[AWSRESET-313]: workflow updated

.github/workflows/vol-api-build-merge-main-cd.yml

@@ -4,7 +4,7 @@ run-name: Test, lint and build PHP base Image on Shared Core ECR
 on:
   pull_request:
     branches:
-    - main
+    - AWSRESET1-313
 
 jobs:
 
@@ -13,8 +13,10 @@ jobs:
     runs-on: ubuntu-latest
 
     env:
-      AWS_REGION : eu-west-1
-      AWS_ACCOUNT_ID: ${{ secrets.VOL_AWS_ACCOUNT_TOOLING_NONPROD }}
+      AWS_REGION :  ${{ vars.DVSA_AWS_REGION }}
+      AWS_ACCOUNT_ID_VOL_NP_TOOLING: ${{ secrets.VOL_AWS_ACCOUNT_TOOLING_NONPROD }}
+      REPO_NAME: ${{vars.AWS_ECR_NP_VOLTOOLING_REPONAME}}
+      AWS_ACCOUNT_ID_SHAREDCOREECR: ${{secrets.DVSA_AWS_SHAREDCOREECR_ID}}
 
     permissions:
       id-token: write   # This is required for requesting the JWT
@@ -27,62 +29,87 @@ jobs:
       id: branch
       run: echo "::set-output name=branch::$(git rev-parse --abbrev-ref HEAD)"
 
+    ##create s3 bucket in vol-non-prod tooling and vol-prod tooling to get the composer
     - name: Download the compose file 
       run: |
         php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
         php composer-setup.php --install-dir=/usr/local/bin --filename=composer
         php -r "unlink('composer-setup.php');"
 
-    - name: Build application and dependency
+    - name: install composer dependency
+      run: |
+       composer install --optimize-autoloader --no-interaction --no-dev
+
+    - name: Build application
       run: |
-       find . -name "*.php" -not -path "./vendor/*" -exec php -l {} ";"
-       vendor/bin/phpunit -ctest/phpunit.xml
-       for file in $(git diff ${{ steps.branch.outputs.branch }} --name-only | grep .php);
-       do 
-        vendor/bin/phpcs --severity=5 --standard=vendor/dvsa/coding-standards/src/Profiles/DVSA/CS/ruleset.xml $file
-       done
-       php composer.phar update --optimize-autoloader --no-interaction --no-dev
        date > config/version
        git describe --all >> config/version
        tar cvzf backend.tar.gz --exclude=config/autoload/local.php --exclude=config/autoload/local.php.dist composer.lock init_autoloader.php config module public data/autoload data/cache vendor
 
     
     - name: Lint check on dockerfile
       run: docker run --rm --privileged -v `pwd`:/root/ projectatomic/dockerfile-lint dockerfile_lint -f dockerfile
+      continue-on-error: true #only for testing
+
+    # - uses: hadolint/[email protected]
+    #   with:
+    #     dockerfile: dockerfile
+    #     failure-threshold: error
 
     - name: Set IMAGE_TAG
       run: | 
         IMAGE_SHA=$(echo $GITHUB_SHA | cut -c 1-6)
         echo "IMAGE_TAG=vol-php-fpm-7.4.0-alpine-fpm-$IMAGE_SHA" >> $GITHUB_ENV
-  
-    - name: Set up Notation CLI
+    
+    - name: Setup Notation CLI
+      uses: notaryproject/notation-action/setup@v1
+      with:
+        version: "1.0.0"
+        # plugin_name: <notation_signing_plugin_name>
+        # plugin_url: <plugin_download_url>
+
+    - name: Set up Notation plugin
       run: |
         wget https://d2hvyiie56hcat.cloudfront.net/linux/amd64/installer/deb/latest/aws-signer-notation-cli_amd64.deb
         sudo dpkg -i aws-signer-notation-cli_amd64.deb
         notation version
         notation plugin ls
 
-    - name: Configure AWS credentials from Test account
-      uses: aws-actions/configure-aws-credentials@v4
+
+    - name: configure aws credentials on shared core ecr
+      uses: aws-actions/[email protected]
       with:
-        role-to-assume:  ${{ secrets.DEV_AWS_ROLE }}
-        aws-region: eu-west-1
+        role-to-assume: ${{ secrets.DVSA_AWS_ROLE_SHAREDCORECR }} 
         role-session-name: GitHub_to_AWS_via_FederatedOIDC
-
+        aws-region: ${{ vars.DVSA_AWS_REGION }}
+
+
     - name: Login to Shared Core ECR
-      id: login-ecr
-      uses: aws-actions/amazon-ecr-login@v1
+      id: login-ecr-sharedcoreecr
+      uses: aws-actions/amazon-ecr-login@v2
 
