diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 00000000..37ed7f36 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,111 @@ +name: ci +on: + push: + branches: + - "**" + workflow_dispatch: + inputs: + deploy-to-dev: + description: "Whether to deploy to dev" + type: boolean + required: true + default: false + +defaults: + run: + # NOTE: A bit stricter than the default bash options used by GitHub Actions + # (bash --noprofile --norc -e -o pipefail {0}) + shell: bash --noprofile --norc -euo pipefail {0} + +# NOTE: Set concurrency for the current workflow to 1 +concurrency: ci-${{ github.ref }}-${{ github.workflow }} + +jobs: + build-and-deploy: + timeout-minutes: 60 + runs-on: ubuntu-22.04 + permissions: + actions: read + contents: read + id-token: write + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - uses: capralifecycle/actions-lib/check-runtime-dependencies@7eaefbf567a011164b4085366190807b4ddce7bc # v1.2.0 + + - uses: capralifecycle/actions-lib/parse-config@7eaefbf567a011164b4085366190807b4ddce7bc # v1.2.0 + id: config + with: + config-file: ".ldp.json" + + - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 + with: + node-version: 20.9.0 + + - name: install dependencies + run: npm ci + + - name: lint + run: npm run lint + + - name: install playwright browsers + run: npx playwright install --with-deps + + - name: build + run: npm run test + + - name: test + run: npm run test + + - name: test - component + run: npm run test:component:ci + + - name: test - e2e + run: npm run test:e2e:ci + + - uses: capralifecycle/actions-lib/configure-aws-credentials@7eaefbf567a011164b4085366190807b4ddce7bc # v1.2.0 + id: aws + with: + aws-account-id: ${{ steps.config.outputs.accountId }} + # NOTE: We use different roles on default and non-default branches + aws-iam-role-name: ${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) && steps.config.outputs.roleName || steps.config.outputs.limitedRoleName }} + + + - uses: capralifecycle/actions-lib/upload-s3-artifact@7eaefbf567a011164b4085366190807b4ddce7bc # v1.2.0 + # if: ${{ github.ref == 'refs/heads/master' || inputs.deploy-to-dev }} # TODO: Uncomment after testing artifact upload + id: upload-s3-artifact + env: + AWS_ACCESS_KEY_ID: ${{ steps.aws.outputs.aws-access-key-id }} + AWS_SECRET_ACCESS_KEY: ${{ steps.aws.outputs.aws-secret-access-key }} + AWS_SESSION_TOKEN: ${{ steps.aws.outputs.aws-session-token }} + with: + aws-s3-bucket-name: ${{ steps.config.outputs.artifactBucket }} + target-path: "build" + + - name: trigger development deployment pipelines + uses: capralifecycle/actions-lib/trigger-deployment-pipeline@7eaefbf567a011164b4085366190807b4ddce7bc # v1.2.0 + if: ${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) || inputs.deploy-to-dev }} + env: + AWS_ACCESS_KEY_ID: ${{ steps.aws.outputs.aws-access-key-id }} + AWS_SECRET_ACCESS_KEY: ${{ steps.aws.outputs.aws-secret-access-key }} + AWS_SESSION_TOKEN: ${{ steps.aws.outputs.aws-session-token }} + with: + pipelines: ${{ steps.config.outputs.devPipelines }} + aws-s3-bucket-name: ${{ steps.config.outputs.artifactBucket }} + trigger-type: "artifact" + # NOTE: The key passed to artifact-parameters will be the name of + # the SSM parameter where the reference to the artifact is stored. + artifact-parameters: "devWebappArtifactS3Key=${{ steps.upload-s3-artifact.outputs.aws-s3-key }}" + + - name: trigger production deployment pipelines + uses: capralifecycle/actions-lib/trigger-deployment-pipeline@7eaefbf567a011164b4085366190807b4ddce7bc # v1.2.0 + if: ${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }} + env: + AWS_ACCESS_KEY_ID: ${{ steps.aws.outputs.aws-access-key-id }} + AWS_SECRET_ACCESS_KEY: ${{ steps.aws.outputs.aws-secret-access-key }} + AWS_SESSION_TOKEN: ${{ steps.aws.outputs.aws-session-token }} + with: + pipelines: ${{ steps.config.outputs.prodPipelines }} + aws-s3-bucket-name: ${{ steps.config.outputs.artifactBucket }} + trigger-type: "artifact" + artifact-parameters: "prodWebappArtifactS3Key=${{ steps.upload-s3-artifact.outputs.aws-s3-key }}"