feat(form-system): client, domain and the application #13513
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Config values | |
on: | |
push: | |
branches: | |
- 'main' | |
- 'release/**' | |
- 'pre-release/**' | |
paths: | |
- 'charts/**' | |
- 'infra/**' | |
- '**/infra/**' | |
workflow_dispatch: {} | |
pull_request: | |
paths: | |
- 'charts/**' | |
- 'infra/**' | |
- '**/infra/**' | |
defaults: | |
run: | |
shell: bash | |
env: | |
AWS_MAX_ATTEMPTS: 10 | |
GITHUB_ACTIONS_CACHE_URL: https://cache.dev01.devland.is/ | |
jobs: | |
prepare: | |
runs-on: ec2-runners | |
container: | |
image: public.ecr.aws/m3u4c4h9/island-is/actions-runner-public:latest | |
outputs: | |
ENVS: ${{ steps.select_envs.outputs.ENVS }} | |
steps: | |
- name: Select secret envs to check | |
id: select_envs | |
run: | | |
GIT_BRANCH="${GITHUB_HEAD_REF:-${GITHUB_REF/refs\/heads\//}}" | |
# ENVS=("dev" "staging") | |
ENVS=("dev" "staging") | |
if [[ $GIT_BRANCH =~ ^release\/ ]]; then | |
echo "Adding prod environments to test set" | |
ENVS+=("prod") | |
fi | |
ENVS_JSON=$(printf '%s\n' "${ENVS[@]}" | jq -R . | jq -s . | tr -d '[:space:]') | |
echo "ENVS={\"env\":$ENVS_JSON}" >> "$GITHUB_OUTPUT" | |
helm-values-validation: | |
runs-on: ec2-runners | |
container: | |
image: public.ecr.aws/m3u4c4h9/island-is/actions-runner-public:latest | |
timeout-minutes: 5 | |
steps: | |
- uses: actions/checkout@v3 | |
if: ${{ github.event_name == 'pull_request' }} | |
with: | |
ref: ${{ github.event.pull_request.head.ref }} | |
token: ${{ secrets.DIRTY_FIX_BOT_TOKEN }} | |
- uses: actions/checkout@v3 | |
if: ${{ github.event_name != 'pull_request' }} | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: '18' | |
- name: Setup yarn | |
run: npm install -g yarn | |
- name: Cache for NodeJS dependencies | |
id: node-modules | |
continue-on-error: true | |
uses: ./.github/actions/cache | |
with: | |
path: infra/node_modules | |
key: ${{ runner.os }}-${{ hashFiles('infra/yarn.lock') }}-infra | |
- name: Check cache success | |
run: '[[ "${{ steps.node-modules.outputs.success }}" != "false" ]] || exit 1' | |
- name: Building NodeJS dependencies | |
if: steps.node-modules.outputs.cache-hit != 'true' | |
working-directory: infra | |
run: yarn install --immutable | |
- name: Run unit tests | |
run: ./infra/scripts/ci/test-unit.sh | |
- name: Check chart values are up-to-date | |
if: ${{ github.ref == 'ref/heads/main' }} | |
run: ./infra/scripts/ci/diff-chart-values-all-charts.sh | |
- name: Commit any changes to charts | |
if: ${{ github.event_name == 'pull_request' }} | |
run: | | |
yarn --cwd infra charts | |
./infra/scripts/ci/git-check-dirty.sh "charts/" "charts" "dirtybot" | |
check-secrets: | |
needs: | |
- prepare | |
- helm-values-validation # waiting on this job so the cache would be prepared | |
runs-on: ec2-runners | |
container: | |
image: public.ecr.aws/m3u4c4h9/island-is/actions-runner-public:latest | |
strategy: | |
fail-fast: false | |
matrix: ${{ fromJson(needs.prepare.outputs.ENVS) }} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: '18' | |
- name: Cache for NodeJS dependencies | |
id: node-modules | |
continue-on-error: true | |
uses: ./.github/actions/cache | |
with: | |
path: infra/node_modules | |
key: ${{ runner.os }}-${{ hashFiles('infra/yarn.lock') }}-infra | |
- name: Check cache success | |
run: '[[ "${{ steps.node-modules.outputs.success }}" != "false" ]] || exit 1' | |
- name: Building NodeJS dependencies | |
if: steps.node-modules.outputs.cache-hit != 'true' | |
working-directory: infra | |
run: yarn install --immutable | |
- name: Select role | |
env: | |
prod: arn:aws:iam::251502586493:role/list-ssm-parameters | |
dev: arn:aws:iam::013313053092:role/list-ssm-parameters | |
staging: arn:aws:iam::261174024191:role/list-ssm-parameters | |
run: echo "ROLE=$${{ matrix.env }}" >> $GITHUB_ENV | |
- name: Get local secrets | |
working-directory: infra | |
run: node -r esbuild-register src/secrets.ts get-all-required-secrets --env=${{ matrix.env }} >> LOCAL_SECRETS | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.DESCRIBE_SSM_AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.DESCRIBE_SSM_AWS_SECRET_ACCESS_KEY }} | |
aws-region: eu-west-1 | |
role-to-assume: ${{ env.ROLE }} | |
role-duration-seconds: 900 | |
role-session-name: DescribeSSM | |
- name: Get secrets in AWS | |
env: | |
AWS_RETRY_MODE: standard | |
AWS_MAX_ATTEMPTS: '6' | |
run: aws ssm describe-parameters --query=Parameters[*].[Name] --output=text >> CLOUD_SECRETS | |
working-directory: infra | |
- name: Configure AWS Credentials for IDS Prod | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.DESCRIBE_SSM_AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.DESCRIBE_SSM_AWS_SECRET_ACCESS_KEY }} | |
aws-region: eu-west-1 | |
role-duration-seconds: 900 | |
role-to-assume: arn:aws:iam::567113216315:role/list-ssm-parameters | |
- name: Get secrets in IDS Prod AWS | |
env: | |
AWS_RETRY_MODE: standard | |
AWS_MAX_ATTEMPTS: '6' | |
run: aws ssm describe-parameters --query=Parameters[*].[Name] --output=text >> CLOUD_SECRETS | |
working-directory: infra | |
- name: Compare secrets | |
working-directory: infra | |
shell: /bin/bash {0} | |
run: | | |
missing=$(grep -vxFf CLOUD_SECRETS LOCAL_SECRETS) | |
if [[ "$missing" != "" ]]; then | |
echo "Required secrets not available in environment ${{ matrix.env }}:" | |
while IFS= read -r secret ; do echo $secret; done <<< "$missing" | |
exit 1 | |
fi |