This repository has been archived by the owner on Apr 3, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
259 lines (217 loc) · 7.85 KB
/
on-pull-request.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
name: On push to pull request
on: [pull_request]
env:
TZ: Europe/London
jobs:
style-check-pr:
name: 💅 Style Check
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Setup Nodejs
uses: actions/setup-node@v2
with:
node-version: 14
- name: Install dependencies
run: |
npm ci --ignore-scripts
npm install prisma@$(cat package.json | jq '.dependencies.prisma' -r)
- name: Generate prisma exports
run: npm run build:prisma
- name: Run lint
run: npm run lint
- name: Check types
run: npm run typecheck
vulnerability-check-pr:
name: 🐛 Vulnerability Check
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Setup Nodejs
uses: actions/setup-node@v2
with:
node-version: 14
- name: Install dependencies
run: npm ci
- name: Check for vulnerabilities in prod dependencies
run: npm audit --production --audit-level=moderate
tests-browser-pr:
name: 🖥️ Browser Tests
runs-on: ubuntu-latest
env:
DATABASE_URL: "postgresql://postgres:postgres@localhost:5432/postgres"
APP_URL: http://localhost:3000
CSRF_SECRET: test-secret
HACKNEY_AUTH_TOKEN_SECRET: testTokenSecret
HACKNEY_AUTH_COOKIE_NAME: testToken
HACKNEY_AUTH_SERVER_URL: https://example.com/auth
NEXT_PUBLIC_HACKNEY_AUTH_SERVER_URL: https://example.com/auth
NODE_ENV: "test"
ENVIRONMENT: "test"
NEXT_PUBLIC_ENV: "test"
NEXT_PUBLIC_SOCIAL_CARE_APP_URL: "https://example.com"
SOCIAL_CARE_API_ENDPOINT: http://localhost:4010
PORT: "3000"
SENTRY_RELEASE: ${{github.sha}}
SENTRY_DSN: ${{secrets.SENTRY_DSN}}
SENTRY_AUTH_TOKEN: ${{secrets.SENTRY_AUTH_TOKEN}}
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Setup Nodejs
uses: actions/setup-node@v2
with:
node-version: 14
- name: Install dependencies
run: npm ci
- name: Start Database
uses: harmon758/postgresql-action@v1
with:
postgresql version: "13"
postgresql db: "postgres"
postgresql user: "postgres"
postgresql password: "postgres"
- name: Setup Database
run: node_modules/.bin/prisma migrate deploy
- name: Build app
run: npm run build
- name: Run browser tests
uses: cypress-io/github-action@v2
with:
install: false
start: npm start, npm run test:mock:sccv
wait-on: http://localhost:4010/healthcheck/ping, http://localhost:3000/api/health-check
- name: Upload screenshots
uses: actions/upload-artifact@v1
if: failure()
with:
name: cypress-screenshots
path: cypress/screenshots
- name: Upload videos
uses: actions/upload-artifact@v1
if: failure()
with:
name: cypress-videos
path: cypress/videos
tests-unit-pr:
name: 🧪 Unit tests
runs-on: ubuntu-latest
env:
NEXT_PUBLIC_API_HOST: "http://localhost:3000"
DATABASE_URL: "postgresql://postgres:postgres@localhost:5432/postgres"
APP_URL: "http://localhost:3000"
NODE_ENV: "test"
NEXT_PUBLIC_ENV: "test"
NEXT_PUBLIC_SOCIAL_CARE_APP_URL: "http://example.com"
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Setup Nodejs
uses: actions/setup-node@v2
with:
node-version: 14
- name: Install dependencies
run: |
npm ci --ignore-scripts
npm install prisma@$(cat package.json | jq '.dependencies.prisma' -r)
- name: Generate prisma exports
run: npm run build:prisma
- name: Run unit tests
run: npm test
baseline-scan-pr:
name: 🔍 Baseline Scan
runs-on: ubuntu-latest
