Skip to content

Bump the npm_and_yarn group across 2 directories with 4 updates #121

Bump the npm_and_yarn group across 2 directories with 4 updates

Bump the npm_and_yarn group across 2 directories with 4 updates #121

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# GitHub recommends pinning actions to a commit SHA.
# To get a newer version, you will need to update the SHA.
# You can also reference a tag or branch, but the action may change without warning.
name: Deploy to Amazon ECS STAGING
on:
pull_request:
push:
branches:
- master
workflow_dispatch:
defaults:
run:
shell: bash
env:
AWS_REGION: eu-west-2
ECR_REPOSITORY: paasmigration-staging-webapp-repository # set this to your Amazon ECR repository name
ECS_SERVICE: paasmigration-staging-webapp-service # set this to your Amazon ECS service name
ECS_CLUSTER: paasmigration-staging-ecs-cluster # set this to your Amazon ECS cluster name
# ECS_TASK_DEFINITION: MY_ECS_TASK_DEFINITION # set this to the path to your Amazon ECS task definition
# file, e.g. .aws/task-definition.json
CONTAINER_NAME:
HfUApp # set this to the name of the container in the
# containerDefinitions section of your task definition
jobs:
test:
name: Test
runs-on: ubuntu-latest
services:
postgres:
image: postgres:13.5
env:
POSTGRES_DB: ukraine_test
POSTGRES_USER: ukraine
POSTGRES_PASSWORD: password
ports:
- 5432:5432
# needed because the postgres container does not provide a healthcheck
# tmpfs makes DB faster by using RAM
options: >-
--mount type=tmpfs,destination=/var/lib/postgresql/data
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
redis:
# Docker Hub image
image: redis
# Set health checks to wait until redis has started
options: >-
--health-cmd "redis-cli ping"
--health-interval 10s
--health-timeout 5s
--health-retries 5
env:
RAILS_ENV: test
INSTANCE_NAME: ukraine-sponsor-resettlement-test
VCAP_SERVICES: '{"redis":[{"instance_name":"ukraine-sponsor-resettlement-test-redis","credentials":{"uri":"redis://redis"}}],"aws-s3-bucket":[{"instance_name":"ukraine-sponsor-resettlement-test-s3","credentials":{"aws_access_key_id":"access-key-id","aws_secret_access_key":"secret-access-key","aws_region":"eu-west-2","bucket_name":"test-bucket"}}]}'
GEMFILE_RUBY_VERSION: 3.1.4
DB_HOST: localhost
DB_DATABASE: ukraine_test
DB_USERNAME: ukraine
DB_PASSWORD: password
GOVUK_NOTIFY_API_KEY: ${{ secrets.GOVUK_NOTIFY_API_KEY }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ inputs.refToDeploy }}
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
# runs 'bundle install' and caches installed gems automatically
bundler-cache: true
- name: Set up node
uses: actions/setup-node@v4
with:
node-version: "20"
- name: Create DB
run: |
bundle exec rake db:prepare
- name: Migrate DB
run: |
bundle exec rake db:migrate
- name: Compile Assets
run: |
bundle exec rake assets:precompile
- name: Run localstack
run: |
docker run -d\
--rm \
-p 4566:4566 \
-v "${LOCALSTACK_VOLUME_DIR:-./volume}:/var/lib/localstack" \
-v "/var/run/docker.sock:/var/run/docker.sock" \
-v "./bin/init-s3-localstack.py:/etc/localstack/init/ready.d/init-s3.py" \
localstack/localstack:s3-latest
- name: Run tests
run: |
bundle exec rake
lint:
name: Lint
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ inputs.refToDeploy }}
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
# runs 'bundle install' and caches installed gems automatically
bundler-cache: true
- name: Rubocop
run: |
bundle exec rubocop
audit:
name: Audit dependencies
runs-on: ubuntu-latest
if: ${{ github.actor != 'dependabot[bot]' }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ inputs.refToDeploy }}
- name: Set up Ruby
uses: ruby/setup-ruby@v1
with:
# runs 'bundle install' and caches installed gems automatically
bundler-cache: true
- name: Audit
run: |
bundle exec bundler-audit
brakeman-scan:
name: Brakeman Scan
runs-on: ubuntu-latest
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ inputs.refToDeploy }}
# Customize the ruby version depending on your needs
- name: Setup Ruby
uses: ruby/setup-ruby@v1
- name: Setup Brakeman
run: |
gem install brakeman
# Execute Brakeman CLI and generate a SARIF output with the security issues identified during the analysis
- name: Scan
run: |
brakeman --color -o /dev/stdout
deploy:
name: Deploy
runs-on: ubuntu-latest
if: ${{ github.actor != 'dependabot[bot]' }}
environment: aws-staging
needs: [lint, test, audit, brakeman-scan]
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ inputs.refToDeploy }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build, tag, and push image to Amazon ECR
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
IMAGE_TAG: latest
run: |
# Build a docker container and
# push it to ECR so that it can
# be deployed to ECS.
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f Dockerfile .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
- name: Run DB migrations
id: db-migrate
run: aws ecs run-task --cluster paasmigration-staging-ecs-cluster --launch-type FARGATE --task-definition paasmigration-staging-dbmigrate --network-configuration "awsvpcConfiguration={subnets=[subnet-0d51c122320a5109d,subnet-0ac8857c1a1fae109,subnet-023faa26a32d874f9],securityGroups=[sg-0febc019ff5d677b5]}"
- name: Force deployment
id: force-deploy
run: |
aws ecs update-service --cluster paasmigration-staging-ecs-cluster --service paasmigration-staging-webapp-service --force-new-deployment
aws ecs update-service --cluster paasmigration-staging-ecs-cluster --service paasmigration-staging-sidekiq-service --force-new-deployment