-
Notifications
You must be signed in to change notification settings - Fork 0
146 lines (123 loc) · 5.04 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
# Find full documentation here https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions
name: CI
on:
pull_request:
merge_group:
# Manual invocation.
workflow_dispatch:
push:
branches:
- main
# Ensure we only ever have one build running at a time.
# If we push twice in quick succession, the first build will be stopped once the second starts.
# This avoids any race conditions.
concurrency:
group: ${{ github.ref }}
cancel-in-progress: true
jobs:
CI:
timeout-minutes: 15
runs-on: ubuntu-latest
# See https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
permissions:
# required by aws-actions/configure-aws-credentials
id-token: write
contents: read
pull-requests: write # required by guardian/actions-riff-raff
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Node
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version-file: '.nvmrc'
cache: 'npm'
- uses: guardian/actions-read-private-repos@8792b5279dc2e6dfb6b9aa6ba2f26b6226be444c # v0.1.1
with:
private-ssh-keys: ${{ secrets.PRIVATE_INFRASTRUCTURE_CONFIG_DEPLOY_KEY }}
- name: Run script/ci
run: ./scripts/ci.sh
- name: Upload to riff-raff
uses: guardian/actions-riff-raff@b2107fa569a9d7153c76cc0ea7233617249d047b # v4.0.2
with:
app: service-catalogue
roleArn: ${{ secrets.GU_RIFF_RAFF_ROLE_ARN }}
githubToken: ${{ secrets.GITHUB_TOKEN }}
buildNumber: ${{ env.GITHUB_RUN_NUMBER }}
projectName: deploy::service-catalogue
configPath: packages/cdk/cdk.out/riff-raff.yaml
contentDirectories: |
cdk.out:
- packages/cdk/cdk.out
repocop:
- packages/repocop/dist/repocop.zip
interactive-monitor:
- packages/interactive-monitor/dist/interactive-monitor.zip
data-audit:
- packages/data-audit/dist/data-audit.zip
snyk-integrator:
- packages/snyk-integrator/dist/snyk-integrator.zip
dependency-graph-integrator:
- packages/dependency-graph-integrator/dist/dependency-graph-integrator.zip
github-actions-usage:
- packages/github-actions-usage/dist/github-actions-usage.zip
obligatron:
- packages/obligatron/dist/obligatron.zip
refresh-materialized-view:
- packages/refresh-materialized-view/dist/refresh-materialized-view.zip
prisma:
- packages/common/prisma.zip
theguardian-servicecatalogue-app:
- packages/dashboard/dist/theguardian-servicecatalogue-app.zip
env:
NODE_OPTIONS: '--max_old_space_size=4096'
db-migration:
timeout-minutes: 15
runs-on: ubuntu-latest
# See https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
permissions:
contents: read
env:
NODE_OPTIONS: '--max_old_space_size=4096'
services:
# See https://docs.github.com/en/actions/using-containerized-services/creating-postgresql-service-containers
postgres:
image: postgres:14.6-alpine
# Keep these in sync with `.env` file at the repository root
env:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: not_at_all_secret
POSTGRES_DB: postgres
# Set health checks to wait until postgres has started
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
- 5432:5432
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Setup Node
uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version-file: '.nvmrc'
cache: 'npm'
- uses: guardian/actions-read-private-repos@8792b5279dc2e6dfb6b9aa6ba2f26b6226be444c # v0.1.1
with:
private-ssh-keys: ${{ secrets.PRIVATE_INFRASTRUCTURE_CONFIG_DEPLOY_KEY }}
- name: install dependencies
run: npm ci
- name: perform a DEV database migration
run: npm -w cli start migrate -- --stage DEV
- name: basic database tests
run: psql -d postgresql://postgres:not_at_all_secret@localhost:5432/postgres -v ON_ERROR_STOP=1 -f sql/ci.sql
- name: check schema.prisma file hasn't changed
run: git diff --exit-code packages/common/prisma/schema.prisma
- name: check for untracked files
run: |
UNTRACKED_FILES=$(git ls-files --others --exclude-standard packages/common/prisma | wc -l)
if [ "$UNTRACKED_FILES" -gt 0 ]; then
echo "Untracked files found:"
git ls-files --others --exclude-standard packages/common/prisma
exit 1
fi