_GRAPH_CLIENT_ID=test \ | |
-e MS_GRAPH_CLIENT_SECRET=test \ | |
-e MS_GRAPH_SHARED_MAILBOX_USER_ID=test \ | |
-e MS_GRAPH_SHARED_MAILBOX_NAME=mailbox \ | |
-e [email protected] \ | |
-e CLAMAV_REST_SERVICE_URL=test \ | |
-e DSI_ENV=test \ | |
-e DFE_SIGN_IN_IDENTIFIER=service \ | |
-e DFE_SIGN_IN_API_SECRET=secret \ | |
-e PROC_OPS_TEAM="DSI Caseworkers" \ | |
-e QUALTRICS_SURVEY_URL=https://dferesearch.fra1.qualtrics.com \ | |
-e [email protected] \ | |
-e FAF_FRAMEWORK_ENDPOINT=http://faf.test \ | |
-e FAF_WEBHOOK_SECRET=test \ | |
${{ needs.build_test.outputs.docker_image }} \ | |
bash -c "bundle exec rspec --tag flaky || bundle exec rspec --only-failure" | |
- name: Get coverage from container | |
run: | | |
mkdir coverage | |
docker cp test_container:/srv/app/coverage/.resultset.json coverage/.resultset-quarantine.json | |
- name: Remove test container | |
run: docker rm test_container | |
- name: Store test coverage | |
uses: actions/[email protected] | |
with: | |
name: coverage-report-quarantine | |
path: coverage/.resultset-quarantine.json | |
collate_test_coverage: | |
name: Checks - Produce test coverage report | |
needs: [build_test, rspec, rspec_quarentine] | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Set up Docker Buildx | |
uses: docker/[email protected] | |
- name: Download all test coverage | |
uses: actions/[email protected] | |
with: | |
path: coverage | |
pattern: coverage-report-* | |
merge-multiple: true | |
- name: Generate collated test coverage | |
run: | | |
CONTAINER_ID=$(docker run -di ${{ needs.build_test.outputs.docker_image }} "/bin/sh") | |
docker cp coverage $CONTAINER_ID:/srv/app | |
docker exec $CONTAINER_ID bash -c "ruby lib/code_coverage_collate.rb" | |
docker cp $CONTAINER_ID:/srv/app/coverage/index.html coverage | |
docker cp $CONTAINER_ID:/srv/app/coverage/assets coverage | |
docker cp $CONTAINER_ID:/srv/app/coverage/.last_run.json coverage | |
docker stop $CONTAINER_ID | |
docker rm $CONTAINER_ID | |
- name: Store collated test coverage | |
uses: actions/[email protected] | |
with: | |
name: full-coverage-report | |
path: | | |
coverage/* | |
!coverage/.last_run.json | |
- name: Store last run | |
uses: actions/[email protected] | |
with: | |
name: last-run | |
path: coverage/.last_run.json | |
- name: Delete intermediate artifacts | |
uses: geekyeggo/[email protected] | |
with: | |
name: coverage-report-* | |
comment_coverage: | |
name: Comment coverage on PR | |
needs: collate_test_coverage | |
runs-on: ubuntu-20.04 | |
if: ${{ github.event_name == 'pull_request' }} | |
steps: | |
- name: Download coverage from current run | |
uses: actions/[email protected] | |
with: | |
path: coverage/current | |
pattern: last-run | |
- run: echo current_coverage=$(cat coverage/current/last-run/.last_run.json) >> $GITHUB_ENV | |
- name: Store coverage from current run | |
id: current-run-coverage | |
run: | | |
echo branch=${{ fromJson(env.current_coverage).result.branch }} >> $GITHUB_OUTPUT | |
echo line=${{ fromJson(env.current_coverage).result.line }} >> $GITHUB_OUTPUT | |
- name: Post comment | |
uses: thollander/[email protected] | |
with: | |
message: | | |
# Test coverage | |
**Line:** ${{ steps.current-run-coverage.outputs.line }}% | |
**Branch:** ${{ steps.current-run-coverage.outputs.branch }}% | |
release_dev: | |