     - name: Build the Docker image
       run: |
-        docker build -t ${{ secrets.ECR_BASE_URL }}:$IMAGE_TAG -f dockerfile . 
-
-    - name: Snyk scan api image
-      id: scan-api-image
-      uses: snyk/actions/docker@master
-      env:
-        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        docker build -t $AWS_ACCOUNT_ID_VOL_NP_TOOLING.dkr.ecr.$AWS_REGION.amazonaws.com/$REPO_NAME:$IMAGE_TAG --build-arg DVSA_AWS_SHAREDCOREECR_ID=${{secrets.DVSA_AWS_SHAREDCOREECR_ID}} -f dockerfile . 
+    
+
+    - name: configure aws credentials on Non Production account
+      uses: aws-actions/[email protected]
       with:
-        image: ${{ secrets.ECR_BASE_URL }}:$IMAGE_TAG
-        args: --file=dockerfile
-      continue-on-error: true
+        role-to-assume: ${{ secrets.VOL_AWS_ROLE_TOOLING_NONPROD }} 
+        role-session-name: GitHub_to_AWS_via_FederatedOIDC
+        aws-region: ${{ env.AWS_REGION }}
+
+    - name: Login to Shared Core ECR
+      id: login-ecr-vol-tooling-non-prod
+      uses: aws-actions/amazon-ecr-login@v2
+
+    - name: push the docker image
+      run: |
+        docker push $AWS_ACCOUNT_ID_VOL_NP_TOOLING.dkr.ecr.$AWS_REGION.amazonaws.com/$REPO_NAME:$IMAGE_TAG
+
+    - name: sign the base image
+      run: |
+        notation sign $AWS_ACCOUNT_ID_VOL_NP_TOOLING.dkr.ecr.$AWS_REGION.amazonaws.com/$REPO_NAME:$IMAGE_TAG --plugin "com.amazonaws.signer.notation.plugin" --id "${{ secrets.DVSA_AWS_SHAREDCORECR_IMAGE_SIGNING_PROFILE }}" 
+
+   

.github/workflows/vol-api-build-pr-main-ci.yml

@@ -31,9 +31,9 @@ jobs:
 
     env:
       AWS_REGION :  ${{ vars.DVSA_AWS_REGION }}
-      AWS_ACCOUNT_ID_VOL_NP_TOOLING: ${{ secrets.VOL_AWS_ACCOUNT_TOOLING_NONPROD }}
+      AWS_ACCOUNT_ID_VOL_NP_TOOLING: ${{ vars.VOL_AWS_ACCOUNT_TOOLING_NONPROD }}
       REPO_NAME: ${{vars.AWS_ECR_NP_VOLTOOLING_REPONAME}}
-      AWS_ACCOUNT_ID_SHAREDCOREECR: ${{secrets.DVSA_AWS_SHAREDCOREECR_ID}}
+      AWS_ACCOUNT_ID_SHAREDCOREECR: ${{vars.AWS_ACCOUNT_ID_SHAREDCOREECR}}
 
     permissions:
       id-token: write   # This is required for requesting the JWT
@@ -80,10 +80,7 @@ jobs:
         IMAGE_SHA=$(git rev-parse --short HEAD)
         echo "IMAGE_TAG=vol-api-$IMAGE_SHA" >> $GITHUB_ENV
   
-    - name: setup Notation CLI
-      uses: notaryproject/notation-action/setup@v1
-      with:
-        version: "1.0.0"
+
 
     - name: configure aws credentials on shared core ecr
       uses: aws-actions/[email protected]
@@ -99,21 +96,8 @@ jobs:
 
     - name: Build the Docker image
       run: |
-        docker build -t $AWS_ACCOUNT_ID_VOL_NP_TOOLING.dkr.ecr.$AWS_REGION.amazonaws.com/$REPO_NAME:$IMAGE_TAG --build-arg DVSA_AWS_SHAREDCOREECR_ID=${{secrets.DVSA_AWS_SHAREDCOREECR_ID}} -f dockerfile . 
-
-    - name: configure aws credentials on Non Production account
-      uses: aws-actions/[email protected]
-      with:
-        role-to-assume: ${{ secrets.VOL_AWS_ROLE_TOOLING_NONPROD }} 
-        role-session-name: GitHub_to_AWS_via_FederatedOIDC
-        aws-region: ${{ env.AWS_REGION }}
-
+        docker build -t $AWS_ACCOUNT_ID_VOL_NP_TOOLING.dkr.ecr.$AWS_REGION.amazonaws.com/$REPO_NAME:$IMAGE_TAG --build-arg DVSA_AWS_SHAREDCOREECR_ID=${AWS_ACCOUNT_ID_SHAREDCOREECR} -f dockerfile . 
 
-    - name: Login to Shared Core ECR
-      id: login-ecr-vol-tooling-non-prod
-      uses: aws-actions/amazon-ecr-login@v1
-
-
 
     - name: Snyk scan api image
       id: scan-api-image