env:
DATABASE_URL: postgresql://postgres:postgres@localhost:5432/postgres
NEXT_PUBLIC_API_HOST: http://localhost:3000
APP_URL: http://localhost:3000
NODE_ENV: production
NEXT_PUBLIC_ENV: production
NEXT_PUBLIC_SOCIAL_CARE_APP_URL: http://example.com
PORT: 3000
CSRF_SECRET: test-secret
SENTRY_RELEASE: ${{github.sha}}
SENTRY_DSN: ${{secrets.SENTRY_DSN}}
SENTRY_AUTH_TOKEN: ${{secrets.SENTRY_AUTH_TOKEN}}
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Cache dependencies
uses: actions/setup-node@v2
with:
node-version: 14
- name: Set up test database
uses: harmon758/postgresql-action@v1
with:
postgresql version: "13"
postgresql db: "postgres"
postgresql user: "postgres"
postgresql password: "postgres"
- name: Install dependencies
env:
NODE_ENV: development
run: npm ci
- name: Apply database schema
run: npm run db:push
- name: Seed database
run: npm run db:seed
- name: Build app
run: npm run build
- name: Start app
run: npm start &
- name: OWASP Baseline Scan
uses: zaproxy/action-baseline@v0.5.0
with:
docker_name: owasp/zap2docker-stable:2.10.0
fail_action: true
rules_file_name: .zap-baseline.conf
target: http://localhost:3000/
serverless-packaging-pr:
name: 📦 Attempt to package
runs-on: ubuntu-latest
env:
ENVIRONMENT: dev
AWS_ACCESS_KEY_ID: ${{ secrets.TESTING_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.TESTING_AWS_SECRET_ACCESS_KEY }}
ALLOWED_DOMAIN: ${{ secrets.STAGING_ALLOWED_DOMAIN }}
CONTENT_BUCKET: ${{ secrets.TESTING_CONTENT_BUCKET }}
GOOGLE_CLIENT_ID: ${{ secrets.TESTING_GOOGLE_CLIENT_ID }}
GOOGLE_CLIENT_SECRET: ${{ secrets.TESTING_GOOGLE_CLIENT_SECRET }}
SOCIAL_CARE_API_ENDPOINT: ${{ secrets.STAGING_SOCIAL_CARE_API_ENDPOINT }}
SOCIAL_CARE_API_KEY: ${{ secrets.STAGING_SOCIAL_CARE_API_KEY }}
NEXT_PUBLIC_SOCIAL_CARE_APP_URL: ${{ secrets.STAGING_NEXT_PUBLIC_SOCIAL_CARE_APP_URL }}
GA_PROPERTY_ID: "N/A"
NOTIFY_API_KEY: ${{ secrets.STAGING_NOTIFY_API_KEY }}
NOTIFY_APPROVER_TEMPLATE_ID: ${{ secrets.STAGING_NOTIFY_APPROVER_TEMPLATE_ID }}
NOTIFY_RETURN_FOR_EDITS_TEMPLATE_ID: ${{ secrets.STAGING_NOTIFY_RETURN_FOR_EDITS_TEMPLATE_ID }}
NOTIFY_NEXT_STEP_TEMPLATE_ID: ${{ secrets.STAGING_NOTIFY_NEXT_STEP_TEMPLATE_ID }}
NOTIFY_ASSIGNEE_TEMPLATE_ID: ${{secrets.STAGING_NOTIFY_ASSIGNEE_TEMPLATE_ID}}
HACKNEY_AUTH_TOKEN_SECRET: ${{ secrets.HACKNEY_AUTH_TOKEN_SECRET }}
HACKNEY_AUTH_SERVER_URL: ${{ secrets.HACKNEY_AUTH_SERVER_URL }}
HACKNEY_AUTH_COOKIE_NAME: ${{ secrets.HACKNEY_AUTH_COOKIE_NAME }}
HISTORIC_MAPPING_DATA_SOURCE: ${{secrets.STAGING_HISTORIC_MAPPING_DATA_SOURCE}}
SERVICE_USER_PRIVATE_KEY: ${{secrets.STAGING_SERVICE_USER_PRIVATE_KEY}}
SERVICE_USER_EMAIL: ${{secrets.STAGING_SERVICE_USER_EMAIL}}
REPORTING_GOOGLE_EMAIL: ${{ secrets.STAGING_REPORTING_GOOGLE_EMAIL }}
REPORTING_GOOGLE_PRIVATE_KEY: ${{ secrets.STAGING_REPORTING_GOOGLE_PRIVATE_KEY }}
SENTRY_RELEASE: ${{github.sha}}
SENTRY_DSN: ${{secrets.SENTRY_DSN}}
SENTRY_AUTH_TOKEN: ${{secrets.SENTRY_AUTH_TOKEN}}
GMAIL_INBOUND_TOKEN: ${{secrets.STAGING_GMAIL_INBOUND_TOKEN}}
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Setup Nodejs
uses: actions/setup-node@v2
with:
node-version: 14
- name: Install dependencies
run: npm ci
- uses: satackey/action-docker-layer-caching@v0.0.11
with:
key: docker-layer-caching-${{ runner.os }}
skip-save: true
- name: Run serverless package
run: npm run remote:package