Skip to content
CI

[NRLF-584] dependabot updates part 2 #1334

Sign in to view logs

[NRLF-584] dependabot updates part 2

[NRLF-584] dependabot updates part 2 #1334

Workflow file for this run

.github/workflows/ci.yml at a940acf
name: CI
on: pull_request
permissions:
id-token: write
contents: read
actions: write
env:
BASE_CACHE_NAME: base-cache
CACHE_NAME: cache
BASE_ARTIFACT_NAME: base-artifact
ARTIFACT_NAME: artifact
TF_ARTIFACT_NAME: terraform-artifact
AWS_DEFAULT_REGION: eu-west-2
# Default github env vars are not working for some reason. This is here to get branch names from the trigger event
BASE_BRANCH_NAME: ${{ github.event.pull_request.base.ref }}
BRANCH_NAME: ${{ github.event.pull_request.head.ref }}
TF_CLI_ARGS: -no-color
RUNNING_IN_CI: 1
jobs:
set-uniquish-id:
# Set a uniquish ID - good enough for our purposes since it must be close enough to unique for
# a) Terraform / AWS to allow clean build/destroys without side-effects (e.g. we don't
# want resources marked for deletion to be recreated in another CI run)
# b) Not to fall foul of character limits on AWS resource names: the ID must be short
name: Set a uniquish ID
runs-on: [self-hosted, ci]
steps:
- name: Set a uniquish ID
id: set_uniqish_id
run: |
TIME_IN_SECONDS_SINCE_MIDNIGHT=$(date -d "1970-01-01 UTC $(date +%T)" +%s)
echo "uniqish_id=${GITHUB_SHA::7}-${TIME_IN_SECONDS_SINCE_MIDNIGHT}" >> $GITHUB_OUTPUT
outputs:
uniqish_id: ${{ steps.set_uniqish_id.outputs.uniqish_id }}
check-release:
name: Check if release branch
runs-on: [self-hosted, ci]
steps:
- name: Git clone - ${{ env.BRANCH_NAME }}
uses: actions/checkout@v3
with:
ref: ${{ env.BRANCH_NAME }}
- name: Is release branch
run: |
if [[ ${{ github.event.pull_request.head.ref }} == release/* || ${{ github.event.pull_request.head.ref }} == hotfix/* ]];
then
echo "Branch is a release branch, checking names match";
else
echo "Regular branch, exiting release check"
exit 0;
fi
if [ "${{ env.BRANCH_NAME }}" == "$(cat RELEASE)" ];
then
echo "Branch is a release and name matches release name, continuing"
exit 0;
else
echo "Branch name does not match release name in RELEASE file, exiting"
exit 1;
fi
cache-base:
name: Cache (base)
needs: [check-release]
runs-on: [self-hosted, ci]
steps:
- name: Git clone - ${{ env.BASE_BRANCH_NAME }}
uses: actions/checkout@v3
with:
ref: ${{ env.BASE_BRANCH_NAME }}
- name: Runner setup
uses: ./.github/actions/runner-setup/
- name: Install dependencies
run: |
source nrlf.sh
nrlf make install
- name: Create cache - ${{ env.BASE_CACHE_NAME }}
uses: ./.github/actions/caching/
with:
path: .venv
name: ${{ env.BASE_CACHE_NAME }}
cache:
name: Cache (head)
needs: [check-release]
runs-on: [self-hosted, ci]
steps:
- name: Git clone - ${{ env.BRANCH_NAME }}
uses: actions/checkout@v3
with:
ref: ${{ env.BRANCH_NAME }}
- name: Runner setup
uses: ./.github/actions/runner-setup/
- name: Install dependencies
run: |
source nrlf.sh
nrlf make install
- name: Create cache - ${{ env.CACHE_NAME }}
uses: ./.github/actions/caching/
with:
path: .venv
name: ${{ env.CACHE_NAME }}
lint-check:
needs: [cache]
name: Linting check (head)
runs-on: [self-hosted, ci]
steps:
- name: Git clone - ${{ env.BRANCH_NAME }}
uses: actions/checkout@v3
with:
ref: ${{ env.BRANCH_NAME }}
- name: Runner setup
uses: ./.github/actions/runner-setup/
- name: Download cache - ${{ env.CACHE_NAME }}
uses: ./.github/actions/caching/
with:
path: .venv
name: ${{ env.CACHE_NAME }}
- name: Run linting
run: |
source .venv/bin/activate
source nrlf.sh
nrlf lint check
unit-test:
needs: [cache]
name: Unit test (head)
runs-on: [self-hosted, ci]
steps:
- name: Git clone - ${{ env.BRANCH_NAME }}
uses: actions/checkout@v3
with:
ref: ${{ env.BRANCH_NAME }}
- name: Runner setup
uses: ./.github/actions/runner-setup/
- name: Download cache - ${{ env.CACHE_NAME }}
uses: ./.github/actions/caching/
with:
path: .venv
name: ${{ env.CACHE_NAME }}
- name: Run test
run: |
source .venv/bin/activate
source nrlf.sh
nrlf test unit --runslow
feature-test-local:
needs: [cache]
name: Local Feature Test (head)
runs-on: [self-hosted, ci]
steps:
- name: Git clone - ${{ env.BRANCH_NAME }}
uses: actions/checkout@v3
with:
ref: ${{ env.BRANCH_NAME }}
- name: Runner setup
uses: ./.github/actions/runner-setup/
- name: Download cache - ${{ env.CACHE_NAME }}
uses: ./.github/actions/caching/
with:
path: .venv
name: ${{ env.CACHE_NAME }}
- name: Run test
run: |
source .venv/bin/activate
source nrlf.sh
nrlf test feature local
build-base:
needs: [cache-base]
name: Build (base)
runs-on: [self-hosted, ci]
steps:
- name: Git clone - ${{ env.BASE_BRANCH_NAME }}
uses: actions/checkout@v3
with:
ref: ${{ env.BASE_BRANCH_NAME }}
- name: Runner setup
uses: ./.github/actions/runner-setup/
- name: Download cache - ${{ env.BASE_CACHE_NAME }}
uses: ./.github/actions/caching/
with:
path: .venv
name: ${{ env.BASE_CACHE_NAME }}
- name: Build
run: |
source .venv/bin/activate
source nrlf.sh
nrlf make build
- name: Upload artifact - ${{ env.BASE_ARTIFACT_NAME }}
uses: ./.github/actions/upload-artifact/
with:
name: ${{ env.BASE_ARTIFACT_NAME }}
path: ./**/dist/*.zip
build:
needs: [cache]
name: Build (head)
runs-on: [self-hosted, ci]
steps:
- name: Git clone - ${{ env.BRANCH_NAME }}
uses: actions/checkout@v3
with:
ref: ${{ env.BRANCH_NAME }}
- name: Runner setup
uses: ./.github/actions/runner-setup/
- name: Download cache - ${{ env.CACHE_NAME }}
uses: ./.github/actions/caching/
with:
path: .venv
name: ${{ env.CACHE_NAME }}
- name: Build
run: |
source .venv/bin/activate
source nrlf.sh
nrlf make build
- name: Upload artifact - ${{ env.ARTIFACT_NAME }}
uses: ./.github/actions/upload-artifact/
with:
name: ${{ env.ARTIFACT_NAME }}
path: ./**/dist/*.zip
terraform-base:
needs:
[build-base, unit-test, feature-test-local, lint-check, set-uniquish-id]
name: Terraform (base)
runs-on: [self-hosted, ci]
steps:
- name: Git clone - ${{ env.BASE_BRANCH_NAME }}
uses: actions/checkout@v3
with:
ref: ${{ env.BASE_BRANCH_NAME }}
- name: Runner setup
uses: ./.github/actions/runner-setup/
- name: Download artifacts - ${{ env.BASE_ARTIFACT_NAME }}
uses: ./.github/actions/download-artifact/
with:
name: ${{ env.BASE_ARTIFACT_NAME }}
- name: Configure aws credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.CI_ROLE_NAME }}
role-session-name: github-actions-ci-${{ needs.set-uniquish-id.outputs.uniqish_id }}
aws-region: eu-west-2
- name: Terraform apply
run: |
source nrlf.sh
nrlf truststore pull-server ref
nrlf terraform ciinit "ci-${{ needs.set-uniquish-id.outputs.uniqish_id }}"
nrlf terraform ciplan "ci-${{ needs.set-uniquish-id.outputs.uniqish_id }}"
nrlf terraform ciapply "ci-${{ needs.set-uniquish-id.outputs.uniqish_id }}"
terraform-apply:
needs:
[
build,
unit-test,
lint-check,
feature-test-local,
terraform-base,
set-uniquish-id,
]
name: Terraform (head)
runs-on: [self-hosted, ci]
steps:
- name: Git clone - ${{ env.BRANCH_NAME }}
uses: actions/checkout@v3
with:
ref: ${{ env.BRANCH_NAME }}
- name: Runner setup
uses: ./.github/actions/runner-setup/
- name: Download artifacts - ${{ env.ARTIFACT_NAME }}
uses: ./.github/actions/download-artifact/
with:
name: ${{ env.ARTIFACT_NAME }}
- name: Configure aws credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.CI_ROLE_NAME }}
role-session-name: github-actions-ci-${{ needs.set-uniquish-id.outputs.uniqish_id }}
aws-region: eu-west-2
- name: Terraform apply
run: |
source nrlf.sh
nrlf truststore pull-server ref
nrlf terraform ciinit "ci-${{ needs.set-uniquish-id.outputs.uniqish_id }}"
nrlf terraform ciplan "ci-${{ needs.set-uniquish-id.outputs.uniqish_id }}"
nrlf terraform ciapply "ci-${{ needs.set-uniquish-id.outputs.uniqish_id }}" || echo "ok"
nrlf terraform ciplan "ci-${{ needs.set-uniquish-id.outputs.uniqish_id }}"
nrlf terraform ciapply "ci-${{ needs.set-uniquish-id.outputs.uniqish_id }}"
- name: Upload artifact
uses: ./.github/actions/upload-artifact/
with:
name: ${{ env.TF_ARTIFACT_NAME }}
path: ./terraform/infrastructure/output.json
integration-test:
needs: [terraform-apply, set-uniquish-id]
name: Integration test (head)
runs-on: [self-hosted, ci]
steps:
- name: Git clone - ${{ env.BRANCH_NAME }}
uses: actions/checkout@v3
with:
ref: ${{ env.BRANCH_NAME }}
- name: Runner setup
uses: ./.github/actions/runner-setup/
- name: Download artifacts - ${{ env.TF_ARTIFACT_NAME }}
uses: ./.github/actions/download-artifact/
with:
name: ${{ env.TF_ARTIFACT_NAME }}
path: ./terraform/infrastructure/
- name: Download cache - ${{ env.CACHE_NAME }}
uses: ./.github/actions/caching/
with:
path: .venv
name: ${{ env.CACHE_NAME }}
- name: Configure aws credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.CI_ROLE_NAME }}
role-session-name: github-actions-ci-${{ needs.set-uniquish-id.outputs.uniqish_id }}
aws-region: eu-west-2
- name: Run test
run: |
source .venv/bin/activate
source nrlf.sh
nrlf truststore pull-client ref
nrlf test integration
feature-test-integration:
needs: [integration-test, set-uniquish-id]
name: Feature integration test (head)
runs-on: [self-hosted, ci]
steps:
- name: Git clone - ${{ env.BRANCH_NAME }}
uses: actions/checkout@v3
with:
ref: ${{ env.BRANCH_NAME }}
- name: Runner setup
uses: ./.github/actions/runner-setup/
- name: Download artifacts - ${{ env.TF_ARTIFACT_NAME }}
uses: ./.github/actions/download-artifact/
with:
name: ${{ env.TF_ARTIFACT_NAME }}
path: ./terraform/infrastructure/
- name: Download cache - ${{ env.CACHE_NAME }}
uses: ./.github/actions/caching/
with:
path: .venv
name: ${{ env.CACHE_NAME }}
- name: Configure aws credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.CI_ROLE_NAME }}
role-session-name: github-actions-ci-${{ needs.set-uniquish-id.outputs.uniqish_id }}
aws-region: eu-west-2
- name: Run test
run: |
source .venv/bin/activate
source nrlf.sh
nrlf truststore pull-client ref
nrlf test feature integration
firehose-integration-test:
needs: [terraform-apply, set-uniquish-id]
name: Firehose integration test (head)
runs-on: [self-hosted, ci]
steps:
- name: Git clone - ${{ env.BRANCH_NAME }}
uses: actions/checkout@v3
with:
ref: ${{ env.BRANCH_NAME }}
- name: Runner setup
uses: ./.github/actions/runner-setup/
- name: Download artifacts - ${{ env.TF_ARTIFACT_NAME }}
uses: ./.github/actions/download-artifact/
with:
name: ${{ env.TF_ARTIFACT_NAME }}
path: ./terraform/infrastructure/
- name: Download cache - ${{ env.CACHE_NAME }}
uses: ./.github/actions/caching/
with:
path: .venv
name: ${{ env.CACHE_NAME }}
- name: Configure aws credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.CI_ROLE_NAME }}
role-session-name: github-actions-ci-${{ needs.set-uniquish-id.outputs.uniqish_id }}
aws-region: eu-west-2
- name: Run test
run: |
source .venv/bin/activate
source nrlf.sh
nrlf truststore pull-client ref
nrlf test firehose
terraform-destroy:
needs:
[feature-test-integration, firehose-integration-test, set-uniquish-id]
if: ${{ always() }}
name: Terraform destroy
runs-on: [self-hosted, ci]
steps:
- name: Git clone - ${{ env.BRANCH_NAME }}
uses: actions/checkout@v3
with:
ref: ${{ env.BRANCH_NAME }}
- name: Runner setup
uses: ./.github/actions/runner-setup/
- name: Download artifacts - ${{ env.ARTIFACT_NAME }}
uses: ./.github/actions/download-artifact/
with:
name: ${{ env.ARTIFACT_NAME }}
- name: Configure aws credentials
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.CI_ROLE_NAME }}
role-session-name: github-actions-ci-${{ needs.set-uniquish-id.outputs.uniqish_id }}
aws-region: eu-west-2
- name: Terraform destroy
run: |
source nrlf.sh
nrlf terraform ciinit "ci-${{ needs.set-uniquish-id.outputs.uniqish_id }}"
nrlf terraform cidestroy "ci-${{ needs.set-uniquish-id.outputs.uniqish_id }}"
clear-cache:
name: Clear Caches
needs: [feature-test-integration, firehose-integration-test]
if: ${{ always() }}
runs-on: [self-hosted, ci]
steps:
- name: Git clone - ${{ env.BRANCH_NAME }}
uses: actions/checkout@v3
with:
ref: ${{ env.BRANCH_NAME }}
- name: Clear cache
uses: ./.github/actions/clear-cache/
with:
name: ${{ env.BASE_CACHE_NAME }},${{ env.CACHE_NAME }}