name: Deploy release (Dev) | |
runs-on: ubuntu-20.04 | |
needs: build_release | |
environment: az-dev | |
if: github.ref == 'refs/heads/development' | |
steps: | |
- uses: actions/[email protected] | |
- uses: ./.github/workflows/actions/deploy-az | |
with: | |
docker_image_and_tag: ${{ needs.build_release.outputs.docker_image }} | |
az_credentials: ${{ secrets.AZURE_SP_CREDENTIALS }} | |
container_app_name: ${{ secrets.CONTAINER_APP_NAME }} | |
resource_group_name: ${{ secrets.RESOURCE_GROUP_NAME }} | |
release_staging: | |
name: Deploy release (Staging) | |
runs-on: ubuntu-20.04 | |
needs: build_release | |
environment: az-staging | |
if: github.ref == 'refs/heads/main' | |
steps: | |
- uses: actions/[email protected] | |
- uses: ./.github/workflows/actions/deploy-az | |
with: | |
docker_image_and_tag: ${{ needs.build_release.outputs.docker_image }} | |
az_credentials: ${{ secrets.AZURE_SP_CREDENTIALS }} | |
container_app_name: ${{ secrets.CONTAINER_APP_NAME }} | |
resource_group_name: ${{ secrets.RESOURCE_GROUP_NAME }} | |
release_production: | |
name: Deploy release (Production) | |
runs-on: ubuntu-20.04 | |
needs: build_release | |
environment: az-production | |
if: github.ref == 'refs/heads/production' | |
steps: | |
- uses: actions/[email protected] | |
- uses: ./.github/workflows/actions/deploy-az | |
with: | |
docker_image_and_tag: ${{ needs.build_release.outputs.docker_image }} | |
az_credentials: ${{ secrets.AZURE_SP_CREDENTIALS }} | |
container_app_name: ${{ secrets.CONTAINER_APP_NAME }} | |
resource_group_name: ${{ secrets.RESOURCE_GROUP_NAME }} | |
data_regression_copy_to_original: | |
name: Data regression testing - trigger copy to pre-release-original-data | |
needs: release_production | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: Azure/[email protected] | |
with: | |
azure-devops-project-url: "https://dfe-ssp.visualstudio.com/S174-Get%20Help%20Buying%20for%20Schools" | |
azure-pipeline-name: "Pre-release Original Data sync" | |
azure-devops-token: ${{ secrets.AZURE_DEVOPS_TOKEN }} | |
data_regression_copy_to_modified: | |
name: Data regression testing - trigger copy to pre-release-modified-data | |
needs: release_production | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: Azure/[email protected] | |
with: | |
azure-devops-project-url: "https://dfe-ssp.visualstudio.com/S174-Get%20Help%20Buying%20for%20Schools" | |
azure-pipeline-name: "Pre-release Modified Data sync" | |
azure-devops-token: ${{ secrets.AZURE_DEVOPS_TOKEN }} | |
data_regression_migrate_modified: | |
name: Data regression testing - apply migrations to pre-release-modified-data | |
needs: [build_release, release_staging] | |
runs-on: ubuntu-20.04 | |
env: | |
PRE_RELEASE_MODIFIED_DATA_DB_URL: ${{ secrets.PRE_RELEASE_MODIFIED_DATA_DB_URL }} | |
steps: | |
- name: Run migrations against pre-release-modified-data | |
run: | | |
docker run --rm \ | |
-e RAILS_ENV=production \ | |
-e DATABASE_URL=${{ env.PRE_RELEASE_MODIFIED_DATA_DB_URL }} \ | |
-e DOCKER=true \ | |
-e SECRET_KEY_BASE=production \ | |
-e APPLICATION_URL=https://www.get-help-buying-for-schools.service.gov.uk \ | |
${{ needs.build_release.outputs.docker_image }} \ | |
bash -c "bundle exec rails db:migrate" |